Jump to content

svchost.exe infected plz help


Recommended Posts

i m using malwarebytes antimalware pro with kaspersky internet security 2010 licened

i m in lan network!

from last 15 days malwarebytes antomalware showing warning that IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 50181, Process: svchost.exe)

i read all topics from this site and followed them but no use finaly i formated my win 7 but still same problem plz help here is my combofix and tdskill log

plz plz help me as soon as possible i m wating for reply

combofixlog.txt

TDSSKiller.2.5.8.0_30.06.2011_19.33.41_log.txt

Link to post
Share on other sites

ComboFix 11-07-01.02 - admin 07/02/2011 16:11:35.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2045.1482 [GMT 5.5:30]

Running from: c:\users\admin\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))

.

.

2011-07-02 10:45 . 2011-07-02 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-02 10:30 . 2011-06-28 13:43 1448752 ----a-w- C:\TDSSKiller.exe

2011-07-02 06:51 . 2011-06-20 03:27 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB2F956-B362-468F-9FC1-C5EC61AE7ACF}\mpengine.dll

2011-07-02 06:51 . 2011-05-24 13:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-07-01 17:27 . 2011-07-01 17:27 34064 ----a-w- c:\windows\system32\lhacm.acm

2011-07-01 17:27 . 2011-07-01 17:28 -------- d-----w- c:\program files\Teamspeak2_RC2

2011-06-30 21:56 . 2011-06-30 08:33 -------- d-----w- c:\windows\Panther

2011-06-30 21:56 . 2011-06-30 21:56 -------- d-----w- C:\Boot

2011-06-30 18:26 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-30 18:26 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-06-30 18:26 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-30 18:26 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-30 18:26 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-30 18:26 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-06-30 18:26 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-06-30 18:26 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-06-30 18:26 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-06-30 18:26 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-30 18:26 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll

2011-06-30 18:26 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll

2011-06-30 18:26 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-30 17:08 . 2011-06-30 17:08 -------- d-----w- c:\program files\Anti CSDoS by Shocker

2011-06-30 17:08 . 2006-01-31 10:57 126464 ----a-w- c:\windows\system32\madCHook.dll

2011-06-30 13:46 . 2008-01-16 01:10 86016 ----a-w- c:\windows\SoundMan.exe

2011-06-30 13:46 . 2008-01-16 01:10 9715200 ----a-w- c:\windows\RTLCPL.exe

2011-06-30 13:46 . 2008-01-16 01:10 4609024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-06-30 13:46 . 2008-01-16 01:10 16384512 ----a-w- c:\windows\RTHDCPL.exe

2011-06-30 12:55 . 2011-06-30 12:58 -------- d-----w- c:\program files\Valve

2011-06-30 12:54 . 2011-06-30 12:54 -------- d-----w- c:\program files\Common Files\InstallShield

2011-06-30 10:52 . 2011-06-30 14:10 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-06-30 10:30 . 2011-06-30 10:31 -------- d-----w- c:\programdata\WinZip

2011-06-30 10:24 . 2011-06-30 10:24 -------- d-----w- c:\program files\uTorrent

2011-06-30 09:58 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2011-06-30 09:58 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll

2011-06-30 09:56 . 2011-06-30 09:56 -------- d-----w- c:\windows\PCHEALTH

2011-06-30 09:56 . 2011-06-30 09:56 -------- d-----w- c:\program files\Microsoft.NET

2011-06-30 09:53 . 2011-06-30 09:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-06-30 09:52 . 2011-06-30 10:00 -------- d-----w- c:\programdata\Microsoft Help

2011-06-30 09:49 . 2011-06-30 09:49 -------- d-----r- C:\MSOCache

2011-06-30 09:36 . 2011-06-30 09:36 -------- d-----w- c:\program files\DC++

2011-06-30 09:26 . 2011-06-30 10:44 -------- d-----w- c:\programdata\NVIDIA

2011-06-30 09:26 . 2011-06-30 09:26 -------- d-----w- c:\program files\AGEIA Technologies

2011-06-30 09:26 . 2011-06-30 09:26 -------- d-----w- c:\windows\system32\AGEIA

2011-06-30 09:26 . 2011-06-30 09:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-06-30 09:25 . 2009-04-26 19:12 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-06-30 09:22 . 2005-05-26 10:04 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-06-30 09:00 . 2011-06-30 09:00 -------- d-----w- c:\programdata\Malwarebytes

2011-06-30 09:00 . 2011-05-29 03:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 09:00 . 2011-06-30 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 09:00 . 2011-05-29 03:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 08:37 . 2011-06-30 09:10 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-06-30 08:37 . 2011-06-30 08:37 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-06-30 08:36 . 2011-06-30 08:36 -------- d-----w- c:\program files\Kaspersky Lab

2011-06-30 08:36 . 2011-07-02 10:35 -------- d-----w- c:\programdata\Kaspersky Lab

2011-06-30 08:36 . 2011-06-30 18:44 -------- d-sh--w- c:\windows\Installer

2011-06-30 08:33 . 2011-06-30 08:34 -------- d-----w- c:\users\admin

2011-06-30 08:33 . 2011-06-30 08:33 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 10:33 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-06-30 10:33 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll

2011-04-24 17:43 . 2011-04-24 17:43 229776 ----a-w- c:\windows\system32\klogon.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-04 1833504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 72141644

*Deregistered* - 72141644

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 188.229.88.8

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-02 16:16:50

ComboFix-quarantined-files.txt 2011-07-02 10:46

.

Pre-Run: 37,652,271,104 bytes free

Post-Run: 37,643,681,792 bytes free

.

- - End Of File - - 1756B04B0738D621864F44263906B6D8

2011/06/30 19:33:41.0500 3900 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/06/30 19:33:43.0512 3900 ================================================================================

2011/06/30 19:33:43.0512 3900 SystemInfo:

2011/06/30 19:33:43.0512 3900

2011/06/30 19:33:43.0512 3900 OS Version: 6.1.7601 ServicePack: 1.0

2011/06/30 19:33:43.0512 3900 Product type: Workstation

2011/06/30 19:33:43.0512 3900 ComputerName: ADMIN-PC

2011/06/30 19:33:43.0512 3900 UserName: admin

2011/06/30 19:33:43.0512 3900 Windows directory: C:\Windows

2011/06/30 19:33:43.0512 3900 System windows directory: C:\Windows

2011/06/30 19:33:43.0512 3900 Processor architecture: Intel x86

2011/06/30 19:33:43.0512 3900 Number of processors: 2

2011/06/30 19:33:43.0512 3900 Page size: 0x1000

2011/06/30 19:33:43.0512 3900 Boot type: Normal boot

2011/06/30 19:33:43.0512 3900 ================================================================================

2011/06/30 19:33:44.0900 3900 Initialize success

2011/06/30 19:33:50.0345 0976 ================================================================================

2011/06/30 19:33:50.0345 0976 Scan started

2011/06/30 19:33:50.0345 0976 Mode: Manual;

2011/06/30 19:33:50.0345 0976 ================================================================================

2011/06/30 19:33:51.0421 0976 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/06/30 19:33:51.0686 0976 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/06/30 19:33:51.0952 0976 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/06/30 19:33:52.0201 0976 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

2011/06/30 19:33:52.0466 0976 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

2011/06/30 19:33:52.0732 0976 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

2011/06/30 19:33:52.0997 0976 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys

2011/06/30 19:33:53.0246 0976 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/06/30 19:33:53.0496 0976 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

2011/06/30 19:33:53.0746 0976 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/06/30 19:33:53.0995 0976 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/06/30 19:33:54.0245 0976 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/06/30 19:33:54.0494 0976 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

2011/06/30 19:33:54.0791 0976 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

2011/06/30 19:33:55.0321 0976 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/06/30 19:33:55.0586 0976 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

2011/06/30 19:33:55.0836 0976 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/06/30 19:33:56.0101 0976 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/06/30 19:33:56.0366 0976 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

2011/06/30 19:33:56.0616 0976 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

2011/06/30 19:33:56.0881 0976 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/30 19:33:57.0146 0976 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/06/30 19:33:57.0458 0976 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

2011/06/30 19:33:57.0739 0976 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/06/30 19:33:58.0020 0976 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/06/30 19:33:58.0394 0976 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/06/30 19:33:58.0644 0976 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/30 19:33:58.0894 0976 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

2011/06/30 19:33:59.0159 0976 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

2011/06/30 19:33:59.0424 0976 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/06/30 19:33:59.0689 0976 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/06/30 19:33:59.0939 0976 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/06/30 19:34:00.0188 0976 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/06/30 19:34:00.0454 0976 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

2011/06/30 19:34:00.0719 0976 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/30 19:34:01.0000 0976 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/30 19:34:01.0249 0976 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

2011/06/30 19:34:01.0421 0976 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/06/30 19:34:01.0686 0976 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

2011/06/30 19:34:01.0936 0976 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/06/30 19:34:02.0185 0976 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/06/30 19:34:02.0435 0976 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

2011/06/30 19:34:02.0700 0976 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/06/30 19:34:02.0996 0976 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

2011/06/30 19:34:03.0293 0976 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/06/30 19:34:03.0589 0976 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/06/30 19:34:03.0823 0976 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/06/30 19:34:04.0088 0976 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

2011/06/30 19:34:04.0338 0976 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys

2011/06/30 19:34:04.0619 0976 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/06/30 19:34:04.0884 0976 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/30 19:34:05.0212 0976 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

2011/06/30 19:34:05.0711 0976 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

2011/06/30 19:34:05.0976 0976 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/06/30 19:34:06.0241 0976 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/06/30 19:34:06.0491 0976 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/06/30 19:34:06.0756 0976 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/30 19:34:07.0037 0976 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/06/30 19:34:07.0286 0976 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/06/30 19:34:07.0536 0976 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

2011/06/30 19:34:07.0786 0976 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/06/30 19:34:08.0051 0976 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/06/30 19:34:08.0316 0976 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/30 19:34:08.0597 0976 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/06/30 19:34:08.0862 0976 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

2011/06/30 19:34:09.0127 0976 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/06/30 19:34:09.0392 0976 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/06/30 19:34:09.0673 0976 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/30 19:34:09.0907 0976 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

2011/06/30 19:34:10.0172 0976 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

2011/06/30 19:34:10.0406 0976 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

2011/06/30 19:34:10.0781 0976 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/06/30 19:34:11.0124 0976 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/06/30 19:34:11.0389 0976 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/06/30 19:34:11.0639 0976 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/06/30 19:34:11.0935 0976 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/30 19:34:12.0637 0976 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/06/30 19:34:13.0012 0976 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

2011/06/30 19:34:13.0495 0976 IntcAzAudAddService (251e85a3bac210fff6bad3d1f33113e8) C:\Windows\system32\drivers\RTKVHDA.sys

2011/06/30 19:34:13.0994 0976 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/06/30 19:34:14.0447 0976 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/30 19:34:14.0884 0976 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/30 19:34:15.0149 0976 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/06/30 19:34:15.0414 0976 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/06/30 19:34:15.0679 0976 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/06/30 19:34:16.0178 0976 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/06/30 19:34:16.0444 0976 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/06/30 19:34:16.0693 0976 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/30 19:34:16.0958 0976 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/06/30 19:34:17.0239 0976 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys

2011/06/30 19:34:17.0489 0976 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys

2011/06/30 19:34:17.0754 0976 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys

2011/06/30 19:34:18.0019 0976 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys

2011/06/30 19:34:18.0284 0976 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

2011/06/30 19:34:18.0534 0976 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/30 19:34:18.0815 0976 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/06/30 19:34:19.0080 0976 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/30 19:34:19.0408 0976 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

2011/06/30 19:34:19.0657 0976 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

2011/06/30 19:34:19.0907 0976 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

2011/06/30 19:34:20.0141 0976 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

2011/06/30 19:34:20.0406 0976 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/06/30 19:34:20.0671 0976 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys

2011/06/30 19:34:20.0921 0976 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

2011/06/30 19:34:21.0202 0976 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

2011/06/30 19:34:21.0451 0976 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/06/30 19:34:21.0685 0976 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/30 19:34:21.0935 0976 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/30 19:34:22.0200 0976 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys

2011/06/30 19:34:22.0450 0976 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/06/30 19:34:22.0715 0976 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/06/30 19:34:22.0964 0976 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/30 19:34:23.0198 0976 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/06/30 19:34:23.0448 0976 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/30 19:34:23.0682 0976 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/30 19:34:23.0932 0976 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/30 19:34:24.0181 0976 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/06/30 19:34:24.0431 0976 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/06/30 19:34:24.0680 0976 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/06/30 19:34:24.0914 0976 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/06/30 19:34:25.0148 0976 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/06/30 19:34:25.0414 0976 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/30 19:34:25.0663 0976 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/30 19:34:25.0913 0976 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/06/30 19:34:26.0147 0976 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/06/30 19:34:26.0584 0976 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/30 19:34:26.0833 0976 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/06/30 19:34:27.0067 0976 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

2011/06/30 19:34:27.0379 0976 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/06/30 19:34:27.0629 0976 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/30 19:34:27.0894 0976 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/06/30 19:34:28.0627 0976 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/06/30 19:34:28.0939 0976 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/30 19:34:29.0189 0976 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/30 19:34:29.0438 0976 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/30 19:34:29.0672 0976 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/06/30 19:34:29.0938 0976 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/30 19:34:30.0250 0976 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/30 19:34:30.0530 0976 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

2011/06/30 19:34:30.0780 0976 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/06/30 19:34:31.0030 0976 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/30 19:34:31.0295 0976 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/06/30 19:34:31.0716 0976 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/06/30 19:34:32.0418 0976 nvlddmkm (b6b0ce8024432d39e88694676d3c9937) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/06/30 19:34:32.0855 0976 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/06/30 19:34:33.0104 0976 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/06/30 19:34:33.0370 0976 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/06/30 19:34:33.0604 0976 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/06/30 19:34:33.0869 0976 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys

2011/06/30 19:34:34.0087 0976 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/06/30 19:34:34.0337 0976 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys

2011/06/30 19:34:34.0586 0976 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/06/30 19:34:34.0836 0976 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/06/30 19:34:35.0086 0976 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

2011/06/30 19:34:35.0320 0976 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/06/30 19:34:35.0616 0976 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/06/30 19:34:35.0912 0976 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/30 19:34:36.0146 0976 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

2011/06/30 19:34:36.0412 0976 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/30 19:34:36.0692 0976 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

2011/06/30 19:34:36.0989 0976 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

2011/06/30 19:34:37.0332 0976 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/30 19:34:37.0550 0976 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/30 19:34:37.0800 0976 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/06/30 19:34:38.0081 0976 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/30 19:34:38.0330 0976 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/30 19:34:38.0596 0976 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/30 19:34:38.0845 0976 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/30 19:34:39.0142 0976 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/06/30 19:34:39.0376 0976 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/30 19:34:39.0641 0976 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/06/30 19:34:39.0906 0976 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/30 19:34:40.0140 0976 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/06/30 19:34:40.0390 0976 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/06/30 19:34:40.0655 0976 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/06/30 19:34:40.0920 0976 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/06/30 19:34:41.0185 0976 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/30 19:34:41.0450 0976 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/06/30 19:34:41.0700 0976 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/06/30 19:34:41.0950 0976 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/06/30 19:34:42.0230 0976 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/06/30 19:34:42.0917 0976 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/06/30 19:34:43.0166 0976 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/30 19:34:43.0400 0976 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/06/30 19:34:43.0744 0976 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

2011/06/30 19:34:43.0993 0976 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/06/30 19:34:44.0243 0976 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/06/30 19:34:44.0492 0976 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/06/30 19:34:44.0742 0976 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

2011/06/30 19:34:45.0007 0976 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/06/30 19:34:45.0257 0976 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

2011/06/30 19:34:45.0506 0976 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

2011/06/30 19:34:45.0756 0976 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/06/30 19:34:46.0021 0976 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/06/30 19:34:46.0286 0976 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys

2011/06/30 19:34:46.0536 0976 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/30 19:34:46.0786 0976 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/30 19:34:47.0051 0976 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

2011/06/30 19:34:47.0300 0976 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/06/30 19:34:47.0550 0976 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/06/30 19:34:47.0784 0976 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/30 19:34:48.0080 0976 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys

2011/06/30 19:34:48.0377 0976 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys

2011/06/30 19:34:48.0720 0976 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/30 19:34:48.0985 0976 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/30 19:34:49.0219 0976 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/06/30 19:34:49.0469 0976 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/06/30 19:34:49.0703 0976 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/30 19:34:49.0952 0976 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/30 19:34:50.0186 0976 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys

2011/06/30 19:34:50.0467 0976 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/30 19:34:50.0701 0976 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/06/30 19:34:50.0935 0976 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

2011/06/30 19:34:51.0185 0976 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys

2011/06/30 19:34:51.0419 0976 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/30 19:34:51.0746 0976 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

2011/06/30 19:34:52.0012 0976 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/30 19:34:52.0277 0976 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/06/30 19:34:52.0542 0976 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/30 19:34:52.0776 0976 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

2011/06/30 19:34:53.0104 0976 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

2011/06/30 19:34:53.0540 0976 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/06/30 19:34:53.0977 0976 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/30 19:34:54.0242 0976 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/30 19:34:54.0492 0976 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

2011/06/30 19:34:54.0742 0976 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys

2011/06/30 19:34:55.0007 0976 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\UsbStor.sys

2011/06/30 19:34:55.0241 0976 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/30 19:34:55.0506 0976 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/06/30 19:34:55.0771 0976 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/30 19:34:56.0005 0976 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/06/30 19:34:56.0489 0976 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/06/30 19:34:56.0754 0976 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/06/30 19:34:57.0019 0976 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

2011/06/30 19:34:57.0253 0976 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/06/30 19:34:57.0503 0976 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/06/30 19:34:57.0752 0976 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/06/30 19:34:57.0986 0976 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/06/30 19:34:58.0236 0976 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/06/30 19:34:58.0501 0976 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/06/30 19:34:58.0766 0976 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

2011/06/30 19:34:59.0172 0976 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/06/30 19:34:59.0468 0976 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

2011/06/30 19:34:59.0796 0976 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 19:34:59.0812 0976 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 19:35:00.0061 0976 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

2011/06/30 19:35:00.0358 0976 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/30 19:35:00.0638 0976 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/06/30 19:35:00.0888 0976 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/06/30 19:35:01.0216 0976 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/06/30 19:35:01.0481 0976 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/30 19:35:01.0746 0976 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/06/30 19:35:01.0808 0976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/06/30 19:35:01.0808 0976 Boot (0x1200) (ac05a0b839077a0bb0c407cad2b31432) \Device\Harddisk0\DR0\Partition0

2011/06/30 19:35:01.0840 0976 Boot (0x1200) (3b456fb0843d2968fce8e566f3d10d38) \Device\Harddisk0\DR0\Partition1

2011/06/30 19:35:01.0855 0976 Boot (0x1200) (6c15bbe8c4023a0435d5dfdcbfc066ba) \Device\Harddisk0\DR0\Partition2

2011/06/30 19:35:01.0871 0976 Boot (0x1200) (b0206b8bfd8c5dc713a3e7fbb8e8bc57) \Device\Harddisk0\DR0\Partition3

2011/06/30 19:35:01.0871 0976 ================================================================================

2011/06/30 19:35:01.0871 0976 Scan finished

2011/06/30 19:35:01.0871 0976 ================================================================================

2011/06/30 19:35:01.0886 3464 Detected object count: 0

2011/06/30 19:35:01.0886 3464 Actual detected object count: 0

2011/06/30 19:35:06.0957 3840 Deinitialize success

Link to post
Share on other sites

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 54240, Process: svchost.exe)

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 56750, Process: svchost.exe)

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 51598, Process: svchost.exe)

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 62899, Process: svchost.exe)

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 56750, Process: svchost.exe)

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 56750, Process: svchost.exe)

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 63196, Process: svchost.exe)

20:32:07 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 52654, Process: avp.exe)

20:32:31 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 54532, Process: svchost.exe)

20:32:31 admin IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 50301, Process: svchost.exe)

Link to post
Share on other sites

thanks for helping

i would like to tell u the exact problem! first thing i m in lan network, my ip is not static, and the problem started form google redirect page . then i searched for soultion and got info abt tdsskiller i ran that on pc it found one rootkit and deleted it but the warning from malwarebytesantimalware was continue after deliting that rootkit then i formated windows 7 and installed new copy then installed malwarebytes and kaspersky again but still malwarebytes antimalware shwoing warning that svchost.exe and avp.exe blocked for connecting to that malicious ip and that ip is "188.229.88.8" i found in my local area connection my dns server address is same as that ip address i.e 188.229.88.8 and i think that its not original dns server so plz help what to do? and one more thing is that when i ran combofix it quarantined one tcp/ip regisetry key(before format)

m giving MBAM log here

Database version: 7176

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

7/18/2011 00:05:15

mbam-log-2011-07-18 (00-05-15).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Objects scanned: 254848

Time elapsed: 33 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Link to post
Share on other sites

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

Note the space, it needs to be there.

IPCONFIG /release

IPCONFIG /renew

IPCONFIG /flushdns

IPCONFIG /registerdns

Exit

Restart the computer.

Link to post
Share on other sites

when i was reading this post i realised that malwarebytes antimalware stoped warning abt that svchost.exe and avp.exe connction and then i checked my local area connection ipv4 dns address it was diffrent and not 188.229.88.8 then i dosconnected net connection and found that malwarebytes antimalware again started showing warning so once again i checked ipv4 dns address it was atomaticaly changed to 188.229.88.8

then i followed ur cmds that is

IPCONFIG /release

IPCONFIG /renew

IPCONFIG /flushdns

IPCONFIG /registerdns

Exit

Restarted the computer

and after restart dns is same as 188.229.88.8 and malwarebytes antimalware still shwoing that

17:39:58 IP-BLOCK 188.229.88.8 (Type: outgoing, Port: 61112, Process: svchost.exe)

Link to post
Share on other sites

No i m not using router its direct cable connection!

before combofix log i hv to tell that combofix again quarantined one tcp/ip regestiry file and one deletion that is counter striker v40 that i had unnistalled, before running combofix

here are the combofix logs

ComboFix 11-07-18.01 - admin 07/18/2011 20:51:08.5.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2045.1523 [GMT 5.5:30]

Running from: C:\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Counter-Strike 1.6 V40\cstrike\ucp.cmd

.

.

((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))

.

.

2011-07-18 15:25 . 2011-07-18 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-16 16:14 . 2011-07-16 16:14 -------- d-----w- c:\program files\Trend Micro

2011-07-16 09:44 . 2011-07-16 19:05 -------- d-----w- c:\program files\Counter-Strike 1.6 V40

2011-07-12 19:20 . 2011-07-12 19:20 -------- d-----w- c:\program files\Free PDF to Word Doc Converter

2011-07-11 17:46 . 2011-07-11 17:46 -------- d-----w- c:\program files\Winamp Detect

2011-07-11 17:45 . 2011-07-11 17:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2011-07-11 17:45 . 2011-07-11 17:47 -------- d-----w- c:\program files\Winamp

2011-07-09 08:22 . 2011-07-09 16:00 -------- d-----w- c:\program files\Docstoc

2011-07-08 09:10 . 2011-07-08 09:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-08 09:10 . 2011-07-08 09:10 -------- d-----w- c:\windows\system32\Macromed

2011-07-08 09:00 . 2011-07-08 09:00 -------- d-----w- c:\program files\Foxit Software

2011-07-03 14:16 . 2011-07-03 14:16 -------- d-----w- c:\program files\CCleaner

2011-07-02 16:49 . 2011-07-02 16:49 -------- d-----w- c:\windows\PIF

2011-07-02 14:39 . 2011-07-02 14:39 -------- d-----w- c:\program files\oDC

2011-07-02 06:51 . 2011-06-20 03:27 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB2F956-B362-468F-9FC1-C5EC61AE7ACF}\mpengine.dll

2011-07-02 06:51 . 2011-05-24 13:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-07-01 17:27 . 2011-07-01 17:27 34064 ----a-w- c:\windows\system32\lhacm.acm

2011-07-01 17:27 . 2011-07-01 17:28 -------- d-----w- c:\program files\Teamspeak2_RC2

2011-06-30 21:56 . 2011-06-30 08:33 -------- d-----w- c:\windows\Panther

2011-06-30 21:56 . 2011-06-30 21:56 -------- d-----w- C:\Boot

2011-06-30 18:26 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-30 18:26 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-06-30 18:26 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-30 18:26 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-30 18:26 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-30 18:26 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-06-30 18:26 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-06-30 18:26 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-06-30 18:26 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-06-30 18:26 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-30 18:26 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll

2011-06-30 18:26 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll

2011-06-30 18:26 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-30 17:08 . 2011-06-30 17:08 -------- d-----w- c:\program files\Anti CSDoS by Shocker

2011-06-30 17:08 . 2006-01-31 10:57 126464 ----a-w- c:\windows\system32\madCHook.dll

2011-06-30 13:46 . 2008-01-16 01:10 86016 ----a-w- c:\windows\SoundMan.exe

2011-06-30 13:46 . 2008-01-16 01:10 9715200 ----a-w- c:\windows\RTLCPL.exe

2011-06-30 13:46 . 2008-01-16 01:10 4609024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-06-30 13:46 . 2008-01-16 01:10 16384512 ----a-w- c:\windows\RTHDCPL.exe

2011-06-30 13:46 . 2008-01-16 01:10 2165760 ----a-w- c:\windows\MicCal.exe

2011-06-30 12:54 . 2011-06-30 12:54 -------- d-----w- c:\program files\Common Files\InstallShield

2011-06-30 10:52 . 2011-06-30 14:10 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-06-30 10:30 . 2011-06-30 10:31 -------- d-----w- c:\programdata\WinZip

2011-06-30 10:24 . 2011-06-30 10:24 -------- d-----w- c:\program files\uTorrent

2011-06-30 09:58 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2011-06-30 09:58 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll

2011-06-30 09:56 . 2011-06-30 09:56 -------- d-----w- c:\windows\PCHEALTH

2011-06-30 09:56 . 2011-06-30 09:56 -------- d-----w- c:\program files\Microsoft.NET

2011-06-30 09:53 . 2011-06-30 09:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-06-30 09:52 . 2011-06-30 10:00 -------- d-----w- c:\programdata\Microsoft Help

2011-06-30 09:36 . 2011-06-30 09:36 -------- d-----w- c:\program files\DC++

2011-06-30 09:26 . 2011-06-30 10:44 -------- d-----w- c:\programdata\NVIDIA

2011-06-30 09:26 . 2011-06-30 09:26 -------- d-----w- c:\program files\AGEIA Technologies

2011-06-30 09:26 . 2011-06-30 09:26 -------- d-----w- c:\windows\system32\AGEIA

2011-06-30 09:26 . 2011-06-30 09:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-06-30 09:25 . 2009-04-26 19:12 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-06-30 09:22 . 2005-05-26 10:04 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-06-30 09:00 . 2011-07-06 14:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 09:00 . 2011-06-30 09:00 -------- d-----w- c:\programdata\Malwarebytes

2011-06-30 09:00 . 2011-07-17 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 09:00 . 2011-07-06 14:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 08:37 . 2011-06-30 09:10 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-06-30 08:37 . 2011-06-30 08:37 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-06-30 08:36 . 2011-06-30 08:36 -------- d-----w- c:\program files\Kaspersky Lab

2011-06-30 08:36 . 2011-07-18 15:19 -------- d-----w- c:\programdata\Kaspersky Lab

2011-06-30 08:36 . 2011-07-14 18:16 -------- d-sh--w- c:\windows\Installer

2011-06-30 08:33 . 2011-06-30 08:34 -------- d-----w- c:\users\admin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 10:33 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-06-30 10:33 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll

2011-04-24 17:43 . 2011-04-24 17:43 229776 ----a-w- c:\windows\system32\klogon.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-04 1833504]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-06-30 74752]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.in/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 188.229.88.8

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-18 20:57:03

ComboFix-quarantined-files.txt 2011-07-18 15:27

.

Pre-Run: 37,373,472,768 bytes free

Post-Run: 37,785,022,464 bytes free

.

- - End Of File - - CBA655C68F5AB583A61A48049FB9060C

Link to post
Share on other sites

followed instruction from ehow.com abt dnschanger and not found any file on my pc mentioned in that article as well as deleted all reg. key mentioned in that artical

but still malwarebytes antimalware popup with that ip address blocked!

i m not saying that it dns changer or anything ealse because i m not expert

But there is no redirection of web pages and not any pc hanging problem :)

problem is only that why malwarebytes showing that svchost.exe and avp.exe has been blocked from connecting 188.229.88.8

and if it is not Malicious Site then y my dns address is 188.229.88.8 i cant configure whats wrong!

Link to post
Share on other sites

We're going to try this again but disconnect your internet connection first.

1. Click the Microsoft Start logo in the bottom left corner of the screen

2. Click All Programs

3. Click Accessories

4. RIGHT-click on Command Prompt

5. Select Run As Administrator

6. In the command window type the following and then hit enter: Type CMD and click Ok.

At the command prompt, type the following and press Enter after each line:

Note the space, it needs to be there.

IPCONFIG /release

IPCONFIG /renew

IPCONFIG /flushdns

IPCONFIG /registerdns

Exit

Restart the computer.

Link to post
Share on other sites

i found this on net

Domain matching 188.229.88.8 were found in our database.

123 other active domains were found on 100 IP(s) for AS43134 (COMPLIFE)

Show the report for AS43134 (COMPLIFE)

Malicious URLs on 188.229.88.8

/starter.exe

Additional information

Redirections:

VirusTotal:

Anubis:

Wepawet:

ThreatExpert:

Other info:

Blacklist

Google Google Diagnostic Page

My WOT WOT Score Card

hpHosts hpHosts listing

MalwareDomainList MDL listing

Whois and network details

Additional IP(s): Reverse:

188.229.88.8 188.229.88.8

Name servers:

#

# Query terms are ambiguous. The query is assumed to be:

# "n 188.229.88.8"

#

# Use "?" to get help.

#

#

# The following results may also be obtained via:

# http://whois.arin.net/rest/nets;q=188.229.88.8?showDetails=true&showARIN=true

#

NetRange: 188.0.0.0 - 188.255.255.255

CIDR: 188.0.0.0/8

OriginAS:

NetName: 188-RIPE

NetHandle: NET-188-0-0-0-1

Parent:

NetType: Allocated to RIPE NCC

Comment: These addresses have been further assigned to users in

Comment: the RIPE NCC region. Contact information can be found in

Comment: the RIPE database at http://www.ripe.net/whois

RegDate:

Updated: 2004-03-16

Ref: http://whois.arin.net/rest/net/NET-188-0-0-0-1

OrgName: RIPE Network Coordination Centre

OrgId: RIPE

Address: P.O. Box 10096

City: Amsterdam

StateProv:

PostalCode: 1001EB

Country: NL

RegDate:

Updated: 2011-03-15

Ref: http://whois.arin.net/rest/org/RIPE

ReferralServer: whois://whois.ripe.net:43

OrgTechHandle: RNO29-ARIN

OrgTechName: RIPE NCC Operations

OrgTechPhone: +31 20 535 4444

OrgTechEmail: hostmaster@ripe.net

OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN

#

# ARIN WHOIS data and services are subject to the Terms of Use

# available at: https://www.arin.net/whois_tou.html

#

1 domain were found on 188.229.88.8 Domain IP PTR Description Registrant Date Details

188.229.88.8 188.229.88.8 VirTool Obfuscator.PN / hostmaster@ripe.net 2011-06-29 details

Link to post
Share on other sites

lets check some settings on your system.

Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection

Usually Local Area Connection for Cable and DSL

Left click on Properties

Double-Click on the Internet Protocol (TCP/IP) item

Select the radio dial that says Obtain DNS Servers Automatically

Note: Do this for all Network Connections

Press OK twice to get out of the properties screen and reboot if it asks

Go to Start>Control Panel>Performance and Maintenance and click on Administrative Tools.

Double click on Services. Look at DNS Client and look at the StartUp Type column. If it is disabled, double click on it and set the StartUp Type to manual.

If it is already on manual or Automatic, let me know.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.