Jump to content

Alureon/svchost.exe infection Win7


Recommended Posts

Win 7 machine was running MBAM Pro and MSE.

MSE has been disabled by whatever got in..

Mbam/mse finds a svchost.exe infection and an alureon variant. sometimes .e, sometimes .pf..

Suffering from redirects, and 24/7 hard drive activity/instability.

RKill/tdsskiller finds nothing...

Logs following..

DDS.txt LOG

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by Lori at 8:58:26 on 2012-03-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2551 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\real\realplayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://myyahoo.com/

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2B065ED9-2958-4196-A81D-653145111AFC} : DhcpNameServer = 192.168.1.1

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: PriceGongBHO Class: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll

BHO-X64: PriceGong - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun-x64: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe"

mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\quuw99ip.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf97329&v=6.010.023.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-1-4 3246040]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-27 13336]

R2 IduService;Intel® Desktop Utilities Service;C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2010-6-10 131248]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-14 652360]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-27 2320920]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-02 14:41:56 -------- d-----w- C:\025796c815de55b8c5da26

2012-03-02 14:34:39 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F1679AB-9328-5614-EA3C-318EE7BBEDEE}\GapaEngine.dll

2012-03-02 14:34:28 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F4C1DC1-1962-40EB-957D-5BCD7007DD87}\gapaengine.dll

2012-03-02 14:34:07 -------- d-----we C:\Windows\system64

2012-03-01 15:46:37 -------- d-----w- C:\FRST

2012-02-11 23:11:17 20480 ----a-w- C:\Windows\svchost.exe

2012-02-11 23:10:43 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C7AD2A0-F1CD-4ADD-AB0D-36EFFDC45B7E}\gapaengine.dll

2012-02-07 20:00:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\85F4.tmp

2012-02-07 20:00:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\85E3.tmp

2012-02-06 02:13:21 -------- d-----w- C:\Program Files (x86)\MapsGalaxy_39EI

2012-02-05 14:20:50 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

.

==================== Find3M ====================

.

2012-01-04 21:10:31 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys

2012-01-04 21:10:30 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys

2012-01-04 21:10:27 943712 ----a-w- C:\Windows\System32\drivers\timntr.sys

2012-01-04 21:10:21 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys

2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-04 16:55:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 9:01:11.70 ===============

Attach.txt log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/27/2010 3:51:36 AM

System Uptime: 3/2/2012 8:33:54 AM (1 hours ago)

.

Motherboard: Intel Corporation | | DH55HC

Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz | XU1 | 3059/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 422.534 GiB free.

D: is CDROM (UDF)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Canon MX700 ser Network

Device ID: ROOT\CANON_IJ_NETWORK\0000

Manufacturer: Canon

Name: Canon MX700 ser Network

PNP Device ID: ROOT\CANON_IJ_NETWORK\0000

Service: StillCam

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: LogMeIn Kernel Information Provider

Device ID: ROOT\LEGACY_LMIINFO\0000

Manufacturer:

Name: LogMeIn Kernel Information Provider

PNP Device ID: ROOT\LEGACY_LMIINFO\0000

Service: LMIInfo

.

==== System Restore Points ===================

.

RP525: 3/1/2012 9:50:54 AM - ComboFix created restore point

RP526: 3/1/2012 10:46:37 AM - Windows Update

RP527: 3/2/2012 8:37:51 AM - Windows Update

.

==== Installed Programs ======================

.

Acronis True Image Home

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Shockwave Player 11.5

Advertising Center

Apple Application Support

Apple Software Update

Canon IJ Network Scan Utility

Canon IJ Network Tool

DolbyFiles

ImagXpress

Intel® Control Center

Intel® Desktop Utilities

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java™ 6 Update 24

LightScribe System Software

Malwarebytes Anti-Malware version 1.60.1.1000

Menu Templates - Starter Kit

Microsoft Office 2000 Professional

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Movie Templates - Starter Kit

Mozilla Firefox 8.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Nero 9 Essentials

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero InfoTool

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

NeroExpress

neroxml

NetAssistant

NetAssistant for Firefox

OpenOffice.org 3.2

Picasa 3

PriceGong 2.1.0

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Yahoo! Detect

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

3/2/2012 8:51:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

3/2/2012 8:50:31 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.

3/2/2012 8:43:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

3/2/2012 8:43:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2640148).

3/2/2012 8:43:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2544035.

3/2/2012 8:39:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2660075).

3/2/2012 8:39:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2660465).

3/2/2012 8:39:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2645640).

3/2/2012 8:39:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2654428).

3/2/2012 8:39:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2633873).

3/2/2012 8:38:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2647516).

3/2/2012 8:34:44 AM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147017840

3/2/2012 8:34:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/2/2012 8:34:29 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/2/2012 8:34:28 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.

3/2/2012 8:34:27 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/2/2012 8:34:23 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/2/2012 8:34:19 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/1/2012 9:57:58 AM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147023878

3/1/2012 9:55:44 AM, Error: Application Popup [1060] - \??\C:\blargfix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

3/1/2012 9:35:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/1/2012 9:21:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

3/1/2012 9:19:33 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

3/1/2012 9:19:33 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

3/1/2012 9:19:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/1/2012 2:30:31 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

3/1/2012 2:29:00 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/1/2012 2:28:34 PM, Error: Application Popup [1060] - \??\C:\Combofix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

3/1/2012 2:21:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/1/2012 2:10:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/1/2012 10:52:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2660075).

3/1/2012 10:52:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2660465).

3/1/2012 10:52:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2654428).

3/1/2012 10:52:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2645640).

3/1/2012 10:52:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2633873).

3/1/2012 10:52:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2647516).

3/1/2012 10:51:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7034] - The Generichidservice service terminated unexpectedly. It has done this 1 time(s).

3/1/2012 10:49:52 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/1/2012 10:49:52 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/1/2012 10:44:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

I will reformat the system.. Would it be ok to use the Windows easy transfer software to suck my data off and put it back on the machine if I have my malware and antivirus and all windows updates installed on the fresh install before i import it back in?

Link to post
Share on other sites

I will reformat the system.. Would it be ok to use the Windows easy transfer software to suck my data off and put it back on the machine if I have my malware and antivirus and all windows updates installed on the fresh install before i import it back in?

That's what I would do.
Link to post
Share on other sites

The path you provided does not work... I noticed you switched up the / \ some.. My path is also the program files (x86) *win7 64bit* I tried adding that with no luck either.. Did a direct copy paste to notedpad of your path, also tried changing the / \ and adding the (x86) Please advise..

Thanks

Link to post
Share on other sites

22:02:25.0389 4816 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

22:02:25.0733 4816 ============================================================

22:02:25.0733 4816 Current date / time: 2012/03/06 22:02:25.0733

22:02:25.0733 4816 SystemInfo:

22:02:25.0733 4816

22:02:25.0733 4816 OS Version: 6.1.7601 ServicePack: 1.0

22:02:25.0733 4816 Product type: Workstation

22:02:25.0733 4816 ComputerName: LORI-PC

22:02:25.0733 4816 UserName: Lori

22:02:25.0733 4816 Windows directory: C:\Windows

22:02:25.0733 4816 System windows directory: C:\Windows

22:02:25.0733 4816 Running under WOW64

22:02:25.0733 4816 Processor architecture: Intel x64

22:02:25.0733 4816 Number of processors: 4

22:02:25.0733 4816 Page size: 0x1000

22:02:25.0733 4816 Boot type: Normal boot

22:02:25.0733 4816 ============================================================

22:02:26.0091 4816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:02:26.0107 4816 Drive \Device\Harddisk5\DR9 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:02:26.0123 4816 \Device\Harddisk0\DR0:

22:02:26.0123 4816 MBR used

22:02:26.0123 4816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:02:26.0123 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

22:02:26.0123 4816 \Device\Harddisk5\DR9:

22:02:26.0123 4816 MBR used

22:02:26.0123 4816 \Device\Harddisk5\DR9\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080

22:02:26.0138 4816 Initialize success

22:02:26.0138 4816 ============================================================

22:02:33.0174 4432 ============================================================

22:02:33.0174 4432 Scan started

22:02:33.0174 4432 Mode: Manual; SigCheck; TDLFS;

22:02:33.0174 4432 ============================================================

22:02:33.0689 4432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:02:33.0767 4432 1394ohci - ok

22:02:33.0829 4432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:02:33.0845 4432 ACPI - ok

22:02:33.0876 4432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:02:33.0938 4432 AcpiPmi - ok

22:02:34.0016 4432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:02:34.0047 4432 adp94xx - ok

22:02:34.0094 4432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:02:34.0125 4432 adpahci - ok

22:02:34.0141 4432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:02:34.0157 4432 adpu320 - ok

22:02:34.0203 4432 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys

22:02:34.0266 4432 afcdp - ok

22:02:34.0313 4432 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

22:02:34.0375 4432 AFD - ok

22:02:34.0406 4432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:02:34.0437 4432 agp440 - ok

22:02:34.0500 4432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:02:34.0515 4432 aliide - ok

22:02:34.0547 4432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:02:34.0562 4432 amdide - ok

22:02:34.0593 4432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:02:34.0625 4432 AmdK8 - ok

22:02:34.0640 4432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:02:34.0656 4432 AmdPPM - ok

22:02:34.0687 4432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:02:34.0703 4432 amdsata - ok

22:02:34.0718 4432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:02:34.0734 4432 amdsbs - ok

22:02:34.0749 4432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:02:34.0765 4432 amdxata - ok

22:02:34.0796 4432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:02:34.0937 4432 AppID - ok

22:02:34.0968 4432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:02:34.0983 4432 arc - ok

22:02:34.0999 4432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:02:34.0999 4432 arcsas - ok

22:02:35.0030 4432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:02:35.0186 4432 AsyncMac - ok

22:02:35.0233 4432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:02:35.0233 4432 atapi - ok

22:02:35.0295 4432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:02:35.0342 4432 b06bdrv - ok

22:02:35.0373 4432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:02:35.0389 4432 b57nd60a - ok

22:02:35.0405 4432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:02:35.0451 4432 Beep - ok

22:02:35.0483 4432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:02:35.0514 4432 blbdrive - ok

22:02:35.0545 4432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:02:35.0576 4432 bowser - ok

22:02:35.0607 4432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:02:35.0670 4432 BrFiltLo - ok

22:02:35.0670 4432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:02:35.0685 4432 BrFiltUp - ok

22:02:35.0717 4432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:02:35.0779 4432 Brserid - ok

22:02:35.0795 4432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:02:35.0810 4432 BrSerWdm - ok

22:02:35.0826 4432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:02:35.0841 4432 BrUsbMdm - ok

22:02:35.0857 4432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:02:35.0873 4432 BrUsbSer - ok

22:02:35.0888 4432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:02:35.0904 4432 BTHMODEM - ok

22:02:35.0935 4432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:02:35.0997 4432 cdfs - ok

22:02:36.0044 4432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

22:02:36.0075 4432 cdrom - ok

22:02:36.0107 4432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:02:36.0138 4432 circlass - ok

22:02:36.0169 4432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:02:36.0185 4432 CLFS - ok

22:02:36.0200 4432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:02:36.0231 4432 CmBatt - ok

22:02:36.0247 4432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:02:36.0247 4432 cmdide - ok

22:02:36.0278 4432 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:02:36.0309 4432 CNG - ok

22:02:36.0341 4432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:02:36.0341 4432 Compbatt - ok

22:02:36.0387 4432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

22:02:36.0403 4432 CompositeBus - ok

22:02:36.0450 4432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:02:36.0465 4432 crcdisk - ok

22:02:36.0512 4432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:02:36.0575 4432 DfsC - ok

22:02:36.0621 4432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:02:36.0668 4432 discache - ok

22:02:36.0715 4432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:02:36.0731 4432 Disk - ok

22:02:36.0777 4432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:02:36.0809 4432 drmkaud - ok

22:02:36.0840 4432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:02:36.0871 4432 DXGKrnl - ok

22:02:36.0918 4432 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys

22:02:36.0918 4432 e1kexpress - ok

22:02:37.0011 4432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:02:37.0089 4432 ebdrv - ok

22:02:37.0136 4432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:02:37.0152 4432 elxstor - ok

22:02:37.0183 4432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:02:37.0199 4432 ErrDev - ok

22:02:37.0214 4432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:02:37.0245 4432 exfat - ok

22:02:37.0277 4432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:02:37.0323 4432 fastfat - ok

22:02:37.0339 4432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:02:37.0355 4432 fdc - ok

22:02:37.0386 4432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:02:37.0401 4432 FileInfo - ok

22:02:37.0417 4432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:02:37.0448 4432 Filetrace - ok

22:02:37.0464 4432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:02:37.0464 4432 flpydisk - ok

22:02:37.0511 4432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:02:37.0511 4432 FltMgr - ok

22:02:37.0526 4432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:02:37.0542 4432 FsDepends - ok

22:02:37.0558 4432 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:02:37.0558 4432 Fs_Rec - ok

22:02:37.0589 4432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:02:37.0604 4432 fvevol - ok

22:02:37.0620 4432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:02:37.0636 4432 gagp30kx - ok

22:02:37.0651 4432 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:02:37.0667 4432 GEARAspiWDM - ok

22:02:37.0714 4432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:02:37.0745 4432 hcw85cir - ok

22:02:37.0792 4432 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:02:37.0823 4432 HdAudAddService - ok

22:02:37.0854 4432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

22:02:37.0885 4432 HDAudBus - ok

22:02:37.0916 4432 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

22:02:37.0932 4432 HECIx64 - ok

22:02:37.0963 4432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:02:37.0994 4432 HidBatt - ok

22:02:37.0994 4432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:02:38.0026 4432 HidBth - ok

22:02:38.0041 4432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:02:38.0072 4432 HidIr - ok

22:02:38.0104 4432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:02:38.0135 4432 HidUsb - ok

22:02:38.0182 4432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:02:38.0197 4432 HpSAMD - ok

22:02:38.0228 4432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:02:38.0291 4432 HTTP - ok

22:02:38.0322 4432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:02:38.0322 4432 hwpolicy - ok

22:02:38.0353 4432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:02:38.0369 4432 i8042prt - ok

22:02:38.0400 4432 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

22:02:38.0416 4432 iaStor - ok

22:02:38.0478 4432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:02:38.0494 4432 iaStorV - ok

22:02:38.0728 4432 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys

22:02:39.0008 4432 igfx - ok

22:02:39.0055 4432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:02:39.0055 4432 iirsp - ok

22:02:39.0164 4432 IntcAzAudAddService (0a3c4d8be71fdd08fb39a88af026d196) C:\Windows\system32\drivers\RTKVHD64.sys

22:02:39.0242 4432 IntcAzAudAddService - ok

22:02:39.0274 4432 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

22:02:39.0320 4432 IntcDAud - ok

22:02:39.0352 4432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:02:39.0367 4432 intelide - ok

22:02:39.0398 4432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:02:39.0414 4432 intelppm - ok

22:02:39.0461 4432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:02:39.0523 4432 IpFilterDriver - ok

22:02:39.0554 4432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:02:39.0570 4432 IPMIDRV - ok

22:02:39.0617 4432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:02:39.0679 4432 IPNAT - ok

22:02:39.0742 4432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:02:39.0788 4432 IRENUM - ok

22:02:39.0804 4432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:02:39.0820 4432 isapnp - ok

22:02:39.0835 4432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:02:39.0851 4432 iScsiPrt - ok

22:02:39.0866 4432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

22:02:39.0866 4432 kbdclass - ok

22:02:39.0882 4432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

22:02:39.0913 4432 kbdhid - ok

22:02:39.0944 4432 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:02:39.0944 4432 KSecDD - ok

22:02:39.0976 4432 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:02:39.0976 4432 KSecPkg - ok

22:02:40.0007 4432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:02:40.0069 4432 ksthunk - ok

22:02:40.0132 4432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:02:40.0194 4432 lltdio - ok

22:02:40.0241 4432 LMIInfo - ok

22:02:40.0256 4432 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

22:02:40.0272 4432 lmimirr - ok

22:02:40.0288 4432 LMIRfsClientNP - ok

22:02:40.0319 4432 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

22:02:40.0319 4432 LMIRfsDriver - ok

22:02:40.0381 4432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:02:40.0397 4432 LSI_FC - ok

22:02:40.0412 4432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:02:40.0428 4432 LSI_SAS - ok

22:02:40.0444 4432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:02:40.0444 4432 LSI_SAS2 - ok

22:02:40.0459 4432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:02:40.0475 4432 LSI_SCSI - ok

22:02:40.0490 4432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:02:40.0553 4432 luafv - ok

22:02:40.0600 4432 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

22:02:40.0615 4432 MBAMProtector - ok

22:02:40.0662 4432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:02:40.0678 4432 megasas - ok

22:02:40.0693 4432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:02:40.0724 4432 MegaSR - ok

22:02:40.0740 4432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:02:40.0787 4432 Modem - ok

22:02:40.0818 4432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:02:40.0849 4432 monitor - ok

22:02:40.0880 4432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:02:40.0896 4432 mouclass - ok

22:02:40.0927 4432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:02:40.0958 4432 mouhid - ok

22:02:40.0990 4432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:02:41.0005 4432 mountmgr - ok

22:02:41.0052 4432 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys

22:02:41.0068 4432 MpFilter - ok

22:02:41.0099 4432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:02:41.0099 4432 mpio - ok

22:02:41.0146 4432 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys

22:02:41.0146 4432 MpNWMon - ok

22:02:41.0177 4432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:02:41.0239 4432 mpsdrv - ok

22:02:41.0270 4432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:02:41.0333 4432 MRxDAV - ok

22:02:41.0364 4432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:02:41.0411 4432 mrxsmb - ok

22:02:41.0442 4432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:02:41.0489 4432 mrxsmb10 - ok

22:02:41.0504 4432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:02:41.0536 4432 mrxsmb20 - ok

22:02:41.0582 4432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:02:41.0598 4432 msahci - ok

22:02:41.0629 4432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:02:41.0645 4432 msdsm - ok

22:02:41.0692 4432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:02:41.0738 4432 Msfs - ok

22:02:41.0754 4432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:02:41.0801 4432 mshidkmdf - ok

22:02:41.0816 4432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:02:41.0832 4432 msisadrv - ok

22:02:41.0879 4432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:02:41.0941 4432 MSKSSRV - ok

22:02:41.0957 4432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:02:42.0004 4432 MSPCLOCK - ok

22:02:42.0019 4432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:02:42.0066 4432 MSPQM - ok

22:02:42.0097 4432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:02:42.0113 4432 MsRPC - ok

22:02:42.0144 4432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

22:02:42.0160 4432 mssmbios - ok

22:02:42.0160 4432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:02:42.0206 4432 MSTEE - ok

22:02:42.0222 4432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:02:42.0238 4432 MTConfig - ok

22:02:42.0253 4432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:02:42.0269 4432 Mup - ok

22:02:42.0300 4432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:02:42.0331 4432 NativeWifiP - ok

22:02:42.0378 4432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:02:42.0409 4432 NDIS - ok

22:02:42.0425 4432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:02:42.0456 4432 NdisCap - ok

22:02:42.0487 4432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:02:42.0550 4432 NdisTapi - ok

22:02:42.0581 4432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:02:42.0659 4432 Ndisuio - ok

22:02:42.0690 4432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:02:42.0737 4432 NdisWan - ok

22:02:42.0768 4432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:02:42.0830 4432 NDProxy - ok

22:02:42.0862 4432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:02:42.0893 4432 NetBIOS - ok

22:02:42.0924 4432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:02:42.0971 4432 NetBT - ok

22:02:43.0002 4432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:02:43.0018 4432 nfrd960 - ok

22:02:43.0033 4432 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:02:43.0049 4432 NisDrv - ok

22:02:43.0080 4432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:02:43.0127 4432 Npfs - ok

22:02:43.0142 4432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:02:43.0174 4432 nsiproxy - ok

22:02:43.0220 4432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:02:43.0267 4432 Ntfs - ok

22:02:43.0283 4432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:02:43.0361 4432 Null - ok

22:02:43.0392 4432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:02:43.0408 4432 nvraid - ok

22:02:43.0439 4432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:02:43.0454 4432 nvstor - ok

22:02:43.0486 4432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:02:43.0501 4432 nv_agp - ok

22:02:43.0532 4432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:02:43.0564 4432 ohci1394 - ok

22:02:43.0595 4432 osaio (5cbce1c10d7830946599011296689f6f) C:\Windows\system32\drivers\osaio.sys

22:02:43.0610 4432 osaio - ok

22:02:43.0657 4432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:02:43.0673 4432 Parport - ok

22:02:43.0704 4432 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

22:02:43.0720 4432 partmgr - ok

22:02:43.0735 4432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:02:43.0766 4432 pci - ok

22:02:43.0798 4432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:02:43.0813 4432 pciide - ok

22:02:43.0829 4432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:02:43.0844 4432 pcmcia - ok

22:02:43.0860 4432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:02:43.0876 4432 pcw - ok

22:02:43.0891 4432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:02:43.0954 4432 PEAUTH - ok

22:02:44.0000 4432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:02:44.0063 4432 PptpMiniport - ok

22:02:44.0063 4432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:02:44.0094 4432 Processor - ok

22:02:44.0125 4432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:02:44.0172 4432 Psched - ok

22:02:44.0234 4432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:02:44.0312 4432 ql2300 - ok

22:02:44.0328 4432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:02:44.0328 4432 ql40xx - ok

22:02:44.0344 4432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:02:44.0375 4432 QWAVEdrv - ok

22:02:44.0390 4432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:02:44.0422 4432 RasAcd - ok

22:02:44.0468 4432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:02:44.0531 4432 RasAgileVpn - ok

22:02:44.0562 4432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:02:44.0609 4432 Rasl2tp - ok

22:02:44.0640 4432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:02:44.0671 4432 RasPppoe - ok

22:02:44.0702 4432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:02:44.0749 4432 RasSstp - ok

22:02:44.0780 4432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:02:44.0827 4432 rdbss - ok

22:02:44.0843 4432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:02:44.0858 4432 rdpbus - ok

22:02:44.0874 4432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:02:44.0936 4432 RDPCDD - ok

22:02:44.0968 4432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:02:44.0999 4432 RDPENCDD - ok

22:02:45.0030 4432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:02:45.0061 4432 RDPREFMP - ok

22:02:45.0092 4432 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

22:02:45.0124 4432 RDPWD - ok

22:02:45.0155 4432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:02:45.0170 4432 rdyboost - ok

22:02:45.0186 4432 RimUsb - ok

22:02:45.0217 4432 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

22:02:45.0248 4432 RimVSerPort - ok

22:02:45.0280 4432 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

22:02:45.0342 4432 ROOTMODEM - ok

22:02:45.0373 4432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:02:45.0404 4432 rspndr - ok

22:02:45.0436 4432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:02:45.0451 4432 sbp2port - ok

22:02:45.0482 4432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:02:45.0529 4432 scfilter - ok

22:02:45.0560 4432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:02:45.0623 4432 secdrv - ok

22:02:45.0638 4432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:02:45.0654 4432 Serenum - ok

22:02:45.0670 4432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:02:45.0685 4432 Serial - ok

22:02:45.0716 4432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:02:45.0732 4432 sermouse - ok

22:02:45.0763 4432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:02:45.0794 4432 sffdisk - ok

22:02:45.0810 4432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:02:45.0841 4432 sffp_mmc - ok

22:02:45.0857 4432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:02:45.0888 4432 sffp_sd - ok

22:02:45.0919 4432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:02:45.0950 4432 sfloppy - ok

22:02:45.0982 4432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:02:45.0997 4432 SiSRaid2 - ok

22:02:45.0997 4432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:02:46.0013 4432 SiSRaid4 - ok

22:02:46.0044 4432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:02:46.0075 4432 Smb - ok

22:02:46.0106 4432 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys

22:02:46.0122 4432 snapman - ok

22:02:46.0138 4432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:02:46.0138 4432 spldr - ok

22:02:46.0184 4432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:02:46.0216 4432 srv - ok

22:02:46.0231 4432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:02:46.0247 4432 srv2 - ok

22:02:46.0262 4432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:02:46.0294 4432 srvnet - ok

22:02:46.0325 4432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:02:46.0325 4432 stexstor - ok

22:02:46.0372 4432 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

22:02:46.0403 4432 StillCam - ok

22:02:46.0434 4432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

22:02:46.0450 4432 swenum - ok

22:02:46.0528 4432 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

22:02:46.0606 4432 Tcpip - ok

22:02:46.0668 4432 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

22:02:46.0699 4432 TCPIP6 - ok

22:02:46.0730 4432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:02:46.0793 4432 tcpipreg - ok

22:02:46.0824 4432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:02:46.0855 4432 TDPIPE - ok

22:02:46.0933 4432 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys

22:02:46.0964 4432 tdrpman273 - ok

22:02:46.0980 4432 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

22:02:47.0011 4432 TDTCP - ok

22:02:47.0027 4432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:02:47.0058 4432 tdx - ok

22:02:47.0105 4432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

22:02:47.0105 4432 TermDD - ok

22:02:47.0152 4432 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys

22:02:47.0183 4432 timounter - ok

22:02:47.0214 4432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:02:47.0261 4432 tssecsrv - ok

22:02:47.0308 4432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:02:47.0323 4432 TsUsbFlt - ok

22:02:47.0370 4432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:02:47.0401 4432 tunnel - ok

22:02:47.0432 4432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:02:47.0448 4432 uagp35 - ok

22:02:47.0479 4432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:02:47.0510 4432 udfs - ok

22:02:47.0557 4432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:02:47.0557 4432 uliagpkx - ok

22:02:47.0604 4432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

22:02:47.0620 4432 umbus - ok

22:02:47.0635 4432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:02:47.0666 4432 UmPass - ok

22:02:47.0698 4432 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

22:02:47.0729 4432 USBAAPL64 - ok

22:02:47.0776 4432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:02:47.0807 4432 usbccgp - ok

22:02:47.0854 4432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:02:47.0869 4432 usbcir - ok

22:02:47.0900 4432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

22:02:47.0916 4432 usbehci - ok

22:02:47.0963 4432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:02:47.0978 4432 usbhub - ok

22:02:48.0010 4432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

22:02:48.0025 4432 usbohci - ok

22:02:48.0056 4432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:02:48.0088 4432 usbprint - ok

22:02:48.0119 4432 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:02:48.0134 4432 usbscan - ok

22:02:48.0150 4432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:02:48.0166 4432 USBSTOR - ok

22:02:48.0197 4432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:02:48.0228 4432 usbuhci - ok

22:02:48.0275 4432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:02:48.0275 4432 vdrvroot - ok

22:02:48.0306 4432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:02:48.0306 4432 vga - ok

22:02:48.0337 4432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:02:48.0368 4432 VgaSave - ok

22:02:48.0400 4432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:02:48.0415 4432 vhdmp - ok

22:02:48.0415 4432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:02:48.0431 4432 viaide - ok

22:02:48.0446 4432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:02:48.0446 4432 volmgr - ok

22:02:48.0478 4432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:02:48.0493 4432 volmgrx - ok

22:02:48.0524 4432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:02:48.0540 4432 volsnap - ok

22:02:48.0571 4432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:02:48.0587 4432 vsmraid - ok

22:02:48.0634 4432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:02:48.0665 4432 vwifibus - ok

22:02:48.0696 4432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:02:48.0727 4432 WacomPen - ok

22:02:48.0758 4432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:02:48.0821 4432 WANARP - ok

22:02:48.0868 4432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:02:48.0914 4432 Wanarpv6 - ok

22:02:48.0946 4432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:02:48.0946 4432 Wd - ok

22:02:48.0977 4432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:02:48.0992 4432 Wdf01000 - ok

22:02:49.0024 4432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:02:49.0055 4432 WfpLwf - ok

22:02:49.0070 4432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:02:49.0086 4432 WIMMount - ok

22:02:49.0148 4432 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

22:02:49.0180 4432 WinUsb - ok

22:02:49.0195 4432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

22:02:49.0211 4432 WmiAcpi - ok

22:02:49.0258 4432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:02:49.0289 4432 ws2ifsl - ok

22:02:49.0320 4432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:02:49.0351 4432 WudfPf - ok

22:02:49.0382 4432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:02:49.0429 4432 WUDFRd - ok

22:02:49.0460 4432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:02:49.0585 4432 \Device\Harddisk0\DR0 - ok

22:02:49.0585 4432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR9

22:02:49.0710 4432 \Device\Harddisk5\DR9 - ok

22:02:49.0710 4432 Boot (0x1200) (0ec26f4f291ed91d4264655c5fee2e4c) \Device\Harddisk0\DR0\Partition0

22:02:49.0710 4432 \Device\Harddisk0\DR0\Partition0 - ok

22:02:49.0741 4432 Boot (0x1200) (8e3f6222ce24c90902c41b923d6be807) \Device\Harddisk0\DR0\Partition1

22:02:49.0741 4432 \Device\Harddisk0\DR0\Partition1 - ok

22:02:49.0757 4432 Boot (0x1200) (5d469cc9d610ae8977f457e3bae8343c) \Device\Harddisk5\DR9\Partition0

22:02:49.0757 4432 \Device\Harddisk5\DR9\Partition0 - ok

22:02:49.0757 4432 ============================================================

22:02:49.0757 4432 Scan finished

22:02:49.0757 4432 ============================================================

22:02:49.0772 5084 Detected object count: 0

22:02:49.0772 5084 Actual detected object count: 0

22:03:26.0682 3560 Deinitialize success

Link to post
Share on other sites

I don't see anything bad there.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 12-03-07.01 - Lori 03/07/2012 7:50.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2577 [GMT -6:00]

Running from: I:\Combofix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))

.

.

2012-03-07 13:55 . 2012-01-04 21:27 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2F11717-A0D1-4C4F-A5CE-486B15C01658}\gapaengine.dll

2012-03-07 13:54 . 2012-03-07 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-07 13:54 . 2012-03-07 13:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-03-07 09:20 . 2012-01-04 21:27 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{000E6532-EEBA-46C7-8BDC-74578691E0D5}\gapaengine.dll

2012-03-07 04:03 . 2012-03-07 04:03 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-07 01:24 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-03-07 01:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-03-07 01:24 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-03-07 01:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-03-07 01:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-03-07 01:24 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-07 01:24 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-03-07 01:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-03-07 01:17 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56832A50-6A12-4681-B176-9AC1058455F4}\mpengine.dll

2012-03-06 03:34 . 2012-03-06 03:34 -------- dc----w- c:\users\Lori\AppData\Local\MigWiz

2012-03-06 03:24 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2012-03-02 17:07 . 2012-03-02 17:07 -------- d-----w- c:\program files (x86)\ERUNT

2012-03-01 15:46 . 2012-03-01 15:47 -------- d-----w- C:\FRST

2012-02-07 20:00 . 2012-02-07 20:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\85F4.tmp

2012-02-07 20:00 . 2012-02-07 20:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\85E3.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-02 14:35 . 2012-02-05 14:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-04 21:27 . 2012-01-04 21:27 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\gapaengine.dll

2012-01-04 21:27 . 2011-03-25 07:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-01-04 21:10 . 2012-01-04 21:10 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys

2012-01-04 21:10 . 2012-01-04 21:10 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2012-01-04 21:10 . 2012-01-04 21:10 943712 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-01-04 21:10 . 2010-09-26 21:45 277088 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-12-10 21:24 . 2010-09-26 20:32 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]

"ipTray.exe"="c:\program files (x86)\Intel\Intel Desktop Utilities\ipTray.exe" [2010-06-10 1656496]

"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-01-02 274608]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-04 3246040]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 IduService;Intel® Desktop Utilities Service;c:\program files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2010-06-10 131248]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 18:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-07 10810912]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [bU]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]

"combofix"="c:\combofix\CF79.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

giveio

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://myyahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\quuw99ip.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf97329&v=6.010.023.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2012-03-07 07:59:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-07 13:59

ComboFix2.txt 2012-03-01 20:33

ComboFix3.txt 2012-03-01 16:00

.

Pre-Run: 440,236,179,456 bytes free

Post-Run: 440,198,217,728 bytes free

.

- - End Of File - - 9EE35A95EA4494BCF4DAFB1F3724C56E

Link to post
Share on other sites

That what this infection can do.

You can try a online scan if you like.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\ProgramData\Microsoft\Windows\DRM\85E3.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\Windows\DRM\85F4.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined

C:\Users\Lori\Documents\Downloads\PlayItAll-Setup-win32_8.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.