Jump to content
SimonK

PING.EXE + conhost.exe -Malware/Virus-

Recommended Posts

Hi.

Yesterday evening I got infected by something that completely ruined the OS - which led to a total reinstallation.

Hoping to have gotten rid of it I very soon noticed a new process running constantly in the background using between 60-99% CPU

The Malware is currently suspended with Process Explorer but I would like to get rid of it too.

I followed what's written on this page - http://forums.malwarebytes.org//index.php?showtopic=9573 - and posting the three logs.

It's probably a frequent problem so I hope for a quick reply - Below follow the three logs.

<<<<Up to date log from Malwarebytes' Anti-Malware>>>>

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Databasversion: 7975

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2011-10-18 21:44:02

mbam-log-2011-10-18 (21-44-02).txt

Skanningstyp: Snabbskanning

Antal skannade objekt: 174400

Förfluten tid: 3 minut(er), 26 sekund(er)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga skadliga poster hittades)

Infekterade minnesmoduler:

(Inga skadliga poster hittades)

Infekterade registernycklar:

(Inga skadliga poster hittades)

Infekterade registervärden:

(Inga skadliga poster hittades)

Infekterade registerdataposter:

(Inga skadliga poster hittades)

Infekterade mappar:

(Inga skadliga poster hittades)

Infekterade filer:

(Inga skadliga poster hittades)

---------------------------------------------------------------------------------------------------

<<<<DDS and attachment>>>>

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Miiza at 21:56:43 on 2011-10-18

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2996.1294 [GMT 2:00]

.

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

C:\Windows\SysWOW64\rundll32.exe

c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~2\McAfee.com\Agent\mcagent.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Miiza\Desktop\ProcessExplorer\procexp64.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

d:\Nytto\Malwarebytes' Anti-Malware\mbamservice.exe

D:\Nytto\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\PROGRA~2\mcafee\msc\mcshell.exe

C:\Program Files (x86)\Common Files\McAfee\Core\mchost.exe

C:\Program Files (x86)\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5740&r=27361011l406l0468z135t4431d53p

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5740&r=27361011l406l0468z135t4431d53p

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5740&r=27361011l406l0468z135t4431d53p

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5740&r=27361011l406l0468z135t4431d53p

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [Malwarebytes' Anti-Malware] "d:\Nytto\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] d:\Nytto\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79} : DhcpNameServer = 192.168.0.4

TCP: Interfaces\{0EF9A59C-F31F-42AF-85BF-CE62CA2C9787} : DhcpNameServer = 192.168.1.1

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{27B4851A-3207-45A2-B947-BE8AFE6163AB}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

mRun-x64: [Malwarebytes' Anti-Malware] "d:\Nytto\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes' Anti-Malware] d:\Nytto\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-18 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 MBAMService;MBAMService;D:\Nytto\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-18 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-11-5 203280]

R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-11-5 359952]

R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-5 155456]

R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-11-5 332272]

S4 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-5 606736]

.

=============== Created Last 30 ================

.

2011-10-18 22:15:15 -------- d-----w- C:\Windows\NAPP_Dism_Log

2011-10-18 22:11:31 101376 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-18 22:11:31 101376 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-10-18 22:11:19 348680 ----a-w- C:\Windows\UNINST32.EXE

2011-10-18 22:11:19 25608 ----a-w- C:\Windows\SysWow64\drivers\DKbFltr.sys

2011-10-18 22:11:16 396072 ----a-w- C:\Windows\System32\SynCOM.dll

2011-10-18 22:11:16 292912 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2011-10-18 22:11:16 263464 ----a-w- C:\Windows\System32\SynCtrl.dll

2011-10-18 22:11:16 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll

2011-10-18 22:11:16 205608 ----a-w- C:\Windows\System32\SynTPAPI.dll

2011-10-18 22:11:16 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2011-10-18 22:11:16 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll

2011-10-18 22:11:16 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll

2011-10-18 22:11:16 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll

2011-10-18 22:09:48 -------- d-----w- C:\Windows\Lan

2011-10-18 22:09:35 484128 ----a-w- C:\Windows\WisMvImg.exe

2011-10-18 22:09:35 249856 ----a-w- C:\Windows\Wisi2Bat.exe

2011-10-18 22:09:35 176416 ----a-w- C:\Windows\PatchFul.exe

2011-10-18 22:09:34 388384 ----a-w- C:\Windows\WisGAPasx64.exe

2011-10-18 22:09:34 335872 ----a-w- C:\Windows\ParseModule_X64.exe

2011-10-18 22:09:33 326432 ----a-w- C:\Windows\WisGAPas.exe

2011-10-18 22:09:33 225280 ----a-w- C:\Windows\ParseModule_X86.exe

2011-10-18 19:39:46 -------- d-----w- C:\Users\Miiza\AppData\Roaming\Malwarebytes

2011-10-18 19:39:11 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-18 19:39:07 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-18 15:11:10 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-10-18 15:11:10 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-10-18 15:11:09 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-10-18 15:11:09 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-10-18 15:07:01 -------- d-----w- C:\Users\Miiza\AppData\Local\Google

2011-10-18 15:06:39 -------- d-----w- C:\Program Files\Acer Accessory Store

2011-10-18 14:50:19 -------- d-----w- C:\ProgramData\f-secure

2011-10-18 14:50:15 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-10-18 14:50:15 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-10-18 14:49:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-10-18 14:49:02 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-10-18 14:48:47 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2011-10-18 14:48:16 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f82b54a01cc8da4\DSETUP.dll

2011-10-18 14:48:16 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f82b54a01cc8da4\DXSETUP.exe

2011-10-18 14:48:16 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f82b54a01cc8da4\dsetup32.dll

2011-10-18 14:47:53 139787088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc6E9C.tmp

2011-10-18 14:47:46 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-10-18 14:47:18 -------- d-----w- C:\BOOK

2011-10-18 14:45:51 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll

2011-10-18 14:45:51 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll

2011-10-18 14:45:51 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll

2011-10-18 14:44:39 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-10-18 14:44:39 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-10-18 14:44:38 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-10-18 14:44:38 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-10-18 14:44:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-10-18 14:42:28 -------- d-----w- C:\Program Files (x86)\Acer Arcade Deluxe

2011-10-18 14:41:29 -------- d-----w- C:\Program Files (x86)\Launch Manager

2011-10-18 14:41:18 -------- d-----w- C:\Program Files\Synaptics

2011-10-18 14:40:24 200704 ----a-w- C:\Windows\PLFSetI.exe

2011-10-18 14:40:24 106496 ----a-w- C:\Windows\FixUVC.exe

2011-10-18 14:37:14 -------- d-----w- C:\Program Files\ATI

2011-10-18 14:37:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-10-18 14:36:17 -------- d-----w- C:\ProgramData\McQcModifier-5c47-a7b0

2011-10-18 14:36:15 -------- d-----w- C:\Users\Miiza\AppData\Local\EgisTec

2011-10-18 14:36:15 -------- d-----w- C:\ProgramData\EgisTec

2011-10-18 14:33:45 -------- d-sh--we C:\ProgramData\Start-meny

2011-10-18 14:33:45 -------- d-sh--we C:\ProgramData\Skrivbord

2011-10-18 14:33:45 -------- d-sh--we C:\ProgramData\Programdata

2011-10-18 14:33:45 -------- d-sh--we C:\ProgramData\Mallar

2011-10-18 14:33:45 -------- d-sh--we C:\ProgramData\Favoriter

2011-10-18 14:33:45 -------- d-sh--we C:\ProgramData\Dokument

2011-10-18 14:33:45 -------- d-sh--we C:\Program Files\Delade filer

2011-10-18 14:33:45 -------- d-sh--we C:\Program

2011-10-18 14:33:45 -------- d-sh--w- C:\Recovery

2011-10-18 12:29:02 0 ----a-w- C:\Windows\ativpsrm.bin

2011-10-18 12:28:13 -------- d-----w- C:\Program Files\LSI SoftModem

.

==================== Find3M ====================

.

2011-10-18 22:19:14 2560 ----a-w- C:\Windows\SysWow64\drivers\sv-SE\qwavedrv.sys.mui

2011-10-18 22:19:08 5632 ----a-w- C:\Windows\SysWow64\drivers\sv-SE\ndiscap.sys.mui

2011-10-18 22:19:08 2560 ----a-w- C:\Windows\SysWow64\drivers\sv-SE\scfilter.sys.mui

2011-10-18 22:19:04 47104 ----a-w- C:\Windows\SysWow64\drivers\sv-SE\tcpip.sys.mui

2011-10-18 22:19:02 28672 ----a-w- C:\Windows\SysWow64\drivers\sv-SE\bfe.dll.mui

2011-10-18 22:19:02 15872 ----a-w- C:\Windows\SysWow64\drivers\sv-SE\pacer.sys.mui

2011-10-18 22:11:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-10-18 22:11:46 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

.

============= FINISH: 21:57:34,65 ===============

---------------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2011-10-18 16:33:55

System Uptime: 2011-10-18 19:29:21 (2 hours ago)

.

Motherboard: Acer | | Aspire 5740

Processor: Intel® Core i3 CPU M 330 @ 2.13GHz | CPU 1 | 1450/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 122,234 GiB free.

D: is FIXED (NTFS) - 140 GiB total, 8,855 GiB free.

F: is FIXED (NTFS) - 1863 GiB total, 1427,671 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 2011-10-18 16:40:06 - Installed Acer Crystal Eye webcam

RP2: 2011-10-18 16:42:09 - Installerad Suite

RP3: 2011-10-18 16:46:32 - Installerad Acer ePower Management

RP4: 2011-10-18 16:49:58 - DirectX har installerats

RP5: 2011-10-18 16:51:40 - Installed Microsoft Office Language Pack 2007 - Swedish/svenska

RP6: 2011-10-18 17:11:14 - Windows Update

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acer Arcade Deluxe

Acer Backup Manager

Acer Crystal Eye webcam Ver:1.1.124.1120

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer GridVista

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1 MUI

Alcor Micro USB Card Reader

Alice Greenfingers

Amazonia

Backup Manager Basic

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chicken Invaders 2

Compatibility Pack för Office 2007-systemet

Dairy Dash

Dream Day First Home

eSobi v2

Farm Frenzy 2

First Class Flurry

Google Toolbar for Internet Explorer

Granny In Paradise

Heroes of Hellas

Identity Card

Intel® Management Engine Components

Junk Mail filter update

Launch Manager

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee SecurityCenter

Merriam Websters Spell Jam

Microsoft Choice Guard

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (Swedish)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MSVCRT

MyWinLocker

Norton Online Backup

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

Realtek High Definition Audio Driver

Update for 2007 Microsoft Office System (KB967642)

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Sorry for the wait.. Had some trouble disabling AV and somehow windows update crashed but here is the log:

ComboFix 11-10-20.06 - Miiza 2011-10-21 0:56.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2996.2017 [GMT 2:00]

Körs från: c:\users\Miiza\Desktop\ComboFix.exe

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Temp\log.txt

.

.

(((((((((((((((((((((((( Filer skapade från 2011-09-20 till 2011-10-20 ))))))))))))))))))))))))))))))

.

.

2011-10-20 23:01 . 2011-10-20 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-19 09:35 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-10-19 09:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-10-19 09:08 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-10-19 09:08 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-10-19 09:08 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-10-19 09:08 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-10-19 09:08 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-10-19 08:11 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\SysWow64\XPSViewer

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\SysWow64\wbem\sv-SE

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\SysWow64\sv

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\SysWow64\drivers\sv-SE

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\system32\sv

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\system32\drivers\sv-SE

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\system32\wbem\sv-SE

2011-10-18 22:19 . 2011-10-18 22:19 -------- d-----w- c:\windows\sv-SE

2011-10-18 22:19 . 2011-10-18 22:19 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sv-SE\LXKPTPRC.DLL.mui

2011-10-18 22:15 . 2011-10-18 22:15 -------- d-----w- c:\windows\NAPP_Dism_Log

2011-10-18 22:11 . 2011-10-18 22:11 101376 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-10-18 22:11 . 2011-10-18 22:11 101376 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-10-18 22:11 . 2009-09-09 22:41 348680 ----a-w- c:\windows\UNINST32.EXE

2011-10-18 22:11 . 2009-03-26 19:16 25608 ----a-w- c:\windows\SysWow64\drivers\DKbFltr.sys

2011-10-18 22:11 . 2009-09-18 04:12 292912 ----a-w- c:\windows\system32\drivers\SynTP.sys

2011-10-18 22:11 . 2009-09-18 04:09 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll

2011-10-18 22:11 . 2009-09-18 04:09 205608 ----a-w- c:\windows\system32\SynTPAPI.dll

2011-10-18 22:11 . 2009-09-18 04:09 147752 ----a-w- c:\windows\system32\SynTPCo4.dll

2011-10-18 22:11 . 2009-09-18 04:09 263464 ----a-w- c:\windows\system32\SynCtrl.dll

2011-10-18 22:11 . 2009-09-18 04:09 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll

2011-10-18 22:11 . 2009-09-18 04:09 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll

2011-10-18 22:11 . 2009-09-18 04:09 396072 ----a-w- c:\windows\system32\SynCOM.dll

2011-10-18 22:11 . 2009-08-07 17:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2011-10-18 22:09 . 2011-10-18 22:09 -------- d-----w- c:\windows\Lan

2011-10-18 22:09 . 2009-11-04 12:25 484128 ----a-w- c:\windows\WisMvImg.exe

2011-10-18 22:09 . 2009-10-09 02:00 176416 ----a-w- c:\windows\PatchFul.exe

2011-10-18 22:09 . 2009-02-13 08:33 249856 ----a-w- c:\windows\Wisi2Bat.exe

2011-10-18 22:09 . 2009-10-09 18:21 388384 ----a-w- c:\windows\WisGAPasx64.exe

2011-10-18 22:09 . 2009-05-25 18:27 335872 ----a-w- c:\windows\ParseModule_X64.exe

2011-10-18 22:09 . 2009-10-09 18:08 326432 ----a-w- c:\windows\WisGAPas.exe

2011-10-18 22:09 . 2009-05-25 18:27 225280 ----a-w- c:\windows\ParseModule_X86.exe

2011-10-18 19:39 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-18 15:11 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll

2011-10-18 15:11 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2011-10-18 15:11 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2011-10-18 15:11 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2011-10-18 15:06 . 2011-10-18 15:06 -------- d-----w- c:\program files\Acer Accessory Store

2011-10-18 14:50 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-10-18 14:50 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2011-10-18 14:49 . 2011-10-18 14:49 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2011-10-18 14:49 . 2011-10-18 14:49 -------- d-----w- c:\program files (x86)\Microsoft

2011-10-18 14:48 . 2011-10-18 14:48 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2011-10-18 14:48 . 2011-10-18 14:51 -------- d-----w- c:\program files (x86)\Windows Live

2011-10-18 14:47 . 2011-10-18 14:47 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2011-10-18 14:47 . 2011-10-18 14:47 -------- d-----w- C:\BOOK

2011-10-18 14:45 . 2009-10-08 18:40 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll

2011-10-18 14:45 . 2009-10-08 18:40 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll

2011-10-18 14:45 . 2009-10-08 18:40 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll

2011-10-18 14:44 . 2011-10-18 14:44 -------- d-----w- c:\program files (x86)\Cyberlink

2011-10-18 14:42 . 2011-10-18 14:46 -------- d-----w- c:\program files (x86)\Acer Arcade Deluxe

2011-10-18 14:41 . 2011-10-18 14:41 -------- d-----w- c:\program files (x86)\Launch Manager

2011-10-18 14:41 . 2011-10-18 14:41 -------- d-----w- c:\program files\Synaptics

2011-10-18 14:40 . 2011-10-18 14:39 200704 ----a-w- c:\windows\PLFSetI.exe

2011-10-18 14:40 . 2009-04-16 16:45 106496 ----a-w- c:\windows\FixUVC.exe

2011-10-18 14:37 . 2011-10-18 14:37 -------- d-----w- c:\program files\ATI

2011-10-18 14:37 . 2011-10-18 14:38 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-10-18 14:34 . 2011-10-18 14:35 -------- d-----w- c:\users\Miiza

2011-10-18 12:29 . 2011-10-18 12:29 0 ----a-w- c:\windows\ativpsrm.bin

2011-10-18 12:28 . 2011-10-18 12:28 -------- d-----w- c:\program files\LSI SoftModem

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-18 22:19 . 2011-10-18 22:19 2560 ----a-w- c:\windows\SysWow64\drivers\sv-SE\qwavedrv.sys.mui

2011-10-18 22:19 . 2011-10-18 22:19 5632 ----a-w- c:\windows\SysWow64\drivers\sv-SE\ndiscap.sys.mui

2011-10-18 22:19 . 2011-10-18 22:19 2560 ----a-w- c:\windows\SysWow64\drivers\sv-SE\scfilter.sys.mui

2011-10-18 22:19 . 2011-10-18 22:19 47104 ----a-w- c:\windows\SysWow64\drivers\sv-SE\tcpip.sys.mui

2011-10-18 22:19 . 2011-10-18 22:19 28672 ----a-w- c:\windows\SysWow64\drivers\sv-SE\bfe.dll.mui

2011-10-18 22:19 . 2011-10-18 22:19 15872 ----a-w- c:\windows\SysWow64\drivers\sv-SE\pacer.sys.mui

2011-10-18 22:11 . 2011-10-18 22:11 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-10-18 22:11 . 2011-10-18 22:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-11-05 00:49 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="d:\nytto\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 0156581319041573mcinstcleanup;McAfee Application Installer Cleanup (0156581319041573);c:\windows\TEMP\015658~1.EXE [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-05 332272]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 MBAMService;MBAMService;d:\nytto\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 110312]

S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2011-10-18 c:\windows\Tasks\McDefragTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-11-05 00:32]

.

2011-10-18 c:\windows\Tasks\McQcTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-11-05 00:32]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-11-05 00:49 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Extra genomsökning -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5740&r=27361011l406l0468z135t4431d53p

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_5740&r=27361011l406l0468z135t4431d53p

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\progra~2\McAfee\MSC\mcmscsvc.exe

c:\windows\SysWOW64\rundll32.exe

c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\program files (x86)\McAfee\MPF\MPFSrv.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\McAfee\MSK\MskSrver.exe

c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\progra~2\McAfee.com\Agent\mcagent.exe

c:\windows\SysWOW64\ping.exe

c:\windows\SysWOW64\ping.exe

.

**************************************************************************

.

Sluttid: 2011-10-21 01:27:36 - datorn startades om.

ComboFix-quarantined-files.txt 2011-10-20 23:27

.

Före genomsökningen: 125 123 493 888 byte ledigt

Efter genomsökningen: 125 010 272 256 byte ledigt

.

- - End Of File - - 6F90B6982E17E0A7015B2490B1F7A6E7

Share this post


Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\SysWOW64\ping.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Share this post


Link to post
Share on other sites

Filename: PING.EXE

Status: Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Thu 20 Oct 2011 02:24:55 (CET)

Share this post


Link to post
Share on other sites
The Malware is currently suspended with Process Explorer
I'm not seeing it.

What is the file you have suspended?

Share this post


Link to post
Share on other sites
The Malware is currently suspended with Process Explorer
I'm not seeing it.

What is the file you have suspended?

Share this post


Link to post
Share on other sites

Ah ye... "Process Explorer" doesn't start with windows, I started it manually after ComboFix was done. Whenever ping.exe starts playing around I will take a screenshot of some more info.

Share this post


Link to post
Share on other sites

I've seen RootKits do that.

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

PING.EXE has not started now and here is the log:

02:22:26.0613 1276 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27

02:22:27.0268 1276 ============================================================

02:22:27.0268 1276 Current date / time: 2011/10/21 02:22:27.0268

02:22:27.0268 1276 SystemInfo:

02:22:27.0268 1276

02:22:27.0268 1276 OS Version: 6.1.7600 ServicePack: 0.0

02:22:27.0268 1276 Product type: Workstation

02:22:27.0268 1276 ComputerName: MIIZA-DATOR

02:22:27.0268 1276 UserName: Miiza

02:22:27.0268 1276 Windows directory: C:\Windows

02:22:27.0268 1276 System windows directory: C:\Windows

02:22:27.0268 1276 Running under WOW64

02:22:27.0268 1276 Processor architecture: Intel x64

02:22:27.0268 1276 Number of processors: 4

02:22:27.0268 1276 Page size: 0x1000

02:22:27.0268 1276 Boot type: Normal boot

02:22:27.0268 1276 ============================================================

02:22:27.0877 1276 Initialize success

02:22:30.0154 4408 ============================================================

02:22:30.0154 4408 Scan started

02:22:30.0154 4408 Mode: Manual;

02:22:30.0154 4408 ============================================================

02:22:32.0463 4408 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

02:22:32.0479 4408 1394ohci - ok

02:22:32.0588 4408 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

02:22:32.0588 4408 ACPI - ok

02:22:32.0635 4408 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

02:22:32.0635 4408 AcpiPmi - ok

02:22:32.0744 4408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

02:22:32.0760 4408 adp94xx - ok

02:22:32.0916 4408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

02:22:32.0916 4408 adpahci - ok

02:22:33.0181 4408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

02:22:33.0196 4408 adpu320 - ok

02:22:33.0337 4408 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

02:22:33.0368 4408 AFD - ok

02:22:33.0664 4408 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys

02:22:33.0680 4408 AgereSoftModem - ok

02:22:33.0836 4408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

02:22:33.0836 4408 agp440 - ok

02:22:34.0101 4408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

02:22:34.0117 4408 aliide - ok

02:22:34.0304 4408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

02:22:34.0304 4408 amdide - ok

02:22:34.0351 4408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

02:22:34.0366 4408 AmdK8 - ok

02:22:34.0398 4408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

02:22:34.0398 4408 AmdPPM - ok

02:22:34.0429 4408 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

02:22:34.0429 4408 amdsata - ok

02:22:34.0476 4408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

02:22:34.0476 4408 amdsbs - ok

02:22:34.0476 4408 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

02:22:34.0476 4408 amdxata - ok

02:22:34.0538 4408 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS

02:22:34.0538 4408 AmUStor - ok

02:22:34.0585 4408 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

02:22:34.0585 4408 AppID - ok

02:22:34.0710 4408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

02:22:34.0710 4408 arc - ok

02:22:34.0741 4408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

02:22:34.0741 4408 arcsas - ok

02:22:34.0819 4408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

02:22:34.0819 4408 AsyncMac - ok

02:22:34.0912 4408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

02:22:34.0912 4408 atapi - ok

02:22:35.0037 4408 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys

02:22:35.0068 4408 athr - ok

02:22:35.0318 4408 atikmdag (37456be85384e4cc38dc899f07f88c45) C:\Windows\system32\DRIVERS\atikmdag.sys

02:22:35.0474 4408 atikmdag - ok

02:22:35.0599 4408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

02:22:35.0599 4408 b06bdrv - ok

02:22:35.0692 4408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

02:22:35.0692 4408 b57nd60a - ok

02:22:35.0755 4408 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

02:22:35.0770 4408 BCM43XX - ok

02:22:35.0880 4408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

02:22:35.0880 4408 Beep - ok

02:22:36.0004 4408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

02:22:36.0004 4408 blbdrive - ok

02:22:36.0020 4408 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

02:22:36.0020 4408 bowser - ok

02:22:36.0082 4408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

02:22:36.0082 4408 BrFiltLo - ok

02:22:36.0082 4408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

02:22:36.0082 4408 BrFiltUp - ok

02:22:36.0207 4408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

02:22:36.0207 4408 Brserid - ok

02:22:36.0223 4408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

02:22:36.0223 4408 BrSerWdm - ok

02:22:36.0238 4408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

02:22:36.0238 4408 BrUsbMdm - ok

02:22:36.0238 4408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

02:22:36.0238 4408 BrUsbSer - ok

02:22:36.0254 4408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

02:22:36.0254 4408 BTHMODEM - ok

02:22:36.0270 4408 catchme - ok

02:22:36.0363 4408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

02:22:36.0363 4408 cdfs - ok

02:22:36.0394 4408 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

02:22:36.0394 4408 cdrom - ok

02:22:36.0519 4408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

02:22:36.0519 4408 circlass - ok

02:22:36.0566 4408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

02:22:36.0566 4408 CLFS - ok

02:22:36.0675 4408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

02:22:36.0691 4408 CmBatt - ok

02:22:36.0691 4408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

02:22:36.0691 4408 cmdide - ok

02:22:36.0738 4408 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

02:22:36.0738 4408 CNG - ok

02:22:36.0847 4408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

02:22:36.0847 4408 Compbatt - ok

02:22:36.0862 4408 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

02:22:36.0862 4408 CompositeBus - ok

02:22:36.0894 4408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

02:22:36.0894 4408 crcdisk - ok

02:22:37.0003 4408 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

02:22:37.0003 4408 DfsC - ok

02:22:37.0034 4408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

02:22:37.0034 4408 discache - ok

02:22:37.0050 4408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

02:22:37.0050 4408 Disk - ok

02:22:37.0065 4408 DKbFltr - ok

02:22:37.0159 4408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

02:22:37.0159 4408 drmkaud - ok

02:22:37.0252 4408 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

02:22:37.0268 4408 DXGKrnl - ok

02:22:37.0486 4408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

02:22:37.0580 4408 ebdrv - ok

02:22:37.0705 4408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

02:22:37.0720 4408 elxstor - ok

02:22:37.0798 4408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

02:22:37.0798 4408 ErrDev - ok

02:22:37.0892 4408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

02:22:37.0908 4408 exfat - ok

02:22:37.0970 4408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

02:22:37.0970 4408 fastfat - ok

02:22:38.0017 4408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

02:22:38.0017 4408 fdc - ok

02:22:38.0126 4408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

02:22:38.0126 4408 FileInfo - ok

02:22:38.0142 4408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

02:22:38.0142 4408 Filetrace - ok

02:22:38.0157 4408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

02:22:38.0157 4408 flpydisk - ok

02:22:38.0173 4408 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

02:22:38.0188 4408 FltMgr - ok

02:22:38.0220 4408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

02:22:38.0220 4408 FsDepends - ok

02:22:38.0313 4408 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

02:22:38.0313 4408 Fs_Rec - ok

02:22:38.0344 4408 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

02:22:38.0344 4408 fvevol - ok

02:22:38.0360 4408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

02:22:38.0360 4408 gagp30kx - ok

02:22:38.0469 4408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

02:22:38.0469 4408 hcw85cir - ok

02:22:38.0500 4408 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

02:22:38.0516 4408 HdAudAddService - ok

02:22:38.0610 4408 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

02:22:38.0610 4408 HDAudBus - ok

02:22:38.0641 4408 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

02:22:38.0641 4408 HECIx64 - ok

02:22:38.0734 4408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

02:22:38.0734 4408 HidBatt - ok

02:22:38.0750 4408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

02:22:38.0750 4408 HidBth - ok

02:22:38.0766 4408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

02:22:38.0766 4408 HidIr - ok

02:22:38.0875 4408 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

02:22:38.0875 4408 HidUsb - ok

02:22:38.0937 4408 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

02:22:38.0937 4408 HpSAMD - ok

02:22:39.0031 4408 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

02:22:39.0046 4408 HTTP - ok

02:22:39.0140 4408 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

02:22:39.0140 4408 hwpolicy - ok

02:22:39.0156 4408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

02:22:39.0156 4408 i8042prt - ok

02:22:39.0202 4408 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

02:22:39.0202 4408 iaStor - ok

02:22:39.0312 4408 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

02:22:39.0327 4408 iaStorV - ok

02:22:39.0499 4408 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

02:22:39.0655 4408 igfx - ok

02:22:39.0733 4408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

02:22:39.0733 4408 iirsp - ok

02:22:39.0826 4408 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys

02:22:39.0858 4408 IntcAzAudAddService - ok

02:22:39.0936 4408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

02:22:39.0936 4408 intelide - ok

02:22:39.0982 4408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

02:22:39.0982 4408 intelppm - ok

02:22:40.0076 4408 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:22:40.0092 4408 IpFilterDriver - ok

02:22:40.0123 4408 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

02:22:40.0123 4408 IPMIDRV - ok

02:22:40.0201 4408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

02:22:40.0201 4408 IPNAT - ok

02:22:40.0216 4408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

02:22:40.0216 4408 IRENUM - ok

02:22:40.0232 4408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

02:22:40.0232 4408 isapnp - ok

02:22:40.0326 4408 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

02:22:40.0326 4408 iScsiPrt - ok

02:22:40.0372 4408 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys

02:22:40.0372 4408 k57nd60a - ok

02:22:40.0466 4408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

02:22:40.0482 4408 kbdclass - ok

02:22:40.0497 4408 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

02:22:40.0497 4408 kbdhid - ok

02:22:40.0513 4408 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

02:22:40.0513 4408 KSecDD - ok

02:22:40.0544 4408 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys

02:22:40.0544 4408 KSecPkg - ok

02:22:40.0622 4408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

02:22:40.0622 4408 ksthunk - ok

02:22:40.0669 4408 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys

02:22:40.0669 4408 L1E - ok

02:22:40.0762 4408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

02:22:40.0778 4408 lltdio - ok

02:22:40.0903 4408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

02:22:40.0903 4408 LSI_FC - ok

02:22:40.0918 4408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

02:22:40.0918 4408 LSI_SAS - ok

02:22:40.0934 4408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

02:22:40.0934 4408 LSI_SAS2 - ok

02:22:40.0950 4408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

02:22:40.0950 4408 LSI_SCSI - ok

02:22:40.0981 4408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

02:22:40.0981 4408 luafv - ok

02:22:41.0090 4408 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

02:22:41.0090 4408 MBAMProtector - ok

02:22:41.0168 4408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

02:22:41.0168 4408 megasas - ok

02:22:41.0277 4408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

02:22:41.0277 4408 MegaSR - ok

02:22:41.0324 4408 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys

02:22:41.0324 4408 mfeavfk - ok

02:22:41.0418 4408 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys

02:22:41.0418 4408 mfehidk - ok

02:22:41.0433 4408 mferkdk (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys

02:22:41.0433 4408 mferkdk - ok

02:22:41.0449 4408 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys

02:22:41.0449 4408 mfesmfk - ok

02:22:41.0496 4408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

02:22:41.0496 4408 Modem - ok

02:22:41.0589 4408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

02:22:41.0589 4408 monitor - ok

02:22:41.0605 4408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

02:22:41.0605 4408 mouclass - ok

02:22:41.0636 4408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

02:22:41.0636 4408 mouhid - ok

02:22:41.0730 4408 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

02:22:41.0730 4408 mountmgr - ok

02:22:41.0761 4408 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys

02:22:41.0761 4408 MPFP - ok

02:22:41.0792 4408 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

02:22:41.0792 4408 mpio - ok

02:22:41.0808 4408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

02:22:41.0808 4408 mpsdrv - ok

02:22:41.0823 4408 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

02:22:41.0823 4408 MRxDAV - ok

02:22:41.0917 4408 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys

02:22:41.0932 4408 mrxsmb - ok

02:22:41.0948 4408 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:22:41.0948 4408 mrxsmb10 - ok

02:22:41.0964 4408 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:22:41.0964 4408 mrxsmb20 - ok

02:22:41.0979 4408 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

02:22:41.0979 4408 msahci - ok

02:22:41.0995 4408 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

02:22:41.0995 4408 msdsm - ok

02:22:42.0026 4408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

02:22:42.0026 4408 Msfs - ok

02:22:42.0042 4408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

02:22:42.0042 4408 mshidkmdf - ok

02:22:42.0057 4408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

02:22:42.0057 4408 msisadrv - ok

02:22:42.0151 4408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

02:22:42.0151 4408 MSKSSRV - ok

02:22:42.0182 4408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

02:22:42.0182 4408 MSPCLOCK - ok

02:22:42.0182 4408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

02:22:42.0198 4408 MSPQM - ok

02:22:42.0213 4408 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

02:22:42.0229 4408 MsRPC - ok

02:22:42.0244 4408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

02:22:42.0244 4408 mssmbios - ok

02:22:42.0354 4408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

02:22:42.0354 4408 MSTEE - ok

02:22:42.0369 4408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

02:22:42.0369 4408 MTConfig - ok

02:22:42.0400 4408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

02:22:42.0400 4408 Mup - ok

02:22:42.0447 4408 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

02:22:42.0447 4408 mwlPSDFilter - ok

02:22:42.0541 4408 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

02:22:42.0541 4408 mwlPSDNServ - ok

02:22:42.0572 4408 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

02:22:42.0572 4408 mwlPSDVDisk - ok

02:22:42.0681 4408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

02:22:42.0697 4408 NativeWifiP - ok

02:22:42.0759 4408 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

02:22:42.0775 4408 NDIS - ok

02:22:42.0837 4408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

02:22:42.0837 4408 NdisCap - ok

02:22:42.0868 4408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

02:22:42.0868 4408 NdisTapi - ok

02:22:42.0946 4408 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

02:22:42.0946 4408 Ndisuio - ok

02:22:42.0978 4408 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

02:22:42.0978 4408 NdisWan - ok

02:22:42.0993 4408 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

02:22:42.0993 4408 NDProxy - ok

02:22:43.0009 4408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

02:22:43.0024 4408 NetBIOS - ok

02:22:43.0040 4408 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

02:22:43.0056 4408 NetBT - ok

02:22:43.0149 4408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

02:22:43.0149 4408 nfrd960 - ok

02:22:43.0212 4408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

02:22:43.0212 4408 Npfs - ok

02:22:43.0227 4408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

02:22:43.0227 4408 nsiproxy - ok

02:22:43.0274 4408 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

02:22:43.0290 4408 Ntfs - ok

02:22:43.0399 4408 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

02:22:43.0399 4408 NTIDrvr - ok

02:22:43.0430 4408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

02:22:43.0446 4408 Null - ok

02:22:43.0539 4408 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

02:22:43.0539 4408 nvraid - ok

02:22:43.0555 4408 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

02:22:43.0555 4408 nvstor - ok

02:22:43.0586 4408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

02:22:43.0586 4408 nv_agp - ok

02:22:43.0617 4408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

02:22:43.0617 4408 ohci1394 - ok

02:22:43.0711 4408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

02:22:43.0711 4408 Parport - ok

02:22:43.0742 4408 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

02:22:43.0742 4408 partmgr - ok

02:22:43.0773 4408 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

02:22:43.0773 4408 pci - ok

02:22:43.0773 4408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

02:22:43.0773 4408 pciide - ok

02:22:43.0804 4408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

02:22:43.0804 4408 pcmcia - ok

02:22:43.0820 4408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

02:22:43.0820 4408 pcw - ok

02:22:43.0851 4408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

02:22:43.0867 4408 PEAUTH - ok

02:22:44.0038 4408 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

02:22:44.0038 4408 PptpMiniport - ok

02:22:44.0070 4408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

02:22:44.0070 4408 Processor - ok

02:22:44.0101 4408 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

02:22:44.0101 4408 Psched - ok

02:22:44.0148 4408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

02:22:44.0148 4408 ql2300 - ok

02:22:44.0241 4408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

02:22:44.0257 4408 ql40xx - ok

02:22:44.0272 4408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

02:22:44.0272 4408 QWAVEdrv - ok

02:22:44.0304 4408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

02:22:44.0304 4408 RasAcd - ok

02:22:44.0335 4408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

02:22:44.0350 4408 RasAgileVpn - ok

02:22:44.0413 4408 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

02:22:44.0413 4408 Rasl2tp - ok

02:22:44.0460 4408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

02:22:44.0460 4408 RasPppoe - ok

02:22:44.0538 4408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

02:22:44.0538 4408 RasSstp - ok

02:22:44.0569 4408 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

02:22:44.0584 4408 rdbss - ok

02:22:44.0600 4408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

02:22:44.0600 4408 rdpbus - ok

02:22:44.0647 4408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

02:22:44.0647 4408 RDPCDD - ok

02:22:44.0709 4408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

02:22:44.0709 4408 RDPENCDD - ok

02:22:44.0740 4408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

02:22:44.0740 4408 RDPREFMP - ok

02:22:44.0803 4408 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

02:22:44.0803 4408 RDPWD - ok

02:22:44.0896 4408 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

02:22:44.0896 4408 rdyboost - ok

02:22:44.0974 4408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

02:22:44.0974 4408 rspndr - ok

02:22:45.0084 4408 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys

02:22:45.0084 4408 RTHDMIAzAudService - ok

02:22:45.0146 4408 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

02:22:45.0146 4408 sbp2port - ok

02:22:45.0208 4408 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

02:22:45.0208 4408 scfilter - ok

02:22:45.0271 4408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

02:22:45.0271 4408 secdrv - ok

02:22:45.0411 4408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

02:22:45.0442 4408 Serenum - ok

02:22:45.0474 4408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

02:22:45.0474 4408 Serial - ok

02:22:45.0552 4408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

02:22:45.0552 4408 sermouse - ok

02:22:45.0583 4408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

02:22:45.0583 4408 sffdisk - ok

02:22:45.0598 4408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

02:22:45.0598 4408 sffp_mmc - ok

02:22:45.0614 4408 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

02:22:45.0614 4408 sffp_sd - ok

02:22:45.0630 4408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

02:22:45.0630 4408 sfloppy - ok

02:22:45.0645 4408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

02:22:45.0645 4408 SiSRaid2 - ok

02:22:45.0661 4408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

02:22:45.0661 4408 SiSRaid4 - ok

02:22:45.0676 4408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

02:22:45.0676 4408 Smb - ok

02:22:45.0770 4408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

02:22:45.0786 4408 spldr - ok

02:22:45.0832 4408 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys

02:22:45.0848 4408 srv - ok

02:22:45.0942 4408 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys

02:22:45.0942 4408 srv2 - ok

02:22:46.0020 4408 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys

02:22:46.0020 4408 srvnet - ok

02:22:46.0113 4408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

02:22:46.0113 4408 stexstor - ok

02:22:46.0160 4408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

02:22:46.0160 4408 swenum - ok

02:22:46.0222 4408 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys

02:22:46.0222 4408 SynTP - ok

02:22:46.0378 4408 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys

02:22:46.0410 4408 Tcpip - ok

02:22:46.0534 4408 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys

02:22:46.0550 4408 TCPIP6 - ok

02:22:46.0644 4408 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

02:22:46.0644 4408 tcpipreg - ok

02:22:46.0659 4408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

02:22:46.0675 4408 TDPIPE - ok

02:22:46.0690 4408 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

02:22:46.0690 4408 TDTCP - ok

02:22:46.0722 4408 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

02:22:46.0722 4408 tdx - ok

02:22:46.0800 4408 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

02:22:46.0800 4408 TermDD - ok

02:22:46.0862 4408 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

02:22:46.0862 4408 tssecsrv - ok

02:22:46.0909 4408 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

02:22:46.0909 4408 tunnel - ok

02:22:46.0987 4408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

02:22:46.0987 4408 uagp35 - ok

02:22:47.0034 4408 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

02:22:47.0034 4408 UBHelper - ok

02:22:47.0065 4408 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

02:22:47.0080 4408 udfs - ok

02:22:47.0174 4408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

02:22:47.0174 4408 uliagpkx - ok

02:22:47.0221 4408 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

02:22:47.0221 4408 umbus - ok

02:22:47.0252 4408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

02:22:47.0252 4408 UmPass - ok

02:22:47.0361 4408 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

02:22:47.0361 4408 usbccgp - ok

02:22:47.0392 4408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

02:22:47.0392 4408 usbcir - ok

02:22:47.0408 4408 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

02:22:47.0408 4408 usbehci - ok

02:22:47.0424 4408 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

02:22:47.0424 4408 usbhub - ok

02:22:47.0455 4408 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

02:22:47.0455 4408 usbohci - ok

02:22:47.0533 4408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

02:22:47.0533 4408 usbprint - ok

02:22:47.0548 4408 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

02:22:47.0564 4408 USBSTOR - ok

02:22:47.0564 4408 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

02:22:47.0580 4408 usbuhci - ok

02:22:47.0611 4408 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

02:22:47.0611 4408 usbvideo - ok

02:22:47.0720 4408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

02:22:47.0720 4408 vdrvroot - ok

02:22:47.0767 4408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

02:22:47.0767 4408 vga - ok

02:22:47.0782 4408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

02:22:47.0798 4408 VgaSave - ok

02:22:47.0814 4408 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

02:22:47.0814 4408 vhdmp - ok

02:22:47.0829 4408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

02:22:47.0829 4408 viaide - ok

02:22:47.0892 4408 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

02:22:47.0907 4408 volmgr - ok

02:22:47.0938 4408 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

02:22:47.0938 4408 volmgrx - ok

02:22:47.0954 4408 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

02:22:47.0970 4408 volsnap - ok

02:22:47.0985 4408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

02:22:47.0985 4408 vsmraid - ok

02:22:48.0016 4408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

02:22:48.0016 4408 vwifibus - ok

02:22:48.0032 4408 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

02:22:48.0032 4408 vwififlt - ok

02:22:48.0110 4408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

02:22:48.0110 4408 WacomPen - ok

02:22:48.0157 4408 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

02:22:48.0157 4408 WANARP - ok

02:22:48.0157 4408 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

02:22:48.0157 4408 Wanarpv6 - ok

02:22:48.0204 4408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

02:22:48.0204 4408 Wd - ok

02:22:48.0282 4408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

02:22:48.0313 4408 Wdf01000 - ok

02:22:48.0484 4408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

02:22:48.0484 4408 WfpLwf - ok

02:22:48.0516 4408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

02:22:48.0516 4408 WIMMount - ok

02:22:48.0656 4408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

02:22:48.0656 4408 WmiAcpi - ok

02:22:48.0703 4408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

02:22:48.0703 4408 ws2ifsl - ok

02:22:48.0734 4408 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

02:22:48.0734 4408 WudfPf - ok

02:22:48.0781 4408 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

02:22:48.0781 4408 WUDFRd - ok

02:22:48.0828 4408 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0

02:22:48.0828 4408 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

02:22:48.0828 4408 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

02:22:48.0828 4408 Boot (0x1200) (6f9eae44bb89a22fc14d54b74f0aaa0e) \Device\Harddisk0\DR0\Partition0

02:22:48.0843 4408 \Device\Harddisk0\DR0\Partition0 - ok

02:22:48.0843 4408 Boot (0x1200) (78ffc6fdff9027754cc345383f9df9fb) \Device\Harddisk0\DR0\Partition1

02:22:48.0843 4408 \Device\Harddisk0\DR0\Partition1 - ok

02:22:48.0874 4408 Boot (0x1200) (0bc92ee0a4883a01d086a7a5ad31f260) \Device\Harddisk0\DR0\Partition2

02:22:48.0874 4408 \Device\Harddisk0\DR0\Partition2 - ok

02:22:48.0874 4408 ============================================================

02:22:48.0874 4408 Scan finished

02:22:48.0874 4408 ============================================================

02:22:48.0890 4848 Detected object count: 1

02:22:48.0890 4848 Actual detected object count: 1

02:23:23.0662 4848 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

02:23:23.0662 4848 \Device\Harddisk0\DR0 - ok

02:23:23.0678 4848 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

02:23:25.0878 1732 Deinitialize success

Share this post


Link to post
Share on other sites

I'll assume you rebooted after the TDSSKiller scan.

Lets give it a day or two and see how it goes.

Lets uninstall combofix.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Share this post


Link to post
Share on other sites

When uninstalling McAfee found a spyware,

McAfee har förhindrat att ett eventuellt oönskat program (PUP) körs på datorn. Om du inte känner igen programmet bör du ta bort det.

Om Eventuellt oönskat program

Namn: Tool-NirCmd

Plats: C:\32788R22FWJFW\n.pif

Spionprogram, annonsprogram och andra eventuellt oönskade program kan skada datorn, äventyra dess säkerhet och skada viktiga filer.

Share this post


Link to post
Share on other sites

mbam and TDSSKiller are clean.

Thanks for the help!

A question,

are you sponsored by Malwarebytes' program?

Share this post


Link to post
Share on other sites
A question,

are you sponsored by Malwarebytes' program?

Yes, I'm a Staff Member

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.