Jump to content


Photo
- - - - -

Infected :(


  • This topic is locked This topic is locked
30 replies to this topic

#1 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 March 2012 - 04:58 AM

Hi i have run the quick scan of malwarebytes and had no joy an have therefore attatched the files as requested.

Hope you can help,

Regards

Ria

Attached Files



#2 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 01 March 2012 - 07:41 PM

Hy there,

Could you tell me why do you think you are infected so I know what I should look for :)

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#3 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 02 March 2012 - 06:46 PM

sorry lol that would help i imagine! my google search keeps getting redirected to thealltimes.com

thanks

#4 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 02 March 2012 - 08:44 PM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please download Gmer from here and save it to your Desktop.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#5 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 March 2012 - 05:14 AM

Hi Daniel,

Thank you for your help, much appreciated here is my GMER log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-03 10:12:25
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250318AS rev.CC38
Running: 4gb4ytk1.exe; Driver: C:\Users\Ria\AppData\Local\Temp\fwdiypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\DRIVERS\PavProc.sys ZwTerminateProcess [0x9EEFE73A]
SSDT \??\C:\Windows\system32\PavSRK.sys ZwWriteVirtualMemory [0x9EEB5C30]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
AttachedDevice \Driver\tdx \Device\Tcp NETFLTDI.SYS

Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp NETFLTDI.SYS

Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B63135AE-BD94-4548-B391-C7C90277439E}\Connection@Name isatap.{74BBAD8C-54AD-4B8D-B2CB-A04B32A8FE3A}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{B63135AE-BD94-4548-B391-C7C90277439E}?\Device\{AF2A2C54-E64A-4BCC-A9BC-8813953D1EFD}?\Device\{2F52CD66-619E-427F-8342-CA8E6DEF152F}?\Device\{F6434A1E-B99E-4E4B-B15F-E623E8290E47}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{B63135AE-BD94-4548-B391-C7C90277439E}"?"{AF2A2C54-E64A-4BCC-A9BC-8813953D1EFD}"?"{2F52CD66-619E-427F-8342-CA8E6DEF152F}"?"{F6434A1E-B99E-4E4B-B15F-E623E8290E47}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{B63135AE-BD94-4548-B391-C7C90277439E}?\Device\TCPIP6TUNNEL_{AF2A2C54-E64A-4BCC-A9BC-8813953D1EFD}?\Device\TCPIP6TUNNEL_{2F52CD66-619E-427F-8342-CA8E6DEF152F}?\Device\TCPIP6TUNNEL_{F6434A1E-B99E-4E4B-B15F-E623E8290E47}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B63135AE-BD94-4548-B391-C7C90277439E}@InterfaceName isatap.{74BBAD8C-54AD-4B8D-B2CB-A04B32A8FE3A}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B63135AE-BD94-4548-B391-C7C90277439E}@ReusableType 0

---- EOF - GMER 1.0.15 ----

Regards

Ria

#6 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 March 2012 - 08:41 AM

You are welcome :)


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator

  • The tool may ask you

    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?

    Please click Yes ( The download could take some time )

  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.



Please post in your next reply
aswMBR.txt
TDSSKiller Log

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#7 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 March 2012 - 03:02 PM

19:58:50.0255 4336 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
19:58:50.0682 4336 ============================================================
19:58:50.0682 4336 Current date / time: 2012/03/03 19:58:50.0682
19:58:50.0682 4336 SystemInfo:
19:58:50.0682 4336
19:58:50.0682 4336 OS Version: 6.1.7600 ServicePack: 0.0
19:58:50.0682 4336 Product type: Workstation
19:58:50.0683 4336 ComputerName: ZIANTE-PC
19:58:50.0683 4336 UserName: Ria
19:58:50.0683 4336 Windows directory: C:\Windows
19:58:50.0683 4336 System windows directory: C:\Windows
19:58:50.0683 4336 Processor architecture: Intel x86
19:58:50.0683 4336 Number of processors: 2
19:58:50.0683 4336 Page size: 0x1000
19:58:50.0683 4336 Boot type: Normal boot
19:58:50.0683 4336 ============================================================
19:58:51.0611 4336 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:58:51.0631 4336 \Device\Harddisk0\DR0:
19:58:51.0631 4336 MBR used
19:58:51.0631 4336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:58:51.0631 4336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
19:58:51.0651 4336 Initialize success
19:58:51.0651 4336 ============================================================
19:58:53.0567 4948 ============================================================
19:58:53.0567 4948 Scan started
19:58:53.0567 4948 Mode: Manual;
19:58:53.0567 4948 ============================================================
19:58:54.0378 4948 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:58:54.0380 4948 1394ohci - ok
19:58:54.0435 4948 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:58:54.0438 4948 ACPI - ok
19:58:54.0527 4948 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:58:54.0527 4948 AcpiPmi - ok
19:58:54.0661 4948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:58:54.0665 4948 adp94xx - ok
19:58:54.0770 4948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:58:54.0774 4948 adpahci - ok
19:58:54.0800 4948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:58:54.0802 4948 adpu320 - ok
19:58:54.0875 4948 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
19:58:54.0879 4948 AFD - ok
19:58:54.0920 4948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:58:54.0921 4948 agp440 - ok
19:58:54.0997 4948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:58:54.0999 4948 aic78xx - ok
19:58:55.0097 4948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:58:55.0099 4948 aliide - ok
19:58:55.0124 4948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:58:55.0126 4948 amdagp - ok
19:58:55.0140 4948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:58:55.0141 4948 amdide - ok
19:58:55.0177 4948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:58:55.0179 4948 AmdK8 - ok
19:58:55.0217 4948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:58:55.0219 4948 AmdPPM - ok
19:58:55.0257 4948 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
19:58:55.0260 4948 amdsata - ok
19:58:55.0289 4948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:58:55.0292 4948 amdsbs - ok
19:58:55.0328 4948 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
19:58:55.0330 4948 amdxata - ok
19:58:55.0380 4948 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys
19:58:55.0382 4948 AmFSM - ok
19:58:55.0500 4948 APPFLT (6b467e791ec470d010bd50e5e98bf467) C:\Windows\system32\Drivers\APPFLT.SYS
19:58:55.0502 4948 APPFLT - ok
19:58:55.0538 4948 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:58:55.0540 4948 AppID - ok
19:58:55.0648 4948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:58:55.0651 4948 arc - ok
19:58:55.0676 4948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:58:55.0678 4948 arcsas - ok
19:58:55.0727 4948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:58:55.0728 4948 AsyncMac - ok
19:58:55.0741 4948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:58:55.0741 4948 atapi - ok
19:58:55.0805 4948 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
19:58:55.0830 4948 athr - ok
19:58:55.0948 4948 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:58:55.0950 4948 AtiPcie - ok
19:58:56.0040 4948 AvFlt - ok
19:58:56.0097 4948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:58:56.0102 4948 b06bdrv - ok
19:58:56.0233 4948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:58:56.0236 4948 b57nd60x - ok
19:58:56.0307 4948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:58:56.0308 4948 Beep - ok
19:58:56.0339 4948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:58:56.0340 4948 blbdrive - ok
19:58:56.0471 4948 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
19:58:56.0473 4948 bowser - ok
19:58:56.0491 4948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:58:56.0495 4948 BrFiltLo - ok
19:58:56.0520 4948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:58:56.0520 4948 BrFiltUp - ok
19:58:56.0584 4948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:58:56.0588 4948 Brserid - ok
19:58:56.0597 4948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:58:56.0599 4948 BrSerWdm - ok
19:58:56.0616 4948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:58:56.0618 4948 BrUsbMdm - ok
19:58:56.0661 4948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:58:56.0663 4948 BrUsbSer - ok
19:58:56.0678 4948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:58:56.0679 4948 BTHMODEM - ok
19:58:56.0754 4948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:58:56.0756 4948 cdfs - ok
19:58:56.0845 4948 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:58:56.0848 4948 cdrom - ok
19:58:56.0965 4948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:58:56.0967 4948 circlass - ok
19:58:57.0001 4948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:58:57.0005 4948 CLFS - ok
19:58:57.0162 4948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:58:57.0163 4948 CmBatt - ok
19:58:57.0182 4948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:58:57.0184 4948 cmdide - ok
19:58:57.0205 4948 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:58:57.0210 4948 CNG - ok
19:58:57.0370 4948 ComFiltr (d9c33e68f61f27d8206f65b0190dc5cf) C:\Windows\system32\DRIVERS\COMFiltr.sys
19:58:57.0371 4948 ComFiltr - ok
19:58:57.0405 4948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:58:57.0407 4948 Compbatt - ok
19:58:57.0497 4948 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:58:57.0498 4948 CompositeBus - ok
19:58:57.0548 4948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:58:57.0549 4948 crcdisk - ok
19:58:57.0645 4948 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
19:58:57.0647 4948 DfsC - ok
19:58:57.0668 4948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:58:57.0669 4948 discache - ok
19:58:57.0731 4948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:58:57.0732 4948 Disk - ok
19:58:57.0805 4948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:58:57.0806 4948 drmkaud - ok
19:58:57.0892 4948 DSAFLT (5bb0f91ffd84057d094d106d9ff53298) C:\Windows\system32\Drivers\DSAFLT.SYS
19:58:57.0893 4948 DSAFLT - ok
19:58:57.0945 4948 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
19:58:57.0963 4948 DXGKrnl - ok
19:58:58.0150 4948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:58:58.0213 4948 ebdrv - ok
19:58:58.0290 4948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:58:58.0295 4948 elxstor - ok
19:58:58.0316 4948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:58:58.0316 4948 ErrDev - ok
19:58:58.0443 4948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:58:58.0448 4948 exfat - ok
19:58:58.0478 4948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:58:58.0480 4948 fastfat - ok
19:58:58.0593 4948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:58:58.0596 4948 fdc - ok
19:58:58.0622 4948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:58:58.0624 4948 FileInfo - ok
19:58:58.0635 4948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:58:58.0636 4948 Filetrace - ok
19:58:58.0661 4948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:58:58.0662 4948 flpydisk - ok
19:58:58.0694 4948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:58:58.0697 4948 FltMgr - ok
19:58:58.0831 4948 FNETMON (a38b9ba7a4c17f7dce9ec4e8f7870026) C:\Windows\system32\Drivers\fnetmon.SYS
19:58:58.0832 4948 FNETMON - ok
19:58:58.0876 4948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:58:58.0877 4948 FsDepends - ok
19:58:58.0897 4948 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:58:58.0898 4948 Fs_Rec - ok
19:58:58.0941 4948 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
19:58:58.0944 4948 fvevol - ok
19:58:59.0002 4948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:58:59.0004 4948 gagp30kx - ok
19:58:59.0051 4948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:58:59.0052 4948 GEARAspiWDM - ok
19:58:59.0192 4948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:58:59.0194 4948 hcw85cir - ok
19:58:59.0317 4948 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
19:58:59.0322 4948 HdAudAddService - ok
19:58:59.0447 4948 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:59.0451 4948 HDAudBus - ok
19:58:59.0480 4948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:58:59.0482 4948 HidBatt - ok
19:58:59.0506 4948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:58:59.0509 4948 HidBth - ok
19:58:59.0546 4948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:58:59.0548 4948 HidIr - ok
19:58:59.0604 4948 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:58:59.0606 4948 HidUsb - ok
19:58:59.0643 4948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:58:59.0645 4948 HpSAMD - ok
19:58:59.0768 4948 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:58:59.0775 4948 HTTP - ok
19:58:59.0793 4948 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:58:59.0794 4948 hwpolicy - ok
19:58:59.0872 4948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:58:59.0874 4948 i8042prt - ok
19:58:59.0906 4948 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
19:58:59.0911 4948 iaStorV - ok
19:58:59.0982 4948 IDSFLT (c4e887cf7ba2d3624233231aecd34c9d) C:\Windows\system32\Drivers\IDSFLT.SYS
19:58:59.0985 4948 IDSFLT - ok
19:59:00.0105 4948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:59:00.0108 4948 iirsp - ok
19:59:00.0144 4948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:59:00.0145 4948 intelide - ok
19:59:00.0188 4948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:59:00.0190 4948 intelppm - ok
19:59:00.0258 4948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:59:00.0260 4948 IpFilterDriver - ok
19:59:00.0323 4948 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:59:00.0325 4948 IPMIDRV - ok
19:59:00.0357 4948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:59:00.0359 4948 IPNAT - ok
19:59:00.0493 4948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:59:00.0496 4948 IRENUM - ok
19:59:00.0531 4948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:59:00.0534 4948 isapnp - ok
19:59:00.0565 4948 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:59:00.0568 4948 iScsiPrt - ok
19:59:00.0658 4948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:59:00.0661 4948 kbdclass - ok
19:59:00.0785 4948 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:59:00.0788 4948 kbdhid - ok
19:59:00.0911 4948 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:59:00.0914 4948 KMWDFILTERx86 - ok
19:59:00.0960 4948 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
19:59:00.0962 4948 KSecDD - ok
19:59:01.0000 4948 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
19:59:01.0002 4948 KSecPkg - ok
19:59:01.0051 4948 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\Windows\system32\DRIVERS\L1C62x86.sys
19:59:01.0053 4948 L1C - ok
19:59:01.0121 4948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:59:01.0123 4948 lltdio - ok
19:59:01.0170 4948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:59:01.0172 4948 LSI_FC - ok
19:59:01.0188 4948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:59:01.0190 4948 LSI_SAS - ok
19:59:01.0214 4948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:59:01.0216 4948 LSI_SAS2 - ok
19:59:01.0255 4948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:59:01.0257 4948 LSI_SCSI - ok
19:59:01.0282 4948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:59:01.0284 4948 luafv - ok
19:59:01.0388 4948 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:59:01.0390 4948 MBAMProtector - ok
19:59:01.0541 4948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:59:01.0544 4948 megasas - ok
19:59:01.0673 4948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:59:01.0677 4948 MegaSR - ok
19:59:01.0799 4948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:59:01.0801 4948 Modem - ok
19:59:01.0853 4948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:59:01.0854 4948 monitor - ok
19:59:01.0940 4948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:59:01.0942 4948 mouclass - ok
19:59:02.0045 4948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:59:02.0047 4948 mouhid - ok
19:59:02.0077 4948 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:59:02.0079 4948 mountmgr - ok
19:59:02.0117 4948 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:59:02.0119 4948 mpio - ok
19:59:02.0140 4948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:59:02.0142 4948 mpsdrv - ok
19:59:02.0168 4948 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:59:02.0171 4948 MRxDAV - ok
19:59:02.0264 4948 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:59:02.0268 4948 mrxsmb - ok
19:59:02.0288 4948 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:59:02.0292 4948 mrxsmb10 - ok
19:59:02.0316 4948 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:59:02.0319 4948 mrxsmb20 - ok
19:59:02.0475 4948 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:59:02.0478 4948 msahci - ok
19:59:02.0617 4948 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:59:02.0620 4948 msdsm - ok
19:59:02.0751 4948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:59:02.0757 4948 Msfs - ok
19:59:02.0794 4948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:59:02.0796 4948 mshidkmdf - ok
19:59:02.0814 4948 MSICDSetup - ok
19:59:02.0884 4948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:59:02.0885 4948 msisadrv - ok
19:59:03.0031 4948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:59:03.0032 4948 MSKSSRV - ok
19:59:03.0078 4948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:59:03.0078 4948 MSPCLOCK - ok
19:59:03.0092 4948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:59:03.0092 4948 MSPQM - ok
19:59:03.0234 4948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:59:03.0243 4948 MsRPC - ok
19:59:03.0332 4948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:59:03.0334 4948 mssmbios - ok
19:59:03.0462 4948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:59:03.0462 4948 MSTEE - ok
19:59:03.0490 4948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:59:03.0491 4948 MTConfig - ok
19:59:03.0507 4948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:59:03.0509 4948 Mup - ok
19:59:03.0622 4948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:59:03.0626 4948 NativeWifiP - ok
19:59:03.0699 4948 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:59:03.0709 4948 NDIS - ok
19:59:03.0872 4948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:59:03.0874 4948 NdisCap - ok
19:59:03.0901 4948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:59:03.0902 4948 NdisTapi - ok
19:59:03.0943 4948 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:59:03.0945 4948 Ndisuio - ok
19:59:03.0964 4948 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:59:03.0967 4948 NdisWan - ok
19:59:03.0983 4948 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:59:03.0985 4948 NDProxy - ok
19:59:04.0030 4948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:59:04.0031 4948 NetBIOS - ok
19:59:04.0048 4948 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:59:04.0050 4948 NetBT - ok
19:59:04.0174 4948 NETFLTDI (d8f44fc13db193c9379297973ee42272) C:\Windows\system32\Drivers\NETFLTDI.SYS
19:59:04.0177 4948 NETFLTDI - ok
19:59:04.0289 4948 NETIMFLT01060044 (9dee136c4863d5065437d07262bb5c40) C:\Windows\system32\DRIVERS\neti1644.sys
19:59:04.0292 4948 NETIMFLT01060044 - ok
19:59:04.0440 4948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:59:04.0443 4948 nfrd960 - ok
19:59:04.0481 4948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:59:04.0482 4948 Npfs - ok
19:59:04.0538 4948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:59:04.0540 4948 nsiproxy - ok
19:59:04.0618 4948 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
19:59:04.0643 4948 Ntfs - ok
19:59:04.0683 4948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:59:04.0684 4948 Null - ok
19:59:04.0974 4948 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:59:05.0149 4948 nvlddmkm - ok
19:59:05.0217 4948 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
19:59:05.0221 4948 nvraid - ok
19:59:05.0243 4948 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
19:59:05.0247 4948 nvstor - ok
19:59:05.0338 4948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:59:05.0341 4948 nv_agp - ok
19:59:05.0355 4948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:59:05.0358 4948 ohci1394 - ok
19:59:05.0512 4948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:59:05.0515 4948 Parport - ok
19:59:05.0541 4948 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:59:05.0543 4948 partmgr - ok
19:59:05.0556 4948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:59:05.0557 4948 Parvdm - ok
19:59:05.0642 4948 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys
19:59:05.0643 4948 pavboot - ok
19:59:05.0732 4948 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys
19:59:05.0737 4948 PavProc - ok
19:59:05.0803 4948 PavSRK.sys - ok
19:59:05.0843 4948 PavTPK.sys - ok
19:59:05.0908 4948 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:59:05.0911 4948 pci - ok
19:59:06.0016 4948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:59:06.0017 4948 pciide - ok
19:59:06.0061 4948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:59:06.0064 4948 pcmcia - ok
19:59:06.0160 4948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:59:06.0162 4948 pcw - ok
19:59:06.0252 4948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:59:06.0268 4948 PEAUTH - ok
19:59:06.0433 4948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:59:06.0438 4948 PptpMiniport - ok
19:59:06.0488 4948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:59:06.0493 4948 Processor - ok
19:59:06.0609 4948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:59:06.0611 4948 Psched - ok
19:59:06.0781 4948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:59:06.0803 4948 ql2300 - ok
19:59:06.0916 4948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:59:06.0918 4948 ql40xx - ok
19:59:06.0946 4948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:59:06.0948 4948 QWAVEdrv - ok
19:59:06.0967 4948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:59:06.0967 4948 RasAcd - ok
19:59:07.0089 4948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:59:07.0091 4948 RasAgileVpn - ok
19:59:07.0205 4948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:59:07.0208 4948 Rasl2tp - ok
19:59:07.0337 4948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:59:07.0343 4948 RasPppoe - ok
19:59:07.0465 4948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:59:07.0469 4948 RasSstp - ok
19:59:07.0506 4948 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:59:07.0510 4948 rdbss - ok
19:59:07.0524 4948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:59:07.0526 4948 rdpbus - ok
19:59:07.0610 4948 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:59:07.0610 4948 RDPCDD - ok
19:59:07.0725 4948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:59:07.0726 4948 RDPENCDD - ok
19:59:07.0776 4948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:59:07.0776 4948 RDPREFMP - ok
19:59:07.0827 4948 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:59:07.0829 4948 RDPWD - ok
19:59:07.0913 4948 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:59:07.0916 4948 rdyboost - ok
19:59:08.0039 4948 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
19:59:08.0041 4948 RimUsb - ok
19:59:08.0125 4948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:59:08.0127 4948 rspndr - ok
19:59:08.0217 4948 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:59:08.0219 4948 sbp2port - ok
19:59:08.0258 4948 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:59:08.0259 4948 scfilter - ok
19:59:08.0298 4948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:59:08.0299 4948 secdrv - ok
19:59:08.0445 4948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:59:08.0448 4948 Serenum - ok
19:59:08.0503 4948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:59:08.0505 4948 Serial - ok
19:59:08.0523 4948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:59:08.0525 4948 sermouse - ok
19:59:08.0562 4948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:59:08.0563 4948 sffdisk - ok
19:59:08.0572 4948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:59:08.0573 4948 sffp_mmc - ok
19:59:08.0608 4948 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:59:08.0609 4948 sffp_sd - ok
19:59:08.0626 4948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:59:08.0628 4948 sfloppy - ok
19:59:08.0772 4948 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys
19:59:08.0775 4948 ShldDrv - ok
19:59:08.0816 4948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:59:08.0819 4948 sisagp - ok
19:59:08.0916 4948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:59:08.0918 4948 SiSRaid2 - ok
19:59:08.0971 4948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:59:08.0974 4948 SiSRaid4 - ok
19:59:09.0068 4948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:59:09.0070 4948 Smb - ok
19:59:09.0202 4948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:59:09.0204 4948 spldr - ok
19:59:09.0322 4948 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
19:59:09.0326 4948 srv - ok
19:59:09.0350 4948 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
19:59:09.0353 4948 srv2 - ok
19:59:09.0465 4948 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
19:59:09.0468 4948 srvnet - ok
19:59:09.0606 4948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:59:09.0607 4948 stexstor - ok
19:59:09.0641 4948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:59:09.0642 4948 swenum - ok
19:59:09.0810 4948 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
19:59:09.0837 4948 Tcpip - ok
19:59:09.0944 4948 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
19:59:09.0954 4948 TCPIP6 - ok
19:59:10.0078 4948 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:59:10.0080 4948 tcpipreg - ok
19:59:10.0199 4948 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:59:10.0201 4948 TDPIPE - ok
19:59:10.0236 4948 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:59:10.0237 4948 TDTCP - ok
19:59:10.0261 4948 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:59:10.0263 4948 tdx - ok
19:59:10.0303 4948 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:59:10.0304 4948 TermDD - ok
19:59:10.0403 4948 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:59:10.0404 4948 tssecsrv - ok
19:59:10.0533 4948 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:59:10.0537 4948 tunnel - ok
19:59:10.0624 4948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:59:10.0627 4948 uagp35 - ok
19:59:10.0707 4948 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:59:10.0711 4948 udfs - ok
19:59:10.0764 4948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:59:10.0766 4948 uliagpkx - ok
19:59:10.0902 4948 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:59:10.0903 4948 umbus - ok
19:59:10.0981 4948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:59:10.0982 4948 UmPass - ok
19:59:11.0113 4948 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:59:11.0115 4948 USBAAPL - ok
19:59:11.0235 4948 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
19:59:11.0237 4948 usbaudio - ok
19:59:11.0277 4948 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
19:59:11.0279 4948 usbccgp - ok
19:59:11.0292 4948 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:59:11.0294 4948 usbcir - ok
19:59:11.0313 4948 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
19:59:11.0314 4948 usbehci - ok
19:59:11.0377 4948 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
19:59:11.0380 4948 usbhub - ok
19:59:11.0399 4948 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:59:11.0401 4948 usbohci - ok
19:59:11.0513 4948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:59:11.0516 4948 usbprint - ok
19:59:11.0555 4948 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:59:11.0557 4948 usbscan - ok
19:59:11.0600 4948 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:59:11.0602 4948 USBSTOR - ok
19:59:11.0616 4948 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:59:11.0617 4948 usbuhci - ok
19:59:11.0652 4948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:59:11.0653 4948 vdrvroot - ok
19:59:11.0795 4948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:59:11.0798 4948 vga - ok
19:59:11.0879 4948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:59:11.0881 4948 VgaSave - ok
19:59:11.0937 4948 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:59:11.0940 4948 vhdmp - ok
19:59:12.0042 4948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:59:12.0044 4948 viaagp - ok
19:59:12.0072 4948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:59:12.0074 4948 ViaC7 - ok
19:59:12.0177 4948 VIAHdAudAddService (f27c1d81ed7daca5b1a539745a4ef710) C:\Windows\system32\drivers\viahduaa.sys
19:59:12.0203 4948 VIAHdAudAddService - ok
19:59:12.0359 4948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:59:12.0367 4948 viaide - ok
19:59:12.0474 4948 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:59:12.0478 4948 volmgr - ok
19:59:12.0509 4948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:59:12.0514 4948 volmgrx - ok
19:59:12.0532 4948 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:59:12.0536 4948 volsnap - ok
19:59:12.0657 4948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:59:12.0660 4948 vsmraid - ok
19:59:12.0683 4948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:59:12.0685 4948 vwifibus - ok
19:59:12.0751 4948 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:59:12.0754 4948 vwififlt - ok
19:59:12.0777 4948 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
19:59:12.0779 4948 vwifimp - ok
19:59:12.0886 4948 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
19:59:12.0920 4948 VX1000 - ok
19:59:13.0000 4948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:59:13.0002 4948 WacomPen - ok
19:59:13.0090 4948 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:59:13.0092 4948 WANARP - ok
19:59:13.0098 4948 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:59:13.0099 4948 Wanarpv6 - ok
19:59:13.0266 4948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:59:13.0268 4948 Wd - ok
19:59:13.0296 4948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:59:13.0301 4948 Wdf01000 - ok
19:59:13.0401 4948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:59:13.0401 4948 WfpLwf - ok
19:59:13.0415 4948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:59:13.0417 4948 WIMMount - ok
19:59:13.0531 4948 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
19:59:13.0533 4948 WinUsb - ok
19:59:13.0669 4948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:59:13.0669 4948 WmiAcpi - ok
19:59:13.0722 4948 WNMFLT (0411d0433e8c48ad24b2ef32d7c97ae0) C:\Windows\system32\Drivers\WNMFLT.SYS
19:59:13.0724 4948 WNMFLT - ok
19:59:13.0806 4948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:59:13.0807 4948 ws2ifsl - ok
19:59:13.0840 4948 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:59:13.0842 4948 WudfPf - ok
19:59:13.0859 4948 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:59:13.0861 4948 WUDFRd - ok
19:59:13.0938 4948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:59:13.0979 4948 \Device\Harddisk0\DR0 - ok
19:59:13.0987 4948 Boot (0x1200) (9af654fd54da4db02b5245b8a79ee96e) \Device\Harddisk0\DR0\Partition0
19:59:13.0989 4948 \Device\Harddisk0\DR0\Partition0 - ok
19:59:13.0999 4948 Boot (0x1200) (1cdf2e01b38ed29f2f777cb6b0b311f8) \Device\Harddisk0\DR0\Partition1
19:59:14.0000 4948 \Device\Harddisk0\DR0\Partition1 - ok
19:59:14.0004 4948 ============================================================
19:59:14.0004 4948 Scan finished
19:59:14.0004 4948 ============================================================
19:59:14.0012 4332 Detected object count: 0
19:59:14.0012 4332 Actual detected object count: 0


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 19:44:49
-----------------------------
19:44:49.851 OS Version: Windows 6.1.7600
19:44:49.851 Number of processors: 2 586 0x602
19:44:49.851 ComputerName: ZIANTE-PC UserName: Ria
19:45:04.281 Initialize success
19:45:09.195 AVAST engine defs: 12030300
19:45:15.825 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:45:15.840 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
19:45:15.840 Disk 0 MBR read successfully
19:45:15.856 Disk 0 MBR scan
19:45:15.856 Disk 0 Windows 7 default MBR code
19:45:15.872 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:45:15.903 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
19:45:15.918 Disk 0 scanning sectors +488394752
19:45:15.965 Disk 0 scanning C:\Windows\system32\drivers
19:45:25.419 Service scanning
19:45:35.078 Service MSICDSetup D:\CDriver.sys **LOCKED** 21
19:45:49.838 Modules scanning
19:46:04.299 Disk 0 trace - called modules:
19:46:04.315 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:46:04.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a27ac8]
19:46:04.330 3 CLASSPNP.SYS[8918d59e] -> nt!IofCallDriver -> [0x85a46918]
19:46:04.346 5 ACPI.sys[88b9d3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85a28030]
19:46:07.637 AVAST engine scan C:\Windows
19:46:09.946 AVAST engine scan C:\Windows\system32
19:46:30.679 File: C:\Windows\system32\fdWSDU.dll **INFECTED** Win32:Adware-YZ [Adw]
19:48:29.021 AVAST engine scan C:\Windows\system32\drivers
19:48:40.346 AVAST engine scan C:\Users\Ria
19:53:40.748 AVAST engine scan C:\ProgramData
19:54:31.197 Scan finished successfully
19:55:57.775 Disk 0 MBR has been saved successfully to "C:\Users\Ria\Desktop\MBR.dat"
19:55:57.782 The log file has been saved successfully to "C:\Users\Ria\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   559bytes   9 downloads


#8 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 March 2012 - 04:11 PM

Thanks :)

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#9 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 March 2012 - 05:28 PM

I was alerted to the presence of AVG Anti-Virus Free Edition 2011 but could not find the program to disable it, as far as i was aware it had been uninstalled when i purchased Panda internet security 2012

ComboFix 12-03-03.01 - Ria 03/03/2012 22:02:14.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2047.952 [GMT 0:00]
Running from: c:\users\Ria\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\setupsqm.exe
c:\windows\system32\oobe\windeploy.exe
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 22:09 . 2012-03-03 22:09 -------- d-----w- c:\users\Ria\AppData\Local\temp
2012-03-03 22:09 . 2012-03-03 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 21:51 . 2012-03-03 21:51 -------- d-----w- c:\program files\AVG
2012-02-29 21:53 . 2012-02-29 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-29 21:53 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 14:07 . 2012-02-17 14:07 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 18:33 . 2012-01-19 18:33 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2012-01-01 21:06 . 2012-01-01 21:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-01 21:06 . 2012-01-01 21:06 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-01 21:06 . 2012-01-01 21:06 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-01-01 21:06 . 2012-01-01 21:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-01 21:06 . 2012-01-01 21:06 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-01 21:06 . 2012-01-01 21:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-01 21:06 . 2012-01-01 21:06 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-01 21:06 . 2012-01-01 21:06 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-01 21:06 . 2012-01-01 21:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-01 21:06 . 2012-01-01 21:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-01 21:06 . 2012-01-01 21:06 367104 ----a-w- c:\windows\system32\html.iec
2012-01-01 21:06 . 2012-01-01 21:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-01 21:06 . 2012-01-01 21:06 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-01 21:06 . 2012-01-01 21:06 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-01 21:06 . 2012-01-01 21:06 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-01 21:06 . 2012-01-01 21:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-01 21:06 . 2012-01-01 21:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-01-01 21:06 . 2012-01-01 21:06 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-01 21:06 . 2012-01-01 21:06 1798144 ----a-w- c:\windows\system32\jscript9.dll
2012-01-01 21:06 . 2012-01-01 21:06 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-01 21:06 . 2012-01-01 21:06 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-01 21:05 . 2012-01-01 21:05 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-01-01 21:05 . 2012-01-01 21:05 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-01-01 21:05 . 2012-01-01 21:05 107520 ----a-w- c:\windows\system32\cdd.dll
2012-02-17 09:41 . 2012-01-02 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-06 137536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Spotify"="c:\users\Ria\AppData\Roaming\Spotify\Spotify.exe" [2012-01-21 4027056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-09 1699328]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 12:55 55552 ----a-w- c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2011-01-31 83528]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2012-01-19 13880]
S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256]
S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024]
S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2010-09-09 193864]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 14:54 159112]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\PskSvc.exe [2010-08-16 28992]
S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\neti1644.sys [2010-09-01 201032]
S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSFILTER
*NewlyCreated* - AVGIDSSHIM
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGTDIX
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2225925012-3545833670-1615589047-1000Core.job
- c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 20:55]
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2225925012-3545833670-1615589047-1000UA.job
- c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 20:55]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:22]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:22]
.
2012-03-03 c:\windows\Tasks\ZSAWUIJTRR.job
- c:\windows\system32\fdWSDU.dll [2011-12-27 12:20]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
FF - ProfilePath - c:\users\Ria\AppData\Roaming\Mozilla\Firefox\Profiles\0ickz2ae.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdbc2833b-7422-4396-be4b-5f87d95e583a%7D&mid=8c20324c161c47d69bdb9128c0850950-a283189a6064e30ab3943c3860298fc9f4e03249&ds=AVG&v=9.0.0.23&lang=en&pr=fr&d=2012-01-02%2015%3A56%3A38&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-03 22:12:25
ComboFix-quarantined-files.txt 2012-03-03 22:12
.
Pre-Run: 137,131,966,464 bytes free
Post-Run: 137,158,283,264 bytes free
.
- - End Of File - - 83F4A763288A6B6338D4D0B68C2BED53

#10 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 04 March 2012 - 08:16 AM

Please download AVG Remover from [url=http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe]here.
  • Close all open programs
  • Double click on avgremover.exe (if running Vista or Windows 7, right click on it and choose to run as an Administrator).
  • Follow the prompts to run the tool.
  • If after running the tool it prompts you to reboot the computer, please allow it to do so. If you are not prompted, please manually reboot the computer.



Open notepad and copy/paste the text in the Code-box below into it:

DeQuarantine::
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\setupsqm.exe
c:\windows\system32\oobe\windeploy.exe
Quit::


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\Dequarantine.txt which I will require in your next reply.


Please post in your next reply
DeQuarantine.txt
How is your System behaving now ?

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#11 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 04 March 2012 - 01:29 PM

When running comboxfix as you have stated above it is still saying that AVG 2011 is running. i have run the removal tool and rebooted a number of times with no success, however the removal tool has generated a log. after i ran combofix and posted the log last time, my system was a little unstable and took a log time to reboot but this seems to have rectified itself now. The redirection continues to occur.

#12 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 05 March 2012 - 07:29 AM

Hy there. Let me have a look over your MBR.


Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer.


Download dumpit and save it on the xPUD USB.

  • Insert your USB stick to your infected PC
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Doubleclick on the dumpit file


MBR.zip should be created on your flash drive, please attach it to your next reply.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#13 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 March 2012 - 12:35 PM

i have followed your instructions up until the booting from USB, i am pressing F12 but it is having no effect, is it possible that it may not be working because my keyboard is wireless USB? Sorry if that is a really stupid question but i can't make sense of it.

Thanks

#14 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 05 March 2012 - 03:02 PM

There are not any stupid questions, only stupid answers :)

It is possible and I recommend a PS/2 keyboard for this.
It could also be a different key.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#15 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 March 2012 - 05:54 PM

In which case i will have to go out and buy one which i wont be able to do until wednesday so i will be a little quiet for 2 days.

Thanks for your help and understanding.

#16 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 07 March 2012 - 03:33 PM

Hi Again,

I have managed to get a boot menu up by pressing F4, when i press F8 to go to advanced options i get the following choices

Safe mode
Safe mode with networking
safe mode with command prompt

Enable boot log
Enable low resolution video
Last known good configeration
directory services res mode
debugging mode

diasble auto restart after system error
Disable driver signature enforcement

but no boot from usb

Regards

#17 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 08 March 2012 - 01:47 AM

Hy there,

This is the advanced boot menu we do not need :)


Please try to press the DEL key immediatily after pressing the Powerbutton.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#18 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 08 March 2012 - 10:22 AM

Right i have pressed del after pressing the power button which has taken me to what i assume to be the bios menu. i looked through the options there and found the m-Flash one when i went in it says disabled with the options to select boot or something else, havent selected any yet as i wanted to make sure i was in the right place.

#19 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 908 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 09 March 2012 - 01:49 AM

Yes, this is the area we need.

It is not easy for me to explain as each BIOS is unique. Make sure "Boot from USB" is enabled.

In the Boot Order change your USB device to the top. If you are not sure, make a picture from your Options ( cam, mobile ) and post it here, then I should be able to give direct instructions :)

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#20 Ziante

Ziante

    New Member

  • Members
  • Pip
  • 16 posts

Posted 09 March 2012 - 12:38 PM

Attached File  IMG_4094.JPG   3.27MB   3 downloadsAttached File  IMG_4095.JPG   4.15MB   3 downloadsAttached File  IMG_4096.JPG   4.39MB   3 downloads

these are my options




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users