Jump to content

Random Redirects in Firefox


webDev27

Recommended Posts

First-time poster here. Thanks in advance to whomever takes the time to look into this for me. My issue began with a BSOD a couple days ago while browsing Reddit.com (not exactly a malicious site). After that BSOD I couldn't seem to start windows. It would fail during startup and try to repair itself but the repair tool wasn't able to fix whatever the issue was. On the advice of tech support for ASUS, I decided to do a factory restore of the hard drive. This seems to work, but when I go to update Windows (there are 86 updates initially, so it's quite a large update), the failed startup issue pops up again once I try to restart following the install of the updates. Now, however, the repair tool runs for awhile (10 minutes?) then when I get into Windows I see that all of the updates failed.

On top of this, I've noticed these random redirects whenever I open a website in Firefox. Ever since installing MBAM, I'm constantly getting notifications of blocked outgoing attempts from svchost, ping, or firefox (I guess you'll see that in the logs below). I'm trying to include everything in accordance with the "I'm infected - what do I do now?" post.

Computer Stats:

ASUS K52J Notebook

i3 - 350M / 4GB RAM

Windows 7 Home Premium 64-bit

+++++++++++++++++++++++++++++++++++++++

Latest MBAM Protection Log

+++++++++++++++++++++++++++++++++++++++

09:45:24 Kevin MESSAGE Protection started successfully

09:45:29 Kevin MESSAGE IP Protection started successfully

09:47:37 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 49989, Process: svchost.exe)

09:51:33 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 50592, Process: svchost.exe)

09:55:39 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 52257, Process: svchost.exe)

09:59:39 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 52371, Process: svchost.exe)

10:03:42 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 52589, Process: svchost.exe)

10:07:39 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53349, Process: svchost.exe)

10:11:42 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53373, Process: svchost.exe)

10:15:45 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53473, Process: svchost.exe)

10:19:48 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53530, Process: svchost.exe)

10:23:42 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53629, Process: svchost.exe)

10:27:45 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53665, Process: svchost.exe)

10:31:48 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53705, Process: svchost.exe)

10:35:51 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53740, Process: svchost.exe)

10:39:54 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53764, Process: svchost.exe)

10:43:55 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53791, Process: svchost.exe)

10:47:56 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53823, Process: svchost.exe)

13:54:27 Kevin MESSAGE Protection started successfully

13:54:31 Kevin MESSAGE IP Protection started successfully

14:04:58 Kevin IP-BLOCK 62.122.75.230 (Type: outgoing, Port: 49621, Process: ping.exe)

14:06:12 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 49859, Process: ping.exe)

14:06:20 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 49883, Process: ping.exe)

14:06:52 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 49952, Process: ping.exe)

14:07:09 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50036, Process: ping.exe)

14:07:49 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50406, Process: ping.exe)

14:07:49 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50409, Process: ping.exe)

14:08:06 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50463, Process: ping.exe)

14:08:06 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50464, Process: ping.exe)

14:08:22 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 50592, Process: ping.exe)

14:08:22 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 50593, Process: ping.exe)

14:08:38 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50604, Process: ping.exe)

14:08:38 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50605, Process: ping.exe)

14:08:46 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50668, Process: ping.exe)

14:08:46 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50669, Process: ping.exe)

14:08:54 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 50721, Process: ping.exe)

14:08:54 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 50722, Process: ping.exe)

14:08:54 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50724, Process: ping.exe)

14:08:54 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50725, Process: ping.exe)

14:09:11 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50757, Process: ping.exe)

14:09:11 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50758, Process: ping.exe)

14:09:27 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50881, Process: ping.exe)

14:09:27 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50886, Process: ping.exe)

14:09:51 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50971, Process: ping.exe)

14:09:51 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50972, Process: ping.exe)

14:10:16 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51050, Process: ping.exe)

14:10:16 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51051, Process: ping.exe)

14:10:16 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51122, Process: ping.exe)

14:10:16 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51123, Process: ping.exe)

14:10:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51135, Process: ping.exe)

14:10:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51136, Process: ping.exe)

14:10:24 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51147, Process: ping.exe)

14:10:24 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51148, Process: ping.exe)

14:10:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51160, Process: ping.exe)

14:10:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51161, Process: ping.exe)

14:10:32 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51174, Process: ping.exe)

14:10:32 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51175, Process: ping.exe)

14:10:40 Kevin IP-BLOCK 195.3.145.182 (Type: outgoing, Port: 51222, Process: firefox.exe)

14:10:40 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51254, Process: ping.exe)

14:10:40 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51255, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51257, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51258, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51284, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51287, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51302, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51303, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51305, Process: ping.exe)

14:10:48 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51306, Process: ping.exe)

14:11:13 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 51377, Process: svchost.exe)

14:13:30 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 52021, Process: ping.exe)

14:13:55 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 52282, Process: ping.exe)

14:15:03 Kevin IP-BLOCK 62.122.75.230 (Type: outgoing, Port: 53002, Process: ping.exe)

14:15:11 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53130, Process: svchost.exe)

14:15:43 Kevin IP-BLOCK 195.3.145.184 (Type: outgoing, Port: 53372, Process: firefox.exe)

14:15:44 Kevin IP-BLOCK 195.3.145.184 (Type: outgoing, Port: 53373, Process: firefox.exe)

14:16:08 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 53660, Process: firefox.exe)

14:16:25 Kevin IP-BLOCK 61.155.154.174 (Type: outgoing, Port: 53760, Process: daemonupd.exe)

14:17:58 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 54317, Process: ping.exe)

14:18:30 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54417, Process: ping.exe)

14:18:38 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54434, Process: ping.exe)

14:18:54 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54452, Process: ping.exe)

14:19:02 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54460, Process: ping.exe)

14:19:10 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54482, Process: ping.exe)

14:19:18 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 54495, Process: svchost.exe)

14:19:51 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54676, Process: daemonupd.exe)

14:19:51 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54678, Process: daemonupd.exe)

14:19:51 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54679, Process: ping.exe)

14:19:51 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54680, Process: ping.exe)

14:19:51 Kevin IP-BLOCK 95.169.186.116 (Type: outgoing, Port: 54710, Process: daemonupd.exe)

14:20:16 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 54929, Process: ping.exe)

14:20:24 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54977, Process: ping.exe)

14:20:24 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54978, Process: ping.exe)

14:20:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55002, Process: ping.exe)

14:20:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 55003, Process: ping.exe)

14:20:32 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55027, Process: ping.exe)

14:20:32 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55114, Process: ping.exe)

14:20:32 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55116, Process: ping.exe)

14:20:40 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55181, Process: ping.exe)

14:20:40 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55188, Process: ping.exe)

14:20:40 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55189, Process: ping.exe)

14:21:04 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55626, Process: ping.exe)

14:21:04 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55634, Process: ping.exe)

14:21:04 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55716, Process: ping.exe)

14:21:12 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55793, Process: ping.exe)

14:21:12 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55872, Process: ping.exe)

14:21:12 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55874, Process: ping.exe)

14:21:12 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55884, Process: ping.exe)

14:21:12 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55930, Process: ping.exe)

14:21:20 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55994, Process: ping.exe)

14:21:20 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56107, Process: ping.exe)

14:21:20 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56108, Process: ping.exe)

14:21:21 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56110, Process: ping.exe)

14:21:21 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56119, Process: ping.exe)

14:21:21 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56156, Process: ping.exe)

14:21:37 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56441, Process: ping.exe)

14:21:37 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56491, Process: ping.exe)

14:21:45 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56624, Process: ping.exe)

14:21:45 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56638, Process: ping.exe)

14:22:01 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56943, Process: ping.exe)

14:22:01 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56946, Process: ping.exe)

14:22:59 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57082, Process: ping.exe)

14:23:08 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 57084, Process: ping.exe)

14:23:08 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57085, Process: ping.exe)

14:23:08 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 57088, Process: ping.exe)

14:23:16 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 57108, Process: svchost.exe)

14:24:40 Kevin IP-BLOCK 95.169.186.116 (Type: outgoing, Port: 57249, Process: daemonupd.exe)

14:24:56 Kevin IP-BLOCK 212.95.51.64 (Type: outgoing, Port: 57261, Process: daemonupd.exe)

14:27:21 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 57517, Process: svchost.exe)

14:31:15 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 57886, Process: svchost.exe)

14:31:23 Kevin IP-BLOCK 82.146.52.114 (Type: outgoing, Port: 57891, Process: daemonupd.exe)

14:34:44 Kevin IP-BLOCK 195.3.145.251 (Type: outgoing, Port: 58140, Process: ping.exe)

14:34:44 Kevin IP-BLOCK 195.3.145.252 (Type: outgoing, Port: 58141, Process: ping.exe)

14:35:09 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 58194, Process: ping.exe)

14:35:17 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 58250, Process: svchost.exe)

14:36:30 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 58975, Process: ping.exe)

14:36:54 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 59092, Process: ping.exe)

14:37:26 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 59561, Process: ping.exe)

14:37:26 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 59562, Process: ping.exe)

14:37:43 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59624, Process: ping.exe)

14:37:43 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59625, Process: ping.exe)

14:38:07 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 59891, Process: ping.exe)

14:38:15 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 59986, Process: ping.exe)

14:38:15 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 59987, Process: ping.exe)

14:38:31 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 60154, Process: ping.exe)

14:38:31 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 60155, Process: ping.exe)

14:38:31 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 60165, Process: ping.exe)

14:38:31 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 60166, Process: ping.exe)

14:38:39 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60200, Process: ping.exe)

14:38:39 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60201, Process: ping.exe)

14:38:56 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 60397, Process: ping.exe)

14:39:04 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60419, Process: ping.exe)

14:39:04 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60420, Process: ping.exe)

14:39:20 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 60497, Process: svchost.exe)

14:39:36 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 60519, Process: ping.exe)

14:40:09 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 60853, Process: ping.exe)

14:40:09 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 60854, Process: ping.exe)

14:40:41 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 61106, Process: ping.exe)

14:40:41 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 61107, Process: ping.exe)

14:41:38 Kevin IP-BLOCK 82.146.52.114 (Type: outgoing, Port: 61263, Process: daemonupd.exe)

14:42:34 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61456, Process: daemonupd.exe)

14:43:22 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 61603, Process: svchost.exe)

14:46:44 Kevin IP-BLOCK 195.3.145.252 (Type: outgoing, Port: 61943, Process: ping.exe)

14:47:24 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 62125, Process: svchost.exe)

14:48:05 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 62350, Process: ping.exe)

14:48:13 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 62391, Process: ping.exe)

14:48:37 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 62452, Process: ping.exe)

14:48:53 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 62519, Process: ping.exe)

14:49:02 Kevin IP-BLOCK 212.95.51.64 (Type: outgoing, Port: 62531, Process: daemonupd.exe)

14:49:02 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 62534, Process: ping.exe)

14:50:08 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 63364, Process: ping.exe)

14:50:17 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 63412, Process: ping.exe)

14:50:17 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 63429, Process: ping.exe)

14:50:17 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 63430, Process: ping.exe)

14:51:22 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 63796, Process: svchost.exe)

14:51:39 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 63831, Process: ping.exe)

14:51:39 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 63835, Process: ping.exe)

14:51:39 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 63842, Process: ping.exe)

14:51:55 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 64082, Process: ping.exe)

14:52:05 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 64276, Process: ping.exe)

14:52:05 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 64279, Process: ping.exe)

14:52:05 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 64281, Process: ping.exe)

14:52:21 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 64307, Process: ping.exe)

14:52:21 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 64310, Process: ping.exe)

14:52:21 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 64311, Process: ping.exe)

14:53:37 Kevin IP-BLOCK 82.146.53.138 (Type: outgoing, Port: 64438, Process: daemonupd.exe)

14:55:23 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 64524, Process: svchost.exe)

14:59:27 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 64835, Process: svchost.exe)

15:01:37 Kevin IP-BLOCK 82.146.52.114 (Type: outgoing, Port: 65035, Process: daemonupd.exe)

15:03:30 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 65179, Process: svchost.exe)

15:05:59 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 49724, Process: ping.exe)

15:06:15 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 49900, Process: ping.exe)

15:06:24 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50085, Process: ping.exe)

15:06:44 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50217, Process: ping.exe)

15:06:44 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50225, Process: ping.exe)

15:07:17 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50484, Process: ping.exe)

15:07:17 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50485, Process: ping.exe)

15:07:25 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50524, Process: ping.exe)

15:07:33 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 50542, Process: svchost.exe)

15:07:42 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50638, Process: ping.exe)

15:07:50 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 50703, Process: ping.exe)

15:07:50 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 50704, Process: ping.exe)

15:07:50 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50708, Process: ping.exe)

15:07:50 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50709, Process: ping.exe)

15:07:58 Kevin IP-BLOCK 208.87.32.68 (Type: outgoing, Port: 50722, Process: ping.exe)

15:07:58 Kevin IP-BLOCK 208.87.32.68 (Type: outgoing, Port: 50723, Process: ping.exe)

15:08:14 Kevin IP-BLOCK 212.95.51.64 (Type: outgoing, Port: 50811, Process: daemonupd.exe)

15:08:14 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50813, Process: ping.exe)

15:08:31 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50865, Process: ping.exe)

15:08:31 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50924, Process: ping.exe)

15:08:31 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50954, Process: ping.exe)

15:08:31 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50957, Process: ping.exe)

15:08:39 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 51010, Process: ping.exe)

15:09:15 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51096, Process: ping.exe)

15:09:15 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51097, Process: ping.exe)

15:09:44 Kevin IP-BLOCK 208.87.32.68 (Type: outgoing, Port: 51189, Process: ping.exe)

15:09:44 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51214, Process: ping.exe)

15:09:44 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51215, Process: ping.exe)

15:10:08 Kevin IP-BLOCK 208.87.32.68 (Type: outgoing, Port: 51329, Process: ping.exe)

15:10:08 Kevin IP-BLOCK 208.87.32.68 (Type: outgoing, Port: 51330, Process: ping.exe)

15:11:30 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 51711, Process: svchost.exe)

15:11:46 Kevin IP-BLOCK 82.146.52.114 (Type: outgoing, Port: 51745, Process: daemonupd.exe)

15:12:18 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 51855, Process: ping.exe)

15:12:35 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 51955, Process: ping.exe)

15:15:33 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 52612, Process: svchost.exe)

15:16:41 Kevin IP-BLOCK 195.3.145.182 (Type: outgoing, Port: 52775, Process: firefox.exe)

15:16:49 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 52791, Process: firefox.exe)

15:17:13 Kevin IP-BLOCK 206.161.121.100 (Type: outgoing, Port: 52853, Process: firefox.exe)

15:18:51 Kevin IP-BLOCK 82.146.53.138 (Type: outgoing, Port: 53263, Process: daemonupd.exe)

15:19:07 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 53330, Process: ping.exe)

15:19:23 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53409, Process: ping.exe)

15:19:31 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53440, Process: svchost.exe)

15:19:31 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53443, Process: ping.exe)

15:20:20 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53708, Process: ping.exe)

15:20:20 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53767, Process: ping.exe)

15:20:28 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53785, Process: ping.exe)

15:20:36 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53840, Process: ping.exe)

15:20:36 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53850, Process: ping.exe)

15:20:36 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53854, Process: ping.exe)

15:20:53 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54017, Process: ping.exe)

15:21:09 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54170, Process: ping.exe)

15:21:17 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54211, Process: ping.exe)

15:21:34 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54279, Process: ping.exe)

15:21:34 Kevin IP-BLOCK 82.146.53.138 (Type: outgoing, Port: 54325, Process: daemonupd.exe)

15:21:51 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54460, Process: ping.exe)

15:23:36 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 54676, Process: svchost.exe)

15:30:12 Kevin MESSAGE Protection started successfully

15:30:16 Kevin MESSAGE IP Protection started successfully

15:33:04 Kevin MESSAGE IP Protection stopped

15:33:06 Kevin MESSAGE Database updated successfully

15:33:08 Kevin MESSAGE IP Protection started successfully

15:33:38 Kevin IP-BLOCK 195.3.145.182 (Type: outgoing, Port: 49227, Process: firefox.exe)

15:40:12 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49844, Process: firefox.exe)

15:40:20 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49856, Process: ping.exe)

15:40:20 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 49859, Process: firefox.exe)

15:41:01 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50057, Process: ping.exe)

15:41:17 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50162, Process: ping.exe)

15:41:17 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50189, Process: ping.exe)

15:41:33 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 50352, Process: ping.exe)

15:41:33 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50353, Process: ping.exe)

15:41:50 Kevin IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50471, Process: ping.exe)

15:42:38 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50851, Process: ping.exe)

15:42:38 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50852, Process: ping.exe)

15:42:55 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50990, Process: ping.exe)

15:42:55 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50991, Process: ping.exe)

15:43:35 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51469, Process: ping.exe)

15:43:35 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51472, Process: ping.exe)

15:43:51 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51527, Process: ping.exe)

15:43:51 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51535, Process: ping.exe)

15:43:51 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51551, Process: ping.exe)

15:43:51 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 51554, Process: ping.exe)

15:44:00 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51571, Process: ping.exe)

15:44:00 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51573, Process: ping.exe)

15:44:08 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51617, Process: ping.exe)

15:44:08 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51618, Process: ping.exe)

15:44:08 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 51630, Process: svchost.exe)

15:44:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51781, Process: ping.exe)

15:44:24 Kevin IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 51783, Process: ping.exe)

15:45:33 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 51952, Process: ping.exe)

15:45:51 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 51970, Process: ping.exe)

15:46:09 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 52008, Process: ping.exe)

15:48:10 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 52045, Process: svchost.exe)

15:52:12 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 52071, Process: svchost.exe)

15:56:13 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 52092, Process: svchost.exe)

15:58:47 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 52707, Process: ping.exe)

15:59:28 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53003, Process: ping.exe)

15:59:44 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53045, Process: ping.exe)

16:00:00 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 53152, Process: ping.exe)

16:00:16 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 53284, Process: svchost.exe)

16:00:24 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53481, Process: ping.exe)

16:00:24 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53482, Process: ping.exe)

16:00:48 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 53634, Process: ping.exe)

16:00:48 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 53638, Process: ping.exe)

16:00:48 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 53660, Process: ping.exe)

16:00:57 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53777, Process: ping.exe)

16:00:57 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53780, Process: ping.exe)

16:01:05 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 53869, Process: ping.exe)

16:01:13 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 53925, Process: ping.exe)

16:01:21 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54009, Process: ping.exe)

16:01:29 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54045, Process: ping.exe)

16:01:53 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54186, Process: ping.exe)

16:01:53 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54187, Process: ping.exe)

16:04:18 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 54301, Process: svchost.exe)

16:08:20 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 54324, Process: svchost.exe)

16:12:13 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 54347, Process: svchost.exe)

16:12:46 Kevin IP-BLOCK 188.95.52.162 (Type: outgoing, Port: 54352, Process: ping.exe)

16:12:54 Kevin IP-BLOCK 62.122.75.230 (Type: outgoing, Port: 54356, Process: ping.exe)

16:13:02 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54387, Process: ping.exe)

16:13:10 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54393, Process: ping.exe)

16:13:34 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54454, Process: ping.exe)

16:13:42 Kevin IP-BLOCK 91.228.133.56 (Type: outgoing, Port: 54472, Process: ping.exe)

16:13:43 Kevin IP-BLOCK 91.228.133.56 (Type: outgoing, Port: 54473, Process: ping.exe)

16:13:51 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54481, Process: ping.exe)

16:13:59 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54516, Process: ping.exe)

16:14:15 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54562, Process: ping.exe)

16:14:31 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54608, Process: ping.exe)

16:14:39 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54613, Process: ping.exe)

16:14:47 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54667, Process: ping.exe)

16:14:55 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54745, Process: ping.exe)

16:15:03 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54814, Process: ping.exe)

16:15:03 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54815, Process: ping.exe)

16:15:12 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54824, Process: ping.exe)

16:15:20 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54842, Process: ping.exe)

16:15:20 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54850, Process: ping.exe)

16:15:28 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54858, Process: ping.exe)

16:15:28 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54866, Process: ping.exe)

16:15:28 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54868, Process: ping.exe)

16:15:44 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54878, Process: ping.exe)

16:15:44 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54882, Process: ping.exe)

16:15:52 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54894, Process: ping.exe)

16:16:00 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 54914, Process: ping.exe)

16:16:00 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54916, Process: ping.exe)

16:16:08 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 54941, Process: ping.exe)

16:16:17 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54959, Process: ping.exe)

16:16:17 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54960, Process: ping.exe)

16:16:17 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 54963, Process: svchost.exe)

16:16:25 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55014, Process: ping.exe)

16:16:33 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55040, Process: ping.exe)

16:16:33 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55041, Process: ping.exe)

16:16:41 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 55046, Process: ping.exe)

16:16:41 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 55051, Process: ping.exe)

16:16:49 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55053, Process: ping.exe)

16:16:49 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55054, Process: ping.exe)

16:16:57 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55064, Process: ping.exe)

16:16:57 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 55069, Process: ping.exe)

16:16:57 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55073, Process: ping.exe)

16:17:05 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 55082, Process: ping.exe)

16:17:05 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55096, Process: ping.exe)

16:17:14 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55101, Process: ping.exe)

16:17:22 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55147, Process: ping.exe)

16:17:22 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55157, Process: ping.exe)

16:17:22 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55158, Process: ping.exe)

16:17:46 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55310, Process: ping.exe)

16:17:46 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55311, Process: ping.exe)

16:17:54 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55352, Process: ping.exe)

16:17:54 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55358, Process: ping.exe)

16:17:54 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55359, Process: ping.exe)

16:18:10 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55374, Process: ping.exe)

16:18:11 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55381, Process: ping.exe)

16:18:11 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55383, Process: ping.exe)

16:18:11 Kevin IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 55384, Process: ping.exe)

16:18:27 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55396, Process: ping.exe)

16:18:27 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55401, Process: ping.exe)

16:18:27 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55402, Process: ping.exe)

16:18:59 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55573, Process: ping.exe)

16:18:59 Kevin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55574, Process: ping.exe)

16:20:03 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 55713, Process: ping.exe)

16:20:19 Kevin IP-BLOCK 206.161.121.115 (Type: outgoing, Port: 55722, Process: ping.exe)

16:20:19 Kevin IP-BLOCK 98.126.43.227 (Type: outgoing, Port: 55727, Process: svchost.exe)

16:20:36 Kevin IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 55737, Process: ping.exe)

+++++++++++++++++++++++++++++++++++++++

Latest MBAM scanner log

+++++++++++++++++++++++++++++++++++++++

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7703

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/12/2011 3:33:00 PM

mbam-log-2011-09-12 (15-33-00).txt

Scan type: Quick scan

Objects scanned: 173364

Time elapsed: 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

+++++++++++++++++++++++++++++++++++++++

DDS Log

+++++++++++++++++++++++++++++++++++++++

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Kevin at 15:46:29 on 2011-09-12

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3949.2656 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Avira\AntiVir Desktop\avguard.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\conhost.exe

C:\Avira\AntiVir Desktop\avgnt.exe

C:\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

mRun: [avgnt] "C:\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\gupdate.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8260747D-F637-49FE-9161-3D607FE45F27} : DhcpNameServer = 192.168.0.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

mRun-x64: [avgnt] "C:\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\trsia0tk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Avira\AntiVir Desktop\sched.exe [2011-9-11 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Avira\AntiVir Desktop\avguard.exe [2011-9-11 269480]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-12 366640]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-11 2314240]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-12 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-12 136176]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

.

=============== Created Last 30 ================

.

2011-09-12 16:06:01 -------- d-----w- C:\Users\Kevin\AppData\Local\ElevatedDiagnostics

2011-09-12 14:45:01 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes

2011-09-12 14:44:55 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-12 14:44:54 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-12 14:44:51 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-12 14:44:51 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-09-12 14:37:23 -------- d-----w- C:\Users\Kevin\AppData\Local\Google

2011-09-12 14:37:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-12 14:29:17 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2011-09-12 14:29:17 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2011-09-12 01:08:56 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-09-12 01:08:56 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2011-09-11 21:52:48 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Avira

2011-09-11 21:49:28 -------- d-----w- C:\Windows\pss

2011-09-11 21:35:36 -------- d-----w- C:\Users\Kevin\AppData\Local\Adobe

2011-09-11 21:20:42 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-09-11 21:20:41 -------- d-----w- C:\ProgramData\Avira

2011-09-11 21:20:41 -------- d-----w- C:\Avira

2011-09-11 21:19:05 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F90A96B5-FD3A-4152-BEF0-ED49D70A345A}\mpengine.dll

2011-09-11 21:19:04 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-11 21:14:53 -------- d-----w- C:\Users\Kevin\AppData\Local\Mozilla

2011-09-11 21:13:25 -------- d-----w- C:\Firefox

2011-09-11 21:06:51 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-09-11 21:06:51 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-09-11 21:06:51 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-09-11 21:06:51 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-09-11 21:05:15 -------- d-----w- C:\Users\Kevin\AppData\Local\ATI

2011-09-11 21:05:06 -------- d-----w- C:\Users\Kevin\AppData\Local\SRS Labs

2011-09-11 21:02:32 -------- d-----w- C:\Users\Kevin\AppData\Local\VirtualStore

2011-09-11 19:58:56 408600 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2011-09-11 19:58:53 102000 ----a-w- C:\Windows\System32\drivers\JME.sys

2011-09-11 19:56:33 143472 ----a-w- C:\Windows\System32\drivers\jmcr.sys

2011-09-11 19:56:33 110080 ----a-w- C:\Windows\System32\jmcricon.dll

2011-09-11 19:56:27 42176 ----a-w- C:\Windows\System32\drivers\sncduvc.sys

2011-09-11 19:56:27 19008 ----a-w- C:\Windows\DrvInst.exe

2011-09-11 19:56:27 1806400 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys

2011-09-11 19:56:26 386 ----a-w- C:\Windows\Uninstuxga.reg

2011-09-11 19:56:26 386 ----a-w- C:\Windows\Uninstsxga.reg

2011-09-11 19:56:26 384 ----a-w- C:\Windows\Uninstvga.reg

2011-09-11 19:56:26 2266 ----a-w- C:\Windows\Uninstvga.bat

2011-09-11 19:56:26 2008 ----a-w- C:\Windows\Uninstsxga.bat

2011-09-11 19:56:26 1682 ----a-w- C:\Windows\Uninstuxga.bat

2011-09-11 19:55:31 704512 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys

2011-09-11 19:55:31 421888 ----a-w- C:\Windows\System32\UCI64A43.dll

2011-09-11 19:55:31 1745920 ----a-w- C:\Windows\System32\CX64OP19.dll

2011-09-11 19:53:47 2097152 ---h--r- C:\K62Jr.BIN

2011-09-11 19:53:46 2097152 ---h--r- C:\K52Jr.BIN

2011-09-11 19:53:42 4649472 ----a-w- C:\Windows\System32\ETDUI.cpl

2011-09-11 19:53:41 117760 ----a-w- C:\Windows\System32\drivers\ETD.sys

2011-09-11 19:53:40 1542656 ----a-w- C:\Windows\System32\drivers\athrx.sys

2011-09-11 19:53:40 15416 ----a-w- C:\Windows\System32\drivers\kbfiltr.sys

2011-09-11 19:53:39 15928 ----a-w- C:\Windows\System32\drivers\ATK64AMD.sys

2011-09-11 19:25:22 -------- d-----w- C:\Windows\SysWow64\K_Series_ScreenSaver_EN dir

2011-09-11 19:25:20 3054136 ----a-w- C:\Windows\AsScrPro.exe

2011-09-11 19:25:16 -------- d-----w- C:\eSupport

2011-09-11 19:25:09 183296 ----a-w- C:\Windows\SysWow64\ACEngSvr.exe

2011-09-11 19:25:02 359552 ----a-w- C:\Windows\System32\FBAgent.exe

2011-09-11 19:25:02 -------- d-----w- C:\Program Files\ASUS

2011-09-11 19:25:00 15928 ----a-w- C:\Windows\System32\drivers\lullaby.sys

2011-09-11 19:24:55 35384 ----a-w- C:\Windows\System32\drivers\AsDsm.sys

2011-09-11 19:24:37 -------- d-----w- C:\ProgramData\P4G

2011-09-11 19:24:37 -------- d-----w- C:\Program Files\P4G

2011-09-11 19:24:34 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-09-11 19:24:34 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-09-11 19:24:34 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-09-11 19:24:34 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-09-11 19:24:33 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-09-11 19:24:30 53248 ----a-w- C:\Windows\SysWow64\LogonStart.dll

2011-09-11 19:24:03 -------- d-----w- C:\Program Files (x86)\ASUS

2011-09-11 19:23:52 -------- d-----w- C:\Program Files (x86)\JMicron

2011-09-11 19:23:39 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2011-09-11 19:23:35 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2011-09-11 19:23:21 -------- d-----w- C:\Program Files\SRS Labs

2011-09-11 19:22:44 -------- d-----w- C:\Windows\System32\SRSLabs

2011-09-11 19:22:44 -------- d-----w- C:\Program Files\CONEXANT

2011-09-11 19:22:06 0 ----a-w- C:\Windows\ativpsrm.bin

2011-09-11 19:20:31 -------- d-----w- C:\Program Files\ATI

2011-09-11 19:20:30 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-09-11 19:20:19 -------- d-sh--w- C:\Windows\Installer

2011-09-11 19:17:43 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-09-11 19:17:38 -------- d-----w- C:\Intel

2011-09-11 19:15:57 -------- d-----w- C:\Program Files\Elantech

.

==================== Find3M ====================

.

2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll

.

============= FINISH: 15:48:22.67 ===============

Attach.zip

Link to post
Share on other sites

Hello and :welcome:

Lets first check for rootkits.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello and :welcome:

Lets first check for rootkits.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Thanks for helping out! I followed your instructions and it appears that the scan found Rootkit.Win32.TDSS.tdl4

The log is below as requested.

2011/09/15 17:34:24.0999 2760 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17

2011/09/15 17:34:25.0155 2760 ================================================================================

2011/09/15 17:34:25.0155 2760 SystemInfo:

2011/09/15 17:34:25.0155 2760

2011/09/15 17:34:25.0155 2760 OS Version: 6.1.7600 ServicePack: 0.0

2011/09/15 17:34:25.0155 2760 Product type: Workstation

2011/09/15 17:34:25.0155 2760 ComputerName: KEVIN-PCs

2011/09/15 17:34:25.0155 2760 UserName: Kevin

2011/09/15 17:34:25.0155 2760 Windows directory: C:\Windows

2011/09/15 17:34:25.0155 2760 System windows directory: C:\Windows

2011/09/15 17:34:25.0155 2760 Running under WOW64

2011/09/15 17:34:25.0155 2760 Processor architecture: Intel x64

2011/09/15 17:34:25.0155 2760 Number of processors: 4

2011/09/15 17:34:25.0155 2760 Page size: 0x1000

2011/09/15 17:34:25.0155 2760 Boot type: Normal boot

2011/09/15 17:34:25.0155 2760 ================================================================================

2011/09/15 17:34:26.0809 2760 Initialize success

2011/09/15 17:34:58.0430 3228 ================================================================================

2011/09/15 17:34:58.0430 3228 Scan started

2011/09/15 17:34:58.0430 3228 Mode: Manual;

2011/09/15 17:34:58.0430 3228 ================================================================================

2011/09/15 17:35:01.0441 3228 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/09/15 17:35:02.0580 3228 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/09/15 17:35:03.0547 3228 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/09/15 17:35:04.0233 3228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/15 17:35:05.0123 3228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/15 17:35:05.0981 3228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/15 17:35:06.0948 3228 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2011/09/15 17:35:07.0634 3228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/09/15 17:35:08.0601 3228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/09/15 17:35:09.0693 3228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/09/15 17:35:10.0536 3228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/15 17:35:11.0253 3228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/15 17:35:12.0049 3228 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2011/09/15 17:35:12.0845 3228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/15 17:35:13.0562 3228 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2011/09/15 17:35:14.0498 3228 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/09/15 17:35:15.0278 3228 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/09/15 17:35:15.0933 3228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/15 17:35:16.0573 3228 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys

2011/09/15 17:35:16.0776 3228 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

2011/09/15 17:35:17.0447 3228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/15 17:35:18.0102 3228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/09/15 17:35:18.0882 3228 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

2011/09/15 17:35:19.0958 3228 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

2011/09/15 17:35:21.0331 3228 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/09/15 17:35:23.0437 3228 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/09/15 17:35:24.0872 3228 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

2011/09/15 17:35:26.0385 3228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/09/15 17:35:27.0243 3228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/09/15 17:35:27.0977 3228 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/09/15 17:35:28.0757 3228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/15 17:35:29.0443 3228 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/15 17:35:30.0332 3228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/15 17:35:31.0253 3228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/15 17:35:36.0354 3228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/09/15 17:35:37.0727 3228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/15 17:35:39.0630 3228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/15 17:35:40.0753 3228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/15 17:35:42.0297 3228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/15 17:35:43.0889 3228 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/15 17:35:45.0105 3228 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/15 17:35:46.0073 3228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/15 17:35:47.0211 3228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/09/15 17:35:48.0366 3228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/15 17:35:49.0442 3228 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/09/15 17:35:50.0441 3228 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/09/15 17:35:51.0408 3228 CnxtHdAudService (f7ca3accf5aa0e2182546c5be42b2e96) C:\Windows\system32\drivers\CHDRT64.sys

2011/09/15 17:35:52.0469 3228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/15 17:35:53.0389 3228 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/09/15 17:35:54.0310 3228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/15 17:35:55.0386 3228 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2011/09/15 17:35:56.0431 3228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/09/15 17:35:57.0164 3228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/09/15 17:35:58.0225 3228 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/09/15 17:35:59.0270 3228 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/15 17:36:01.0018 3228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/09/15 17:36:03.0779 3228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/15 17:36:05.0245 3228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/09/15 17:36:06.0103 3228 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys

2011/09/15 17:36:06.0961 3228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/09/15 17:36:07.0897 3228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/09/15 17:36:08.0740 3228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/15 17:36:10.0034 3228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/09/15 17:36:10.0939 3228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/09/15 17:36:11.0657 3228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/15 17:36:12.0858 3228 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/09/15 17:36:13.0810 3228 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/09/15 17:36:14.0527 3228 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/15 17:36:15.0806 3228 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/15 17:36:17.0429 3228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/15 17:36:18.0084 3228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/15 17:36:19.0082 3228 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/09/15 17:36:20.0814 3228 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/15 17:36:21.0812 3228 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

2011/09/15 17:36:22.0936 3228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/15 17:36:24.0308 3228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/15 17:36:26.0009 3228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/15 17:36:26.0882 3228 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/15 17:36:28.0052 3228 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/09/15 17:36:29.0160 3228 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/09/15 17:36:29.0956 3228 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/15 17:36:30.0876 3228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/15 17:36:31.0625 3228 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys

2011/09/15 17:36:32.0452 3228 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/09/15 17:36:32.0998 3228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/15 17:36:33.0918 3228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/09/15 17:36:34.0620 3228 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/15 17:36:35.0993 3228 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/15 17:36:36.0788 3228 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/09/15 17:36:37.0693 3228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/09/15 17:36:38.0598 3228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/09/15 17:36:39.0300 3228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/09/15 17:36:39.0940 3228 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/15 17:36:40.0688 3228 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys

2011/09/15 17:36:41.0624 3228 JME (6249a8a49d3d80adc136c4a332a28bbb) C:\Windows\system32\DRIVERS\JME.sys

2011/09/15 17:36:42.0482 3228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/15 17:36:44.0042 3228 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/15 17:36:44.0791 3228 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

2011/09/15 17:36:45.0400 3228 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/15 17:36:46.0289 3228 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/15 17:36:47.0272 3228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/09/15 17:36:48.0145 3228 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/15 17:36:49.0144 3228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/15 17:36:49.0721 3228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/15 17:36:50.0392 3228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/15 17:36:51.0062 3228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/15 17:36:51.0608 3228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/09/15 17:36:52.0139 3228 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys

2011/09/15 17:36:52.0888 3228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/15 17:36:53.0652 3228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/15 17:36:54.0354 3228 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/09/15 17:36:55.0150 3228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/15 17:36:56.0554 3228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/15 17:36:57.0848 3228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/15 17:36:58.0504 3228 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/09/15 17:36:59.0315 3228 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/09/15 17:37:00.0079 3228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/15 17:37:00.0859 3228 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/09/15 17:37:01.0405 3228 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/15 17:37:02.0045 3228 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/15 17:37:02.0622 3228 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/15 17:37:03.0262 3228 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2011/09/15 17:37:04.0088 3228 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/09/15 17:37:04.0822 3228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/09/15 17:37:05.0524 3228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/15 17:37:06.0070 3228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/09/15 17:37:06.0850 3228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/15 17:37:07.0489 3228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/15 17:37:08.0066 3228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/09/15 17:37:08.0659 3228 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/09/15 17:37:09.0283 3228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/15 17:37:09.0876 3228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/09/15 17:37:10.0422 3228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/15 17:37:10.0984 3228 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys

2011/09/15 17:37:11.0717 3228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/09/15 17:37:12.0466 3228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/15 17:37:13.0511 3228 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/09/15 17:37:14.0416 3228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/15 17:37:15.0196 3228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/15 17:37:16.0007 3228 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/15 17:37:16.0600 3228 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/15 17:37:17.0302 3228 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/09/15 17:37:17.0879 3228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/15 17:37:18.0456 3228 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/15 17:37:19.0439 3228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/15 17:37:20.0609 3228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/09/15 17:37:21.0233 3228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/15 17:37:21.0888 3228 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2011/09/15 17:37:22.0481 3228 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/09/15 17:37:23.0042 3228 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/09/15 17:37:23.0760 3228 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2011/09/15 17:37:24.0556 3228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/09/15 17:37:25.0367 3228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/15 17:37:26.0069 3228 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/09/15 17:37:27.0410 3228 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/09/15 17:37:28.0128 3228 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/09/15 17:37:29.0579 3228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/09/15 17:37:30.0374 3228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/15 17:37:31.0248 3228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/09/15 17:37:32.0028 3228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/09/15 17:37:32.0917 3228 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/15 17:37:33.0853 3228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/09/15 17:37:34.0820 3228 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/15 17:37:36.0443 3228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/15 17:37:37.0176 3228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/15 17:37:37.0987 3228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/15 17:37:38.0580 3228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/15 17:37:39.0266 3228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/15 17:37:39.0906 3228 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/15 17:37:40.0530 3228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/15 17:37:41.0248 3228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/15 17:37:42.0184 3228 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/15 17:37:43.0291 3228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/15 17:37:46.0864 3228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/15 17:37:47.0644 3228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/15 17:37:48.0361 3228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/15 17:37:49.0110 3228 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/09/15 17:37:49.0843 3228 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/09/15 17:37:50.0592 3228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/15 17:37:51.0325 3228 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/09/15 17:37:52.0012 3228 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/15 17:37:52.0667 3228 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

2011/09/15 17:37:53.0369 3228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/09/15 17:37:54.0071 3228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/15 17:37:54.0726 3228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/09/15 17:37:55.0553 3228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/15 17:37:56.0302 3228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/09/15 17:37:57.0019 3228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/09/15 17:37:57.0737 3228 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/09/15 17:37:58.0470 3228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/15 17:37:59.0281 3228 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

2011/09/15 17:38:00.0451 3228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/15 17:38:01.0122 3228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/15 17:38:01.0918 3228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/09/15 17:38:02.0760 3228 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys

2011/09/15 17:38:03.0556 3228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/09/15 17:38:04.0383 3228 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys

2011/09/15 17:38:05.0241 3228 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/15 17:38:05.0943 3228 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/15 17:38:06.0894 3228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/15 17:38:07.0674 3228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/15 17:38:08.0563 3228 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys

2011/09/15 17:38:09.0593 3228 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/15 17:38:10.0186 3228 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/15 17:38:11.0013 3228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/09/15 17:38:11.0917 3228 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/09/15 17:38:12.0526 3228 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/15 17:38:13.0243 3228 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/15 17:38:14.0070 3228 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/15 17:38:14.0881 3228 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/15 17:38:15.0552 3228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/15 17:38:16.0379 3228 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/15 17:38:17.0128 3228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/09/15 17:38:17.0752 3228 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/15 17:38:18.0267 3228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/15 17:38:18.0797 3228 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/15 17:38:19.0483 3228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/09/15 17:38:19.0998 3228 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/15 17:38:20.0685 3228 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/15 17:38:21.0262 3228 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/09/15 17:38:21.0886 3228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/15 17:38:22.0479 3228 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/15 17:38:23.0181 3228 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/15 17:38:24.0273 3228 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

2011/09/15 17:38:25.0240 3228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/09/15 17:38:26.0285 3228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/15 17:38:27.0096 3228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/09/15 17:38:27.0798 3228 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/09/15 17:38:28.0750 3228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/09/15 17:38:29.0389 3228 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/09/15 17:38:30.0216 3228 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/09/15 17:38:30.0762 3228 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/09/15 17:38:31.0261 3228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/15 17:38:31.0885 3228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/09/15 17:38:32.0541 3228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/09/15 17:38:33.0336 3228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/15 17:38:34.0069 3228 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/15 17:38:34.0210 3228 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/15 17:38:34.0912 3228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/09/15 17:38:35.0380 3228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/15 17:38:36.0066 3228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/15 17:38:36.0628 3228 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

2011/09/15 17:38:37.0533 3228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/09/15 17:38:38.0141 3228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/09/15 17:38:39.0015 3228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/15 17:38:39.0701 3228 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/09/15 17:38:40.0263 3228 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/15 17:38:40.0325 3228 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0

2011/09/15 17:38:40.0341 3228 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/09/15 17:38:40.0356 3228 Boot (0x1200) (7e05d96398a532b2bcd8025a58dd1a59) \Device\Harddisk0\DR0\Partition0

2011/09/15 17:38:40.0372 3228 ================================================================================

2011/09/15 17:38:40.0372 3228 Scan finished

2011/09/15 17:38:40.0372 3228 ================================================================================

2011/09/15 17:38:40.0372 2728 Detected object count: 1

2011/09/15 17:38:40.0372 2728 Actual detected object count: 1

2011/09/15 17:39:11.0806 2728 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/09/15 17:39:11.0806 2728 \Device\Harddisk0\DR0 - ok

2011/09/15 17:39:11.0806 2728 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/09/15 17:39:17.0625 2860 Deinitialize success

Link to post
Share on other sites

Yes that was indeed a rootkit infection. Please read the following information before continuing.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Yes that was indeed a rootkit infection. Please read the following information before continuing.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Thanks again for the help. Being as I've already recovered my notebook using the recovery CD twice, and there is no data I'm worried about losing, I've decided to go ahead and format the hard drive to be sure I'm rid of this and any other possible viruses. I contacted ASUS support, but unfortunately formatting the hard drive voids the warranty and they can't help with that. I'm going to read up on the link you provided and see if I can accomplish this on my own.

Please let me know if there's anything else I'm missing. Thanks again for all the help!

Link to post
Share on other sites

Hi, please let me know if you need any help with the reformat/reinstall. :)

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.