Jump to content

fsharproj Trojan.BHO problem


DJ84

Recommended Posts

I ran the Malwarebytes Anti-Malware 3 times today, the first time it came back with the fsharproj Trojan, and the next two times it came back clean. I am still having problems tho. Here are the files requested.

Here is the first Malware scan:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7721

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

9/15/2011 9:59:52 AM

mbam-log-2011-09-15 (09-59-52).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 406153

Time elapsed: 46 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

This is the second Malware scan:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7724

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

9/15/2011 6:09:47 PM

mbam-log-2011-09-15 (18-09-47).txt

Scan type: Full scan (C:\|)

Objects scanned: 174384

Time elapsed: 28 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the DDS file:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Steph at 19:39:57 on 2011-09-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.4372 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/webhp?rls=ig

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v165k49l1r257

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v165k49l1r257

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v165k49l1r257

mWinlogon: Userinit=userinit.exe,

BHO: {04b9f54d-99d0-4e25-9757-59b70dcb6820} - C:\Windows\SysWow64\wscui32.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{62DD8A57-1BF2-40A0-8096-4DFFDCC4E759} : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

C:\Windows\SysWow64\wscui32.dll

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-7 366152]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-29 2314240]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-15 17152]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-18 135664]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-24 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-18 135664]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]

.

=============== Created Last 30 ================

.

2011-09-15 19:06:16 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2011-09-15 15:12:11 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-09-15 01:56:43 356864 ----a-w- C:\Windows\SysWow64\wscui32.dll

2011-09-15 01:56:40 185856 ----a-w- C:\ProgramData\IntelManagerManager.dll

2011-08-28 23:11:34 -------- d-----w- C:\Windows\System32\SPReview

2011-08-28 23:10:16 -------- d-----w- C:\Windows\System32\EventProviders

2011-08-24 14:53:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 14:53:54 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-19 20:46:46 -------- d-----w- C:\Program Files (x86)\Microsoft Picture It! 9

.

==================== Find3M ====================

.

2011-09-15 15:13:54 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-09-04 00:42:48 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-28 23:18:13 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-08-28 23:18:13 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

.

============= FINISH: 19:40:40.50 ===============

Thank you for your help in this matter.

Darren

ark.zip

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Lavasoft and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

After I ran the ComboFix, I can not access any desktop icons or start menu icons. When I click on any icon, I get a security window open that says "Illegal operation attempted on a registry key that has been marked for deletion." I have four accounts on this computer, just the account that I ran the ComboFix on has been affected. I did a System Restore and tried the other ComboFix download and got the same result. With this problem I am unable to forward this info without printing,scanning the log file and attaching through another account. What is my next move??

DJ

Link to post
Share on other sites

I deleted ComboFix and tried downloading it again with the same result. Then I deleted the ComboFix download and the text file and everything seems to be working fine, even the google redirect problem is gone.

DJ84

Link to post
Share on other sites

When I run the ComboFix, all of my icons are locked and the " illegal operation" window opens. The log file is on the desktop but I can't open it. The only thing I can do is restart the computer again, after which the combofix log file is gone and my icons work fine.

Thanks

DJ84

Link to post
Share on other sites

  • Staff

How odd.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Here is the file requested:

05:37:33.0287 4440 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

05:37:33.0818 4440 ============================================================

05:37:33.0818 4440 Current date / time: 2011/09/28 05:37:33.0818

05:37:33.0818 4440 SystemInfo:

05:37:33.0818 4440

05:37:33.0818 4440 OS Version: 6.1.7601 ServicePack: 1.0

05:37:33.0818 4440 Product type: Workstation

05:37:33.0818 4440 ComputerName: STEPH-OFFICE

05:37:33.0818 4440 UserName: Steph

05:37:33.0818 4440 Windows directory: C:\Windows

05:37:33.0818 4440 System windows directory: C:\Windows

05:37:33.0818 4440 Running under WOW64

05:37:33.0818 4440 Processor architecture: Intel x64

05:37:33.0818 4440 Number of processors: 4

05:37:33.0818 4440 Page size: 0x1000

05:37:33.0818 4440 Boot type: Normal boot

05:37:33.0818 4440 ============================================================

05:37:34.0832 4440 Initialize success

05:37:45.0408 4504 ============================================================

05:37:45.0408 4504 Scan started

05:37:45.0408 4504 Mode: Manual;

05:37:45.0408 4504 ============================================================

05:37:45.0970 4504 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

05:37:45.0986 4504 1394ohci - ok

05:37:46.0126 4504 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

05:37:46.0126 4504 ACPI - ok

05:37:46.0344 4504 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

05:37:46.0344 4504 AcpiPmi - ok

05:37:46.0532 4504 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

05:37:46.0532 4504 adfs - ok

05:37:46.0703 4504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

05:37:46.0719 4504 adp94xx - ok

05:37:46.0750 4504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

05:37:46.0750 4504 adpahci - ok

05:37:46.0766 4504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

05:37:46.0766 4504 adpu320 - ok

05:37:46.0844 4504 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

05:37:46.0859 4504 AFD - ok

05:37:46.0890 4504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

05:37:46.0890 4504 agp440 - ok

05:37:46.0922 4504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

05:37:46.0922 4504 aliide - ok

05:37:46.0953 4504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

05:37:46.0953 4504 amdide - ok

05:37:46.0984 4504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

05:37:46.0984 4504 AmdK8 - ok

05:37:47.0000 4504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

05:37:47.0015 4504 AmdPPM - ok

05:37:47.0046 4504 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

05:37:47.0046 4504 amdsata - ok

05:37:47.0078 4504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

05:37:47.0078 4504 amdsbs - ok

05:37:47.0093 4504 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

05:37:47.0093 4504 amdxata - ok

05:37:47.0156 4504 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

05:37:47.0156 4504 AppID - ok

05:37:47.0202 4504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

05:37:47.0218 4504 arc - ok

05:37:47.0577 4504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

05:37:47.0577 4504 arcsas - ok

05:37:47.0655 4504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

05:37:47.0655 4504 AsyncMac - ok

05:37:47.0686 4504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

05:37:47.0686 4504 atapi - ok

05:37:47.0764 4504 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

05:37:47.0764 4504 AVGIDSDriver - ok

05:37:47.0811 4504 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

05:37:47.0811 4504 AVGIDSEH - ok

05:37:47.0842 4504 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

05:37:47.0842 4504 AVGIDSFilter - ok

05:37:47.0904 4504 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys

05:37:47.0904 4504 Avgldx64 - ok

05:37:47.0936 4504 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys

05:37:47.0936 4504 Avgmfx64 - ok

05:37:47.0982 4504 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys

05:37:47.0982 4504 Avgrkx64 - ok

05:37:48.0014 4504 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys

05:37:48.0014 4504 Avgtdia - ok

05:37:48.0076 4504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

05:37:48.0092 4504 b06bdrv - ok

05:37:48.0107 4504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

05:37:48.0107 4504 b57nd60a - ok

05:37:48.0138 4504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

05:37:48.0138 4504 Beep - ok

05:37:48.0185 4504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

05:37:48.0185 4504 blbdrive - ok

05:37:48.0232 4504 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

05:37:48.0232 4504 bowser - ok

05:37:48.0248 4504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

05:37:48.0248 4504 BrFiltLo - ok

05:37:48.0263 4504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

05:37:48.0263 4504 BrFiltUp - ok

05:37:48.0279 4504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

05:37:48.0279 4504 Brserid - ok

05:37:48.0294 4504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

05:37:48.0310 4504 BrSerWdm - ok

05:37:48.0310 4504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

05:37:48.0326 4504 BrUsbMdm - ok

05:37:48.0341 4504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

05:37:48.0341 4504 BrUsbSer - ok

05:37:48.0357 4504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

05:37:48.0372 4504 BTHMODEM - ok

05:37:48.0450 4504 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS

05:37:48.0450 4504 BVRPMPR5a64 - ok

05:37:48.0591 4504 catchme - ok

05:37:48.0622 4504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

05:37:48.0622 4504 cdfs - ok

05:37:48.0669 4504 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

05:37:48.0684 4504 cdrom - ok

05:37:48.0716 4504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

05:37:48.0716 4504 circlass - ok

05:37:48.0747 4504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

05:37:48.0762 4504 CLFS - ok

05:37:48.0840 4504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

05:37:48.0840 4504 CmBatt - ok

05:37:48.0856 4504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

05:37:48.0872 4504 cmdide - ok

05:37:48.0918 4504 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

05:37:48.0918 4504 CNG - ok

05:37:48.0918 4504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

05:37:48.0934 4504 Compbatt - ok

05:37:48.0981 4504 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

05:37:48.0981 4504 CompositeBus - ok

05:37:48.0996 4504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

05:37:48.0996 4504 crcdisk - ok

05:37:49.0043 4504 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

05:37:49.0043 4504 DfsC - ok

05:37:49.0059 4504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

05:37:49.0059 4504 discache - ok

05:37:49.0074 4504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

05:37:49.0074 4504 Disk - ok

05:37:49.0106 4504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

05:37:49.0106 4504 drmkaud - ok

05:37:49.0152 4504 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

05:37:49.0168 4504 DXGKrnl - ok

05:37:49.0199 4504 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys

05:37:49.0199 4504 e1kexpress - ok

05:37:49.0277 4504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

05:37:49.0355 4504 ebdrv - ok

05:37:49.0402 4504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

05:37:49.0402 4504 elxstor - ok

05:37:49.0449 4504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

05:37:49.0449 4504 ErrDev - ok

05:37:49.0496 4504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

05:37:49.0511 4504 exfat - ok

05:37:49.0511 4504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

05:37:49.0527 4504 fastfat - ok

05:37:49.0558 4504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

05:37:49.0558 4504 fdc - ok

05:37:49.0589 4504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

05:37:49.0589 4504 FileInfo - ok

05:37:49.0605 4504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

05:37:49.0605 4504 Filetrace - ok

05:37:49.0652 4504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

05:37:49.0652 4504 flpydisk - ok

05:37:49.0714 4504 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

05:37:49.0730 4504 FltMgr - ok

05:37:49.0745 4504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

05:37:49.0745 4504 FsDepends - ok

05:37:49.0761 4504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

05:37:49.0761 4504 Fs_Rec - ok

05:37:49.0808 4504 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

05:37:49.0808 4504 fvevol - ok

05:37:49.0823 4504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

05:37:49.0823 4504 gagp30kx - ok

05:37:49.0854 4504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

05:37:49.0854 4504 hcw85cir - ok

05:37:49.0917 4504 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

05:37:49.0917 4504 HdAudAddService - ok

05:37:49.0948 4504 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

05:37:49.0948 4504 HDAudBus - ok

05:37:49.0979 4504 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

05:37:49.0979 4504 HECIx64 - ok

05:37:49.0995 4504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

05:37:49.0995 4504 HidBatt - ok

05:37:50.0010 4504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

05:37:50.0010 4504 HidBth - ok

05:37:50.0042 4504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

05:37:50.0042 4504 HidIr - ok

05:37:50.0073 4504 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

05:37:50.0073 4504 HidUsb - ok

05:37:50.0104 4504 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

05:37:50.0104 4504 HpSAMD - ok

05:37:50.0166 4504 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

05:37:50.0182 4504 HTTP - ok

05:37:50.0213 4504 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

05:37:50.0213 4504 hwpolicy - ok

05:37:50.0244 4504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

05:37:50.0244 4504 i8042prt - ok

05:37:50.0307 4504 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

05:37:50.0307 4504 iaStor - ok

05:37:50.0322 4504 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

05:37:50.0338 4504 iaStorV - ok

05:37:50.0556 4504 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

05:37:50.0712 4504 igfx - ok

05:37:50.0744 4504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

05:37:50.0744 4504 iirsp - ok

05:37:50.0806 4504 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys

05:37:50.0837 4504 IntcAzAudAddService - ok

05:37:50.0884 4504 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

05:37:50.0900 4504 IntcDAud - ok

05:37:50.0931 4504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

05:37:50.0931 4504 intelide - ok

05:37:50.0946 4504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

05:37:50.0946 4504 intelppm - ok

05:37:50.0993 4504 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

05:37:50.0993 4504 IpFilterDriver - ok

05:37:51.0024 4504 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

05:37:51.0040 4504 IPMIDRV - ok

05:37:51.0056 4504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

05:37:51.0056 4504 IPNAT - ok

05:37:51.0071 4504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

05:37:51.0087 4504 IRENUM - ok

05:37:51.0102 4504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

05:37:51.0102 4504 isapnp - ok

05:37:51.0149 4504 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

05:37:51.0149 4504 iScsiPrt - ok

05:37:51.0196 4504 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys

05:37:51.0196 4504 JRAID - ok

05:37:51.0243 4504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

05:37:51.0243 4504 kbdclass - ok

05:37:51.0258 4504 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

05:37:51.0258 4504 kbdhid - ok

05:37:51.0290 4504 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

05:37:51.0290 4504 KSecDD - ok

05:37:51.0336 4504 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

05:37:51.0336 4504 KSecPkg - ok

05:37:51.0352 4504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

05:37:51.0352 4504 ksthunk - ok

05:37:51.0414 4504 Lavasoft Kernexplorer - ok

05:37:51.0446 4504 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

05:37:51.0446 4504 Lbd - ok

05:37:51.0492 4504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

05:37:51.0492 4504 lltdio - ok

05:37:51.0524 4504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

05:37:51.0524 4504 LSI_FC - ok

05:37:51.0555 4504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

05:37:51.0555 4504 LSI_SAS - ok

05:37:51.0570 4504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

05:37:51.0570 4504 LSI_SAS2 - ok

05:37:51.0586 4504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

05:37:51.0602 4504 LSI_SCSI - ok

05:37:51.0617 4504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

05:37:51.0617 4504 luafv - ok

05:37:51.0680 4504 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

05:37:51.0680 4504 MBAMProtector - ok

05:37:51.0726 4504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

05:37:51.0742 4504 megasas - ok

05:37:51.0758 4504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

05:37:51.0773 4504 MegaSR - ok

05:37:51.0789 4504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

05:37:51.0789 4504 Modem - ok

05:37:51.0820 4504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

05:37:51.0820 4504 monitor - ok

05:37:51.0867 4504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

05:37:51.0867 4504 mouclass - ok

05:37:51.0882 4504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

05:37:51.0882 4504 mouhid - ok

05:37:51.0929 4504 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

05:37:51.0929 4504 mountmgr - ok

05:37:51.0960 4504 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

05:37:51.0976 4504 mpio - ok

05:37:51.0992 4504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

05:37:51.0992 4504 mpsdrv - ok

05:37:52.0038 4504 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

05:37:52.0038 4504 MRxDAV - ok

05:37:52.0070 4504 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

05:37:52.0085 4504 mrxsmb - ok

05:37:52.0116 4504 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

05:37:52.0116 4504 mrxsmb10 - ok

05:37:52.0148 4504 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

05:37:52.0148 4504 mrxsmb20 - ok

05:37:52.0163 4504 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

05:37:52.0163 4504 msahci - ok

05:37:52.0194 4504 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

05:37:52.0194 4504 msdsm - ok

05:37:52.0226 4504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

05:37:52.0226 4504 Msfs - ok

05:37:52.0241 4504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

05:37:52.0241 4504 mshidkmdf - ok

05:37:52.0272 4504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

05:37:52.0272 4504 msisadrv - ok

05:37:52.0304 4504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

05:37:52.0304 4504 MSKSSRV - ok

05:37:52.0350 4504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

05:37:52.0350 4504 MSPCLOCK - ok

05:37:52.0366 4504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

05:37:52.0382 4504 MSPQM - ok

05:37:52.0428 4504 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

05:37:52.0444 4504 MsRPC - ok

05:37:52.0475 4504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

05:37:52.0475 4504 mssmbios - ok

05:37:52.0491 4504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

05:37:52.0491 4504 MSTEE - ok

05:37:52.0506 4504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

05:37:52.0522 4504 MTConfig - ok

05:37:52.0538 4504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

05:37:52.0538 4504 Mup - ok

05:37:52.0584 4504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

05:37:52.0584 4504 NativeWifiP - ok

05:37:52.0631 4504 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

05:37:52.0647 4504 NDIS - ok

05:37:52.0662 4504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

05:37:52.0678 4504 NdisCap - ok

05:37:52.0709 4504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

05:37:52.0725 4504 NdisTapi - ok

05:37:52.0772 4504 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

05:37:52.0772 4504 Ndisuio - ok

05:37:52.0803 4504 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

05:37:52.0803 4504 NdisWan - ok

05:37:52.0834 4504 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

05:37:52.0834 4504 NDProxy - ok

05:37:52.0850 4504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

05:37:52.0850 4504 NetBIOS - ok

05:37:52.0881 4504 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

05:37:52.0881 4504 NetBT - ok

05:37:52.0928 4504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

05:37:52.0928 4504 nfrd960 - ok

05:37:52.0943 4504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

05:37:52.0943 4504 Npfs - ok

05:37:52.0959 4504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

05:37:52.0959 4504 nsiproxy - ok

05:37:53.0021 4504 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

05:37:53.0052 4504 Ntfs - ok

05:37:53.0084 4504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

05:37:53.0084 4504 Null - ok

05:37:53.0115 4504 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

05:37:53.0115 4504 nvraid - ok

05:37:53.0130 4504 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

05:37:53.0146 4504 nvstor - ok

05:37:53.0162 4504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

05:37:53.0162 4504 nv_agp - ok

05:37:53.0193 4504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

05:37:53.0193 4504 ohci1394 - ok

05:37:53.0224 4504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

05:37:53.0224 4504 Parport - ok

05:37:53.0255 4504 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

05:37:53.0255 4504 partmgr - ok

05:37:53.0271 4504 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

05:37:53.0271 4504 pci - ok

05:37:53.0302 4504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

05:37:53.0302 4504 pciide - ok

05:37:53.0318 4504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

05:37:53.0318 4504 pcmcia - ok

05:37:53.0333 4504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

05:37:53.0333 4504 pcw - ok

05:37:53.0364 4504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

05:37:53.0364 4504 PEAUTH - ok

05:37:53.0427 4504 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

05:37:53.0427 4504 PptpMiniport - ok

05:37:53.0458 4504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

05:37:53.0458 4504 Processor - ok

05:37:53.0505 4504 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

05:37:53.0520 4504 Psched - ok

05:37:53.0552 4504 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

05:37:53.0552 4504 PxHlpa64 - ok

05:37:53.0598 4504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

05:37:53.0645 4504 ql2300 - ok

05:37:53.0661 4504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

05:37:53.0661 4504 ql40xx - ok

05:37:53.0676 4504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

05:37:53.0676 4504 QWAVEdrv - ok

05:37:53.0708 4504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

05:37:53.0708 4504 RasAcd - ok

05:37:53.0754 4504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

05:37:53.0754 4504 RasAgileVpn - ok

05:37:53.0786 4504 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

05:37:53.0786 4504 Rasl2tp - ok

05:37:53.0801 4504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

05:37:53.0801 4504 RasPppoe - ok

05:37:53.0848 4504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

05:37:53.0848 4504 RasSstp - ok

05:37:53.0879 4504 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

05:37:53.0895 4504 rdbss - ok

05:37:53.0926 4504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

05:37:53.0926 4504 rdpbus - ok

05:37:53.0942 4504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

05:37:53.0942 4504 RDPCDD - ok

05:37:53.0957 4504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

05:37:53.0957 4504 RDPENCDD - ok

05:37:53.0973 4504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

05:37:53.0973 4504 RDPREFMP - ok

05:37:54.0020 4504 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

05:37:54.0020 4504 RDPWD - ok

05:37:54.0066 4504 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

05:37:54.0066 4504 rdyboost - ok

05:37:54.0098 4504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

05:37:54.0098 4504 rspndr - ok

05:37:54.0144 4504 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

05:37:54.0144 4504 sbp2port - ok

05:37:54.0176 4504 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

05:37:54.0191 4504 scfilter - ok

05:37:54.0191 4504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

05:37:54.0191 4504 secdrv - ok

05:37:54.0222 4504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

05:37:54.0222 4504 Serenum - ok

05:37:54.0254 4504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

05:37:54.0254 4504 Serial - ok

05:37:54.0269 4504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

05:37:54.0269 4504 sermouse - ok

05:37:54.0300 4504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

05:37:54.0300 4504 sffdisk - ok

05:37:54.0316 4504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

05:37:54.0316 4504 sffp_mmc - ok

05:37:54.0332 4504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

05:37:54.0332 4504 sffp_sd - ok

05:37:54.0363 4504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

05:37:54.0363 4504 sfloppy - ok

05:37:54.0378 4504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

05:37:54.0378 4504 SiSRaid2 - ok

05:37:54.0394 4504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

05:37:54.0410 4504 SiSRaid4 - ok

05:37:54.0441 4504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

05:37:54.0441 4504 Smb - ok

05:37:54.0456 4504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

05:37:54.0456 4504 spldr - ok

05:37:54.0503 4504 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

05:37:54.0519 4504 srv - ok

05:37:54.0534 4504 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

05:37:54.0534 4504 srv2 - ok

05:37:54.0581 4504 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

05:37:54.0581 4504 srvnet - ok

05:37:54.0597 4504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

05:37:54.0597 4504 stexstor - ok

05:37:54.0628 4504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

05:37:54.0628 4504 swenum - ok

05:37:54.0706 4504 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

05:37:54.0768 4504 Tcpip - ok

05:37:54.0831 4504 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

05:37:54.0846 4504 TCPIP6 - ok

05:37:54.0878 4504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

05:37:54.0878 4504 tcpipreg - ok

05:37:54.0893 4504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

05:37:54.0893 4504 TDPIPE - ok

05:37:54.0909 4504 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

05:37:54.0909 4504 TDTCP - ok

05:37:54.0940 4504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

05:37:54.0956 4504 tdx - ok

05:37:54.0971 4504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

05:37:54.0971 4504 TermDD - ok

05:37:55.0002 4504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

05:37:55.0002 4504 tssecsrv - ok

05:37:55.0049 4504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

05:37:55.0049 4504 TsUsbFlt - ok

05:37:55.0096 4504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

05:37:55.0096 4504 tunnel - ok

05:37:55.0112 4504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

05:37:55.0112 4504 uagp35 - ok

05:37:55.0158 4504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

05:37:55.0174 4504 udfs - ok

05:37:55.0221 4504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

05:37:55.0221 4504 uliagpkx - ok

05:37:55.0252 4504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

05:37:55.0252 4504 umbus - ok

05:37:55.0268 4504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

05:37:55.0268 4504 UmPass - ok

05:37:55.0314 4504 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

05:37:55.0330 4504 usbccgp - ok

05:37:55.0346 4504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

05:37:55.0346 4504 usbcir - ok

05:37:55.0377 4504 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

05:37:55.0377 4504 usbehci - ok

05:37:55.0392 4504 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

05:37:55.0408 4504 usbhub - ok

05:37:55.0424 4504 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

05:37:55.0424 4504 usbohci - ok

05:37:55.0455 4504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

05:37:55.0455 4504 usbprint - ok

05:37:55.0470 4504 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

05:37:55.0486 4504 USBSTOR - ok

05:37:55.0502 4504 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

05:37:55.0502 4504 usbuhci - ok

05:37:55.0517 4504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

05:37:55.0517 4504 vdrvroot - ok

05:37:55.0548 4504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

05:37:55.0548 4504 vga - ok

05:37:55.0580 4504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

05:37:55.0580 4504 VgaSave - ok

05:37:55.0595 4504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

05:37:55.0611 4504 vhdmp - ok

05:37:55.0626 4504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

05:37:55.0626 4504 viaide - ok

05:37:55.0658 4504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

05:37:55.0658 4504 volmgr - ok

05:37:55.0689 4504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

05:37:55.0689 4504 volmgrx - ok

05:37:55.0736 4504 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

05:37:55.0736 4504 volsnap - ok

05:37:55.0767 4504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

05:37:55.0767 4504 vsmraid - ok

05:37:55.0782 4504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

05:37:55.0782 4504 vwifibus - ok

05:37:55.0845 4504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

05:37:55.0845 4504 WacomPen - ok

05:37:55.0876 4504 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

05:37:55.0876 4504 WANARP - ok

05:37:55.0892 4504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

05:37:55.0892 4504 Wanarpv6 - ok

05:37:55.0938 4504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

05:37:55.0954 4504 Wd - ok

05:37:55.0970 4504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

05:37:55.0985 4504 Wdf01000 - ok

05:37:56.0016 4504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

05:37:56.0016 4504 WfpLwf - ok

05:37:56.0048 4504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

05:37:56.0048 4504 WIMMount - ok

05:37:56.0094 4504 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

05:37:56.0094 4504 WinUsb - ok

05:37:56.0110 4504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

05:37:56.0110 4504 WmiAcpi - ok

05:37:56.0126 4504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

05:37:56.0126 4504 ws2ifsl - ok

05:37:56.0172 4504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

05:37:56.0172 4504 WudfPf - ok

05:37:56.0188 4504 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

05:37:56.0188 4504 WUDFRd - ok

05:37:56.0204 4504 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0

05:37:56.0656 4504 \Device\Harddisk0\DR0 - ok

05:37:56.0656 4504 Boot (0x1200) (4e7fb5fd9ff8afdeb6c96d7f2d6e1a56) \Device\Harddisk0\DR0\Partition0

05:37:56.0672 4504 \Device\Harddisk0\DR0\Partition0 - ok

05:37:56.0672 4504 Boot (0x1200) (55074309a8d867798b57f5c1c8313d65) \Device\Harddisk0\DR0\Partition1

05:37:56.0672 4504 \Device\Harddisk0\DR0\Partition1 - ok

05:37:56.0672 4504 ============================================================

05:37:56.0672 4504 Scan finished

05:37:56.0672 4504 ============================================================

05:37:56.0687 4508 Detected object count: 0

05:37:56.0687 4508 Actual detected object count: 0

05:38:20.0384 1204 Deinitialize success

Thank you for your help with this.

DJ84

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hi

This is the only log file I could find:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

The scanner did find, quarantine and remove 9 threats.

Here is the checkup file:

Results of screen317's Security Check version 0.99.20

Windows 7 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 20

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.0.2.54

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

``````````End of Log````````````

Thank you for your help

DJ84

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 20

Adobe Flash Player 10.0.2.54

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.