Jump to content

Recommended Posts

Hi there,

My computer boots up to a black screen. A similar problem happened about a month ago but was solved quickly using the malwarebytes software (and a sound beating of my teenage son :lol:

However, it's back -- although without the popups/etc. that we were seeing last time. Now the screen just goes black after a restart.

I ran the malwarebytes software (log attached). It found two problems and fixed them, but that didn't seem to help.

My Avira anti-virus won't update -- says the scheduler isn't started, and I can't start the scheduler, apparently, in Safe Mode (which is the only way I can use the computer at all). I uninstalled Avira and re-installed with no effect.

I ran Defogger.

I tried to run DDS, but it gets about a minute into the scan and then I get a BSOD. Tried that three times before giving up.

I ran GMER, log attached, but it said it didn't find any problems.

Thanks in advance for any help you can give me.

best

ann

mbam_log_2010_12_12__15_08_09_.zip

Link to post
Share on other sites

Hi Chris,

I did post a MBAM log to my original post.

And I tried to run DDS but it would get about 1/2 way through and then I would get the Blue Screen. That happened three times before I gave up.

Would you like me to try these steps again?

Thanks in advance for all of your help!

best

ann

Link to post
Share on other sites

Sorry - maybe you wanted me to paste it in the message instead of attaching it (the MBAM log). Here it is:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5302

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

12/12/2010 3:08:09 PM

mbam-log-2010-12-12 (15-08-09).txt

Scan type: Quick scan

Objects scanned: 155370

Time elapsed: 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Home\AppData\Local\Temp\FD68.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\Home\AppData\Roaming\microsoft\Windows\start menu\security essentials 2011.lnk (Rogue.SecurityEssentials) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi Chris,

I hope this doesn't have too much stuff that isn't useful -- not sure what to do next.

Here's the MBAM log from this morning (nothing found):

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5317

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

12/15/2010 4:44:11 AM

mbam-log-2010-12-15 (04-44-11).txt

Scan type: Quick scan

Objects scanned: 156161

Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*****

Tried to run DDS again, but got a Blue Screen again.

Can't update Avira -- but I was able to update and run Avast (which I downloaded a few days ago to see if I could get it to run when Avira wouldn't). There doesn't seem to be a way to save logs from Avast (go figure), but here's what it found:

C:\Users\Home\AppData\Local\Temp\WERE53B.tmp.txt

Status: Error: File is offline - it is currently not available (42006)

C:\Users\Home\Desktop\roue\My Music\downloads\00BF5497\Protected_08_22_2006_16_48.10.asf

Status: Threat: WMA:Wimad [Drp]

C:\Users\Home\Desktop\roue\My Music\downloads\00C91A6C\Protected_08_22_2006_16_58_50.asf

Status: Threat: WMA:Wimad [Drp]

C:\Users\Home\Desktop\roue\My Music\downloads\00CA9709\Protected_08_22_2006_16_58_50.asf

Status: Threat: WMA:Wimad [Drp]

When I try to "Move to Chest," the Result is "Error: The handle is invalid (6).

When I try to update Avira, this is what the log says:

Avira AntiVir Personal - Free Antivirus Updater

Complete product update

Creation time: Wed Dec 15 05:03:31 2010

Operating system:

Windows 7 x64 () [6.1.7600] 64 bit

Product information:

Product version: 10.0.0.607

Updater: C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 10.0.0.35

Update resource: C:\Program Files (x86)\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0

Library: C:\Program Files (x86)\Avira\AntiVir Desktop\update.dll 0.1.0.44

Plugin: C:\Program Files (x86)\Avira\AntiVir Desktop\updext.dll 10.0.0.8

GUI: C:\Program Files (x86)\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\

Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\

Installation Directory: C:\Program Files (x86)\Avira\AntiVir Desktop\

Updater folder: C:\Program Files (x86)\Avira\AntiVir Desktop\

AppData folder: C:\ProgramData\Avira\AntiVir Desktop\

Proxy settings:

System settings used

5:03:31 [uPD] [iNFO] Checking whether newer files are available.

5:03:31 [uPD] [iNFO] Select update server 'http://208.111.128.7/update'.

5:03:31 [uPD] [iNFO] Downloading of 'http://208.111.128.7/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

5:03:32 [uPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://208.111.128.7/update/idx/master.idx' failed. Error: A connection with the server could not be established

5:03:32 [uPD] [iNFO] Select update server 'http://208.111.128.6/update'.

5:03:32 [uPD] [iNFO] Downloading of 'http://208.111.128.6/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

5:03:33 [uPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://208.111.128.6/update/idx/master.idx' failed. Error: A connection with the server could not be established

5:03:33 [uPD] [iNFO] Select update server 'http://perspeak.avira-update.com/update'.

5:03:33 [uPD] [iNFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

5:03:34 [uPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: A connection with the server could not be established

5:03:34 [uPDLIB] [ERROR] No additional servers found, the update will be canceled.

5:03:34 [uPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 537.

Summary:

********

0 Files downloaded

0 Files installed

Wed Dec 15 05:03:34 2010

The update failed!

However, while it says it's not finding anything when it scans (using outdated virus definitions), I found the following in my Event Logs:

AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp170762646.tmp

AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp111652806.tmp

AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp201638549.tmp

AntiVir has detected 'TR/Crypt.ZPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp24701800.tmp

AntiVir has detected 'TR/Crypt.ZPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp9155551.tmp

AntiVir has detected 'TR/Crypt.ZPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp171308434.tmp

AntiVir has detected 'TR/Crypt.ZPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp17659153.tmp

AntiVir has detected 'TR/Crypt.ZPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp226041092.tmp

AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp165175847.tmp

AntiVir has detected 'TR/Crypt.ZPACK.Gen' in the file C:\Windows\Temp\_avast5_\unp6178837.tmp

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hi,

I was able to run that scan, fix the problem and generate a log. And I'm even booted up in Normal mode right now -- we'll see how long that lasts.

Here's the log:

2010/12/16 19:29:18.0248 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/16 19:29:18.0248 ================================================================================

2010/12/16 19:29:18.0248 SystemInfo:

2010/12/16 19:29:18.0248

2010/12/16 19:29:18.0248 OS Version: 6.1.7600 ServicePack: 0.0

2010/12/16 19:29:18.0248 Product type: Workstation

2010/12/16 19:29:18.0248 ComputerName: HOME-PC

2010/12/16 19:29:18.0248 UserName: Home

2010/12/16 19:29:18.0248 Windows directory: C:\Windows

2010/12/16 19:29:18.0248 System windows directory: C:\Windows

2010/12/16 19:29:18.0248 Running under WOW64

2010/12/16 19:29:18.0248 Processor architecture: Intel x64

2010/12/16 19:29:18.0248 Number of processors: 3

2010/12/16 19:29:18.0248 Page size: 0x1000

2010/12/16 19:29:18.0248 Boot type: Safe boot with network

2010/12/16 19:29:18.0248 ================================================================================

2010/12/16 19:29:18.0248 Utility is running under WOW64

2010/12/16 19:29:18.0435 Initialize success

2010/12/16 19:29:22.0678 ================================================================================

2010/12/16 19:29:22.0678 Scan started

2010/12/16 19:29:22.0678 Mode: Manual;

2010/12/16 19:29:22.0678 ================================================================================

2010/12/16 19:29:23.0146 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/12/16 19:29:23.0177 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/12/16 19:29:23.0209 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/12/16 19:29:23.0255 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/16 19:29:23.0271 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/16 19:29:23.0302 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/16 19:29:23.0349 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/12/16 19:29:23.0380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/12/16 19:29:23.0396 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/12/16 19:29:23.0427 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/12/16 19:29:23.0443 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/16 19:29:23.0474 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/16 19:29:23.0505 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/12/16 19:29:23.0521 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/16 19:29:23.0552 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/12/16 19:29:23.0583 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/12/16 19:29:23.0630 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/12/16 19:29:23.0645 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/16 19:29:23.0692 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/16 19:29:23.0708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/12/16 19:29:23.0739 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys

2010/12/16 19:29:23.0848 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/12/16 19:29:23.0989 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/12/16 19:29:24.0020 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2010/12/16 19:29:24.0051 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/12/16 19:29:24.0082 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/12/16 19:29:24.0113 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/12/16 19:29:24.0145 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/16 19:29:24.0176 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/16 19:29:24.0191 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/16 19:29:24.0223 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/16 19:29:24.0254 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/12/16 19:29:24.0285 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/16 19:29:24.0301 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/16 19:29:24.0332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/16 19:29:24.0363 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/16 19:29:24.0394 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/16 19:29:24.0425 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/16 19:29:24.0441 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/16 19:29:24.0488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/12/16 19:29:24.0535 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/16 19:29:24.0566 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/12/16 19:29:24.0597 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/12/16 19:29:24.0628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/16 19:29:24.0644 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/16 19:29:24.0675 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/16 19:29:24.0706 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/12/16 19:29:24.0753 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/12/16 19:29:24.0769 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/12/16 19:29:24.0831 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/12/16 19:29:24.0925 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/16 19:29:25.0003 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/12/16 19:29:25.0096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/16 19:29:25.0127 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/12/16 19:29:25.0174 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/12/16 19:29:25.0205 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/12/16 19:29:25.0237 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/16 19:29:25.0268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/12/16 19:29:25.0299 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/12/16 19:29:25.0315 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/16 19:29:25.0330 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/12/16 19:29:25.0377 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/12/16 19:29:25.0393 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/16 19:29:25.0424 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/16 19:29:25.0439 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/16 19:29:25.0486 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/12/16 19:29:25.0517 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/16 19:29:25.0549 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/16 19:29:25.0564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/16 19:29:25.0580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/16 19:29:25.0595 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/16 19:29:25.0627 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/16 19:29:25.0658 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/16 19:29:25.0689 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/12/16 19:29:25.0736 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/16 19:29:25.0751 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/16 19:29:25.0783 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/12/16 19:29:25.0814 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/16 19:29:25.0845 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/12/16 19:29:25.0861 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/16 19:29:25.0892 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/16 19:29:25.0939 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/12/16 19:29:25.0954 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/12/16 19:29:25.0985 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/12/16 19:29:26.0001 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/12/16 19:29:26.0032 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/16 19:29:26.0048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/16 19:29:26.0063 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/16 19:29:26.0095 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/16 19:29:26.0141 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/16 19:29:26.0157 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/12/16 19:29:26.0188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/16 19:29:26.0266 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/16 19:29:26.0297 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/16 19:29:26.0313 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/16 19:29:26.0344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/16 19:29:26.0360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/12/16 19:29:26.0391 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/16 19:29:26.0422 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/16 19:29:26.0453 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/12/16 19:29:26.0469 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/16 19:29:26.0500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/16 19:29:26.0516 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/16 19:29:26.0547 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/12/16 19:29:26.0578 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/12/16 19:29:26.0609 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/16 19:29:26.0641 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/12/16 19:29:26.0672 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/16 19:29:26.0703 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/16 19:29:26.0734 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/16 19:29:26.0765 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/12/16 19:29:26.0797 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/12/16 19:29:26.0843 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/12/16 19:29:26.0859 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/16 19:29:26.0875 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/12/16 19:29:26.0906 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/16 19:29:26.0937 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/16 19:29:26.0953 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/12/16 19:29:26.0999 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/12/16 19:29:27.0015 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/16 19:29:27.0062 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/12/16 19:29:27.0077 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/16 19:29:27.0109 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/12/16 19:29:27.0140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/16 19:29:27.0171 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/12/16 19:29:27.0202 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/16 19:29:27.0233 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/16 19:29:27.0249 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/16 19:29:27.0265 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/16 19:29:27.0296 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/12/16 19:29:27.0327 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/16 19:29:27.0343 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/16 19:29:27.0374 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/16 19:29:27.0405 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/12/16 19:29:27.0467 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/16 19:29:27.0530 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/12/16 19:29:27.0592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/12/16 19:29:27.0608 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/12/16 19:29:27.0639 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/12/16 19:29:27.0655 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/12/16 19:29:27.0686 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/16 19:29:27.0733 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/12/16 19:29:27.0748 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/12/16 19:29:27.0857 PCDSRVC{DF3A5B5B-128783DB-06000000}_0 (6f8432f6ee241034f3295b053007e0c2) c:\program files (x86)\dell support center\hwdiag\bin\pcdsrvc_x64.pkms

2010/12/16 19:29:27.0967 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/12/16 19:29:27.0998 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/16 19:29:28.0013 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/16 19:29:28.0029 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/12/16 19:29:28.0060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/12/16 19:29:28.0185 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/16 19:29:28.0201 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/12/16 19:29:28.0232 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/16 19:29:28.0279 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

2010/12/16 19:29:28.0325 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/16 19:29:28.0372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/16 19:29:28.0388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/16 19:29:28.0419 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/16 19:29:28.0450 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/16 19:29:28.0481 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/16 19:29:28.0528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/16 19:29:28.0559 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/16 19:29:28.0606 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/16 19:29:28.0637 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/16 19:29:28.0653 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/16 19:29:28.0684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/16 19:29:28.0700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/16 19:29:28.0731 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/12/16 19:29:28.0762 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/12/16 19:29:28.0809 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/16 19:29:28.0856 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

2010/12/16 19:29:28.0918 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2010/12/16 19:29:28.0934 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2010/12/16 19:29:28.0965 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/12/16 19:29:28.0981 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/16 19:29:29.0043 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/12/16 19:29:29.0074 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/16 19:29:29.0105 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/12/16 19:29:29.0137 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/16 19:29:29.0183 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/12/16 19:29:29.0199 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/12/16 19:29:29.0230 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/12/16 19:29:29.0246 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/16 19:29:29.0308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/16 19:29:29.0324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/16 19:29:29.0355 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/12/16 19:29:29.0386 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/12/16 19:29:29.0464 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/12/16 19:29:29.0527 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/16 19:29:29.0589 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/16 19:29:29.0620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/16 19:29:29.0667 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/16 19:29:29.0745 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/12/16 19:29:29.0792 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/16 19:29:29.0823 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/16 19:29:29.0854 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/12/16 19:29:29.0870 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/12/16 19:29:29.0885 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/16 19:29:29.0901 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/16 19:29:29.0963 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/16 19:29:29.0979 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/16 19:29:29.0995 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/16 19:29:30.0026 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/16 19:29:30.0057 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/12/16 19:29:30.0088 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/16 19:29:30.0104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/16 19:29:30.0151 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/12/16 19:29:30.0182 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/16 19:29:30.0197 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/16 19:29:30.0229 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/16 19:29:30.0244 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/16 19:29:30.0291 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/16 19:29:30.0307 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/16 19:29:30.0353 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2010/12/16 19:29:30.0385 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/16 19:29:30.0431 USBTINSP (c44d96b1cdde705b23f55ab423cca73d) C:\Windows\system32\DRIVERS\tinspusb.sys

2010/12/16 19:29:30.0447 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/16 19:29:30.0494 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/12/16 19:29:30.0525 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/16 19:29:30.0556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/12/16 19:29:30.0587 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/12/16 19:29:30.0650 VIAHdAudAddService (a6cf4aaaa85ec6f655c9922593e407ab) C:\Windows\system32\drivers\viahduaa.sys

2010/12/16 19:29:30.0681 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/12/16 19:29:30.0697 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/12/16 19:29:30.0743 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/12/16 19:29:30.0775 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/12/16 19:29:30.0806 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/16 19:29:30.0821 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/12/16 19:29:30.0868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/16 19:29:30.0899 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/16 19:29:30.0915 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/16 19:29:30.0962 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/12/16 19:29:30.0993 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/16 19:29:31.0071 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/16 19:29:31.0102 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

2010/12/16 19:29:31.0118 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/12/16 19:29:31.0196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/12/16 19:29:31.0243 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/16 19:29:31.0305 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

2010/12/16 19:29:31.0430 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/12/16 19:29:31.0445 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/16 19:29:31.0508 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/16 19:29:31.0508 ================================================================================

2010/12/16 19:29:31.0508 Scan finished

2010/12/16 19:29:31.0508 ================================================================================

2010/12/16 19:29:31.0539 Detected object count: 1

2010/12/16 19:29:39.0713 \HardDisk0 - will be cured after reboot

2010/12/16 19:29:39.0713 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/16 19:29:50.0244 Deinitialize success

Link to post
Share on other sites

Thanks again Chris.

Here's the ComboFix log

ComboFix 10-12-17.02 - Home 12/18/2010 8:12.1.3 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4268 [GMT -5:00]

Running from: c:\users\Home\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Search Toolbar

c:\program files (x86)\Search Toolbar\icon.ico

c:\program files (x86)\Search Toolbar\SearchToolbar.dll

c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\system32\jusched.exe

c:\windows\SysWow64\jusched.exe

.

((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))

.

2010-12-18 13:15 . 2010-12-18 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-17 18:40 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FED2AAF5-40C2-4B0C-85E8-5AED5D934219}\mpengine.dll

2010-12-17 12:32 . 2010-12-17 13:03 -------- d-----w- C:\MGtools

2010-12-16 20:49 . 2010-12-16 20:49 -------- d-----w- c:\windows\Sun

2010-12-16 12:07 . 2010-12-16 12:07 -------- d-----w- c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com

2010-12-16 12:07 . 2010-12-16 12:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-12-16 12:07 . 2010-12-16 12:07 -------- d-----w- c:\programdata\!SASCORE

2010-12-16 12:07 . 2010-12-16 12:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-13 21:31 . 2010-12-13 21:31 -------- d-----w- c:\users\Home\AppData\Roaming\Template

2010-12-12 21:25 . 2010-12-16 11:27 -------- d-----w- c:\programdata\Alwil Software

2010-12-12 21:25 . 2010-12-12 21:25 -------- d-----w- c:\program files\Alwil Software

2010-12-12 20:37 . 2010-12-12 20:37 -------- d-----w- c:\users\Home\AppData\Roaming\Avira

2010-12-12 20:36 . 2010-12-12 20:36 -------- d-----w- c:\programdata\Avira

2010-12-12 20:36 . 2010-12-12 20:36 -------- d-----w- c:\program files (x86)\Avira

2010-12-12 20:36 . 2010-11-30 23:13 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-12 20:36 . 2010-11-30 23:13 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-10 00:11 . 2010-12-12 20:42 -------- d-----w- c:\users\Home\AppData\Local\Unity

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-17 13:03 . 2010-12-16 13:12 205172 ----a-w- C:\MGlogs.zip

2010-11-29 22:42 . 2010-11-18 00:48 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-29 22:42 . 2010-11-18 00:48 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 15:41 . 2010-11-10 23:22 270720 ------w- c:\windows\system32\MpSigStub.exe

2010-09-25 22:22 . 2010-09-25 22:22 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-25 22:22 . 2010-09-25 22:22 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2010-09-25 22:22 . 2010-09-25 22:22 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2010-09-25 22:22 . 2010-09-25 22:22 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\vdeck.exe" [2009-07-28 2243584]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 136176]

R3 dump_wmimmc;dump_wmimmc;c:\ynk\ROHAN_Blood_Feud_Hero\GameGuard\dump_wmimmc.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]

R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-15 203264]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]

S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-03-28 567280]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-25 1224704]

.

Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 01:34]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 01:34]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dlbkbmgr.exe"="c:\program files (x86)\Dell AIO Printer A920\dlbkbmgr.exe" [2007-03-28 275952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2009-11-24 18160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50370

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3prhx330.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=10-07-2010&tb_mrud=10-07-2010

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-12-18 08:17:03

ComboFix-quarantined-files.txt 2010-12-18 13:17

Pre-Run: 559,080,460,288 bytes free

Post-Run: 558,959,587,328 bytes free

- - End Of File - - 78857059BE9A12BB65C894A1E35D35A6

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi Chris,

Here are the results from ESET, one threat found and cleaned:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-12-23 11:39:50

# local_time=2010-12-23 06:39:50 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 874296 874296 0 0

# compatibility_mode=1797 16774141 100 94 877213 28739560 0 0

# compatibility_mode=5893 16776573 100 94 0 44689661 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=114495

# found=1

# cleaned=1

# scan_time=1379

C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3prhx330.default\extensions\searchtoolbar@zugo.com\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of your Security Check:

Results of screen317's Security Check version 0.99.8

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 17

Out of date Java installed!

Adobe Flash Player 10.1.53.64

Adobe Reader 9.3.4

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.9)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Just to be comprehensive, I updated Adobe Reader and uninstalled the outdated Java and updated it. Here's the new log from Security Check:

Results of screen317's Security Check version 0.99.8

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 23

Adobe Flash Player 10.1.53.64

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.9)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

It still says I have an out of date Adobe Reader; don't know why.

But Avira is *finally* able to download updates, which was the last problem remaining.

I think I'm good now -- what should I do next to clean up?

thanks so much for your help!!

ann

Link to post
Share on other sites

  • Staff

Hi Ann,

The latest version of Adobe Reader is Adobe Reader X. Yours is out of date.

Get the latest version from here:

http://get.adobe.com/reader

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Restart your computer and let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.