Jump to content

Recommended Posts

Hi all

I got infected with OpenCloud on Sunday and believe I have managed to get rid of it but I still have issues. Yesterday I ran Malwarebytes about 3 times in safemode (after using RKill) and it seemed to get rid of most of the files. It also left all my icons hidden and deleted everything from my start menu (I also fixed this yesterday).

Currently, I cannot access Google or Bing and Malwarebytes is frequently stopping unauthorized pings. These IP's keep getting reported:

67.29.139.153 (associated with svchost.exe) and

95.64.61.141 (associated with firefox.exe and port 49231)

I have tried to run DDS but it keeps freezing my computer.

MBAM Logs (9-19 and then 9-20) NOTE: I specified "delete all" after these files were found, just noticed that all reported "no action taken"

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7750

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

9/19/2011 7:42:22 PM

mbam-log-2011-09-19 (19-42-17).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|)

Objects scanned: 448520

Time elapsed: 48 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpenCloud Security (Spyware.Agent) -> Value: OpenCloud Security -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

c:\Users\Elise\AppData\Roaming\microsoft\Windows\start menu\Programs\opencloud security (Rogue.OpenCloudSecurity) -> No action taken.

Files Infected:

c:\Users\Elise\AppData\Roaming\opencloud security\opencloud security.exe (Spyware.Agent) -> No action taken.

c:\Windows\System32\config\systemprofile\AppData\Roaming\opencloud security\opencloud security.exe (Spyware.Agent) -> No action taken.

c:\Windows\System32\drivers\beep.sys (Rootkit.TDSS) -> No action taken.

c:\Windows\Temp\-213E8.tmp (Trojan.Agent.Gen) -> No action taken.

c:\Windows\Temp\0.4108564176549102.exe (Spyware.Agent) -> No action taken.

c:\Windows\Temp\1363E8.tmp (Rootkit.TDSS) -> No action taken.

c:\Windows\Temp\D96E.tmp (Trojan.Agent.Gen) -> No action taken.

c:\Windows\Temp\F123.tmp (Trojan.Agent.Gen) -> No action taken.

c:\Windows\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert) -> No action taken.

c:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys (Rootkit.TDSS) -> No action taken.

c:\Windows\Temp\wpbt0.dll (Exploit.Drop) -> No action taken.

c:\Users\Elise\Desktop\opencloud security.lnk (Rogue.OpenCloudSecurity) -> No action taken.

c:\Users\Elise\AppData\Roaming\microsoft\Windows\start menu\Programs\opencloud security\opencloud security.lnk (Rogue.OpenCloudSecurity) -> No action taken.

c:\Users\Elise\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7751

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/20/2011 4:32:52 PM

mbam-log-2011-09-20 (16-32-45).txt

Scan type: Quick scan

Objects scanned: 186639

Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avbhhfRgwD.exe (Trojan.FakeAlert) -> Value: avbhhfRgwD.exe -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\avbhhfrgwd.exe (Trojan.FakeAlert) -> No action taken.

c:\Windows\Temp\p1kalmig2kb7fz.exe (Trojan.Agent.Gen) -> No action taken.

ark.txt

Link to post
Share on other sites

(would edit but couldn't see the option for that)

By "I can't access" I mean my connection is being blocked: "Firefox can't establish a connection to the server at www.google.com"

Occasionally attempting to reach Google would actually lead me to a security page in which I had to enter the verification code (numerous entries still wouldn't give me access). I can access other websites just fine as long as I have the URL.

Link to post
Share on other sites

post-32477-1261866970.gif

Please remove the bad ones MBAM finds

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

I can only access Google when I have Malwarebytes autoprotect off (otherwise it blocks whatever program is trying to hijack - I get the same kind of blocking warning that I mentioned in my earlier posts). When accessing Google, I get redirected on almost every result. It first goes through this url: http://www.njksearch.net/cc.php?id=47867770 and then winds up at some other url (which is different every time).

I have run multiple malwarebyte scans (and have it updated) and I just ran ESET (which cleaned out a few things)

Thank you so much for your help! I know you guys are super busy :)

P.S. I don't know if this is virus related, but I also cannot see any of the "verification code" images that one needs to register or reset a password (haven't double-checked this with other sites on this computer though).

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7784

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

9/23/2011 7:30:59 PM

mbam-log-2011-09-23 (19-30-59).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|)

Objects scanned: 435628

Time elapsed: 33 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I think you have a nasty RootKit infection.

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks for the quick reply!

Gooredfix didn't seem to find anything and neither did TDSSKiller.

I'm still getting redirected when searching on Google (although actually connecting to Google can be difficult - I think it takes about a minute or two after I've turned off Malwarebytes auto-protect). Redirects still seem to go through that njksearch url.

10:01:05.0948 3344 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

10:01:06.0379 3344 ============================================================

10:01:06.0380 3344 Current date / time: 2011/09/24 10:01:06.0379

10:01:06.0380 3344 SystemInfo:

10:01:06.0380 3344

10:01:06.0380 3344 OS Version: 6.1.7600 ServicePack: 0.0

10:01:06.0380 3344 Product type: Workstation

10:01:06.0380 3344 ComputerName: ORION

10:01:06.0380 3344 UserName: Elise

10:01:06.0380 3344 Windows directory: C:\Windows

10:01:06.0380 3344 System windows directory: C:\Windows

10:01:06.0380 3344 Processor architecture: Intel x86

10:01:06.0380 3344 Number of processors: 2

10:01:06.0380 3344 Page size: 0x1000

10:01:06.0380 3344 Boot type: Normal boot

10:01:06.0380 3344 ============================================================

10:01:08.0050 3344 Initialize success

10:01:13.0315 3640 ============================================================

10:01:13.0315 3640 Scan started

10:01:13.0315 3640 Mode: Manual;

10:01:13.0315 3640 ============================================================

10:01:14.0145 3640 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

10:01:14.0149 3640 1394ohci - ok

10:01:14.0179 3640 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

10:01:14.0185 3640 ACPI - ok

10:01:14.0244 3640 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

10:01:14.0259 3640 AcpiPmi - ok

10:01:14.0288 3640 adfs - ok

10:01:14.0338 3640 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

10:01:14.0365 3640 adp94xx - ok

10:01:14.0376 3640 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

10:01:14.0393 3640 adpahci - ok

10:01:14.0405 3640 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

10:01:14.0419 3640 adpu320 - ok

10:01:14.0439 3640 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\Windows\system32\DRIVERS\AegisP.sys

10:01:14.0440 3640 AegisP - ok

10:01:14.0476 3640 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

10:01:14.0481 3640 AFD - ok

10:01:14.0493 3640 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

10:01:14.0495 3640 agp440 - ok

10:01:14.0515 3640 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

10:01:14.0528 3640 aic78xx - ok

10:01:14.0555 3640 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

10:01:14.0566 3640 aliide - ok

10:01:14.0583 3640 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

10:01:14.0590 3640 amdagp - ok

10:01:14.0601 3640 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

10:01:14.0608 3640 amdide - ok

10:01:14.0624 3640 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

10:01:14.0624 3640 AmdK8 - ok

10:01:14.0643 3640 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

10:01:14.0644 3640 AmdPPM - ok

10:01:14.0651 3640 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

10:01:14.0659 3640 amdsata - ok

10:01:14.0669 3640 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

10:01:14.0676 3640 amdsbs - ok

10:01:14.0690 3640 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

10:01:14.0690 3640 amdxata - ok

10:01:14.0706 3640 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

10:01:14.0709 3640 AppID - ok

10:01:14.0738 3640 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

10:01:14.0745 3640 arc - ok

10:01:14.0753 3640 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

10:01:14.0760 3640 arcsas - ok

10:01:14.0788 3640 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

10:01:14.0788 3640 AsyncMac - ok

10:01:14.0804 3640 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

10:01:14.0805 3640 atapi - ok

10:01:14.0851 3640 athrusb (73c18a2c69dfab351ff0d6c0e69474b6) C:\Windows\system32\DRIVERS\athrusb.sys

10:01:14.0874 3640 athrusb - ok

10:01:14.0906 3640 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

10:01:14.0924 3640 b06bdrv - ok

10:01:14.0943 3640 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

10:01:14.0953 3640 b57nd60x - ok

10:01:14.0974 3640 Beep - ok

10:01:14.0999 3640 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

10:01:15.0000 3640 blbdrive - ok

10:01:15.0021 3640 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

10:01:15.0023 3640 bowser - ok

10:01:15.0039 3640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:01:15.0044 3640 BrFiltLo - ok

10:01:15.0054 3640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:01:15.0059 3640 BrFiltUp - ok

10:01:15.0079 3640 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

10:01:15.0090 3640 Brserid - ok

10:01:15.0096 3640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

10:01:15.0104 3640 BrSerWdm - ok

10:01:15.0120 3640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:01:15.0126 3640 BrUsbMdm - ok

10:01:15.0135 3640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

10:01:15.0141 3640 BrUsbSer - ok

10:01:15.0149 3640 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

10:01:15.0156 3640 BTHMODEM - ok

10:01:15.0213 3640 catchme - ok

10:01:15.0258 3640 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

10:01:15.0276 3640 cdfs - ok

10:01:15.0305 3640 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

10:01:15.0309 3640 cdrom - ok

10:01:15.0340 3640 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

10:01:15.0341 3640 circlass - ok

10:01:15.0363 3640 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

10:01:15.0366 3640 CLFS - ok

10:01:15.0415 3640 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

10:01:15.0424 3640 CmBatt - ok

10:01:15.0440 3640 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

10:01:15.0449 3640 cmdide - ok

10:01:15.0498 3640 cmuda3 (809980f0bfcec2d3ddb3dbe8a2bd323b) C:\Windows\system32\drivers\cmudax3.sys

10:01:15.0524 3640 cmuda3 - ok

10:01:15.0545 3640 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

10:01:15.0550 3640 CNG - ok

10:01:15.0565 3640 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

10:01:15.0571 3640 Compbatt - ok

10:01:15.0593 3640 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

10:01:15.0594 3640 CompositeBus - ok

10:01:15.0614 3640 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

10:01:15.0621 3640 crcdisk - ok

10:01:15.0660 3640 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

10:01:15.0665 3640 CSC - ok

10:01:15.0706 3640 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

10:01:15.0708 3640 DfsC - ok

10:01:15.0729 3640 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

10:01:15.0730 3640 discache - ok

10:01:15.0759 3640 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

10:01:15.0760 3640 Disk - ok

10:01:15.0776 3640 DNINDIS4 - ok

10:01:15.0804 3640 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys

10:01:15.0811 3640 DNISp50 - ok

10:01:15.0836 3640 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

10:01:15.0845 3640 Dot4 - ok

10:01:15.0874 3640 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

10:01:15.0879 3640 Dot4Print - ok

10:01:15.0898 3640 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

10:01:15.0904 3640 dot4usb - ok

10:01:15.0935 3640 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

10:01:15.0941 3640 drmkaud - ok

10:01:15.0973 3640 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

10:01:15.0996 3640 DXGKrnl - ok

10:01:16.0089 3640 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

10:01:16.0176 3640 ebdrv - ok

10:01:16.0260 3640 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

10:01:16.0264 3640 eeCtrl - ok

10:01:16.0314 3640 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys

10:01:16.0315 3640 ElbyCDIO - ok

10:01:16.0349 3640 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

10:01:16.0376 3640 elxstor - ok

10:01:16.0431 3640 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:01:16.0434 3640 EraserUtilRebootDrv - ok

10:01:16.0454 3640 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

10:01:16.0470 3640 ErrDev - ok

10:01:16.0506 3640 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

10:01:16.0518 3640 exfat - ok

10:01:16.0535 3640 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

10:01:16.0536 3640 fastfat - ok

10:01:16.0570 3640 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

10:01:16.0579 3640 fdc - ok

10:01:16.0603 3640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

10:01:16.0604 3640 FileInfo - ok

10:01:16.0618 3640 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

10:01:16.0625 3640 Filetrace - ok

10:01:16.0640 3640 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

10:01:16.0648 3640 flpydisk - ok

10:01:16.0668 3640 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

10:01:16.0670 3640 FltMgr - ok

10:01:16.0683 3640 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

10:01:16.0689 3640 FsDepends - ok

10:01:16.0699 3640 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

10:01:16.0700 3640 Fs_Rec - ok

10:01:16.0714 3640 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys

10:01:16.0716 3640 fvevol - ok

10:01:16.0741 3640 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:01:16.0749 3640 gagp30kx - ok

10:01:16.0789 3640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:01:16.0790 3640 GEARAspiWDM - ok

10:01:16.0803 3640 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

10:01:16.0810 3640 hcw85cir - ok

10:01:16.0828 3640 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:01:16.0830 3640 HDAudBus - ok

10:01:16.0838 3640 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

10:01:16.0844 3640 HidBatt - ok

10:01:16.0864 3640 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

10:01:16.0870 3640 HidBth - ok

10:01:16.0890 3640 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

10:01:16.0891 3640 HidIr - ok

10:01:16.0914 3640 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

10:01:16.0915 3640 HidUsb - ok

10:01:16.0953 3640 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

10:01:16.0960 3640 HpSAMD - ok

10:01:16.0991 3640 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

10:01:17.0006 3640 HTTP - ok

10:01:17.0016 3640 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

10:01:17.0018 3640 hwpolicy - ok

10:01:17.0044 3640 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

10:01:17.0051 3640 i8042prt - ok

10:01:17.0073 3640 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

10:01:17.0090 3640 iaStorV - ok

10:01:17.0100 3640 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

10:01:17.0106 3640 iirsp - ok

10:01:17.0123 3640 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

10:01:17.0129 3640 intelide - ok

10:01:17.0144 3640 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

10:01:17.0150 3640 intelppm - ok

10:01:17.0160 3640 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:01:17.0168 3640 IpFilterDriver - ok

10:01:17.0178 3640 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

10:01:17.0186 3640 IPMIDRV - ok

10:01:17.0194 3640 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

10:01:17.0203 3640 IPNAT - ok

10:01:17.0230 3640 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

10:01:17.0236 3640 IRENUM - ok

10:01:17.0244 3640 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

10:01:17.0245 3640 isapnp - ok

10:01:17.0260 3640 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

10:01:17.0270 3640 iScsiPrt - ok

10:01:17.0285 3640 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

10:01:17.0286 3640 kbdclass - ok

10:01:17.0306 3640 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

10:01:17.0308 3640 kbdhid - ok

10:01:17.0326 3640 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

10:01:17.0328 3640 KSecDD - ok

10:01:17.0350 3640 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

10:01:17.0353 3640 KSecPkg - ok

10:01:17.0400 3640 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

10:01:17.0401 3640 lltdio - ok

10:01:17.0433 3640 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:01:17.0440 3640 LSI_FC - ok

10:01:17.0453 3640 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:01:17.0460 3640 LSI_SAS - ok

10:01:17.0468 3640 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:01:17.0475 3640 LSI_SAS2 - ok

10:01:17.0483 3640 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:01:17.0490 3640 LSI_SCSI - ok

10:01:17.0501 3640 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

10:01:17.0504 3640 luafv - ok

10:01:17.0575 3640 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

10:01:17.0578 3640 MBAMProtector - ok

10:01:17.0609 3640 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

10:01:17.0628 3640 megasas - ok

10:01:17.0643 3640 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

10:01:17.0655 3640 MegaSR - ok

10:01:17.0668 3640 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

10:01:17.0676 3640 Modem - ok

10:01:17.0699 3640 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

10:01:17.0700 3640 monitor - ok

10:01:17.0721 3640 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

10:01:17.0723 3640 mouclass - ok

10:01:17.0744 3640 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

10:01:17.0745 3640 mouhid - ok

10:01:17.0761 3640 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

10:01:17.0763 3640 mountmgr - ok

10:01:17.0779 3640 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

10:01:17.0790 3640 mpio - ok

10:01:17.0804 3640 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

10:01:17.0805 3640 mpsdrv - ok

10:01:17.0816 3640 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

10:01:17.0826 3640 MRxDAV - ok

10:01:17.0846 3640 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:01:17.0849 3640 mrxsmb - ok

10:01:17.0883 3640 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:01:17.0885 3640 mrxsmb10 - ok

10:01:17.0898 3640 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:01:17.0899 3640 mrxsmb20 - ok

10:01:17.0919 3640 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

10:01:17.0926 3640 msahci - ok

10:01:17.0934 3640 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

10:01:17.0943 3640 msdsm - ok

10:01:17.0968 3640 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

10:01:17.0969 3640 Msfs - ok

10:01:17.0978 3640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

10:01:17.0979 3640 mshidkmdf - ok

10:01:17.0990 3640 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

10:01:17.0990 3640 msisadrv - ok

10:01:18.0016 3640 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

10:01:18.0021 3640 MSKSSRV - ok

10:01:18.0038 3640 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

10:01:18.0043 3640 MSPCLOCK - ok

10:01:18.0055 3640 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

10:01:18.0055 3640 MSPQM - ok

10:01:18.0068 3640 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

10:01:18.0070 3640 MsRPC - ok

10:01:18.0083 3640 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

10:01:18.0083 3640 mssmbios - ok

10:01:18.0100 3640 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

10:01:18.0106 3640 MSTEE - ok

10:01:18.0124 3640 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

10:01:18.0130 3640 MTConfig - ok

10:01:18.0143 3640 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

10:01:18.0144 3640 Mup - ok

10:01:18.0173 3640 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

10:01:18.0176 3640 NativeWifiP - ok

10:01:18.0275 3640 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110923.018\NAVENG.SYS

10:01:18.0278 3640 NAVENG - ok

10:01:18.0333 3640 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110923.018\NAVEX15.SYS

10:01:18.0343 3640 NAVEX15 - ok

10:01:18.0368 3640 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

10:01:18.0385 3640 NDIS - ok

10:01:18.0396 3640 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

10:01:18.0398 3640 NdisCap - ok

10:01:18.0423 3640 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

10:01:18.0424 3640 NdisTapi - ok

10:01:18.0453 3640 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

10:01:18.0454 3640 Ndisuio - ok

10:01:18.0465 3640 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

10:01:18.0468 3640 NdisWan - ok

10:01:18.0485 3640 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

10:01:18.0486 3640 NDProxy - ok

10:01:18.0506 3640 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

10:01:18.0508 3640 NetBIOS - ok

10:01:18.0524 3640 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

10:01:18.0526 3640 NetBT - ok

10:01:18.0604 3640 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys

10:01:18.0623 3640 netr28u - ok

10:01:18.0668 3640 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

10:01:18.0671 3640 nfrd960 - ok

10:01:18.0699 3640 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

10:01:18.0700 3640 Npfs - ok

10:01:18.0719 3640 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

10:01:18.0720 3640 nsiproxy - ok

10:01:18.0760 3640 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

10:01:18.0786 3640 Ntfs - ok

10:01:18.0803 3640 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

10:01:18.0804 3640 Null - ok

10:01:18.0836 3640 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

10:01:18.0841 3640 NVENETFD - ok

10:01:19.0084 3640 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:01:19.0248 3640 nvlddmkm - ok

10:01:19.0260 3640 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

10:01:19.0263 3640 nvraid - ok

10:01:19.0281 3640 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

10:01:19.0283 3640 nvstor - ok

10:01:19.0313 3640 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

10:01:19.0320 3640 nv_agp - ok

10:01:19.0345 3640 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

10:01:19.0351 3640 ohci1394 - ok

10:01:19.0404 3640 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

10:01:19.0405 3640 Parport - ok

10:01:19.0416 3640 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

10:01:19.0418 3640 partmgr - ok

10:01:19.0430 3640 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

10:01:19.0430 3640 Parvdm - ok

10:01:19.0450 3640 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

10:01:19.0454 3640 pci - ok

10:01:19.0465 3640 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

10:01:19.0466 3640 pciide - ok

10:01:19.0475 3640 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

10:01:19.0485 3640 pcmcia - ok

10:01:19.0494 3640 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

10:01:19.0496 3640 pcw - ok

10:01:19.0519 3640 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

10:01:19.0534 3640 PEAUTH - ok

10:01:19.0611 3640 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

10:01:19.0613 3640 PptpMiniport - ok

10:01:19.0628 3640 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

10:01:19.0630 3640 Processor - ok

10:01:19.0659 3640 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

10:01:19.0660 3640 Psched - ok

10:01:19.0699 3640 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

10:01:19.0745 3640 ql2300 - ok

10:01:19.0765 3640 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

10:01:19.0889 3640 ql40xx - ok

10:01:19.0923 3640 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

10:01:19.0931 3640 QWAVEdrv - ok

10:01:19.0948 3640 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

10:01:19.0955 3640 RasAcd - ok

10:01:19.0980 3640 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:01:19.0981 3640 RasAgileVpn - ok

10:01:19.0998 3640 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:01:20.0000 3640 Rasl2tp - ok

10:01:20.0025 3640 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

10:01:20.0026 3640 RasPppoe - ok

10:01:20.0048 3640 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

10:01:20.0049 3640 RasSstp - ok

10:01:20.0065 3640 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

10:01:20.0069 3640 rdbss - ok

10:01:20.0085 3640 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

10:01:20.0086 3640 rdpbus - ok

10:01:20.0098 3640 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:01:20.0099 3640 RDPCDD - ok

10:01:20.0128 3640 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

10:01:20.0131 3640 RDPDR - ok

10:01:20.0150 3640 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

10:01:20.0151 3640 RDPENCDD - ok

10:01:20.0168 3640 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

10:01:20.0169 3640 RDPREFMP - ok

10:01:20.0185 3640 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

10:01:20.0195 3640 RDPWD - ok

10:01:20.0215 3640 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

10:01:20.0218 3640 rdyboost - ok

10:01:20.0295 3640 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.08\RivaTuner32.sys

10:01:20.0300 3640 RivaTuner32 - ok

10:01:20.0339 3640 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

10:01:20.0340 3640 rspndr - ok

10:01:20.0389 3640 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys

10:01:20.0391 3640 RTCore32 - ok

10:01:20.0419 3640 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

10:01:20.0435 3640 s3cap - ok

10:01:20.0483 3640 SbieDrv (0e5a3d6b8362d7b44dbf56acd2c090ce) C:\Program Files\Sandboxie\SbieDrv.sys

10:01:20.0485 3640 SbieDrv - ok

10:01:20.0545 3640 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

10:01:20.0566 3640 sbp2port - ok

10:01:20.0588 3640 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

10:01:20.0595 3640 scfilter - ok

10:01:20.0626 3640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:01:20.0626 3640 secdrv - ok

10:01:20.0658 3640 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

10:01:20.0658 3640 Serenum - ok

10:01:20.0674 3640 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

10:01:20.0675 3640 Serial - ok

10:01:20.0689 3640 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

10:01:20.0690 3640 sermouse - ok

10:01:20.0719 3640 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

10:01:20.0726 3640 sffdisk - ok

10:01:20.0739 3640 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

10:01:20.0746 3640 sffp_mmc - ok

10:01:20.0759 3640 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

10:01:20.0766 3640 sffp_sd - ok

10:01:20.0780 3640 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

10:01:20.0789 3640 sfloppy - ok

10:01:20.0809 3640 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

10:01:20.0810 3640 sisagp - ok

10:01:20.0819 3640 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:01:20.0826 3640 SiSRaid2 - ok

10:01:20.0844 3640 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

10:01:20.0851 3640 SiSRaid4 - ok

10:01:20.0863 3640 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

10:01:20.0870 3640 Smb - ok

10:01:21.0004 3640 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

10:01:21.0008 3640 SPBBCDrv - ok

10:01:21.0023 3640 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

10:01:21.0024 3640 spldr - ok

10:01:21.0053 3640 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS

10:01:21.0056 3640 SRTSP - ok

10:01:21.0075 3640 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS

10:01:21.0093 3640 SRTSPL - ok

10:01:21.0113 3640 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS

10:01:21.0114 3640 SRTSPX - ok

10:01:21.0139 3640 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

10:01:21.0143 3640 srv - ok

10:01:21.0169 3640 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

10:01:21.0173 3640 srv2 - ok

10:01:21.0191 3640 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

10:01:21.0194 3640 srvnet - ok

10:01:21.0250 3640 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

10:01:21.0256 3640 stexstor - ok

10:01:21.0279 3640 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

10:01:21.0280 3640 storflt - ok

10:01:21.0308 3640 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

10:01:21.0314 3640 storvsc - ok

10:01:21.0334 3640 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

10:01:21.0335 3640 swenum - ok

10:01:21.0409 3640 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS

10:01:21.0431 3640 SymEvent - ok

10:01:21.0459 3640 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS

10:01:21.0460 3640 SYMREDRV - ok

10:01:21.0490 3640 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS

10:01:21.0496 3640 SYMTDI - ok

10:01:21.0570 3640 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys

10:01:21.0601 3640 Tcpip - ok

10:01:21.0629 3640 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys

10:01:21.0635 3640 TCPIP6 - ok

10:01:21.0649 3640 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

10:01:21.0650 3640 tcpipreg - ok

10:01:21.0661 3640 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

10:01:21.0668 3640 TDPIPE - ok

10:01:21.0678 3640 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

10:01:21.0680 3640 TDTCP - ok

10:01:21.0696 3640 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

10:01:21.0698 3640 tdx - ok

10:01:21.0714 3640 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

10:01:21.0715 3640 TermDD - ok

10:01:21.0745 3640 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:01:21.0751 3640 tssecsrv - ok

10:01:21.0766 3640 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

10:01:21.0768 3640 tunnel - ok

10:01:21.0780 3640 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

10:01:21.0788 3640 uagp35 - ok

10:01:21.0805 3640 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

10:01:21.0821 3640 udfs - ok

10:01:21.0856 3640 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

10:01:21.0864 3640 uliagpkx - ok

10:01:21.0885 3640 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

10:01:21.0886 3640 umbus - ok

10:01:21.0901 3640 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

10:01:21.0908 3640 UmPass - ok

10:01:21.0939 3640 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

10:01:21.0940 3640 USBAAPL - ok

10:01:21.0979 3640 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

10:01:21.0988 3640 usbaudio - ok

10:01:22.0003 3640 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

10:01:22.0004 3640 usbccgp - ok

10:01:22.0011 3640 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

10:01:22.0019 3640 usbcir - ok

10:01:22.0035 3640 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

10:01:22.0036 3640 usbehci - ok

10:01:22.0056 3640 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

10:01:22.0060 3640 usbhub - ok

10:01:22.0075 3640 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

10:01:22.0076 3640 usbohci - ok

10:01:22.0110 3640 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

10:01:22.0116 3640 usbprint - ok

10:01:22.0140 3640 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

10:01:22.0143 3640 usbscan - ok

10:01:22.0154 3640 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:01:22.0155 3640 USBSTOR - ok

10:01:22.0174 3640 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

10:01:22.0180 3640 usbuhci - ok

10:01:22.0204 3640 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys

10:01:22.0211 3640 usbvideo - ok

10:01:22.0271 3640 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys

10:01:22.0274 3640 VClone - ok

10:01:22.0291 3640 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

10:01:22.0295 3640 vdrvroot - ok

10:01:22.0326 3640 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

10:01:22.0344 3640 vga - ok

10:01:22.0360 3640 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

10:01:22.0361 3640 VgaSave - ok

10:01:22.0378 3640 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

10:01:22.0391 3640 vhdmp - ok

10:01:22.0411 3640 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

10:01:22.0423 3640 viaagp - ok

10:01:22.0438 3640 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

10:01:22.0445 3640 ViaC7 - ok

10:01:22.0459 3640 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

10:01:22.0465 3640 viaide - ok

10:01:22.0490 3640 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

10:01:22.0500 3640 vmbus - ok

10:01:22.0513 3640 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

10:01:22.0519 3640 VMBusHID - ok

10:01:22.0531 3640 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

10:01:22.0533 3640 volmgr - ok

10:01:22.0554 3640 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

10:01:22.0558 3640 volmgrx - ok

10:01:22.0579 3640 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

10:01:22.0583 3640 volsnap - ok

10:01:22.0598 3640 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

10:01:22.0606 3640 vsmraid - ok

10:01:22.0625 3640 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

10:01:22.0626 3640 vwifibus - ok

10:01:22.0648 3640 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

10:01:22.0649 3640 vwififlt - ok

10:01:22.0670 3640 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

10:01:22.0676 3640 WacomPen - ok

10:01:22.0694 3640 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

10:01:22.0695 3640 WANARP - ok

10:01:22.0700 3640 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

10:01:22.0700 3640 Wanarpv6 - ok

10:01:22.0741 3640 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

10:01:22.0748 3640 Wd - ok

10:01:22.0768 3640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

10:01:22.0774 3640 Wdf01000 - ok

10:01:22.0811 3640 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

10:01:22.0813 3640 WfpLwf - ok

10:01:22.0853 3640 WG111T (5d4f8664e13e71cb75d3fc0dd27fc24c) C:\Windows\system32\DRIVERS\WG111Tv.sys

10:01:22.0876 3640 WG111T - ok

10:01:22.0895 3640 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

10:01:22.0901 3640 WIMMount - ok

10:01:22.0956 3640 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

10:01:22.0964 3640 WinUsb - ok

10:01:22.0981 3640 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

10:01:22.0988 3640 WmiAcpi - ok

10:01:23.0013 3640 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

10:01:23.0019 3640 ws2ifsl - ok

10:01:23.0040 3640 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

10:01:23.0041 3640 WudfPf - ok

10:01:23.0054 3640 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:01:23.0056 3640 WUDFRd - ok

10:01:23.0094 3640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:01:23.0104 3640 \Device\Harddisk0\DR0 - ok

10:01:23.0108 3640 Boot (0x1200) (cfccc087091054e791fc0cd36d30d78a) \Device\Harddisk0\DR0\Partition0

10:01:23.0109 3640 \Device\Harddisk0\DR0\Partition0 - ok

10:01:23.0126 3640 Boot (0x1200) (7f75d71cc4f1bb337d0245324b374089) \Device\Harddisk0\DR0\Partition1

10:01:23.0126 3640 \Device\Harddisk0\DR0\Partition1 - ok

10:01:23.0143 3640 Boot (0x1200) (262fcbdbbba5f86dc81af2dab4cf4288) \Device\Harddisk0\DR0\Partition2

10:01:23.0144 3640 \Device\Harddisk0\DR0\Partition2 - ok

10:01:23.0144 3640 ============================================================

10:01:23.0144 3640 Scan finished

10:01:23.0144 3640 ============================================================

10:01:23.0155 4760 Detected object count: 0

10:01:23.0155 4760 Actual detected object count: 0

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Combofix keeps freezing on my computer. I disabled all my AV and Windows Firewall, ran as admin and let it sit for a while (about an hour). I also tried it in safe mode (my apologies if that is something I absolutely should not have done).

It gets past extracting and creating a restore point, but then hangs immediately after giving the time estimate (10 minutes, or longer for severely infected machines).

Google, etc. still behaving the same way.

Link to post
Share on other sites

Download Dr.Web CureIt to the desktop:

  • Doubleclick the drweb-cureit icon to start the program.
  • press start
  • Allow the program to run the initial express scan
  • This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
    Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
  • Once the scan is complete, the results will be displayed
  • on the menu bar, click file and choose report list.
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Close Dr.Web Cureit.
  • Please post the Dr.Web.txt report in your next reply

Link to post
Share on other sites

The option for the report was greyed out so I couldn't save that, but it also didn't find any infected files. It did, however, find that the HOSTS file had been modified and reverted it back to an earlier version. Everything seems to be working great now! No redirects so far and Malwarebytes hasn't blocked any attempted outgoing pings.

THANK YOU!!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.