Sign in to follow this  
Followers 0
cunfused

cannot remove malware

52 posts in this topic

Well, I've tried a few things to fix the problem. hopefully I have not deleted anything that could have helped. Anyways, my problems are that when I click on a link after doing an internet search I get re-directed to a Ad website or a website completely unrelated. I am also now having audio commercials play in the background.

Here are the logs-

DDS Log.txt

DDS Log 2.txt

I REALLY appreciate the help.

Share this post


Link to post
Share on other sites

Hello cunfused and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next post, please include:

  • TDSSKiller log
  • ComboFix log

Share this post


Link to post
Share on other sites

Thanks for the help.

Any reason why ComboFix should be taking well over an hour and counting to scan? Says it should be 10-20min

All firewalls/security that I know of have been disabled.

Share this post


Link to post
Share on other sites

Do you still have the same problem? If yes, reboot your PC in Safe Mode with Networking, download a new fresh ComboFix copy and run it.

Share this post


Link to post
Share on other sites

Every time I run ComboFix, right after it starts running a window pops up and says

""""""" The recycle bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive? Yes / No """"""

Does this every time and whether I press yes or no ComboFix continues but scans for hours on end as I previously posted

Thanks so much for your time.

Share this post


Link to post
Share on other sites

Delete your copy of ComboFix, download a new fresh copy, boot in Safe Mode and run ComboFix. If ask you again, choose Yes and be patient.

Share this post


Link to post
Share on other sites

can't connect to the internet now troubleshooting says """Windows could not automatically detect this network's proxy settings"""

will try and put logs on flash drive and upload on a different computer

Share this post


Link to post
Share on other sites

Please follow my instructions strictly:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Share this post


Link to post
Share on other sites

TDSSKiller Log-

20:11:59.0238 5292 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07

20:11:59.0753 5292 ============================================================

20:11:59.0753 5292 Current date / time: 2012/03/03 20:11:59.0753

20:11:59.0753 5292 SystemInfo:

20:11:59.0753 5292

20:11:59.0753 5292 OS Version: 6.1.7601 ServicePack: 1.0

20:11:59.0753 5292 Product type: Workstation

20:11:59.0753 5292 ComputerName: REBEKAHS-LAPTOP

20:11:59.0753 5292 UserName: Rebekah

20:11:59.0753 5292 Windows directory: C:\windows

20:11:59.0753 5292 System windows directory: C:\windows

20:11:59.0753 5292 Processor architecture: Intel x86

20:11:59.0753 5292 Number of processors: 4

20:11:59.0753 5292 Page size: 0x1000

20:11:59.0753 5292 Boot type: Normal boot

20:11:59.0753 5292 ============================================================

20:12:03.0528 5292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:12:03.0528 5292 \Device\Harddisk0\DR0:

20:12:03.0528 5292 MBR used

20:12:03.0528 5292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x222C844C

20:12:03.0528 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x236FAC4C, BlocksNum 0x16C8ABE4

20:12:03.0762 5292 Initialize success

20:12:03.0762 5292 ============================================================

20:14:01.0417 0620 ============================================================

20:14:01.0417 0620 Scan started

20:14:01.0417 0620 Mode: Manual; SigCheck; TDLFS;

20:14:01.0417 0620 ============================================================

20:14:10.0122 0620 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

20:14:10.0247 0620 1394ohci - ok

20:14:10.0434 0620 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

20:14:10.0465 0620 ACPI - ok

20:14:10.0512 0620 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

20:14:10.0575 0620 AcpiPmi - ok

20:14:10.0777 0620 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

20:14:10.0809 0620 adp94xx - ok

20:14:10.0855 0620 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

20:14:10.0871 0620 adpahci - ok

20:14:10.0887 0620 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

20:14:10.0902 0620 adpu320 - ok

20:14:11.0089 0620 AFD (8fc69a5aa8a9fecc7f18a3addaa3ab7e) C:\windows\system32\drivers\afd.sys

20:14:11.0105 0620 Suspicious file (Forged): C:\windows\system32\drivers\afd.sys. Real md5: 8fc69a5aa8a9fecc7f18a3addaa3ab7e, Fake md5: 9ebbba55060f786f0fcaa3893bfa2806

20:14:11.0105 0620 AFD ( Virus.Win32.ZAccess.c ) - infected

20:14:11.0105 0620 AFD - detected Virus.Win32.ZAccess.c (0)

20:14:11.0136 0620 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

20:14:11.0152 0620 agp440 - ok

20:14:11.0292 0620 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

20:14:11.0308 0620 aic78xx - ok

20:14:11.0542 0620 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

20:14:11.0542 0620 aliide - ok

20:14:11.0573 0620 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

20:14:11.0589 0620 amdagp - ok

20:14:11.0885 0620 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

20:14:11.0901 0620 amdide - ok

20:14:11.0947 0620 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

20:14:11.0979 0620 AmdK8 - ok

20:14:12.0150 0620 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

20:14:12.0181 0620 AmdPPM - ok

20:14:12.0369 0620 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

20:14:12.0384 0620 amdsata - ok

20:14:12.0447 0620 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

20:14:12.0462 0620 amdsbs - ok

20:14:12.0509 0620 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

20:14:12.0509 0620 amdxata - ok

20:14:12.0696 0620 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

20:14:12.0821 0620 AppID - ok

20:14:13.0024 0620 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

20:14:13.0024 0620 arc - ok

20:14:13.0055 0620 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

20:14:13.0071 0620 arcsas - ok

20:14:13.0211 0620 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys

20:14:13.0726 0620 ArcSoftKsUFilter - ok

20:14:14.0334 0620 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

20:14:14.0365 0620 AsyncMac - ok

20:14:14.0506 0620 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

20:14:14.0521 0620 atapi - ok

20:14:14.0615 0620 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys

20:14:14.0724 0620 athr - ok

20:14:14.0943 0620 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\windows\system32\DRIVERS\AVGIDSEH.Sys

20:14:14.0989 0620 AVGIDSEH - ok

20:14:15.0208 0620 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\windows\system32\DRIVERS\avgtdix.sys

20:14:15.0223 0620 Avgtdix - ok

20:14:15.0442 0620 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

20:14:15.0473 0620 b06bdrv - ok

20:14:16.0066 0620 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

20:14:16.0097 0620 b57nd60x - ok

20:14:16.0284 0620 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

20:14:16.0331 0620 Beep - ok

20:14:16.0503 0620 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

20:14:16.0534 0620 blbdrive - ok

20:14:16.0846 0620 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

20:14:16.0908 0620 bowser - ok

20:14:16.0971 0620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

20:14:17.0002 0620 BrFiltLo - ok

20:14:17.0158 0620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

20:14:17.0205 0620 BrFiltUp - ok

20:14:17.0423 0620 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

20:14:17.0454 0620 Brserid - ok

20:14:18.0047 0620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

20:14:18.0078 0620 BrSerWdm - ok

20:14:18.0219 0620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

20:14:18.0250 0620 BrUsbMdm - ok

20:14:18.0281 0620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

20:14:18.0297 0620 BrUsbSer - ok

20:14:18.0499 0620 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

20:14:18.0531 0620 BthEnum - ok

20:14:18.0577 0620 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

20:14:18.0593 0620 BTHMODEM - ok

20:14:18.0640 0620 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

20:14:18.0687 0620 BthPan - ok

20:14:18.0780 0620 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

20:14:18.0811 0620 BTHPORT - ok

20:14:18.0983 0620 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

20:14:18.0999 0620 BTHUSB - ok

20:14:19.0186 0620 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

20:14:19.0233 0620 cdfs - ok

20:14:19.0451 0620 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

20:14:19.0498 0620 cdrom - ok

20:14:19.0560 0620 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

20:14:19.0591 0620 circlass - ok

20:14:20.0512 0620 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

20:14:20.0527 0620 CLFS - ok

20:14:20.0824 0620 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

20:14:20.0839 0620 CmBatt - ok

20:14:20.0886 0620 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

20:14:20.0902 0620 cmdide - ok

20:14:20.0964 0620 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

20:14:20.0980 0620 CNG - ok

20:14:21.0011 0620 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

20:14:21.0027 0620 Compbatt - ok

20:14:21.0073 0620 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

20:14:21.0089 0620 CompositeBus - ok

20:14:21.0136 0620 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

20:14:21.0151 0620 crcdisk - ok

20:14:21.0214 0620 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

20:14:21.0261 0620 DfsC - ok

20:14:21.0276 0620 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

20:14:21.0339 0620 discache - ok

20:14:21.0385 0620 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

20:14:21.0385 0620 Disk - ok

20:14:21.0463 0620 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys

20:14:21.0495 0620 Dot4 - ok

20:14:21.0557 0620 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys

20:14:21.0573 0620 Dot4Print - ok

20:14:21.0822 0620 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys

20:14:21.0853 0620 dot4usb - ok

20:14:21.0900 0620 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

20:14:21.0931 0620 drmkaud - ok

20:14:22.0072 0620 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

20:14:22.0103 0620 DXGKrnl - ok

20:14:22.0212 0620 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

20:14:22.0321 0620 ebdrv - ok

20:14:22.0477 0620 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

20:14:22.0493 0620 elxstor - ok

20:14:22.0555 0620 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

20:14:22.0571 0620 ErrDev - ok

20:14:22.0618 0620 EUCR (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS

20:14:22.0633 0620 EUCR - ok

20:14:22.0665 0620 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

20:14:22.0711 0620 exfat - ok

20:14:22.0743 0620 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

20:14:22.0789 0620 fastfat - ok

20:14:22.0977 0620 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

20:14:23.0008 0620 fdc - ok

20:14:23.0039 0620 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

20:14:23.0055 0620 FileInfo - ok

20:14:23.0070 0620 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

20:14:23.0101 0620 Filetrace - ok

20:14:23.0133 0620 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

20:14:23.0148 0620 flpydisk - ok

20:14:23.0257 0620 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

20:14:23.0289 0620 FltMgr - ok

20:14:23.0335 0620 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

20:14:23.0335 0620 FsDepends - ok

20:14:23.0413 0620 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys

20:14:23.0429 0620 fssfltr - ok

20:14:23.0476 0620 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

20:14:23.0491 0620 Fs_Rec - ok

20:14:23.0554 0620 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

20:14:23.0569 0620 fvevol - ok

20:14:23.0850 0620 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

20:14:23.0866 0620 gagp30kx - ok

20:14:24.0022 0620 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

20:14:24.0022 0620 GEARAspiWDM - ok

20:14:24.0209 0620 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

20:14:24.0225 0620 hcw85cir - ok

20:14:24.0303 0620 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

20:14:24.0334 0620 HdAudAddService - ok

20:14:24.0381 0620 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

20:14:24.0412 0620 HDAudBus - ok

20:14:24.0568 0620 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys

20:14:24.0599 0620 HECI - ok

20:14:24.0630 0620 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

20:14:24.0661 0620 HidBatt - ok

20:14:24.0693 0620 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

20:14:24.0708 0620 HidBth - ok

20:14:24.0755 0620 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

20:14:24.0771 0620 HidIr - ok

20:14:24.0973 0620 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys

20:14:24.0989 0620 HidUsb - ok

20:14:25.0223 0620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

20:14:25.0223 0620 HpSAMD - ok

20:14:25.0301 0620 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

20:14:25.0348 0620 HTTP - ok

20:14:25.0379 0620 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

20:14:25.0379 0620 hwpolicy - ok

20:14:25.0457 0620 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

20:14:25.0488 0620 i8042prt - ok

20:14:26.0284 0620 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

20:14:26.0299 0620 iaStorV - ok

20:14:26.0627 0620 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys

20:14:26.0923 0620 igfx - ok

20:14:27.0095 0620 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

20:14:27.0111 0620 iirsp - ok

20:14:27.0157 0620 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys

20:14:27.0204 0620 Impcd - ok

20:14:27.0454 0620 IntcAzAudAddService (d0a6c0ceb3b74a91884f804ff4f031c0) C:\windows\system32\drivers\RTKVHDA.sys

20:14:27.0532 0620 IntcAzAudAddService - ok

20:14:27.0579 0620 IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys

20:14:27.0859 0620 IntcDAud - ok

20:14:28.0483 0620 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

20:14:28.0499 0620 intelide - ok

20:14:28.0686 0620 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

20:14:28.0717 0620 intelppm - ok

20:14:28.0920 0620 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

20:14:28.0967 0620 IpFilterDriver - ok

20:14:29.0061 0620 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

20:14:29.0107 0620 IPMIDRV - ok

20:14:29.0201 0620 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

20:14:29.0232 0620 IPNAT - ok

20:14:29.0482 0620 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

20:14:29.0513 0620 IRENUM - ok

20:14:29.0544 0620 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

20:14:29.0560 0620 isapnp - ok

20:14:29.0872 0620 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

20:14:29.0887 0620 iScsiPrt - ok

20:14:30.0418 0620 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

20:14:30.0449 0620 kbdclass - ok

20:14:30.0589 0620 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

20:14:30.0605 0620 kbdhid - ok

20:14:30.0636 0620 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

20:14:30.0652 0620 KSecDD - ok

20:14:30.0683 0620 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

20:14:30.0699 0620 KSecPkg - ok

20:14:30.0761 0620 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

20:14:30.0792 0620 lltdio - ok

20:14:30.0979 0620 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

20:14:30.0995 0620 LSI_FC - ok

20:14:31.0011 0620 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

20:14:31.0011 0620 LSI_SAS - ok

20:14:31.0042 0620 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

20:14:31.0042 0620 LSI_SAS2 - ok

20:14:31.0073 0620 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

20:14:31.0073 0620 LSI_SCSI - ok

20:14:31.0120 0620 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

20:14:31.0151 0620 luafv - ok

20:14:31.0479 0620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys

20:14:31.0494 0620 MBAMProtector - ok

20:14:31.0806 0620 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys

20:14:31.0822 0620 MBAMSwissArmy - ok

20:14:31.0884 0620 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

20:14:31.0884 0620 megasas - ok

20:14:31.0993 0620 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

20:14:32.0009 0620 MegaSR - ok

20:14:32.0181 0620 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

20:14:32.0212 0620 Modem - ok

20:14:32.0259 0620 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

20:14:32.0274 0620 monitor - ok

20:14:32.0446 0620 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

20:14:32.0461 0620 mouclass - ok

20:14:32.0524 0620 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

20:14:32.0539 0620 mouhid - ok

20:14:32.0680 0620 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

20:14:32.0695 0620 mountmgr - ok

20:14:32.0742 0620 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

20:14:32.0758 0620 mpio - ok

20:14:32.0820 0620 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

20:14:32.0867 0620 mpsdrv - ok

20:14:32.0929 0620 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

20:14:32.0945 0620 MRxDAV - ok

20:14:33.0007 0620 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

20:14:33.0054 0620 mrxsmb - ok

20:14:33.0101 0620 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

20:14:33.0117 0620 mrxsmb10 - ok

20:14:33.0179 0620 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

20:14:33.0210 0620 mrxsmb20 - ok

20:14:33.0241 0620 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

20:14:33.0257 0620 msahci - ok

20:14:33.0351 0620 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

20:14:33.0366 0620 msdsm - ok

20:14:33.0460 0620 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

20:14:33.0491 0620 Msfs - ok

20:14:33.0507 0620 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

20:14:33.0569 0620 mshidkmdf - ok

20:14:33.0616 0620 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

20:14:33.0631 0620 msisadrv - ok

20:14:33.0772 0620 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

20:14:33.0803 0620 MSKSSRV - ok

20:14:33.0819 0620 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

20:14:33.0865 0620 MSPCLOCK - ok

20:14:33.0881 0620 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

20:14:33.0912 0620 MSPQM - ok

20:14:33.0943 0620 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

20:14:33.0959 0620 MsRPC - ok

20:14:34.0021 0620 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

20:14:34.0021 0620 mssmbios - ok

20:14:34.0068 0620 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

20:14:34.0100 0620 MSTEE - ok

20:14:34.0131 0620 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

20:14:34.0146 0620 MTConfig - ok

20:14:34.0178 0620 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

20:14:34.0178 0620 Mup - ok

20:14:34.0318 0620 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

20:14:34.0365 0620 NativeWifiP - ok

20:14:34.0458 0620 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

20:14:34.0474 0620 NDIS - ok

20:14:34.0614 0620 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

20:14:34.0661 0620 NdisCap - ok

20:14:34.0692 0620 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

20:14:34.0724 0620 NdisTapi - ok

20:14:34.0895 0620 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

20:14:34.0958 0620 Ndisuio - ok

20:14:35.0004 0620 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

20:14:35.0020 0620 NdisWan - ok

20:14:35.0067 0620 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

20:14:35.0114 0620 NDProxy - ok

20:14:35.0316 0620 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

20:14:35.0363 0620 NetBIOS - ok

20:14:35.0410 0620 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

20:14:35.0457 0620 NetBT - ok

20:14:35.0597 0620 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

20:14:35.0628 0620 nfrd960 - ok

20:14:35.0675 0620 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

20:14:35.0722 0620 Npfs - ok

20:14:35.0800 0620 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

20:14:35.0831 0620 nsiproxy - ok

20:14:35.0956 0620 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

20:14:36.0018 0620 Ntfs - ok

20:14:36.0206 0620 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

20:14:36.0252 0620 Null - ok

20:14:36.0315 0620 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

20:14:36.0330 0620 nvraid - ok

20:14:36.0362 0620 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

20:14:36.0377 0620 nvstor - ok

20:14:36.0440 0620 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

20:14:36.0455 0620 nv_agp - ok

20:14:36.0502 0620 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

20:14:36.0627 0620 ohci1394 - ok

20:14:36.0876 0620 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

20:14:36.0908 0620 Parport - ok

20:14:37.0032 0620 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

20:14:37.0048 0620 partmgr - ok

20:14:37.0095 0620 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

20:14:37.0126 0620 Parvdm - ok

20:14:37.0204 0620 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

20:14:37.0235 0620 pci - ok

20:14:37.0298 0620 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

20:14:37.0298 0620 pciide - ok

20:14:37.0344 0620 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

20:14:37.0360 0620 pcmcia - ok

20:14:37.0376 0620 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

20:14:37.0391 0620 pcw - ok

20:14:37.0422 0620 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

20:14:37.0485 0620 PEAUTH - ok

20:14:37.0703 0620 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

20:14:37.0750 0620 PptpMiniport - ok

20:14:37.0781 0620 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

20:14:37.0797 0620 Processor - ok

20:14:37.0953 0620 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

20:14:38.0015 0620 Psched - ok

20:14:38.0265 0620 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

20:14:38.0312 0620 ql2300 - ok

20:14:38.0358 0620 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

20:14:38.0358 0620 ql40xx - ok

20:14:38.0390 0620 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

20:14:38.0405 0620 QWAVEdrv - ok

20:14:38.0452 0620 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

20:14:38.0483 0620 RasAcd - ok

20:14:38.0514 0620 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

20:14:38.0561 0620 RasAgileVpn - ok

20:14:38.0608 0620 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

20:14:38.0670 0620 Rasl2tp - ok

20:14:38.0826 0620 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

20:14:38.0873 0620 RasPppoe - ok

20:14:38.0904 0620 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

20:14:38.0936 0620 RasSstp - ok

20:14:38.0967 0620 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

20:14:39.0014 0620 rdbss - ok

20:14:39.0029 0620 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

20:14:39.0060 0620 rdpbus - ok

20:14:39.0107 0620 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

20:14:39.0154 0620 RDPCDD - ok

20:14:39.0310 0620 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

20:14:39.0341 0620 RDPENCDD - ok

20:14:39.0372 0620 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

20:14:39.0419 0620 RDPREFMP - ok

20:14:39.0466 0620 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

20:14:39.0513 0620 RDPWD - ok

20:14:39.0653 0620 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

20:14:39.0669 0620 rdyboost - ok

20:14:39.0731 0620 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

20:14:39.0747 0620 RFCOMM - ok

20:14:39.0794 0620 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

20:14:39.0840 0620 rspndr - ok

20:14:39.0981 0620 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\windows\system32\DRIVERS\Rt86win7.sys

20:14:39.0996 0620 RTL8167 - ok

20:14:40.0043 0620 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

20:14:40.0074 0620 sbp2port - ok

20:14:40.0106 0620 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

20:14:40.0152 0620 scfilter - ok

20:14:40.0340 0620 sdbus (0328be1c7f1cba23848179f8762e391c) C:\windows\system32\drivers\sdbus.sys

20:14:40.0371 0620 sdbus - ok

20:14:40.0565 0620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

20:14:40.0623 0620 secdrv - ok

20:14:40.0786 0620 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

20:14:40.0803 0620 Serenum - ok

20:14:40.0820 0620 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

20:14:40.0851 0620 Serial - ok

20:14:40.0910 0620 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

20:14:40.0926 0620 sermouse - ok

20:14:40.0975 0620 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

20:14:41.0007 0620 sffdisk - ok

20:14:41.0018 0620 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

20:14:41.0037 0620 sffp_mmc - ok

20:14:41.0065 0620 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

20:14:41.0089 0620 sffp_sd - ok

20:14:41.0126 0620 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

20:14:41.0139 0620 sfloppy - ok

20:14:41.0189 0620 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

20:14:41.0199 0620 sisagp - ok

20:14:41.0230 0620 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

20:14:41.0238 0620 SiSRaid2 - ok

20:14:41.0265 0620 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

20:14:41.0275 0620 SiSRaid4 - ok

20:14:41.0303 0620 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

20:14:41.0338 0620 Smb - ok

20:14:41.0389 0620 smserial (19301c27f3425dc39f6c599f527e507d) C:\windows\system32\DRIVERS\smserial.sys

20:14:41.0447 0620 smserial - ok

20:14:41.0616 0620 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

20:14:41.0630 0620 spldr - ok

20:14:41.0732 0620 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

20:14:41.0818 0620 srv - ok

20:14:41.0983 0620 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

20:14:42.0003 0620 srv2 - ok

20:14:42.0026 0620 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

20:14:42.0051 0620 srvnet - ok

20:14:42.0192 0620 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

20:14:42.0204 0620 stexstor - ok

20:14:42.0273 0620 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

20:14:42.0283 0620 swenum - ok

20:14:42.0384 0620 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

20:14:42.0442 0620 Tcpip - ok

20:14:42.0616 0620 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

20:14:42.0646 0620 TCPIP6 - ok

20:14:42.0700 0620 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

20:14:42.0734 0620 tcpipreg - ok

20:14:42.0773 0620 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

20:14:42.0813 0620 TDPIPE - ok

20:14:42.0836 0620 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

20:14:42.0863 0620 TDTCP - ok

20:14:42.0924 0620 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

20:14:42.0972 0620 tdx - ok

20:14:43.0129 0620 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

20:14:43.0129 0620 TermDD - ok

20:14:43.0207 0620 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

20:14:43.0238 0620 tssecsrv - ok

20:14:43.0394 0620 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

20:14:43.0425 0620 TsUsbFlt - ok

20:14:43.0472 0620 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

20:14:43.0519 0620 tunnel - ok

20:14:43.0550 0620 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

20:14:43.0566 0620 uagp35 - ok

20:14:43.0737 0620 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

20:14:43.0784 0620 udfs - ok

20:14:43.0862 0620 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

20:14:43.0878 0620 uliagpkx - ok

20:14:43.0925 0620 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

20:14:43.0940 0620 umbus - ok

20:14:44.0003 0620 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

20:14:44.0034 0620 UmPass - ok

20:14:44.0221 0620 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys

20:14:44.0237 0620 USBAAPL - ok

20:14:44.0283 0620 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

20:14:44.0299 0620 usbccgp - ok

20:14:44.0377 0620 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

20:14:44.0408 0620 usbcir - ok

20:14:44.0486 0620 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

20:14:44.0517 0620 usbehci - ok

20:14:44.0595 0620 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

20:14:44.0627 0620 usbhub - ok

20:14:44.0642 0620 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

20:14:44.0673 0620 usbohci - ok

20:14:44.0720 0620 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

20:14:44.0736 0620 usbprint - ok

20:14:44.0767 0620 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

20:14:44.0798 0620 usbscan - ok

20:14:44.0845 0620 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

20:14:44.0876 0620 USBSTOR - ok

20:14:44.0892 0620 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

20:14:44.0923 0620 usbuhci - ok

20:14:45.0095 0620 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

20:14:45.0126 0620 usbvideo - ok

20:14:45.0282 0620 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

20:14:45.0297 0620 vdrvroot - ok

20:14:45.0329 0620 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

20:14:45.0360 0620 vga - ok

20:14:45.0391 0620 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

20:14:45.0422 0620 VgaSave - ok

20:14:45.0594 0620 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

20:14:45.0609 0620 vhdmp - ok

20:14:45.0750 0620 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

20:14:45.0765 0620 viaagp - ok

20:14:45.0812 0620 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

20:14:45.0828 0620 ViaC7 - ok

20:14:45.0875 0620 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

20:14:45.0890 0620 viaide - ok

20:14:45.0953 0620 vmwvusb (6ba3ed102ab24310a0259c8f9e29d5b8) C:\windows\system32\Drivers\vmwvusb.sys

20:14:45.0968 0620 vmwvusb - ok

20:14:46.0015 0620 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

20:14:46.0031 0620 volmgr - ok

20:14:46.0077 0620 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

20:14:46.0093 0620 volmgrx - ok

20:14:46.0155 0620 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

20:14:46.0171 0620 volsnap - ok

20:14:46.0218 0620 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

20:14:46.0218 0620 vsmraid - ok

20:14:46.0436 0620 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

20:14:46.0467 0620 vwifibus - ok

20:14:46.0483 0620 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

20:14:46.0514 0620 vwififlt - ok

20:14:46.0545 0620 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

20:14:46.0561 0620 vwifimp - ok

20:14:46.0592 0620 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

20:14:46.0608 0620 WacomPen - ok

20:14:46.0670 0620 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

20:14:46.0717 0620 WANARP - ok

20:14:46.0733 0620 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

20:14:46.0748 0620 Wanarpv6 - ok

20:14:47.0169 0620 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

20:14:47.0169 0620 Wd - ok

20:14:47.0216 0620 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

20:14:47.0232 0620 Wdf01000 - ok

20:14:47.0294 0620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

20:14:47.0325 0620 WfpLwf - ok

20:14:47.0357 0620 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

20:14:47.0372 0620 WIMMount - ok

20:14:47.0466 0620 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys

20:14:47.0481 0620 WinUsb - ok

20:14:47.0669 0620 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

20:14:47.0700 0620 WmiAcpi - ok

20:14:47.0762 0620 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

20:14:47.0793 0620 ws2ifsl - ok

20:14:48.0027 0620 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

20:14:48.0074 0620 WudfPf - ok

20:14:48.0168 0620 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

20:14:48.0199 0620 WUDFRd - ok

20:14:48.0308 0620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:14:48.0683 0620 \Device\Harddisk0\DR0 - ok

20:14:48.0698 0620 Boot (0x1200) (0ab899dd9894b18e69f3f1cfeee1cb74) \Device\Harddisk0\DR0\Partition0

20:14:48.0698 0620 \Device\Harddisk0\DR0\Partition0 - ok

20:14:48.0729 0620 Boot (0x1200) (a297ab96b028923b7df0bbdb100dd367) \Device\Harddisk0\DR0\Partition1

20:14:48.0729 0620 \Device\Harddisk0\DR0\Partition1 - ok

20:14:48.0729 0620 ============================================================

20:14:48.0729 0620 Scan finished

20:14:48.0729 0620 ============================================================

20:14:48.0745 3852 Detected object count: 1

20:14:48.0745 3852 Actual detected object count: 1

20:17:10.0153 3852 C:\windows\system32\drivers\afd.sys - copied to quarantine

20:17:20.0543 3852 Backup copy not found, trying to cure infected file..

20:17:20.0574 3852 Cure success, using it..

20:17:20.0605 3852 C:\windows\system32\drivers\afd.sys - will be cured on reboot

20:17:24.0427 3852 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure

20:18:14.0456 5288 Deinitialize success

ComboFix Log-

ComboFix 12-03-06.01 - Rebekah 03/07/2012 7:59.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2661 [GMT -8:00]

Running from: c:\users\Rebekah\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB4783$\4092104190

c:\windows\$NtUninstallKB4783$\4269206745\@

c:\windows\$NtUninstallKB4783$\4269206745\cfg.ini

c:\windows\$NtUninstallKB4783$\4269206745\Desktop.ini

c:\windows\$NtUninstallKB4783$\4269206745\L\xadqgnnk

c:\windows\$NtUninstallKB4783$\4269206745\oemid

c:\windows\$NtUninstallKB4783$\4269206745\U\00000001.@

c:\windows\$NtUninstallKB4783$\4269206745\U\00000002.@

c:\windows\$NtUninstallKB4783$\4269206745\U\00000004.@

c:\windows\$NtUninstallKB4783$\4269206745\U\80000000.@

c:\windows\$NtUninstallKB4783$\4269206745\U\80000004.@

c:\windows\$NtUninstallKB4783$\4269206745\U\80000032.@

c:\windows\$NtUninstallKB4783$\4269206745\version

c:\windows\system\svchost.exe

c:\windows\system32\Anydlc.dll

c:\windows\system32\certstore.dat

c:\windows\system32\FastUv32.dll

c:\windows\system32\moufiltr.dll

c:\windows\system32\NUSB3w32.dll

c:\windows\system32\pav_security.dll

c:\windows\system32\pavprsrv.dll

c:\windows\system32\QPSched.dll

c:\windows\system32\tvald.dll

c:\windows\system32\UPATC.dll

c:\windows\system32\v124.dll

c:\windows\system32\vaiomediaplatform-mobile-gateway.dll

.

Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected

Restored copy from - The cat found it :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_SPService

-------\Service_NecUsb

-------\Service_PTproct

.

.

((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))

.

.

2012-03-07 16:10 . 2012-03-07 16:13 -------- d-----w- c:\users\Rebekah\AppData\Local\temp

2012-03-07 16:10 . 2012-03-07 16:10 -------- d-----w- c:\users\Mcx1-REBEKAHS-LAPTOP\AppData\Local\temp

2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla

2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes

2012-03-01 06:22 . 2012-03-01 06:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes

2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes

2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-13 08:27 . 2012-02-13 08:27 -------- d-----w- c:\users\Benny\AppData\Local\DDMSettings

2012-02-10 04:05 . 2012-02-10 04:05 -------- d-----w- c:\users\Benny\AppData\Roaming\VMware

2012-02-10 04:03 . 2012-02-10 04:03 -------- d-----w- c:\users\Benny\AppData\Local\VMware

2012-02-10 03:54 . 2011-02-19 02:38 39984 ----a-w- c:\windows\system32\drivers\vmwvusb.sys

2012-02-10 03:53 . 2012-02-10 04:05 -------- d-----w- c:\programdata\VMware

2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\users\Rebekah\AppData\Local\VMware

2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\Common Files\VMware

2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\VMware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-07 15:57 . 2012-02-05 14:12 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-04 04:18 . 2011-06-16 00:41 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-12-14 17:49 . 2011-01-28 04:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]

"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968]

.

c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-01 40776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]

S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192]

S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Akamai REG_MULTI_SZ Akamai

NecUsbSevice REG_MULTI_SZ NecUsb

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

NICM

EUSBMSD

spcflt

yukonwxp

GameConsoleService

z525mdfl

PTproct

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32]

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msi.msn.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)

HKLM-Run-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

HKLM-Run-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

SafeBoot-69114608.sys

SafeBoot-82789974.sys

SafeBoot-99147773.sys

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**¨FM€6]

"LP_LastUpdateTime"="0"

"LP_LastCheckTime"=dword:4f512a1e

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fb,c6,d4,0a,ff,ba,46,ba,52,79,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fb,c6,d4,0a,ff,ba,46,ba,52,79,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(580)

c:\windows\system32\wsauth.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2012-03-07 08:17:30 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-07 16:17

.

Pre-Run: 64,465,801,216 bytes free

Post-Run: 66,606,153,728 bytes free

.

- - End Of File - - 261588BBE42D39DE83EF88BA4EF39D75

Share this post


Link to post
Share on other sites

Please uninstall the following application: uTorrentBar Toolbar.

Next:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\dds_trash_log.cmd

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-

[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-

[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-

[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"=-

[-HKEY_CURRENT_USER\Software\conduitEngine]

RegLockDel::
[HKEY_USERS\.Default\Software\AppDataLow\Software\Conduit]

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

new combofix log, thanks again for all your help on this,

ComboFix 12-03-06.01 - Rebekah 03/10/2012 5:23.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2902 [GMT -8:00]

Running from: C:\ComboFix.exe

Command switches used :: c:\users\Benny\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\windows\system32\dds_trash_log.cmd"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB4783$\1516076431

c:\windows\system32\dds_trash_log.cmd

.

.

((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))

.

.

2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Rebekah\AppData\Local\temp

2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Mcx1-REBEKAHS-LAPTOP\AppData\Local\temp

2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Benny\AppData\Local\temp

2012-03-07 15:55 . 2010-11-20 08:42 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla

2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes

2012-03-01 06:22 . 2012-03-01 06:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes

2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes

2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-13 08:27 . 2012-02-13 08:27 -------- d-----w- c:\users\Benny\AppData\Local\DDMSettings

2012-02-10 04:05 . 2012-02-10 04:05 -------- d-----w- c:\users\Benny\AppData\Roaming\VMware

2012-02-10 04:03 . 2012-02-10 04:03 -------- d-----w- c:\users\Benny\AppData\Local\VMware

2012-02-10 03:54 . 2011-02-19 02:38 39984 ----a-w- c:\windows\system32\drivers\vmwvusb.sys

2012-02-10 03:53 . 2012-02-10 04:05 -------- d-----w- c:\programdata\VMware

2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\users\Rebekah\AppData\Local\VMware

2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\Common Files\VMware

2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\VMware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-04 04:18 . 2011-06-16 00:41 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-12-14 17:49 . 2011-01-28 04:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]

"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968]

.

c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-01 40776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]

S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192]

S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Akamai REG_MULTI_SZ Akamai

NecUsbSevice REG_MULTI_SZ NecUsb

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

NICM

EUSBMSD

spcflt

yukonwxp

GameConsoleService

z525mdfl

PTproct

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32]

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msi.msn.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath -

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(544)

c:\windows\system32\wsauth.DLL

.

Completion time: 2012-03-10 05:32:11

ComboFix-quarantined-files.txt 2012-03-10 13:32

ComboFix2.txt 2012-03-07 16:17

.

Pre-Run: 66,312,720,384 bytes free

Post-Run: 66,007,371,776 bytes free

.

- - End Of File - - 9F17B7E61D1D6694D8C2FDA58480F3D3

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Share this post


Link to post
Share on other sites

<p>The laptop has no internet connection.</p>

<p> </p>

<p>I tried getting the latest update for malwarebytes but it said it was outdated.  Also was not able do start the ESET online scanner.</p>

<p> </p>

<p>Here is the malwarebytes log-</p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware (Trial) 1.60.1.1000</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.01.13.04</div>

<div> </div>

<div>Windows 7 Service Pack 1 x86 NTFS</div>

<div>Internet Explorer 8.0.7601.17514</div>

<div>Rebekah :: REBEKAHS-LAPTOP [administrator]</div>

<div> </div>

<div>Protection: Disabled</div>

<div> </div>

<div>3/10/2012 8:01:43 PM</div>

<div>mbam-log-2012-03-10 (20-01-43).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 212213</div>

<div>Time elapsed: 6 minute(s), 23 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 1</div>

<div>HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

Share this post


Link to post
Share on other sites

You don't have internet connection since your system is infected?

Share this post


Link to post
Share on other sites

lost internet connection after running comboFix. I have tried to re install the cisco software but no luck. next I was going to reset the router but am a little nervous of loosing a connection with the only good computer I have left.

Share this post


Link to post
Share on other sites

Please locate to C:\Qoobox\ComboFix-quarantined-files.txt and post its content.

Share this post


Link to post
Share on other sites

<p> </p>

<div>2012-03-10 13:23:14 . 2012-03-10 13:23:14                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt</div>

<div>2012-03-07 16:16:57 . 2012-03-07 16:16:57              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-99147773.sys.reg.dat</div>

<div>2012-03-07 16:16:57 . 2012-03-07 16:16:57              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-82789974.sys.reg.dat</div>

<div>2012-03-07 16:16:57 . 2012-03-07 16:16:57              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-69114608.sys.reg.dat</div>

<div>2012-03-07 16:16:50 . 2012-03-07 16:16:50              184 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ROC_roc_dec12.reg.dat</div>

<div>2012-03-07 16:16:49 . 2012-03-07 16:16:49              166 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SwitchBoard.reg.dat</div>

<div>2012-03-07 16:16:49 . 2012-03-07 16:16:49              210 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AdobeCS5ServiceManager.reg.dat</div>

<div>2012-03-07 16:16:48 . 2012-03-07 16:16:48              150 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2}.reg.dat</div>

<div>2012-03-07 16:16:48 . 2012-03-07 16:16:48              249 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}.reg.dat</div>

<div>2012-03-07 16:16:48 . 2012-03-07 16:16:48              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat</div>

<div>2012-03-07 16:16:48 . 2012-03-07 16:16:48              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat</div>

<div>2012-03-07 16:16:47 . 2012-03-07 16:16:47              132 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat</div>

<div>2012-03-07 16:16:47 . 2012-03-07 16:16:47               92 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat</div>

<div>2012-03-07 16:16:45 . 2012-03-07 16:16:45              118 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat</div>

<div>2012-03-07 16:10:53 . 2012-03-07 16:10:53            3,923 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system\_svchost_.exe.zip</div>

<div>2012-03-07 16:10:45 . 2012-03-07 16:10:53            7,680 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system\svchost.exe.vir</div>

<div>2012-03-07 16:10:07 . 2012-03-07 16:10:07            1,952 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_PTproct.reg.dat</div>

<div>2012-03-07 16:10:07 . 2012-03-07 16:10:07            1,842 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_NecUsb.reg.dat</div>

<div>2012-03-07 16:07:19 . 2012-03-07 16:07:19            2,500 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_SPService.reg.dat</div>

<div>2012-03-07 16:07:10 . 2012-03-10 13:28:00           14,422 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg</div>

<div>2012-03-07 15:57:51 . 2012-03-07 15:57:51              858 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\version.vir</div>

<div>2012-03-07 15:57:41 . 2012-03-07 15:57:41            2,048 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\@.vir</div>

<div>2012-03-07 15:57:41 . 2012-03-07 15:57:51              297 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\cfg.ini.vir</div>

<div>2012-03-07 15:57:41 . 2012-03-07 15:57:41          338,944 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\L\xadqgnnk.vir</div>

<div>2012-03-07 15:57:41 . 2012-03-07 15:57:41                0 -c--a-we  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\1516076431.vir</div>

<div>2012-03-06 04:19:45 . 2012-03-06 04:19:45                8 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\oemid.vir</div>

<div>2012-03-05 15:54:20 . 2012-03-07 15:57:50            2,048 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\00000001.@.vir</div>

<div>2012-03-04 09:00:52 . 2012-03-07 05:54:56            4,608 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\Desktop.ini.vir</div>

<div>2012-03-04 09:00:42 . 2012-03-04 09:00:42                0 -c--a-we  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4092104190.vir</div>

<div>2012-03-04 04:54:33 . 2012-03-10 13:23:14              639 ----a-w-  C:\Qoobox\Quarantine\catchme.log</div>

<div>2012-02-10 12:03:04 . 2012-03-07 15:57:51           66,560 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\80000000.@.vir</div>

<div>2012-02-05 14:12:14 . 2012-03-07 15:57:51                0 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\dds_trash_log.cmd.vir</div>

<div>2012-02-03 15:27:35 . 2012-02-03 15:27:35           53,248 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\FastUv32.dll.vir</div>

<div>2012-02-03 15:27:34 . 2012-02-03 15:27:34          157,184 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\NUSB3w32.dll.vir</div>

<div>2012-01-29 00:09:53 . 2012-03-07 15:57:51           73,216 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\80000032.@.vir</div>

<div>2011-12-02 12:07:49 . 2012-03-07 15:57:52          224,768 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\00000002.@.vir</div>

<div>2011-11-29 13:10:08 . 2012-03-07 15:57:50           12,800 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\80000004.@.vir</div>

<div>2011-11-02 17:48:14 . 2012-03-07 15:57:50            1,024 -c--a-w-  C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\00000004.@.vir</div>

<div>2011-04-14 21:49:15 . 2011-03-11 05:33:59           49,156 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\certstore.dat.vir</div>

<div>2011-03-26 22:51:43 . 2010-11-20 08:42:32           78,336 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir</div>

<div>2011-03-26 22:51:43 . 2010-11-20 08:42:32           78,336 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir_</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\Anydlc.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\moufiltr.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\pavprsrv.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\pav_security.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\QPSched.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\tvald.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\UPATC.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\v124.dll.vir</div>

<div>2009-07-13 23:19:28 . 2009-07-14 01:14:41            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\vaiomediaplatform-mobile-gateway.dll.vir</div>

<div> </div>

Share this post


Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Farbar Service Scanner Version: 01-03-2012

Ran by Rebekah (administrator) on 13-03-2012 at 22:03:41

Running from "C:\Users\Rebekah\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

File Check:

========

C:\windows\system32\nsisvc.dll => MD5 is legit

C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\windows\system32\dhcpcore.dll => MD5 is legit

C:\windows\system32\Drivers\afd.sys

[2011-06-15 17:41] - [2012-03-03 21:18] - 0338944 ____A () 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E

C:\windows\system32\Drivers\tdx.sys => MD5 is legit

C:\windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\windows\system32\dnsrslvr.dll => MD5 is legit

C:\windows\system32\mpssvc.dll => MD5 is legit

C:\windows\system32\bfe.dll => MD5 is legit

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\windows\system32\SDRSVC.dll => MD5 is legit

C:\windows\system32\vssvc.exe => MD5 is legit

C:\windows\system32\wscsvc.dll => MD5 is legit

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\windows\system32\wuaueng.dll => MD5 is legit

C:\windows\system32\qmgr.dll => MD5 is legit

C:\windows\system32\es.dll => MD5 is legit

C:\windows\system32\cryptsvc.dll => MD5 is legit

C:\windows\system32\svchost.exe => MD5 is legit

C:\windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *afd.sys*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 19:54 on 14/03/2012 by Rebekah

Administrator - Elevation successful

========== filefind ==========

Searching for "*afd.sys*"

C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [00:41 16/06/2011] [04:18 04/03/2012] 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E

C:\Windows\System32\drivers\en-US\afd.sys.mui --a---- 14848 bytes [04:55 14/07/2009] [02:08 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D

C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4bbf167edfba3058_afd.sys.mui_ff192075 --a---- 14848 bytes [04:56 14/07/2009] [04:56 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D

C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a_afd.sys_084af4a8 --a---- 338944 bytes [00:48 16/06/2011] [00:41 16/06/2011] 9EBBBA55060F786F0FCAA3893BFA2806

C:\Windows\winsxs\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4bbf167edfba3058\afd.sys.mui --a---- 14848 bytes [04:55 14/07/2009] [02:08 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [22:51 26/03/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [00:41 16/06/2011] [04:18 04/03/2012] 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [00:41 16/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5

-= EOF =-

Share this post


Link to post
Share on other sites

Please visit www.virustotal.com and upload the following file:

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

Wait until scan is completed and copy/paste the link here.

Share this post


Link to post
Share on other sites

It has been scanning for hours now. I have a highspeed connection. file size- 331kb

After letting it sit for 5 hours. next I tried deleting the file and then reloading it again which is where I am at now started scanning at 5am my time.

Is the problem because I am having to upload it from a flash drive. Reason being I dont have internet connection on other computer and this computer will not allow me to copy it anywhere.

And, Really want to thank you for your help. Will definitely be donating when this is all finished.

Share this post


Link to post
Share on other sites

It is okay.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys | C:\Windows\System32\drivers\afd.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.