Jump to content

Recommended Posts

Hi,

Please Help me get rid of wmpscfgs.exe, it pops up everytime I restart.

Who knows what else is wrong, I had the 2010 Defender virus a few months ago, I think it's all gone, that led me to purchasing Malwarebytes.

Thank you in advance for your help.

When I use Defogger and click disable, and then click ok, it never gave me the prompt to restart, it just gives me the option to Enable or Disable, still.

I used GMER and it "found no system modifications", so no file attached to this post from GMER.

Also, I don't know what a Script Blocker is, I don't think I have one.

Attach.zip

Defogger

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 15:26 on 29/07/2010 (Administrator)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

MBAM LOG

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4368

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

7/29/2010 3:21:34 PM

mbam-log-2010-07-29 (15-21-34).txt

Scan type: Quick scan

Objects scanned: 145446

Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

DDS (Ver_10-03-17.01) - NTFSX64

Run by Administrator at 15:27:16.09 on Thu 07/29/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20

Microsoft

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello, thank you for your reply.

I updated MBAM and here is the log. I tried to use Combofix, but it said my system in incompatible. I use Vista 64-bit. I don't know if you still want DDS log without the Combofix.txt, but here it is anyway.

MBAM LOG

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4416

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

8/10/2010 4:00:23 PM

mbam-log-2010-08-10 (16-00-23).txt

Scan type: Quick scan

Objects scanned: 147824

Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS LOG

DDS (Ver_10-03-17.01) - NTFSX64

Run by Administrator at 16:29:40.57 on Tue 08/10/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20

Microsoft

Link to post
Share on other sites

  • Staff

Hi,

Download this Registry Search by Bobbi Flekman, save it, and extract regsearch.exe to the Desktop. You will use it in a moment.

Doubleclick regsearch.exe to start it. In the top window, enter wmpscfgs as the search string on the first line. Make sure all the option boxes are checked, and click "Ok". Notepad will be opened with text in it (the file will be saved to the Desktop as well as RegSearch.txt). Post this text in your next reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-screen317

Link to post
Share on other sites

Hi,

I was not able to use ESET with IE, it froze every time and quit. It never promted me to allow ActiveX control to install. But ESET is compatible with Firefox after a download, so I used FF, I hope that is OK.

regsearch

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman

Link to post
Share on other sites

Hi,

Malwarebytes is still having me Quarantine it.

SystemLook

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 11:02 on 15/08/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "wmpscfgs"

No files found.

========== regfind ==========

Searching for "wmpscfgs"

No data found.

-=End Of File=-

Link to post
Share on other sites

Hi,

I rarely restart my comp, maybe once a week, Malwarebytes only finds it when I restart, and has me Quarantine it. Should I run the quick scan right after a restart, before it has been Quarantined?

LOG

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4447

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

8/18/2010 2:35:47 PM

mbam-log-2010-08-18 (14-35-47).txt

Scan type: Quick scan

Objects scanned: 147361

Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi,

So I've scanned many ways; after a restart before MB tells me to quarantine, when MB asks me to quarantine, and after MB tells me to quarantine it and I hit ignore instead of quarantining it.

It's always found here when I get the popup to quarantine it,

C:\program files (x86)\internet explorer\wmpscfgs.exe

(Trojan.Agent)

LOG same as always

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4450

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

8/19/2010 3:11:25 PM

mbam-log-2010-08-19 (15-11-25).txt

Scan type: Quick scan

Objects scanned: 146900

Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi,

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: EVGA

BIOS Manufacturer: Phoenix Technologies, LTD

System Manufacturer: EVGA

System Product Name: 132-CK-NF78

Logical Drives Mask: 0x0001001c

Kernel Drivers (total 147):

0x01E08000 \SystemRoot\system32\ntoskrnl.exe

0x0231F000 \SystemRoot\system32\hal.dll

0x00606000 \SystemRoot\system32\kdcom.dll

0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x0064B000 \SystemRoot\system32\PSHED.dll

0x0065F000 \SystemRoot\system32\CLFS.SYS

0x006BC000 \SystemRoot\system32\CI.dll

0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008EE000 \SystemRoot\system32\drivers\acpi.sys

0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS

0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys

0x00957000 \SystemRoot\system32\drivers\pci.sys

0x00987000 \SystemRoot\System32\drivers\partmgr.sys

0x0099C000 \SystemRoot\system32\drivers\volmgr.sys

0x0076E000 \SystemRoot\System32\drivers\volmgrx.sys

0x009B0000 \SystemRoot\system32\drivers\pciide.sys

0x009B7000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x009C7000 \SystemRoot\System32\drivers\mountmgr.sys

0x009DA000 \SystemRoot\system32\drivers\atapi.sys

0x007D4000 \SystemRoot\system32\drivers\ataport.SYS

0x009E2000 \SystemRoot\system32\drivers\nvstor.sys

0x00A0A000 \SystemRoot\system32\drivers\storport.sys

0x00A67000 \SystemRoot\system32\drivers\fltmgr.sys

0x00AAE000 \SystemRoot\system32\drivers\fileinfo.sys

0x00AC2000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00C0B000 \SystemRoot\system32\drivers\ndis.sys

0x00B49000 \SystemRoot\system32\drivers\msrpc.sys

0x00B99000 \SystemRoot\system32\drivers\NETIO.SYS

0x00E08000 \SystemRoot\System32\drivers\tcpip.sys

0x00F7E000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01006000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01186000 \SystemRoot\system32\drivers\wd.sys

0x0118E000 \SystemRoot\system32\drivers\volsnap.sys

0x011D2000 \SystemRoot\System32\Drivers\spldr.sys

0x011DA000 \SystemRoot\System32\Drivers\mup.sys

0x00FAA000 \SystemRoot\System32\drivers\ecache.sys

0x011EC000 \SystemRoot\system32\drivers\disk.sys

0x00DCE000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x00FD6000 \SystemRoot\system32\drivers\crcdisk.sys

0x03413000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03420000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x03429000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0360A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x03F7D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x0343C000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03F7F000 \SystemRoot\System32\drivers\watchdog.sys

0x03F8F000 \SystemRoot\system32\DRIVERS\fdc.sys

0x03F9C000 \SystemRoot\system32\DRIVERS\serial.sys

0x03FB9000 \SystemRoot\system32\DRIVERS\serenum.sys

0x03FC5000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x03FDB000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03FE9000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x0351F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03565000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03581000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x03593000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x04000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04207000 \SystemRoot\system32\DRIVERS\nvm60x64.sys

0x04327000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x04360000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x0436D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04390000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x0439C000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x043CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x043DD000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x040ED000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04105000 \SystemRoot\system32\DRIVERS\termdd.sys

0x04118000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x043FB000 \SystemRoot\system32\DRIVERS\swenum.sys

0x04124000 \SystemRoot\system32\DRIVERS\ks.sys

0x04158000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04163000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04173000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x041BB000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04606000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x04732000 \SystemRoot\system32\drivers\portcls.sys

0x0476D000 \SystemRoot\system32\drivers\drmk.sys

0x04790000 \SystemRoot\system32\drivers\ksthunk.sys

0x04796000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x047A0000 \SystemRoot\System32\Drivers\Null.SYS

0x047B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x047BC000 \SystemRoot\System32\drivers\vga.sys

0x047CA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x047EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x047A9000 \SystemRoot\system32\drivers\rdpencdd.sys

0x041CF000 \SystemRoot\System32\Drivers\Msfs.SYS

0x041DA000 \SystemRoot\System32\Drivers\Npfs.SYS

0x041EB000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x035A3000 \SystemRoot\system32\DRIVERS\tdx.sys

0x035C0000 \SystemRoot\system32\DRIVERS\smb.sys

0x0480E000 \SystemRoot\system32\drivers\afd.sys

0x04879000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04882000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04894000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04896000 \SystemRoot\System32\DRIVERS\netbt.sys

0x048DA000 \SystemRoot\system32\DRIVERS\pacer.sys

0x048F8000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04903000 \SystemRoot\system32\DRIVERS\tmlwf.sys

0x04938000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04947000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04962000 \SystemRoot\system32\DRIVERS\tmtdi.sys

0x0497F000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x049CC000 \SystemRoot\system32\drivers\nsiproxy.sys

0x049D8000 \SystemRoot\System32\Drivers\dfsc.sys

0x035DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x00FE0000 \SystemRoot\system32\drivers\usbaudio.sys

0x04A03000 \SystemRoot\system32\DRIVERS\udfs.sys

0x04A51000 \SystemRoot\System32\Drivers\crashdmp.sys

0x04A5F000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x04A69000 \SystemRoot\System32\Drivers\dump_nvstor.sys

0x000F0000 \SystemRoot\System32\win32k.sys

0x04A79000 \SystemRoot\System32\drivers\Dxapi.sys

0x04A85000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004F0000 \SystemRoot\System32\TSDDD.dll

0x00640000 \SystemRoot\System32\cdd.dll

0x04A98000 \SystemRoot\system32\drivers\luafv.sys

0x04ABA000 \SystemRoot\system32\DRIVERS\tmpreflt.sys

0x08603000 \SystemRoot\system32\DRIVERS\vsapint.sys

0x04AC9000 \SystemRoot\system32\DRIVERS\tmxpflt.sys

0x087F0000 \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys

0x04B20000 \SystemRoot\system32\drivers\spsys.sys

0x04BBA000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x08C04000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x08C38000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x08C43000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x08C5B000 \SystemRoot\system32\drivers\HTTP.sys

0x08CFE000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x08D27000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x08D32000 \SystemRoot\system32\DRIVERS\bowser.sys

0x08D50000 \SystemRoot\System32\drivers\mpsdrv.sys

0x08D6A000 \SystemRoot\system32\drivers\mrxdav.sys

0x08D91000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x09602000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0964B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0966A000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0969C000 \SystemRoot\System32\DRIVERS\srv.sys

0x09731000 \SystemRoot\system32\drivers\peauth.sys

0x097E7000 \SystemRoot\System32\Drivers\secdrv.SYS

0x08000000 \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys

0x080B5000 \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys

0x08100000 \SystemRoot\System32\drivers\tcpipreg.sys

0x09A04000 \SystemRoot\system32\DRIVERS\tmwfp.sys

0x09BC3000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys

0x09BCE000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x09BEA000 \??\C:\Windows\system32\drivers\mbam.sys

0x779F0000 \Windows\System32\ntdll.dll

Processes (total 58):

0 System Idle Process

4 System

496 C:\Windows\System32\smss.exe

572 csrss.exe

616 C:\Windows\System32\wininit.exe

636 csrss.exe

672 C:\Windows\System32\services.exe

700 C:\Windows\System32\winlogon.exe

728 C:\Windows\System32\lsass.exe

740 C:\Windows\System32\lsm.exe

880 C:\Windows\System32\svchost.exe

964 C:\Windows\System32\nvvsvc.exe

992 C:\Windows\System32\svchost.exe

548 C:\Windows\System32\svchost.exe

12 C:\Windows\System32\svchost.exe

560 C:\Windows\System32\svchost.exe

432 C:\Windows\System32\audiodg.exe

976 C:\Windows\System32\SLsvc.exe

1060 C:\Windows\System32\svchost.exe

1164 C:\Windows\System32\svchost.exe

1424 C:\Windows\System32\rundll32.exe

1536 C:\Windows\System32\spoolsv.exe

1636 C:\Windows\System32\svchost.exe

1740 C:\Windows\System32\taskeng.exe

1768 C:\Windows\System32\dwm.exe

1884 C:\Windows\explorer.exe

1984 C:\Windows\System32\taskeng.exe

1480 C:\Windows\RAVCpl64.exe

2132 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

2152 C:\Windows\System32\rundll32.exe

2160 C:\Program Files\Windows Sidebar\sidebar.exe

2168 C:\Windows\ehome\ehtray.exe

2188 C:\Windows\ehome\ehmsas.exe

2224 C:\Program Files (x86)\WinZip\WZQKPICK.EXE

2252 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

2276 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

2820 C:\Windows\SysWOW64\PnkBstrA.exe

2832 C:\Windows\System32\svchost.exe

2940 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

332 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

1360 C:\Windows\System32\svchost.exe

888 C:\Windows\System32\svchost.exe

2392 C:\Windows\System32\SearchIndexer.exe

368 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

2816 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

3400 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

3912 C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

3924 C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

924 C:\Program Files\Trend Micro\BM\TMBMSRV.exe

4616 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

4928 C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe

4892 C:\Program Files (x86)\Skype\Phone\Skype.exe

4328 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

2936 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

2676 C:\Windows\System32\SearchProtocolHost.exe

4904 C:\Windows\System32\SearchFilterHost.exe

2788 C:\Users\Administrator\Desktop\MBRCheck.exe

5112 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\Q: --> error 5

PhysicalDrive0 Model Number: HitachiHDP725032GLA, Rev: GM3O

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hello,

2010/08/21 19:10:00.0388 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23

2010/08/21 19:10:00.0388 ================================================================================

2010/08/21 19:10:00.0388 SystemInfo:

2010/08/21 19:10:00.0388

2010/08/21 19:10:00.0388 OS Version: 6.0.6002 ServicePack: 2.0

2010/08/21 19:10:00.0388 Product type: Workstation

2010/08/21 19:10:00.0388 ComputerName: SOULEN-PC

2010/08/21 19:10:00.0388 UserName: Administrator

2010/08/21 19:10:00.0388 Windows directory: C:\Windows

2010/08/21 19:10:00.0388 System windows directory: C:\Windows

2010/08/21 19:10:00.0388 Running under WOW64

2010/08/21 19:10:00.0388 Processor architecture: Intel x64

2010/08/21 19:10:00.0388 Number of processors: 2

2010/08/21 19:10:00.0388 Page size: 0x1000

2010/08/21 19:10:00.0388 Boot type: Normal boot

2010/08/21 19:10:00.0388 ================================================================================

2010/08/21 19:10:00.0388 Utility is running under WOW64, functionality is limited.

2010/08/21 19:10:00.0918 Initialize success

2010/08/21 19:10:04.0849 ================================================================================

2010/08/21 19:10:04.0849 Scan started

2010/08/21 19:10:04.0849 Mode: Manual;

2010/08/21 19:10:04.0849 ================================================================================

2010/08/21 19:10:07.0517 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/08/21 19:10:08.0157 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/08/21 19:10:09.0171 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/08/21 19:10:10.0091 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/08/21 19:10:10.0793 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/08/21 19:10:13.0039 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/08/21 19:10:13.0695 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/08/21 19:10:14.0599 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/08/21 19:10:15.0395 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/08/21 19:10:16.0019 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/08/21 19:10:16.0659 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/08/21 19:10:17.0797 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/08/21 19:10:18.0141 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/08/21 19:10:19.0825 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/08/21 19:10:20.0871 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2010/08/21 19:10:22.0680 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/08/21 19:10:23.0070 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/08/21 19:10:23.0585 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/08/21 19:10:23.0913 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/08/21 19:10:24.0693 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/08/21 19:10:25.0176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/08/21 19:10:25.0457 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/08/21 19:10:25.0987 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/08/21 19:10:26.0487 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/08/21 19:10:27.0516 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/08/21 19:10:28.0296 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/08/21 19:10:29.0326 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2010/08/21 19:10:29.0575 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/08/21 19:10:31.0666 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/08/21 19:10:32.0368 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2010/08/21 19:10:33.0007 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/08/21 19:10:34.0099 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/08/21 19:10:35.0691 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/08/21 19:10:35.0800 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

2010/08/21 19:10:35.0925 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/08/21 19:10:35.0987 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/08/21 19:10:36.0127 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/08/21 19:10:36.0315 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/08/21 19:10:36.0377 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/08/21 19:10:36.0455 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/08/21 19:10:36.0595 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/08/21 19:10:36.0658 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/08/21 19:10:36.0907 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/08/21 19:10:37.0017 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/08/21 19:10:37.0079 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/08/21 19:10:37.0251 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/08/21 19:10:37.0282 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/08/21 19:10:37.0313 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/08/21 19:10:37.0391 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/08/21 19:10:37.0500 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/08/21 19:10:37.0547 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/08/21 19:10:37.0609 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/08/21 19:10:37.0672 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/08/21 19:10:37.0797 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/08/21 19:10:37.0843 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2010/08/21 19:10:37.0890 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/08/21 19:10:37.0953 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/08/21 19:10:38.0077 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/08/21 19:10:38.0187 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/08/21 19:10:38.0265 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/08/21 19:10:38.0311 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/08/21 19:10:38.0421 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/08/21 19:10:38.0499 IntcAzAudAddService (bb9ddf61538f2822486f4d0fc0e65c1d) C:\Windows\system32\drivers\RTKVHD64.sys

2010/08/21 19:10:38.0577 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/08/21 19:10:38.0670 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/08/21 19:10:38.0748 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/08/21 19:10:38.0842 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/08/21 19:10:38.0889 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/08/21 19:10:38.0951 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/08/21 19:10:38.0998 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/08/21 19:10:39.0060 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/08/21 19:10:39.0123 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/08/21 19:10:39.0185 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/08/21 19:10:39.0247 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/08/21 19:10:39.0310 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/08/21 19:10:39.0372 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/08/21 19:10:39.0450 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/08/21 19:10:39.0559 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/08/21 19:10:39.0871 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/08/21 19:10:39.0949 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/08/21 19:10:39.0996 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/08/21 19:10:40.0074 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/08/21 19:10:40.0137 MBAMProtector (e330051cce41eb4522e5dcebc15adcea) C:\Windows\system32\drivers\mbam.sys

2010/08/21 19:10:40.0199 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/08/21 19:10:40.0324 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/08/21 19:10:40.0542 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/08/21 19:10:40.0683 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/08/21 19:10:40.0776 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/08/21 19:10:40.0963 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/08/21 19:10:41.0010 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/08/21 19:10:41.0104 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/08/21 19:10:41.0135 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/08/21 19:10:41.0229 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/08/21 19:10:41.0509 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/08/21 19:10:41.0619 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/08/21 19:10:41.0697 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/08/21 19:10:41.0728 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/08/21 19:10:41.0775 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2010/08/21 19:10:41.0821 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/08/21 19:10:41.0899 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/08/21 19:10:41.0962 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/08/21 19:10:42.0055 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/08/21 19:10:42.0087 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/08/21 19:10:42.0118 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/08/21 19:10:42.0149 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/08/21 19:10:42.0211 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/08/21 19:10:42.0227 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/08/21 19:10:42.0274 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/08/21 19:10:42.0367 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/08/21 19:10:42.0414 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/08/21 19:10:42.0477 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/08/21 19:10:42.0508 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/08/21 19:10:42.0601 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/08/21 19:10:42.0633 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/08/21 19:10:42.0679 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/08/21 19:10:42.0773 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/08/21 19:10:42.0929 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/08/21 19:10:42.0991 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/08/21 19:10:43.0163 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/08/21 19:10:43.0225 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/08/21 19:10:43.0288 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/08/21 19:10:43.0381 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys

2010/08/21 19:10:43.0647 nvlddmkm (a7d554c55c7855b9e766be5cbd114499) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/08/21 19:10:43.0849 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/08/21 19:10:43.0881 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/08/21 19:10:43.0943 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/08/21 19:10:44.0021 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/08/21 19:10:44.0208 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/08/21 19:10:44.0255 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/08/21 19:10:44.0317 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/08/21 19:10:44.0364 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

2010/08/21 19:10:44.0458 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/08/21 19:10:44.0520 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/08/21 19:10:44.0692 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/08/21 19:10:44.0770 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/08/21 19:10:44.0879 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/08/21 19:10:44.0941 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/08/21 19:10:44.0988 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/08/21 19:10:45.0035 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/08/21 19:10:45.0144 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/08/21 19:10:45.0207 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/08/21 19:10:45.0269 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/08/21 19:10:45.0316 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/08/21 19:10:45.0378 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/08/21 19:10:45.0441 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/08/21 19:10:45.0503 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/08/21 19:10:45.0550 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/08/21 19:10:45.0597 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/08/21 19:10:45.0690 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/08/21 19:10:45.0799 rt61x64 (5020d8b04e39ec876d5943d3b6d1f04d) C:\Windows\system32\DRIVERS\netr6164.sys

2010/08/21 19:10:45.0877 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/08/21 19:10:45.0955 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/08/21 19:10:46.0018 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

2010/08/21 19:10:46.0096 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

2010/08/21 19:10:46.0143 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/08/21 19:10:46.0236 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/08/21 19:10:46.0267 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/08/21 19:10:46.0299 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/08/21 19:10:46.0377 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/08/21 19:10:46.0455 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/08/21 19:10:46.0501 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/08/21 19:10:46.0564 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/08/21 19:10:46.0673 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/08/21 19:10:46.0751 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys

2010/08/21 19:10:46.0798 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys

2010/08/21 19:10:46.0845 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys

2010/08/21 19:10:47.0001 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/08/21 19:10:47.0079 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/08/21 19:10:47.0110 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/08/21 19:10:47.0141 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/08/21 19:10:47.0250 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/08/21 19:10:47.0344 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/08/21 19:10:47.0406 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/08/21 19:10:47.0469 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/08/21 19:10:47.0500 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/08/21 19:10:47.0547 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/08/21 19:10:47.0687 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/08/21 19:10:47.0796 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys

2010/08/21 19:10:47.0921 tmpreflt (ee0d3cb7368bf08ff5610dd62990e62e) C:\Windows\system32\DRIVERS\tmpreflt.sys

2010/08/21 19:10:47.0968 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys

2010/08/21 19:10:48.0015 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys

2010/08/21 19:10:48.0124 tmxpflt (850db5e4b0c840c1ede013ac9838f1eb) C:\Windows\system32\DRIVERS\tmxpflt.sys

2010/08/21 19:10:48.0202 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/08/21 19:10:48.0264 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/08/21 19:10:48.0311 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/08/21 19:10:48.0389 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/08/21 19:10:48.0451 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/08/21 19:10:48.0514 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/08/21 19:10:48.0561 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/08/21 19:10:48.0592 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/08/21 19:10:48.0670 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/08/21 19:10:48.0701 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/08/21 19:10:48.0779 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

2010/08/21 19:10:48.0841 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/08/21 19:10:48.0935 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/08/21 19:10:48.0982 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

2010/08/21 19:10:49.0044 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/08/21 19:10:49.0091 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

2010/08/21 19:10:49.0169 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

2010/08/21 19:10:49.0200 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/08/21 19:10:49.0247 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/08/21 19:10:49.0372 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/08/21 19:10:49.0434 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/08/21 19:10:49.0481 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/08/21 19:10:49.0543 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/08/21 19:10:49.0606 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/08/21 19:10:49.0715 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/08/21 19:10:49.0793 vsapint (6a42451b220ac2eaeb3524200c3b8acc) C:\Windows\system32\DRIVERS\vsapint.sys

2010/08/21 19:10:49.0855 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/08/21 19:10:49.0980 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/08/21 19:10:50.0027 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/21 19:10:50.0043 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/21 19:10:50.0105 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/08/21 19:10:50.0261 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/08/21 19:10:50.0542 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2010/08/21 19:10:50.0635 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/08/21 19:10:50.0713 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/08/21 19:10:50.0869 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/08/21 19:10:50.0979 ================================================================================

2010/08/21 19:10:50.0979 Scan finished

2010/08/21 19:10:50.0979 ================================================================================

Link to post
Share on other sites

Hi,

I'm not Sure how much of the Logs folder you want, there are 147 of them, every single day since march, when I bought Malwarebytes. Here is what 95% of them look like, taken from today's log.

14:34:41 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:41 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:49 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:49 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:49 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:49 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:50 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:51 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:51 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:51 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

14:34:51 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

15:00:00 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

16:00:00 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

17:00:00 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent DENY

Link to post
Share on other sites

  • Staff

Hi,

Try this please:

Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.

Navigate to File --> Save As..., and save the file as fix1.bat (make sure the Save As Type is set to All Files).

Save it to your Desktop.

@echo off
net stop SysMain
sc config SysMain start= disabled
shutdown -r -t 00

Now navigate to your Desktop, and double click fix1.bat

A black window will open and close quickly. This is normal.

Your computer will restart.

After it does, please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.

Navigate to File --> Save As..., and save the file as fix2.bat (make sure the Save As Type is set to All Files).

Save it to your Desktop.

@echo off
del /f /q /a /s "%windir%\Prefetch"
sc config SysMain start= auto
net start SysMain

Now navigate to your Desktop, and double click fix2.bat

A black window will open and close quickly. This is normal.

Restart your computer and see if you still get the detection.

Link to post
Share on other sites

Hi,

Yes I still got the detection right on schedule at 16:00.

Oh, I just realized that this is what the protection log file looks like when I get the detection and select Quarantine.

Protection Log at time of detection:

16:00:06 Administrator DETECTION C:\program files (x86)\internet explorer\wmpscfgs.exe Trojan.Agent QUARANTINE

16:00:07 Administrator ERROR Quarantine failed: UtilityReadFile failed with error code 2

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.