Jump to content

Aftermath of Security Solution (Google redirector and other malware)


Recommended Posts

In hindsight, now that I've read all the warnings and whatnot associated with ComboFix, using it without being told to probably wasn't the mos intelligent idea, but what's done is done. After it finished running, ComboFix alerted me that I had a Zero.Access rootkit. I assume it got rid of that, but the malware still left behind a google redirector, something preventing Windows Firewall from restarting, and at least 2 other viruses Microsoft Security Essentials keeps catching but failing to get rid of (Malwarebytes fails to catch it at all). Recently, after coming back from running GMER overnight, my computer has started bluescreening as well. I've attached the ComboFix scans in the Attach zip as well. Thanks in advance!

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_18

Run by Fyrel at 23:31:39 on 2011-07-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1411 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\Quick Macros 2\qmserv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

F:\Steam\Steam.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Malwarebytes' Anti-Malware\tool.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Fyrel\Desktop\vjm4ghwg.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uProxyOverride = <local>

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart

mRun: [RivaTuner] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T

mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [bYR_AGENT] c:\programdata\lgmobileax\byr_client\VZWNotiAgent.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Free YouTube Download - c:\users\fyrel\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 10.0.0.1

TCP: Interfaces\{837CE5A8-30F4-43A0-B54A-C7FB1CE616C9} : DHCPNameServer = 10.0.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\fyrel\appdata\roaming\mozilla\firefox\profiles\uhst2lur.default\

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\fyrel\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]

R1 MpKsl4b11dee5;MpKsl4b11dee5;c:\programdata\microsoft\microsoft antimalware\definition updates\{eb481a15-791a-4cec-8d1d-53691a0c6b26}\MpKsl4b11dee5.sys [2011-7-17 28752]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-19 173500]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-4-19 294232]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-4 20072]

R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-8-25 20328]

R2 quickmacros2;Quick Macros;c:\program files\quick macros 2\qmserv.exe [2010-6-4 9232]

R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-3-27 4802020]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-5-25 37944]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-19 7772160]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-19 243712]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-2 10752]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-17 41272]

S1 drzkcrpt;drzkcrpt;c:\windows\system32\drivers\drzkcrpt.sys [2011-7-17 41680]

S1 MpKslb2b6ad08;MpKslb2b6ad08;c:\programdata\microsoft\microsoft antimalware\definition updates\{eb481a15-791a-4cec-8d1d-53691a0c6b26}\MpKslb2b6ad08.sys [2011-7-17 28752]

S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-28 2274296]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 qmphook;QM process triggers;c:\program files\quick macros 2\qmphook.sys [2010-6-4 4096]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-30 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-29 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-07-18 06:25:38 41680 ----a-w- c:\windows\system32\drivers\drzkcrpt.sys

2011-07-18 06:24:42 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eb481a15-791a-4cec-8d1d-53691a0c6b26}\MpKsl4b11dee5.sys

2011-07-18 02:56:05 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-07-18 02:54:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-18 02:54:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-18 02:54:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-18 02:43:37 -------- d-----w- C:\$RECYCLE.BIN

2011-07-18 02:30:19 98816 ----a-w- c:\windows\sed.exe

2011-07-18 02:30:19 256000 ----a-w- c:\windows\PEV.exe

2011-07-18 02:30:19 208896 ----a-w- c:\windows\MBR.exe

2011-07-18 02:30:13 -------- d-----w- C:\ComboFix

2011-07-17 12:13:59 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eb481a15-791a-4cec-8d1d-53691a0c6b26}\mpengine.dll

2011-07-07 05:50:51 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-07-07 05:50:51 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-07 05:50:50 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-06 17:04:05 5071872 ----a-w- c:\users\fyrel\appdata\roaming\microsoft\windows\templates\tlpc\LGUnitedMobileDriver_S4981CAN33AP22_ML_WHQL_Ver_3.3.msi

2011-07-04 07:45:52 -------- d-----w- c:\users\fyrel\appdata\roaming\DVDVideoSoft

2011-06-29 05:27:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-29 05:27:01 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-22 10:45:04 1053696 ----a-w- c:\windows\system32\mfc71u.dll

2011-06-22 10:32:24 -------- d-----w- c:\program files\Wondershare

.

==================== Find3M ====================

.

2011-06-09 08:37:26 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-09 08:37:09 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-09 08:37:09 280768 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-09 08:35:34 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-26 01:57:09 0 ----a-w- c:\windows\ativpsrm.bin

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-30 19:49:18 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-25 04:31:30 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:18:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-22 19:10:01 981504 ----a-w- c:\windows\system32\wininet.dll

2011-04-20 05:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-04-20 05:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll

2011-04-20 02:43:40 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-04-20 02:09:18 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-04-20 02:09:04 676864 ----a-w- c:\windows\system32\aticfx32.dll

2011-04-20 02:07:02 17693184 ----a-w- c:\windows\system32\atioglxx.dll

2011-04-20 02:05:08 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-04-20 02:04:36 390584 ----a-w- c:\windows\system32\atieclxx.exe

2011-04-20 02:04:06 173500 ----a-w- c:\windows\system32\atiesrxx.exe

2011-04-20 02:02:56 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-04-20 02:02:42 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-04-20 02:02:30 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-04-20 02:02:22 15872 ----a-w- c:\windows\system32\atimuixx.dll

2011-04-20 02:02:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-04-20 01:59:20 4161536 ----a-w- c:\windows\system32\atidxx32.dll

2011-04-20 01:46:14 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-04-20 01:46:02 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-04-20 01:42:04 6389760 ----a-w- c:\windows\system32\aticaldd.dll

2011-04-20 01:40:14 1923584 ----a-w- c:\windows\system32\atiumdmv.dll

2011-04-20 01:38:04 4286464 ----a-w- c:\windows\system32\atiumdag.dll

2011-04-20 01:30:36 4056576 ----a-w- c:\windows\system32\atiumdva.dll

2011-04-20 01:26:58 52736 ----a-w- c:\windows\system32\coinst.dll

2011-04-20 01:23:04 262144 ----a-w- c:\windows\system32\atiadlxx.dll

2011-04-20 01:22:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2011-04-20 01:22:40 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-04-20 01:22:08 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-04-20 01:21:38 31232 ----a-w- c:\windows\system32\atiuxpag.dll

2011-04-20 01:21:24 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-04-20 01:20:50 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-04-20 01:13:28 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-04-20 01:13:28 52736 ----a-w- c:\windows\system32\amdpcom32.dll

.

============= FINISH: 23:35:17.65 ===============

Err, apparently the logs didn't attach. Let me try that again....Attach.zip

Link to post
Share on other sites

:welcome:

Sorry about the delay in responding :(

We look for post with 0 replies, so when you posted to your own log, we assumed you were being helped.

No need to PM me again.

Please stay in this topic.

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\drivers\drzkcrpt.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here are the contents of the TDSSKiller log:

2011/07/22 13:27:06.0395 5660 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/22 13:27:06.0778 5660 ================================================================================

2011/07/22 13:27:06.0778 5660 SystemInfo:

2011/07/22 13:27:06.0778 5660

2011/07/22 13:27:06.0778 5660 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/22 13:27:06.0778 5660 Product type: Workstation

2011/07/22 13:27:06.0778 5660 ComputerName: FYREL-PC

2011/07/22 13:27:06.0778 5660 UserName: Fyrel

2011/07/22 13:27:06.0778 5660 Windows directory: C:\Windows

2011/07/22 13:27:06.0778 5660 System windows directory: C:\Windows

2011/07/22 13:27:06.0778 5660 Processor architecture: Intel x86

2011/07/22 13:27:06.0778 5660 Number of processors: 2

2011/07/22 13:27:06.0778 5660 Page size: 0x1000

2011/07/22 13:27:06.0778 5660 Boot type: Normal boot

2011/07/22 13:27:06.0778 5660 ================================================================================

2011/07/22 13:27:09.0590 5660 Initialize success

2011/07/22 13:27:11.0934 5716 ================================================================================

2011/07/22 13:27:11.0934 5716 Scan started

2011/07/22 13:27:11.0934 5716 Mode: Manual;

2011/07/22 13:27:11.0934 5716 ================================================================================

2011/07/22 13:27:12.0950 5716 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/22 13:27:13.0012 5716 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/22 13:27:13.0075 5716 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/22 13:27:13.0137 5716 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/22 13:27:13.0168 5716 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/22 13:27:13.0200 5716 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/22 13:27:13.0262 5716 AFD (e795b1bdeb630ac568464fb643131fbb) C:\Windows\system32\drivers\afd.sys

2011/07/22 13:27:13.0262 5716 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: e795b1bdeb630ac568464fb643131fbb, Fake md5: 9ebbba55060f786f0fcaa3893bfa2806

2011/07/22 13:27:13.0262 5716 AFD - detected ForgedFile.Multi.Generic (1)

2011/07/22 13:27:13.0301 5716 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/22 13:27:13.0333 5716 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/22 13:27:13.0372 5716 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/22 13:27:13.0489 5716 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/22 13:27:13.0528 5716 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/22 13:27:13.0590 5716 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys

2011/07/22 13:27:13.0629 5716 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/22 13:27:13.0848 5716 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/22 13:27:14.0098 5716 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/07/22 13:27:14.0145 5716 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys

2011/07/22 13:27:14.0231 5716 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/22 13:27:14.0278 5716 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/07/22 13:27:14.0309 5716 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/22 13:27:14.0333 5716 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/07/22 13:27:14.0379 5716 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/22 13:27:14.0473 5716 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/22 13:27:14.0489 5716 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/22 13:27:14.0543 5716 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/22 13:27:14.0590 5716 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/22 13:27:14.0739 5716 AtiHDAudioService (45fe74599fba4070e7c7dac928896474) C:\Windows\system32\drivers\AtihdW73.sys

2011/07/22 13:27:15.0247 5716 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/22 13:27:15.0403 5716 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

2011/07/22 13:27:15.0489 5716 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/22 13:27:15.0567 5716 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/22 13:27:15.0629 5716 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/22 13:27:15.0668 5716 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/22 13:27:15.0770 5716 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/22 13:27:15.0786 5716 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/22 13:27:15.0809 5716 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/22 13:27:15.0848 5716 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/22 13:27:15.0872 5716 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/22 13:27:15.0911 5716 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/22 13:27:15.0926 5716 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/22 13:27:15.0942 5716 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/22 13:27:16.0129 5716 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/22 13:27:16.0231 5716 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/22 13:27:16.0278 5716 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/22 13:27:16.0325 5716 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/22 13:27:16.0348 5716 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/22 13:27:16.0387 5716 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/22 13:27:16.0418 5716 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/22 13:27:16.0450 5716 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/22 13:27:16.0504 5716 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/22 13:27:16.0684 5716 cpuz133 (743c403d20a89db5ed84c874768b7119) C:\Windows\system32\drivers\cpuz133_x32.sys

2011/07/22 13:27:16.0817 5716 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys

2011/07/22 13:27:16.0848 5716 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/22 13:27:16.0965 5716 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys

2011/07/22 13:27:17.0059 5716 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/07/22 13:27:17.0153 5716 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/22 13:27:17.0184 5716 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/22 13:27:17.0247 5716 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/22 13:27:17.0293 5716 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/22 13:27:17.0356 5716 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/22 13:27:17.0473 5716 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/22 13:27:17.0583 5716 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/22 13:27:17.0637 5716 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/22 13:27:17.0676 5716 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/22 13:27:17.0708 5716 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/22 13:27:17.0747 5716 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/22 13:27:17.0770 5716 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/22 13:27:17.0793 5716 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/22 13:27:17.0895 5716 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/22 13:27:17.0934 5716 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/22 13:27:17.0965 5716 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/22 13:27:17.0981 5716 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/22 13:27:18.0028 5716 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/22 13:27:18.0067 5716 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/22 13:27:18.0098 5716 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/22 13:27:18.0145 5716 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys

2011/07/22 13:27:18.0168 5716 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/22 13:27:18.0239 5716 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/07/22 13:27:18.0278 5716 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/22 13:27:18.0301 5716 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/22 13:27:18.0364 5716 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/22 13:27:18.0387 5716 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/22 13:27:18.0450 5716 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/22 13:27:18.0512 5716 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/22 13:27:18.0583 5716 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/22 13:27:18.0637 5716 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/22 13:27:18.0692 5716 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/22 13:27:18.0723 5716 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/07/22 13:27:18.0778 5716 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/22 13:27:18.0887 5716 IntcAzAudAddService (202350c0055a39cfca30b2942f7b10d2) C:\Windows\system32\drivers\RTKVHDA.sys

2011/07/22 13:27:18.0965 5716 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/22 13:27:18.0997 5716 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/22 13:27:19.0020 5716 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/22 13:27:19.0051 5716 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/22 13:27:19.0067 5716 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/22 13:27:19.0114 5716 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/22 13:27:19.0145 5716 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/22 13:27:19.0184 5716 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/22 13:27:19.0247 5716 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/22 13:27:19.0293 5716 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/22 13:27:19.0333 5716 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/22 13:27:19.0364 5716 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/22 13:27:19.0497 5716 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/07/22 13:27:19.0543 5716 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/22 13:27:19.0590 5716 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/22 13:27:19.0606 5716 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/22 13:27:19.0622 5716 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/22 13:27:19.0645 5716 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/22 13:27:19.0676 5716 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/22 13:27:19.0700 5716 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/22 13:27:19.0723 5716 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/22 13:27:19.0762 5716 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/22 13:27:19.0801 5716 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/22 13:27:19.0848 5716 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/22 13:27:19.0926 5716 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/22 13:27:19.0981 5716 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/22 13:27:20.0051 5716 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/07/22 13:27:20.0098 5716 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/22 13:27:20.0309 5716 MpKsl0fa5197a (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E64C2BE5-9411-4D38-9D73-69943FC1685B}\MpKsl0fa5197a.sys

2011/07/22 13:27:20.0793 5716 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/07/22 13:27:20.0840 5716 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/22 13:27:20.0895 5716 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/22 13:27:20.0950 5716 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/22 13:27:20.0989 5716 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/22 13:27:21.0012 5716 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/22 13:27:21.0051 5716 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/22 13:27:21.0098 5716 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/22 13:27:21.0137 5716 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/22 13:27:21.0161 5716 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/22 13:27:21.0208 5716 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/22 13:27:21.0239 5716 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/22 13:27:21.0293 5716 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/22 13:27:21.0317 5716 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/22 13:27:21.0379 5716 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/22 13:27:21.0403 5716 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/22 13:27:21.0426 5716 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/22 13:27:21.0450 5716 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/22 13:27:21.0473 5716 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/22 13:27:21.0520 5716 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/22 13:27:21.0590 5716 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/22 13:27:21.0622 5716 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/22 13:27:21.0653 5716 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/22 13:27:21.0700 5716 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/22 13:27:21.0739 5716 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/22 13:27:21.0778 5716 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/22 13:27:21.0801 5716 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/22 13:27:21.0848 5716 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/22 13:27:21.0958 5716 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/22 13:27:22.0036 5716 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/07/22 13:27:22.0075 5716 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/22 13:27:22.0098 5716 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/22 13:27:22.0161 5716 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/07/22 13:27:22.0208 5716 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/22 13:27:22.0247 5716 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

2011/07/22 13:27:22.0317 5716 NVNET (c9c82e1a08955fdbdf92aac55bc3a4e4) C:\Windows\system32\DRIVERS\nvmf6232.sys

2011/07/22 13:27:22.0372 5716 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/07/22 13:27:22.0450 5716 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/07/22 13:27:22.0473 5716 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/22 13:27:22.0512 5716 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/22 13:27:22.0551 5716 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/22 13:27:22.0590 5716 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/22 13:27:22.0614 5716 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/22 13:27:22.0645 5716 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/22 13:27:22.0684 5716 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/22 13:27:22.0708 5716 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/22 13:27:22.0762 5716 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

2011/07/22 13:27:22.0786 5716 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/22 13:27:22.0817 5716 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/22 13:27:22.0942 5716 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

2011/07/22 13:27:23.0020 5716 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/22 13:27:23.0043 5716 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/22 13:27:23.0114 5716 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/22 13:27:23.0168 5716 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/22 13:27:23.0231 5716 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/22 13:27:23.0325 5716 qmphook (cff3efa2b98eeaa721d7cba379f5e042) C:\Program Files\Quick Macros 2\qmphook.sys

2011/07/22 13:27:23.0403 5716 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/22 13:27:23.0442 5716 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/22 13:27:23.0489 5716 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/22 13:27:23.0512 5716 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/22 13:27:23.0590 5716 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/22 13:27:23.0622 5716 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/22 13:27:23.0676 5716 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/22 13:27:23.0715 5716 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/22 13:27:23.0747 5716 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/22 13:27:23.0793 5716 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/07/22 13:27:23.0879 5716 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/22 13:27:23.0895 5716 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/22 13:27:23.0934 5716 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/22 13:27:23.0997 5716 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/22 13:27:24.0075 5716 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys

2011/07/22 13:27:24.0114 5716 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/22 13:27:24.0145 5716 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/07/22 13:27:24.0200 5716 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/22 13:27:24.0262 5716 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/22 13:27:24.0309 5716 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/22 13:27:24.0348 5716 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/22 13:27:24.0379 5716 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/22 13:27:24.0426 5716 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/22 13:27:24.0489 5716 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/22 13:27:24.0512 5716 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/22 13:27:24.0528 5716 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/22 13:27:24.0551 5716 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/22 13:27:24.0606 5716 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/22 13:27:24.0637 5716 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/22 13:27:24.0661 5716 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/22 13:27:24.0692 5716 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/22 13:27:24.0754 5716 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys

2011/07/22 13:27:24.0793 5716 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/22 13:27:24.0879 5716 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/22 13:27:24.0903 5716 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/22 13:27:24.0934 5716 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/22 13:27:25.0004 5716 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/22 13:27:25.0059 5716 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/22 13:27:25.0114 5716 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/07/22 13:27:25.0137 5716 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/22 13:27:25.0262 5716 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/22 13:27:25.0387 5716 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/22 13:27:25.0442 5716 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/22 13:27:25.0489 5716 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/22 13:27:25.0512 5716 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/22 13:27:25.0559 5716 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/22 13:27:25.0614 5716 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/22 13:27:25.0692 5716 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/22 13:27:25.0747 5716 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/22 13:27:25.0809 5716 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/22 13:27:25.0840 5716 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/22 13:27:25.0895 5716 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/22 13:27:25.0981 5716 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/22 13:27:26.0036 5716 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/07/22 13:27:26.0067 5716 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/22 13:27:26.0114 5716 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2011/07/22 13:27:26.0176 5716 usbbus (af9388e736af0c325067f05edc350010) C:\Windows\system32\DRIVERS\lgusbbus.sys

2011/07/22 13:27:26.0239 5716 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

2011/07/22 13:27:26.0278 5716 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/22 13:27:26.0309 5716 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2011/07/22 13:27:26.0333 5716 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/22 13:27:26.0364 5716 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/07/22 13:27:26.0387 5716 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2011/07/22 13:27:26.0418 5716 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/22 13:27:26.0450 5716 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/22 13:27:26.0489 5716 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/22 13:27:26.0512 5716 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/22 13:27:26.0536 5716 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/22 13:27:26.0583 5716 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/22 13:27:26.0653 5716 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/22 13:27:26.0684 5716 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/22 13:27:26.0739 5716 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/22 13:27:26.0754 5716 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/22 13:27:26.0786 5716 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/22 13:27:26.0825 5716 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/07/22 13:27:26.0864 5716 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/22 13:27:26.0887 5716 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/22 13:27:26.0903 5716 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/22 13:27:26.0958 5716 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/22 13:27:26.0989 5716 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/22 13:27:27.0012 5716 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/07/22 13:27:27.0083 5716 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

2011/07/22 13:27:27.0122 5716 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys

2011/07/22 13:27:27.0137 5716 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/22 13:27:27.0176 5716 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys

2011/07/22 13:27:27.0278 5716 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/22 13:27:27.0286 5716 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/22 13:27:27.0348 5716 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/22 13:27:27.0403 5716 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

2011/07/22 13:27:27.0434 5716 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/22 13:27:27.0512 5716 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/22 13:27:27.0543 5716 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/22 13:27:27.0614 5716 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/22 13:27:27.0661 5716 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/22 13:27:27.0708 5716 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/22 13:27:27.0770 5716 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/22 13:27:27.0833 5716 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/22 13:27:27.0879 5716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/22 13:27:27.0887 5716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

2011/07/22 13:27:27.0895 5716 Boot (0x1200) (af3d98703313d8568a211c4643fa89a1) \Device\Harddisk0\DR0\Partition0

2011/07/22 13:27:27.0903 5716 Boot (0x1200) (47574828052a8be511836a86488296db) \Device\Harddisk1\DR1\Partition0

2011/07/22 13:27:27.0911 5716 ================================================================================

2011/07/22 13:27:27.0911 5716 Scan finished

2011/07/22 13:27:27.0911 5716 ================================================================================

2011/07/22 13:27:27.0918 5708 Detected object count: 1

2011/07/22 13:27:27.0918 5708 Actual detected object count: 1

2011/07/22 13:28:10.0458 5708 ForgedFile.Multi.Generic(AFD) - User select action: Skip

Currently the Google redirector still exists, as well as something that slows down my internet, as well as various Windows things being disabled/affected (can't turn on Windows Firewall, Music library is no longer found but files are still there). Oddly, earlier when Security Essentials quarantined a file, the redirector was gone (the other problems still existed, however), but as soon as I rebooted it was back, and Security Essentials immediately caught a "Backdoor: Win32/Smadow". Thanks for the help!

Link to post
Share on other sites

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

It seems the Google redirector is gone after running ComboFix, as well as internet speed being more or less normal; however, I am not sure if it will be back if I restart my computer. Windows Firewall and the libraries are still nonfunctional, but is it right to assuming that it's a registry modification that can't be undone by antimalware tools? In any case, ComboFix log is below:

ComboFix 11-07-23.04 - Fyrel 07/23/2011 14:20:21.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2311 [GMT -7:00]

Running from: c:\users\Fyrel\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB31375$\460103196\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB31375$\460103196\click.tlb

c:\windows\$NtUninstallKB31375$\460103196\L\xadqgnnk

c:\windows\$NtUninstallKB31375$\460103196\loader.tlb

c:\windows\$NtUninstallKB31375$\460103196\U\@00000001

c:\windows\$NtUninstallKB31375$\460103196\U\@000000c0

c:\windows\$NtUninstallKB31375$\460103196\U\@000000cb

c:\windows\$NtUninstallKB31375$\460103196\U\@000000cf

c:\windows\$NtUninstallKB31375$\460103196\U\@80000000

c:\windows\$NtUninstallKB31375$\460103196\U\@800000c0

c:\windows\$NtUninstallKB31375$\460103196\U\@800000cb

c:\windows\$NtUninstallKB31375$\460103196\U\@800000cf

c:\windows\$NtUninstallKB31375$\91238726

c:\windows\assembly\GAC_MSIL\desktop.ini

f:\steam\Steam.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

.

.

2011-07-23 21:27 . 2011-07-23 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-23 20:23 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18040BF9-7FDF-425C-BA5B-0176AEFC87BB}\mpengine.dll

2011-07-23 08:42 . 2011-07-23 08:42 -------- d-----w- c:\users\Fyrel\AppData\Roaming\Toribash

2011-07-18 02:54 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-18 02:54 . 2011-07-18 02:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-18 02:54 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-12 03:26 . 2011-07-12 03:26 -------- d-----w- c:\users\Fyrel\AppData\Roaming\ArcSoft

2011-07-07 05:50 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-07 05:50 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-07-07 05:50 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-06 17:04 . 2011-07-06 17:04 5071872 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUnitedMobileDriver_S4981CAN33AP22_ML_WHQL_Ver_3.3.msi

2011-07-04 07:45 . 2011-07-04 07:45 -------- d-----w- c:\users\Fyrel\AppData\Roaming\DVDVideoSoft

2011-06-29 05:27 . 2011-06-29 05:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-29 05:27 . 2011-06-29 05:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 03:39 . 2010-02-20 19:08 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 17:04 . 2011-03-13 00:35 90112 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll

2011-07-06 17:04 . 2011-03-13 00:35 24576 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll

2011-07-06 17:04 . 2011-03-13 00:35 1339392 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe

2011-06-09 08:37 . 2010-02-18 19:54 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-09 08:37 . 2010-02-25 01:23 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-09 08:37 . 2010-02-18 19:54 280768 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-09 08:35 . 2010-02-18 19:54 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-04-30 19:49 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-29 05:27 . 2011-04-05 07:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]

"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]

"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]

"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2011-06-14 392280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Fyrel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]

2011-06-14 07:45 392280 ----a-w- c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]

2011-04-30 08:35 235168 ----a-w- c:\windows\System32\Macromed\Flash\FlashUtil10p_Plugin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-10-28 02:18 133104 ----atw- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-16 02:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WizMouse]

2010-05-23 18:16 723248 ----a-w- c:\program files\WizMouse\WizMouse.exe

.

R1 MpKsl05294276;MpKsl05294276;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A81FBC75-9315-4C07-8C93-376BF33CE1D1}\MpKsl05294276.sys [x]

R1 MpKsl0aa40367;MpKsl0aa40367;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04137DAE-FE4E-40A4-A99A-3E37786C4FAB}\MpKsl0aa40367.sys [x]

R1 MpKsl209a1ec8;MpKsl209a1ec8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F805352C-1A3A-4CFC-9C8F-698FB0F603EF}\MpKsl209a1ec8.sys [x]

R1 MpKsl2c979317;MpKsl2c979317;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87E36B37-4D3A-4BCA-A4FB-784C1BCE3C67}\MpKsl2c979317.sys [x]

R1 MpKsl3392a6b2;MpKsl3392a6b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{154F4042-BA7C-49CF-A5AB-6D3A71A8C25E}\MpKsl3392a6b2.sys [x]

R1 MpKsl3696946b;MpKsl3696946b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAB80296-8DDC-4771-9139-B449F5217E0D}\MpKsl3696946b.sys [x]

R1 MpKsl39731adf;MpKsl39731adf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{683E8BE3-952B-4B63-8797-786B70A5D60D}\MpKsl39731adf.sys [x]

R1 MpKsl3b1febeb;MpKsl3b1febeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3579E281-13ED-42D3-AA11-F4ECE3C3EA51}\MpKsl3b1febeb.sys [x]

R1 MpKsl45138b08;MpKsl45138b08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EB6769F-D572-4B1D-BA62-8A899A5BE7B5}\MpKsl45138b08.sys [x]

R1 MpKsl46c9c27e;MpKsl46c9c27e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0421EBF-B2AF-413E-B3FD-6E3FB83A267E}\MpKsl46c9c27e.sys [x]

R1 MpKsl5f4607a2;MpKsl5f4607a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{927CF92D-2733-4488-B68C-FDC380B57858}\MpKsl5f4607a2.sys [x]

R1 MpKsl6611715a;MpKsl6611715a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB481A15-791A-4CEC-8D1D-53691A0C6B26}\MpKsl6611715a.sys [x]

R1 MpKsl6ad68e8c;MpKsl6ad68e8c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6BBC37-692E-4F25-914D-F3D8EA06792D}\MpKsl6ad68e8c.sys [x]

R1 MpKsl6fd760f1;MpKsl6fd760f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9013CC44-82DF-4656-9806-475E83FC619B}\MpKsl6fd760f1.sys [x]

R1 MpKsl72801e12;MpKsl72801e12;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87E36B37-4D3A-4BCA-A4FB-784C1BCE3C67}\MpKsl72801e12.sys [x]

R1 MpKsl7991baf5;MpKsl7991baf5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07DF4F56-C021-4F7F-9D03-F226D91CB6D7}\MpKsl7991baf5.sys [x]

R1 MpKsl7feef633;MpKsl7feef633;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61070BB3-C409-4EE8-9D93-6FC263750A5F}\MpKsl7feef633.sys [x]

R1 MpKsl8720fa60;MpKsl8720fa60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1ED4E7C-540B-4576-9918-B829D3CC57DC}\MpKsl8720fa60.sys [x]

R1 MpKsl93c52bba;MpKsl93c52bba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{092DA4B5-76FA-4D11-B901-9827D88B3AFE}\MpKsl93c52bba.sys [x]

R1 MpKsl994f0015;MpKsl994f0015;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{154F4042-BA7C-49CF-A5AB-6D3A71A8C25E}\MpKsl994f0015.sys [x]

R1 MpKsl9b0dc54e;MpKsl9b0dc54e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F6888D8-62C3-4878-90A1-26BB09DF2306}\MpKsl9b0dc54e.sys [x]

R1 MpKsl9d26f23c;MpKsl9d26f23c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0421EBF-B2AF-413E-B3FD-6E3FB83A267E}\MpKsl9d26f23c.sys [x]

R1 MpKsla97bcd9d;MpKsla97bcd9d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{092DA4B5-76FA-4D11-B901-9827D88B3AFE}\MpKsla97bcd9d.sys [x]

R1 MpKsla9932fc3;MpKsla9932fc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E64C2BE5-9411-4D38-9D73-69943FC1685B}\MpKsla9932fc3.sys [x]

R1 MpKslaa942da8;MpKslaa942da8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87E36B37-4D3A-4BCA-A4FB-784C1BCE3C67}\MpKslaa942da8.sys [x]

R1 MpKslb2b6ad08;MpKslb2b6ad08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB481A15-791A-4CEC-8D1D-53691A0C6B26}\MpKslb2b6ad08.sys [x]

R1 MpKslb435ce13;MpKslb435ce13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02050024-85F5-41DE-AD8A-44929CFC72FD}\MpKslb435ce13.sys [x]

R1 MpKslb53afcfd;MpKslb53afcfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EE754C6-1549-456D-B9B8-3BFA1243ECAA}\MpKslb53afcfd.sys [x]

R1 MpKslc0d58146;MpKslc0d58146;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31A046E6-3FDA-4BBA-9220-9AECF151FD91}\MpKslc0d58146.sys [x]

R1 MpKsld8423731;MpKsld8423731;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A98163A6-0F7A-4563-91F0-44D204011D05}\MpKsld8423731.sys [x]

R1 MpKsldc1cad78;MpKsldc1cad78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E64C2BE5-9411-4D38-9D73-69943FC1685B}\MpKsldc1cad78.sys [x]

R1 MpKslde2e783f;MpKslde2e783f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1ED4E7C-540B-4576-9918-B829D3CC57DC}\MpKslde2e783f.sys [x]

R1 MpKsle349e265;MpKsle349e265;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31A046E6-3FDA-4BBA-9220-9AECF151FD91}\MpKsle349e265.sys [x]

R1 MpKsle4f6cc3d;MpKsle4f6cc3d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61070BB3-C409-4EE8-9D93-6FC263750A5F}\MpKsle4f6cc3d.sys [x]

R1 MpKslea9596e5;MpKslea9596e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6003D340-1AEA-4830-84EF-97D1ACD50CCD}\MpKslea9596e5.sys [x]

R1 MpKslfc2405dd;MpKslfc2405dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61070BB3-C409-4EE8-9D93-6FC263750A5F}\MpKslfc2405dd.sys [x]

R1 pgtjvcpj;pgtjvcpj;c:\windows\system32\drivers\pgtjvcpj.sys [x]

R2 quickmacros2;Quick Macros;c:\program files\Quick Macros 2\qmserv.exe [2009-08-23 9232]

R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2274296]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]

R3 cpuz130;cpuz130;c:\users\Fyrel\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 qmphook;QM process triggers;c:\program files\Quick Macros 2\qmphook.sys [2007-05-25 4096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 173500]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 294232]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4802020]

S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]

.

.

Contents of the 'Scheduled Tasks' folder

.

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246318644-428434036-3852550999-1001Core.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246318644-428434036-3852550999-1001UA.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270459224-3810211945-1620170352-1001Core.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270459224-3810211945-1620170352-1001UA.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: Free YouTube Download - c:\users\Fyrel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Fyrel\AppData\Roaming\Mozilla\Firefox\Profiles\uhst2lur.default\

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Steam - f:\steam\Steam.exe

AddRemove-Steam App 12210 - f:\steam\steam.exe

AddRemove-Steam App 12220 - f:\steam\steam.exe

AddRemove-Steam App 12360 - f:\steam\steam.exe

AddRemove-Steam App 13570 - f:\steam\steam.exe

AddRemove-Steam App 15750 - f:\steam\steam.exe

AddRemove-Steam App 16600 - f:\steam\steam.exe

AddRemove-Steam App 17410 - f:\steam\steam.exe

AddRemove-Steam App 17460 - f:\steam\steam.exe

AddRemove-Steam App 17470 - f:\steam\steam.exe

AddRemove-Steam App 17550 - f:\steam\steam.exe

AddRemove-Steam App 19980 - f:\steam\steam.exe

AddRemove-Steam App 20920 - f:\steam\steam.exe

AddRemove-Steam App 215 - f:\steam\steam.exe

AddRemove-Steam App 22000 - f:\steam\steam.exe

AddRemove-Steam App 22200 - f:\steam\steam.exe

AddRemove-Steam App 22330 - f:\steam\steam.exe

AddRemove-Steam App 2450 - f:\steam\steam.exe

AddRemove-Steam App 24740 - f:\steam\steam.exe

AddRemove-Steam App 25010 - f:\steam\steam.exe

AddRemove-Steam App 26800 - f:\steam\steam.exe

AddRemove-Steam App 29180 - f:\steam\steam.exe

AddRemove-Steam App 31170 - f:\steam\steam.exe

AddRemove-Steam App 33900 - f:\steam\steam.exe

AddRemove-Steam App 33930 - f:\steam\steam.exe

AddRemove-Steam App 35700 - f:\steam\steam.exe

AddRemove-Steam App 39000 - f:\steam\steam.exe

AddRemove-Steam App 39530 - f:\steam\steam.exe

AddRemove-Steam App 41800 - f:\steam\steam.exe

AddRemove-Steam App 42120 - f:\steam\steam.exe

AddRemove-Steam App 42500 - f:\steam\steam.exe

AddRemove-Steam App 42910 - f:\steam\steam.exe

AddRemove-Steam App 4500 - f:\steam\steam.exe

AddRemove-Steam App 45740 - f:\steam\steam.exe

AddRemove-Steam App 49900 - f:\steam\steam.exe

AddRemove-Steam App 50130 - f:\steam\steam.exe

AddRemove-Steam App 564 - f:\steam\steam.exe

AddRemove-Steam App 57300 - f:\steam\steam.exe

AddRemove-Steam App 6020 - f:\steam\steam.exe

AddRemove-Steam App 630 - f:\steam\steam.exe

AddRemove-Steam App 63200 - f:\steam\steam.exe

AddRemove-Steam App 65700 - f:\steam\steam.exe

AddRemove-Steam App 65720 - f:\steam\steam.exe

AddRemove-Steam App 72200 - f:\steam\steam.exe

AddRemove-Steam App 8190 - f:\steam\steam.exe

AddRemove-Steam App 92000 - f:\steam\steam.exe

AddRemove-Steam App 9500 - f:\steam\steam.exe

AddRemove-Steam App 97000 - f:\steam\steam.exe

AddRemove-Steam App 99830 - f:\steam\steam.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3270459224-3810211945-1620170352-1001\Software\SecuROM\License information*]

"datasecu"=hex:ff,6e,a3,b4,e1,03,ef,a6,43,ea,b1,f9,7e,4d,18,97,44,a5,a0,08,00,

6e,4f,90,3c,77,07,25,38,8d,d8,63,32,fa,2d,9f,8d,71,2c,c2,a7,9c,9d,c8,17,ae,\

"rkeysecu"=hex:a4,c4,c9,3d,49,18,45,a1,da,75,3f,bd,a0,11,e7,97

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(576)

c:\windows\system32\mswsock.dll

mswsock.DLL 74ba0000 245760 \\?\globalroot\systemroot\system32\mswsock.DLL

.

Completion time: 2011-07-23 14:28:28

ComboFix-quarantined-files.txt 2011-07-23 21:28

.

Pre-Run: 24,993,472,512 bytes free

Post-Run: 24,951,623,680 bytes free

.

- - End Of File - - BA0FD4A1186FAC5EF241093EDC911777

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\drivers\pgtjvcpj.sys

Driver::
pgtjvcpj

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

After running Combofix as per instruction, my internet failed to come back online. After restarting (which didn't work), I had a moment of retardedness where I misread the Combofix instructions and thought that it said to run Combofix again to fix the internet connection issue (thus overwriting the old log >_<). If it helps, I remember the old combofix log saying that the specified file to be deleted was deleted. I also tried running the system restore created by Combofix, but that didn't work either. Is there any way to restore my connection?

Link to post
Share on other sites

Nevermind, I just reset winsock entries and the TCP/IP stack and it fixed it. As for how the computer works, it seems mostly fine other than the aforementioned issues (Firewall, music libraries). The latest ComboFix log (not the first one, sorry :( ) is below:

ComboFix 11-07-23.04 - Fyrel 07/24/2011 15:44:41.4.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2277 [GMT -7:00]

Running from: c:\users\Fyrel\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))

.

.

2011-07-24 22:52 . 2011-07-24 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-24 21:58 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E40C9428-508C-4386-B65C-514A6CAC0543}\mpengine.dll

2011-07-23 08:42 . 2011-07-23 08:42 -------- d-----w- c:\users\Fyrel\AppData\Roaming\Toribash

2011-07-18 02:54 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-18 02:54 . 2011-07-18 02:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-18 02:54 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-12 03:26 . 2011-07-12 03:26 -------- d-----w- c:\users\Fyrel\AppData\Roaming\ArcSoft

2011-07-07 05:50 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-07 05:50 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-07-07 05:50 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-06 17:04 . 2011-07-06 17:04 5071872 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUnitedMobileDriver_S4981CAN33AP22_ML_WHQL_Ver_3.3.msi

2011-07-04 07:45 . 2011-07-04 07:45 -------- d-----w- c:\users\Fyrel\AppData\Roaming\DVDVideoSoft

2011-06-29 05:27 . 2011-06-29 05:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-29 05:27 . 2011-06-29 05:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-24 04:31 . 2010-02-18 19:54 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-07-24 04:31 . 2010-02-25 01:23 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-07-24 04:31 . 2010-02-18 19:54 280768 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-07-24 04:28 . 2010-02-18 19:54 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-07-24 04:28 . 2010-02-18 19:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-07-13 03:39 . 2010-02-20 19:08 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 17:04 . 2011-03-13 00:35 90112 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll

2011-07-06 17:04 . 2011-03-13 00:35 24576 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll

2011-07-06 17:04 . 2011-03-13 00:35 1339392 ----a-w- c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe

2011-04-30 19:49 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-29 05:27 . 2011-04-05 07:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]

"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]

"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]

"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2011-06-14 392280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Fyrel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Fyrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]

2011-06-14 07:45 392280 ----a-w- c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]

2011-04-30 08:35 235168 ----a-w- c:\windows\System32\Macromed\Flash\FlashUtil10p_Plugin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-10-28 02:18 133104 ----atw- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-16 02:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WizMouse]

2010-05-23 18:16 723248 ----a-w- c:\program files\WizMouse\WizMouse.exe

.

R1 MpKsl05294276;MpKsl05294276;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A81FBC75-9315-4C07-8C93-376BF33CE1D1}\MpKsl05294276.sys [x]

R1 MpKsl0aa40367;MpKsl0aa40367;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04137DAE-FE4E-40A4-A99A-3E37786C4FAB}\MpKsl0aa40367.sys [x]

R1 MpKsl209a1ec8;MpKsl209a1ec8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F805352C-1A3A-4CFC-9C8F-698FB0F603EF}\MpKsl209a1ec8.sys [x]

R1 MpKsl2c979317;MpKsl2c979317;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87E36B37-4D3A-4BCA-A4FB-784C1BCE3C67}\MpKsl2c979317.sys [x]

R1 MpKsl3392a6b2;MpKsl3392a6b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{154F4042-BA7C-49CF-A5AB-6D3A71A8C25E}\MpKsl3392a6b2.sys [x]

R1 MpKsl3696946b;MpKsl3696946b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAB80296-8DDC-4771-9139-B449F5217E0D}\MpKsl3696946b.sys [x]

R1 MpKsl39731adf;MpKsl39731adf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{683E8BE3-952B-4B63-8797-786B70A5D60D}\MpKsl39731adf.sys [x]

R1 MpKsl3b1febeb;MpKsl3b1febeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3579E281-13ED-42D3-AA11-F4ECE3C3EA51}\MpKsl3b1febeb.sys [x]

R1 MpKsl45138b08;MpKsl45138b08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EB6769F-D572-4B1D-BA62-8A899A5BE7B5}\MpKsl45138b08.sys [x]

R1 MpKsl46c9c27e;MpKsl46c9c27e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0421EBF-B2AF-413E-B3FD-6E3FB83A267E}\MpKsl46c9c27e.sys [x]

R1 MpKsl5f4607a2;MpKsl5f4607a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{927CF92D-2733-4488-B68C-FDC380B57858}\MpKsl5f4607a2.sys [x]

R1 MpKsl6611715a;MpKsl6611715a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB481A15-791A-4CEC-8D1D-53691A0C6B26}\MpKsl6611715a.sys [x]

R1 MpKsl6ad68e8c;MpKsl6ad68e8c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6BBC37-692E-4F25-914D-F3D8EA06792D}\MpKsl6ad68e8c.sys [x]

R1 MpKsl6fd760f1;MpKsl6fd760f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9013CC44-82DF-4656-9806-475E83FC619B}\MpKsl6fd760f1.sys [x]

R1 MpKsl72801e12;MpKsl72801e12;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87E36B37-4D3A-4BCA-A4FB-784C1BCE3C67}\MpKsl72801e12.sys [x]

R1 MpKsl7991baf5;MpKsl7991baf5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07DF4F56-C021-4F7F-9D03-F226D91CB6D7}\MpKsl7991baf5.sys [x]

R1 MpKsl7feef633;MpKsl7feef633;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61070BB3-C409-4EE8-9D93-6FC263750A5F}\MpKsl7feef633.sys [x]

R1 MpKsl8720fa60;MpKsl8720fa60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1ED4E7C-540B-4576-9918-B829D3CC57DC}\MpKsl8720fa60.sys [x]

R1 MpKsl93c52bba;MpKsl93c52bba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{092DA4B5-76FA-4D11-B901-9827D88B3AFE}\MpKsl93c52bba.sys [x]

R1 MpKsl994f0015;MpKsl994f0015;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{154F4042-BA7C-49CF-A5AB-6D3A71A8C25E}\MpKsl994f0015.sys [x]

R1 MpKsl9b0dc54e;MpKsl9b0dc54e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F6888D8-62C3-4878-90A1-26BB09DF2306}\MpKsl9b0dc54e.sys [x]

R1 MpKsl9d26f23c;MpKsl9d26f23c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0421EBF-B2AF-413E-B3FD-6E3FB83A267E}\MpKsl9d26f23c.sys [x]

R1 MpKsla97bcd9d;MpKsla97bcd9d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{092DA4B5-76FA-4D11-B901-9827D88B3AFE}\MpKsla97bcd9d.sys [x]

R1 MpKsla9932fc3;MpKsla9932fc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E64C2BE5-9411-4D38-9D73-69943FC1685B}\MpKsla9932fc3.sys [x]

R1 MpKslaa942da8;MpKslaa942da8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87E36B37-4D3A-4BCA-A4FB-784C1BCE3C67}\MpKslaa942da8.sys [x]

R1 MpKslb2b6ad08;MpKslb2b6ad08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB481A15-791A-4CEC-8D1D-53691A0C6B26}\MpKslb2b6ad08.sys [x]

R1 MpKslb435ce13;MpKslb435ce13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02050024-85F5-41DE-AD8A-44929CFC72FD}\MpKslb435ce13.sys [x]

R1 MpKslb53afcfd;MpKslb53afcfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EE754C6-1549-456D-B9B8-3BFA1243ECAA}\MpKslb53afcfd.sys [x]

R1 MpKslc0d58146;MpKslc0d58146;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31A046E6-3FDA-4BBA-9220-9AECF151FD91}\MpKslc0d58146.sys [x]

R1 MpKsld8423731;MpKsld8423731;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A98163A6-0F7A-4563-91F0-44D204011D05}\MpKsld8423731.sys [x]

R1 MpKsldc1cad78;MpKsldc1cad78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E64C2BE5-9411-4D38-9D73-69943FC1685B}\MpKsldc1cad78.sys [x]

R1 MpKslde2e783f;MpKslde2e783f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1ED4E7C-540B-4576-9918-B829D3CC57DC}\MpKslde2e783f.sys [x]

R1 MpKsle349e265;MpKsle349e265;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31A046E6-3FDA-4BBA-9220-9AECF151FD91}\MpKsle349e265.sys [x]

R1 MpKsle4f6cc3d;MpKsle4f6cc3d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61070BB3-C409-4EE8-9D93-6FC263750A5F}\MpKsle4f6cc3d.sys [x]

R1 MpKslea9596e5;MpKslea9596e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6003D340-1AEA-4830-84EF-97D1ACD50CCD}\MpKslea9596e5.sys [x]

R1 MpKslfc2405dd;MpKslfc2405dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61070BB3-C409-4EE8-9D93-6FC263750A5F}\MpKslfc2405dd.sys [x]

R2 quickmacros2;Quick Macros;c:\program files\Quick Macros 2\qmserv.exe [2009-08-23 9232]

R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2274296]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]

R3 cpuz130;cpuz130;c:\users\Fyrel\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 qmphook;QM process triggers;c:\program files\Quick Macros 2\qmphook.sys [2007-05-25 4096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 173500]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 294232]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4802020]

S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]

.

.

Contents of the 'Scheduled Tasks' folder

.

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246318644-428434036-3852550999-1001Core.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246318644-428434036-3852550999-1001UA.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270459224-3810211945-1620170352-1001Core.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270459224-3810211945-1620170352-1001UA.job

- c:\users\Fyrel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 02:18]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: Free YouTube Download - c:\users\Fyrel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

FF - ProfilePath - c:\users\Fyrel\AppData\Roaming\Mozilla\Firefox\Profiles\uhst2lur.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3270459224-3810211945-1620170352-1001\Software\SecuROM\License information*]

"datasecu"=hex:ff,6e,a3,b4,e1,03,ef,a6,43,ea,b1,f9,7e,4d,18,97,44,a5,a0,08,00,

6e,4f,90,3c,77,07,25,38,8d,d8,63,32,fa,2d,9f,8d,71,2c,c2,a7,9c,9d,c8,17,ae,\

"rkeysecu"=hex:a4,c4,c9,3d,49,18,45,a1,da,75,3f,bd,a0,11,e7,97

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2500)

c:\users\Fyrel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Google\Google SketchUp 8\xerces-c_2_6.dll

.

Completion time: 2011-07-24 15:53:22

ComboFix-quarantined-files.txt 2011-07-24 22:53

ComboFix2.txt 2011-07-24 22:37

ComboFix3.txt 2011-07-23 21:28

.

Pre-Run: 24,575,660,032 bytes free

Post-Run: 24,516,788,224 bytes free

.

- - End Of File - - F81B6170F169C79C30B9952DDD0B429C

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.