Jump to content

Recommended Posts

For the past few hours now I've been trying to remove a virus that's been causing ads to play on the computer. Avira, and Malwarebytes both supposedly cured what they found, and aren't finding anything else. I've even ran scans in safe mode, yet nothing changes. It causes ads to play in the background somewhere where i can hear it, but not see it. It's also doing something to not let me connect to google after signing in (Firefox cannot establish a connection). I can use google without signing in, but it will often try to redirect me elsewhere when i try to click on a google link. It set Firefox to use a system proxy, which i already disabled, but that hasn't changed much. I've also tried restoring my computer to a previous date twice, but it changed nothing.

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Every time i run RogueKiller, about halfway through the scan i get a blue screen error and am forced to restart my computer. I also forgot to mention, Malwarebytes keeps blocking outgoing connections to 206.161.121.3

This is what RogueKiller generated before i get the blue screen, and the dds and attach file. (It tells me my post is to long if i copy/paste them)

dds.txt

attach.txt

debug.log

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

09:39:30.0562 2184 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

09:39:31.0046 2184 ============================================================

09:39:31.0046 2184 Current date / time: 2012/07/22 09:39:31.0046

09:39:31.0046 2184 SystemInfo:

09:39:31.0046 2184

09:39:31.0046 2184 OS Version: 5.1.2600 ServicePack: 3.0

09:39:31.0046 2184 Product type: Workstation

09:39:31.0046 2184 ComputerName: ZACK-7EEB1D6426

09:39:31.0046 2184 UserName: Zack

09:39:31.0046 2184 Windows directory: C:\WINDOWS

09:39:31.0046 2184 System windows directory: C:\WINDOWS

09:39:31.0046 2184 Processor architecture: Intel x86

09:39:31.0046 2184 Number of processors: 2

09:39:31.0046 2184 Page size: 0x1000

09:39:31.0046 2184 Boot type: Normal boot

09:39:31.0046 2184 ============================================================

09:39:33.0625 2184 Drive \Device\Harddisk0\DR0 - Size: 0x2540900000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:39:33.0625 2184 ============================================================

09:39:33.0625 2184 \Device\Harddisk0\DR0:

09:39:33.0625 2184 MBR partitions:

09:39:33.0625 2184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0x129C262B

09:39:33.0625 2184 ============================================================

09:39:33.0656 2184 C: <-> \Device\Harddisk0\DR0\Partition0

09:39:33.0656 2184 ============================================================

09:39:33.0656 2184 Initialize success

09:39:33.0656 2184 ============================================================

09:40:23.0218 3036 ============================================================

09:40:23.0218 3036 Scan started

09:40:23.0218 3036 Mode: Manual; SigCheck; TDLFS;

09:40:23.0218 3036 ============================================================

09:40:29.0625 3036 Abiosdsk - ok

09:40:29.0625 3036 abp480n5 - ok

09:40:29.0953 3036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:40:34.0859 3036 ACPI - ok

09:40:34.0890 3036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:40:35.0046 3036 ACPIEC - ok

09:40:35.0312 3036 ADIHdAudAddService (307f5e03b02a3022d664c36d1ea25f2c) C:\WINDOWS\system32\drivers\ADIHdAud.sys

09:40:35.0500 3036 ADIHdAudAddService - ok

09:40:35.0828 3036 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:40:35.0843 3036 AdobeFlashPlayerUpdateSvc - ok

09:40:35.0843 3036 adpu160m - ok

09:40:36.0031 3036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:40:36.0171 3036 aec - ok

09:40:36.0296 3036 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:40:36.0484 3036 AFD - ok

09:40:36.0484 3036 Aha154x - ok

09:40:36.0484 3036 aic78u2 - ok

09:40:36.0484 3036 aic78xx - ok

09:40:36.0578 3036 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:40:36.0656 3036 Alerter - ok

09:40:36.0750 3036 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:40:36.0828 3036 ALG - ok

09:40:36.0828 3036 AliIde - ok

09:40:36.0828 3036 amsint - ok

09:40:37.0328 3036 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe

09:40:37.0343 3036 AntiVirSchedulerService - ok

09:40:37.0453 3036 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

09:40:37.0468 3036 AntiVirService - ok

09:40:37.0531 3036 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

09:40:37.0593 3036 AppMgmt - ok

09:40:37.0593 3036 asc - ok

09:40:37.0593 3036 asc3350p - ok

09:40:37.0593 3036 asc3550 - ok

09:40:38.0375 3036 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:40:38.0437 3036 aspnet_state - ok

09:40:38.0468 3036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:40:38.0562 3036 AsyncMac - ok

09:40:38.0671 3036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:40:38.0781 3036 atapi - ok

09:40:38.0781 3036 Atdisk - ok

09:40:38.0812 3036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:40:38.0890 3036 Atmarpc - ok

09:40:38.0953 3036 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:40:39.0046 3036 AudioSrv - ok

09:40:39.0078 3036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:40:39.0218 3036 audstub - ok

09:40:39.0296 3036 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

09:40:39.0343 3036 avgntflt - ok

09:40:39.0437 3036 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys

09:40:39.0453 3036 avipbb - ok

09:40:39.0468 3036 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

09:40:39.0468 3036 avkmgr - ok

09:40:39.0609 3036 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

09:40:39.0765 3036 b57w2k - ok

09:40:39.0843 3036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:40:39.0937 3036 Beep - ok

09:40:40.0187 3036 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:40:40.0437 3036 BITS - ok

09:40:40.0578 3036 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:40:40.0859 3036 Browser - ok

09:40:40.0890 3036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:40:40.0984 3036 cbidf2k - ok

09:40:40.0984 3036 cd20xrnt - ok

09:40:41.0093 3036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:40:41.0203 3036 Cdaudio - ok

09:40:41.0328 3036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:40:41.0406 3036 Cdfs - ok

09:40:41.0500 3036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:40:41.0640 3036 Cdrom - ok

09:40:41.0640 3036 cerc6 - ok

09:40:41.0640 3036 Changer - ok

09:40:41.0671 3036 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:40:41.0781 3036 CiSvc - ok

09:40:41.0890 3036 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:40:42.0000 3036 ClipSrv - ok

09:40:42.0218 3036 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:40:42.0281 3036 clr_optimization_v2.0.50727_32 - ok

09:40:42.0875 3036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:40:43.0062 3036 clr_optimization_v4.0.30319_32 - ok

09:40:43.0062 3036 CmdIde - ok

09:40:43.0062 3036 COMSysApp - ok

09:40:43.0062 3036 Cpqarray - ok

09:40:43.0109 3036 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:40:43.0203 3036 CryptSvc - ok

09:40:43.0218 3036 dac2w2k - ok

09:40:43.0218 3036 dac960nt - ok

09:40:43.0609 3036 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:40:43.0734 3036 DcomLaunch - ok

09:40:43.0859 3036 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:40:43.0968 3036 Dhcp - ok

09:40:44.0046 3036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:40:44.0203 3036 Disk - ok

09:40:44.0203 3036 dmadmin - ok

09:40:44.0390 3036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:40:44.0625 3036 dmboot - ok

09:40:44.0656 3036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:40:44.0781 3036 dmio - ok

09:40:44.0828 3036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:40:44.0921 3036 dmload - ok

09:40:45.0031 3036 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:40:45.0296 3036 dmserver - ok

09:40:45.0359 3036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:40:45.0546 3036 DMusic - ok

09:40:45.0640 3036 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:40:45.0750 3036 Dnscache - ok

09:40:46.0000 3036 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:40:46.0140 3036 Dot3svc - ok

09:40:46.0140 3036 dpti2o - ok

09:40:46.0171 3036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:40:46.0234 3036 drmkaud - ok

09:40:46.0359 3036 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys

09:40:46.0375 3036 e1kexpress - ok

09:40:46.0375 3036 EagleXNt - ok

09:40:46.0515 3036 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:40:46.0593 3036 EapHost - ok

09:40:46.0656 3036 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:40:46.0750 3036 ERSvc - ok

09:40:46.0843 3036 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:40:46.0875 3036 Eventlog - ok

09:40:46.0968 3036 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

09:40:47.0093 3036 EventSystem - ok

09:40:47.0265 3036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:40:47.0359 3036 Fastfat - ok

09:40:47.0531 3036 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:40:47.0687 3036 FastUserSwitchingCompatibility - ok

09:40:47.0796 3036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:40:47.0906 3036 Fdc - ok

09:40:47.0968 3036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:40:48.0062 3036 Fips - ok

09:40:48.0140 3036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:40:48.0406 3036 Flpydisk - ok

09:40:48.0515 3036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

09:40:48.0656 3036 FltMgr - ok

09:40:48.0796 3036 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:40:48.0812 3036 FontCache3.0.0.0 - ok

09:40:48.0843 3036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:40:48.0937 3036 Fs_Rec - ok

09:40:49.0046 3036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:40:49.0140 3036 Ftdisk - ok

09:40:49.0265 3036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:40:49.0390 3036 Gpc - ok

09:40:49.0515 3036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:40:49.0593 3036 HDAudBus - ok

09:40:49.0812 3036 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:40:49.0890 3036 helpsvc - ok

09:40:49.0953 3036 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

09:40:50.0046 3036 HidServ - ok

09:40:50.0093 3036 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:40:50.0187 3036 hidusb - ok

09:40:50.0218 3036 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:40:50.0312 3036 hkmsvc - ok

09:40:50.0312 3036 hpn - ok

09:40:50.0562 3036 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

09:40:50.0921 3036 HSFHWBS2 - ok

09:40:51.0343 3036 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

09:40:51.0531 3036 HSF_DPV - ok

09:40:51.0750 3036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:40:51.0781 3036 HTTP - ok

09:40:51.0890 3036 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:40:52.0000 3036 HTTPFilter - ok

09:40:52.0000 3036 i2omgmt - ok

09:40:52.0000 3036 i2omp - ok

09:40:52.0062 3036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

09:40:52.0156 3036 i8042prt - ok

09:40:53.0296 3036 ialm (f0484b3da09aa0e0916febd9549d4a03) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:40:53.0968 3036 ialm - ok

09:40:54.0875 3036 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys

09:40:54.0906 3036 iastor - ok

09:40:56.0015 3036 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:40:56.0343 3036 idsvc - ok

09:40:56.0437 3036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:40:56.0546 3036 Imapi - ok

09:40:56.0687 3036 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:40:56.0796 3036 ImapiService - ok

09:40:56.0796 3036 ini910u - ok

09:40:56.0812 3036 IntelIde - ok

09:40:56.0875 3036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:40:56.0984 3036 intelppm - ok

09:40:57.0000 3036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

09:40:57.0093 3036 Ip6Fw - ok

09:40:57.0125 3036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:40:57.0218 3036 IpFilterDriver - ok

09:40:57.0281 3036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:40:57.0359 3036 IpInIp - ok

09:40:57.0515 3036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:40:57.0609 3036 IpNat - ok

09:40:57.0718 3036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:40:57.0828 3036 IPSec - ok

09:40:57.0859 3036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:40:57.0953 3036 IRENUM - ok

09:40:58.0031 3036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:40:58.0109 3036 isapnp - ok

09:40:58.0500 3036 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe

09:40:58.0515 3036 JavaQuickStarterService - ok

09:40:58.0578 3036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:40:58.0687 3036 Kbdclass - ok

09:40:58.0734 3036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:40:58.0812 3036 kbdhid - ok

09:40:58.0968 3036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:40:59.0062 3036 kmixer - ok

09:40:59.0187 3036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:40:59.0265 3036 KSecDD - ok

09:40:59.0421 3036 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:40:59.0500 3036 LanmanServer - ok

09:40:59.0687 3036 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:40:59.0781 3036 lanmanworkstation - ok

09:40:59.0781 3036 lbrtfdc - ok

09:40:59.0875 3036 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:40:59.0984 3036 LmHosts - ok

09:41:00.0093 3036 LMS (41b093f838bfb8c38a7bfa4668a3bc11) C:\Program Files\Intel\AMT\LMS.exe

09:41:00.0109 3036 LMS - ok

09:41:00.0156 3036 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

09:41:00.0187 3036 MBAMProtector - ok

09:41:00.0828 3036 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:41:00.0906 3036 MBAMService - ok

09:41:01.0015 3036 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:41:01.0062 3036 mdmxsdk - ok

09:41:01.0140 3036 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:41:01.0250 3036 Messenger - ok

09:41:01.0281 3036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:41:01.0390 3036 mnmdd - ok

09:41:01.0453 3036 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

09:41:01.0562 3036 mnmsrvc - ok

09:41:01.0625 3036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:41:01.0750 3036 Modem - ok

09:41:01.0812 3036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:41:01.0906 3036 Mouclass - ok

09:41:01.0953 3036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:41:02.0078 3036 mouhid - ok

09:41:02.0156 3036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:41:02.0250 3036 MountMgr - ok

09:41:02.0406 3036 MozillaMaintenance (864c02d08f2f641491fe5b4c004f8980) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

09:41:02.0453 3036 MozillaMaintenance - ok

09:41:02.0453 3036 mraid35x - ok

09:41:02.0671 3036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:41:02.0828 3036 MRxDAV - ok

09:41:03.0312 3036 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:41:03.0703 3036 MRxSmb - ok

09:41:03.0781 3036 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

09:41:03.0875 3036 MSDTC - ok

09:41:03.0921 3036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:41:04.0046 3036 Msfs - ok

09:41:04.0046 3036 MSIServer - ok

09:41:04.0078 3036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:41:04.0203 3036 MSKSSRV - ok

09:41:04.0234 3036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:41:04.0343 3036 MSPCLOCK - ok

09:41:04.0359 3036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:41:04.0468 3036 MSPQM - ok

09:41:04.0531 3036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:41:04.0625 3036 mssmbios - ok

09:41:04.0750 3036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:41:04.0828 3036 Mup - ok

09:41:04.0937 3036 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys

09:41:04.0953 3036 NAL - ok

09:41:05.0328 3036 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:41:05.0468 3036 napagent - ok

09:41:05.0609 3036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:41:05.0718 3036 NDIS - ok

09:41:05.0781 3036 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:41:05.0890 3036 NdisTapi - ok

09:41:05.0968 3036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:41:06.0078 3036 Ndisuio - ok

09:41:06.0109 3036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:41:06.0187 3036 NdisWan - ok

09:41:06.0328 3036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:41:06.0375 3036 NDProxy - ok

09:41:06.0484 3036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:41:06.0578 3036 NetBIOS - ok

09:41:06.0687 3036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:41:06.0828 3036 NetBT - ok

09:41:06.0859 3036 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:41:07.0015 3036 NetDDE - ok

09:41:07.0015 3036 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:41:07.0093 3036 NetDDEdsdm - ok

09:41:07.0171 3036 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:41:07.0453 3036 Netlogon - ok

09:41:07.0640 3036 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:41:07.0718 3036 Netman - ok

09:41:08.0062 3036 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:41:08.0109 3036 NetTcpPortSharing - ok

09:41:08.0406 3036 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:41:08.0453 3036 Nla - ok

09:41:08.0546 3036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:41:08.0640 3036 Npfs - ok

09:41:09.0500 3036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:41:09.0859 3036 Ntfs - ok

09:41:09.0859 3036 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:41:09.0921 3036 NtLmSsp - ok

09:41:10.0000 3036 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:41:10.0093 3036 NtmsSvc - ok

09:41:10.0125 3036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:41:10.0234 3036 Null - ok

09:41:10.0265 3036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:41:10.0359 3036 NwlnkFlt - ok

09:41:10.0421 3036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:41:10.0546 3036 NwlnkFwd - ok

09:41:10.0640 3036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:41:10.0734 3036 Parport - ok

09:41:10.0781 3036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:41:10.0890 3036 PartMgr - ok

09:41:10.0968 3036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:41:11.0078 3036 ParVdm - ok

09:41:11.0140 3036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:41:11.0250 3036 PCI - ok

09:41:11.0265 3036 PCIDump - ok

09:41:11.0296 3036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:41:11.0406 3036 PCIIde - ok

09:41:11.0437 3036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:41:11.0546 3036 Pcmcia - ok

09:41:11.0546 3036 PDCOMP - ok

09:41:11.0546 3036 PDFRAME - ok

09:41:11.0546 3036 PDRELI - ok

09:41:11.0546 3036 PDRFRAME - ok

09:41:11.0546 3036 perc2 - ok

09:41:11.0562 3036 perc2hib - ok

09:41:11.0968 3036 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:41:12.0015 3036 PlugPlay - ok

09:41:12.0015 3036 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:41:12.0109 3036 PolicyAgent - ok

09:41:12.0171 3036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:41:12.0265 3036 PptpMiniport - ok

09:41:12.0281 3036 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:41:12.0328 3036 ProtectedStorage - ok

09:41:12.0437 3036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:41:12.0531 3036 PSched - ok

09:41:12.0593 3036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:41:12.0687 3036 Ptilink - ok

09:41:12.0703 3036 ql1080 - ok

09:41:12.0703 3036 Ql10wnt - ok

09:41:12.0703 3036 ql12160 - ok

09:41:12.0703 3036 ql1240 - ok

09:41:12.0703 3036 ql1280 - ok

09:41:12.0765 3036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:41:12.0828 3036 RasAcd - ok

09:41:12.0859 3036 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:41:12.0968 3036 RasAuto - ok

09:41:13.0015 3036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:41:13.0109 3036 Rasl2tp - ok

09:41:13.0296 3036 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:41:13.0406 3036 RasMan - ok

09:41:13.0453 3036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:41:13.0546 3036 RasPppoe - ok

09:41:13.0546 3036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:41:13.0640 3036 Raspti - ok

09:41:13.0718 3036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:41:13.0812 3036 Rdbss - ok

09:41:13.0828 3036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:41:13.0921 3036 RDPCDD - ok

09:41:14.0062 3036 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:41:14.0250 3036 rdpdr - ok

09:41:14.0390 3036 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

09:41:14.0515 3036 RDPWD - ok

09:41:14.0703 3036 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:41:14.0796 3036 RDSessMgr - ok

09:41:14.0890 3036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:41:15.0000 3036 redbook - ok

09:41:15.0031 3036 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:41:15.0140 3036 RemoteAccess - ok

09:41:15.0218 3036 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

09:41:15.0312 3036 RemoteRegistry - ok

09:41:15.0500 3036 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

09:41:15.0578 3036 RpcLocator - ok

09:41:16.0015 3036 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:41:16.0265 3036 RpcSs - ok

09:41:16.0312 3036 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

09:41:16.0453 3036 RSVP - ok

09:41:16.0500 3036 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:41:16.0656 3036 SamSs - ok

09:41:16.0718 3036 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:41:16.0906 3036 SCardSvr - ok

09:41:17.0015 3036 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:41:17.0234 3036 Schedule - ok

09:41:17.0250 3036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:41:17.0390 3036 Secdrv - ok

09:41:17.0515 3036 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:41:17.0718 3036 seclogon - ok

09:41:17.0765 3036 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:41:17.0890 3036 SENS - ok

09:41:17.0953 3036 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:41:18.0046 3036 serenum - ok

09:41:18.0109 3036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:41:18.0234 3036 Serial - ok

09:41:18.0312 3036 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

09:41:18.0359 3036 SFAUDIO - ok

09:41:18.0468 3036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:41:18.0593 3036 Sfloppy - ok

09:41:18.0953 3036 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:41:19.0140 3036 SharedAccess - ok

09:41:19.0312 3036 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:41:19.0328 3036 ShellHWDetection - ok

09:41:19.0328 3036 Simbad - ok

09:41:19.0671 3036 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe

09:41:19.0671 3036 SkypeUpdate - ok

09:41:19.0671 3036 Sparrow - ok

09:41:19.0718 3036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:41:19.0828 3036 splitter - ok

09:41:19.0921 3036 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:41:20.0015 3036 Spooler - ok

09:41:20.0125 3036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:41:20.0171 3036 sr - ok

09:41:20.0343 3036 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:41:20.0453 3036 srservice - ok

09:41:20.0875 3036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:41:21.0000 3036 Srv - ok

09:41:21.0078 3036 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:41:21.0171 3036 SSDPSRV - ok

09:41:21.0203 3036 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

09:41:21.0203 3036 ssmdrv - ok

09:41:21.0265 3036 Steam Client Service - ok

09:41:21.0671 3036 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:41:21.0843 3036 stisvc - ok

09:41:21.0906 3036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:41:22.0046 3036 swenum - ok

09:41:22.0203 3036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:41:22.0296 3036 swmidi - ok

09:41:22.0296 3036 SwPrv - ok

09:41:22.0296 3036 symc810 - ok

09:41:22.0296 3036 symc8xx - ok

09:41:22.0312 3036 sym_hi - ok

09:41:22.0312 3036 sym_u3 - ok

09:41:22.0437 3036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:41:22.0546 3036 sysaudio - ok

09:41:22.0671 3036 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:41:22.0765 3036 SysmonLog - ok

09:41:22.0921 3036 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:41:22.0984 3036 TapiSrv - ok

09:41:23.0109 3036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:41:23.0171 3036 Tcpip - ok

09:41:23.0187 3036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:41:23.0265 3036 TDPIPE - ok

09:41:23.0281 3036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:41:23.0406 3036 TDTCP - ok

09:41:23.0484 3036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:41:23.0609 3036 TermDD - ok

09:41:24.0062 3036 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:41:24.0140 3036 TermService - ok

09:41:24.0296 3036 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:41:24.0312 3036 Themes - ok

09:41:24.0343 3036 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

09:41:24.0406 3036 TlntSvr - ok

09:41:24.0406 3036 TosIde - ok

09:41:24.0484 3036 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:41:24.0593 3036 TrkWks - ok

09:41:24.0625 3036 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys

09:41:24.0640 3036 TrueSight ( UnsignedFile.Multi.Generic ) - warning

09:41:24.0640 3036 TrueSight - detected UnsignedFile.Multi.Generic (1)

09:41:24.0812 3036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:41:24.0890 3036 Udfs - ok

09:41:24.0890 3036 ultra - ok

09:41:28.0078 3036 UNS (9b229de91d9fbab10cb53f0e1ffab88d) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

09:41:28.0296 3036 UNS - ok

09:41:29.0515 3036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:41:29.0687 3036 Update - ok

09:41:29.0921 3036 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:41:29.0984 3036 upnphost - ok

09:41:30.0015 3036 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:41:30.0078 3036 UPS - ok

09:41:30.0218 3036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:41:30.0343 3036 usbccgp - ok

09:41:30.0406 3036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:41:30.0484 3036 usbehci - ok

09:41:30.0546 3036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:41:30.0625 3036 usbhub - ok

09:41:30.0703 3036 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:41:30.0796 3036 usbstor - ok

09:41:30.0875 3036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:41:30.0968 3036 usbuhci - ok

09:41:31.0000 3036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:41:31.0093 3036 VgaSave - ok

09:41:31.0093 3036 ViaIde - ok

09:41:31.0203 3036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:41:31.0312 3036 VolSnap - ok

09:41:31.0609 3036 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:41:31.0734 3036 VSS - ok

09:41:31.0843 3036 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:41:31.0921 3036 W32Time - ok

09:41:31.0984 3036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:41:32.0078 3036 Wanarp - ok

09:41:32.0078 3036 WDICA - ok

09:41:32.0171 3036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:41:32.0234 3036 wdmaud - ok

09:41:32.0296 3036 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:41:32.0421 3036 WebClient - ok

09:41:33.0109 3036 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

09:41:33.0328 3036 winachsf - ok

09:41:33.0703 3036 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:41:33.0812 3036 winmgmt - ok

09:41:33.0859 3036 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:41:34.0000 3036 WmdmPmSN - ok

09:41:34.0734 3036 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

09:41:34.0843 3036 Wmi - ok

09:41:35.0046 3036 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:41:35.0093 3036 WmiAcpi - ok

09:41:35.0203 3036 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:41:35.0296 3036 WmiApSrv - ok

09:41:36.0375 3036 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:41:36.0828 3036 WMPNetworkSvc - ok

09:41:37.0296 3036 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:41:37.0468 3036 WPFFontCache_v0400 - ok

09:41:38.0390 3036 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:41:38.0468 3036 wscsvc - ok

09:41:38.0531 3036 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:41:38.0625 3036 wuauserv - ok

09:41:38.0906 3036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:41:38.0968 3036 WudfPf - ok

09:41:39.0046 3036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:41:39.0109 3036 WudfRd - ok

09:41:39.0218 3036 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:41:39.0234 3036 WudfSvc - ok

09:41:39.0750 3036 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:41:39.0859 3036 WZCSVC - ok

09:41:39.0890 3036 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:41:39.0968 3036 xmlprov - ok

09:41:39.0984 3036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:41:40.0015 3036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

09:41:40.0015 3036 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

09:41:40.0109 3036 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:41:40.0109 3036 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:41:40.0125 3036 Boot (0x1200) (f393e836a4aa9f83495e47a42f26361a) \Device\Harddisk0\DR0\Partition0

09:41:40.0140 3036 \Device\Harddisk0\DR0\Partition0 - ok

09:41:40.0140 3036 ============================================================

09:41:40.0140 3036 Scan finished

09:41:40.0140 3036 ============================================================

09:41:40.0234 3236 Detected object count: 3

09:41:40.0234 3236 Actual detected object count: 3

09:42:57.0578 3236 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:57.0578 3236 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:59.0796 3236 \Device\Harddisk0\DR0\# - copied to quarantine

09:42:59.0796 3236 \Device\Harddisk0\DR0 - copied to quarantine

09:43:00.0109 3236 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

09:43:00.0343 3236 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

09:43:00.0375 3236 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

09:43:00.0500 3236 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

09:43:00.0593 3236 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

09:43:00.0640 3236 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

09:43:00.0812 3236 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

09:43:00.0843 3236 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

09:43:00.0843 3236 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

09:43:00.0890 3236 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

09:43:00.0906 3236 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

09:43:00.0906 3236 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

09:43:00.0921 3236 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

09:43:00.0937 3236 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

09:43:01.0000 3236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

09:43:01.0078 3236 \Device\Harddisk0\DR0 - ok

09:43:02.0171 3236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

09:43:02.0171 3236 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:43:02.0171 3236 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:43:10.0062 2260 Deinitialize success

Link to post
Share on other sites

TDSSKiller found and cured the rootkit, just run it again and just Delete this one only.

09:43:02.0171 3236 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:43:02.0171 3236 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:43:10.0062 2260 Deinitialize success

------------------------------

Then......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

When i started ComboFix, it was telling me AVG was still active. I uninstalled AVG yesterday and began using Avira. I deleted the last of the AVG files i could find, and proceeded. Now it's giving me this message: Combofix01.jpg

Will it cause any problems if i click Yes?

Link to post
Share on other sites

It's running a lot better then before now. It's not playing the ads anymore, as far as i can tell, and I'm able to connect to google again. Thanks.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.12

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Zack :: ZACK-7EEB1D6426 [administrator]

Protection: Disabled

7/22/2012 11:14:42 AM

mbam-log-2012-07-22 (11-14-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189281

Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.