also @ TechSpot: Yahoo redesigns Flickr, adds 1 terabyte of free storage and more

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Trojan horse Crypt.AQLW, Internet pops up, computer crashing

Discussion in 'Virus and Malware Removal' started by Pr011, Feb 24, 2012.

Post New Reply

Page 1 of 5

Pr011 Newcomer, in training Posts: 66

Hello Chaps. Hope you can help with a malware infection.

My AVG is constantly coming up with Trojan Horse Crypt.AQLW, and firefox is now generating pop ups. The computer also seems unstable and I have had two BSOD today.

Many thanks for your help and consideration.

My GMER/DDS logs will follow this post:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.24.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Mark :: MARK-PC [administrator]

Protection: Enabled

24/02/2012 23:14:07
mbam-log-2012-02-24 (23-14-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198016
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Pr011, Feb 24, 2012

#1
Pr011 Newcomer, in training Posts: 66

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-24 23:26:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 WDC_WD1600AAJB-00PVA0 rev.00.07H00
Running: jywt1xli.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kxldypoc.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85BCD1F8
Device \Driver\atapi \Device\Ide\IdePort0 85BCD1F8
Device \Driver\atapi \Device\Ide\IdePort1 85BCD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 85BCD1F8
Device \Driver\amos54w1 \Device\Scsi\amos54w11Port6Path0Target0Lun0 87B3F488
Device \Driver\amos54w1 \Device\Scsi\amos54w11 87B3F488
Device \FileSystem\Ntfs \Ntfs 85BD01F8
Device \FileSystem\fastfat \Fat 8A6D31F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 3176

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_31
Run by Mark at 23:37:39 on 2012-02-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2196 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\dlbtcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Steam] "f:\program files\steam\steam.exe" -silent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\WG311v3.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: mod.uk\www.westminster
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-10 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-24 652360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-11-4 14336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-24 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2008-6-26 53307]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-12 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 jbridgep;jbridgep;c:\users\mark\appdata\local\temp\jbridgep.sys [2011-6-16 29696]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-8-22 7168]
.
=============== Created Last 30 ================
.
2012-02-24 22:59:08 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes
2012-02-24 22:59:02 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 22:59:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-22 00:15:02 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15:02 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15:02 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15:02 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15:02 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15:02 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15:02 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47:00 -------- d-----w- c:\users\mark\appdata\roaming\AVG2012
2012-02-17 22:44:41 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-17 22:44:41 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58:41 -------- d-----w- c:\programdata\MFAData
2012-02-14 20:06:03 -------- d-----w- c:\users\mark\appdata\roaming\Usukmo
2012-02-14 20:06:03 -------- d-----w- c:\users\mark\appdata\roaming\Mywara
2012-02-12 11:17:03 -------- d-----w- c:\users\mark\appdata\roaming\Xete
2012-02-12 11:17:03 -------- d-----w- c:\users\mark\appdata\roaming\Aktuot
2012-02-11 23:20:56 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-09 20:05:44 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
==================== Find3M ====================
.
2012-02-24 22:55:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
============= FINISH: 23:39:28.13 ===============

Pr011, Feb 24, 2012

#2
Pr011 Newcomer, in training Posts: 66

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/01/2008 05:59:09
System Uptime: 24/02/2012 23:34:36 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N32-E SLI PLUS
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 34.749 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is FIXED (NTFS) - 596 GiB total, 318.689 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&276FBEC1&0&3078
Manufacturer: Marvell
Name: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&276FBEC1&0&3078
Service: MRV6X32P
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 3300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart 3300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP2025dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3Connect
8600_Help
8600_Readme
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.3.1
Amazon MP3 Downloader 1.0.9
Apple Software Update
Audacity 1.2.6
AVG 2012
Batman: Arkham Asylum
BioShock
BioShock 2
Borderlands
BPD_HPSU
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner (remove only)
Command & Conquer Windows 95
Compatibility Pack for the 2007 Office system
Creative Jukebox Driver
Dead Island
Deus Ex: Human Revolution
DeviceDiscovery
DeviceManagementQFolder
doPDF 7.2 printer
Dragon Age: Origins
Dragon Age: Origins - Awakening
EA Download Manager
Earth 2150
eMule
eSupportQFolder
Fallout Mod Manager 0.9.15
Fallout: New Vegas
FreeSpace 2
Galactic Civilizations
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Gratuitous Space Battles
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP Officejet Pro K8600 Series
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Impulse
IvanView
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
K8600
Knights and Merchants - The Peasants Rebellion
LAME v3.98.2 for Audacity
Linksys Wireless-G USB Network Adapter
Malwarebytes Anti-Malware version 1.60.1.1000
Mass Effect
Mass Effect 2
Master of Orion II
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft StarLancer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mirror's Edge™
Motherboard Monitor 5
Mozilla Firefox 8.0.1 (x86 en-GB)
MPM
MS Access 97 SP2
NetDeviceManager
NETGEAR WG311v3 PCI Adapter
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 295.73
NVIDIA 3D Vision Driver 295.73
NVIDIA Control Panel 295.73
NVIDIA Drivers
NVIDIA Graphics Driver 295.73
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
Oni
OpenAL
Operation Flashpoint: Dragon Rising
Portal 2
ProductContext
PunkBuster Services
PVSonyDll
QuickTime
RAD Video Tools
RAGE
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Sid Meier's Civilization IV
Sid Meier's Civilization V
Sid Meier's Railroads!
SimCity 4 Deluxe
Sins of a Solar Empire
Sins of a Solar Empire - Entrenchment
SolutionCenter
SoundMAX
Status
Steam
System Requirements Lab
The Elder Scrolls V: Skyrim
The Moon Project
The Witcher 2
Tomb Raider: Anniversary
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.1.7
Vodafone Mobile Connect
Vodafone Mobile Connect Lite Runtime Components
Warhammer 40,000 Space Marine
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War â€“ Dark Crusade
Warhammer 40,000: Dawn of War â€“ Winter Assault
Warzone 2100
WebReg
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Messenger
WinRAR archiver
Wireless Manager
Worms Reloaded Demo
ZTE_MF6X6_USB_MODEM_1.2050.0.6
.
==== Event Viewer Messages From Past Week ========
.
24/02/2012 23:36:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
24/02/2012 23:36:36, Error: Service Control Manager [7023] - The WUSB54GSv2SVC service terminated with the following error: The parameter is incorrect.
24/02/2012 23:36:36, Error: Service Control Manager [7023] - The WcesComm service terminated with the following error: The specified module could not be found.
24/02/2012 23:36:36, Error: Service Control Manager [7023] - The PSI_SVC_2 service terminated with the following error: The specified module could not be found.
24/02/2012 23:36:36, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found.
24/02/2012 23:36:36, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
24/02/2012 23:36:36, Error: Service Control Manager [7023] - The Cmudau service terminated with the following error: The specified module could not be found.
24/02/2012 23:36:36, Error: Service Control Manager [7023] - The A8djusb service terminated with the following error: The specified module could not be found.
24/02/2012 23:36:36, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
24/02/2012 23:36:36, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
24/02/2012 23:36:36, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
24/02/2012 23:36:36, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/02/2012 23:35:41, Error: EventLog [6008] - The previous system shutdown at 23:33:16 on 24/02/2012 was unexpected.
24/02/2012 23:12:14, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: Access is denied.
24/02/2012 22:57:13, Error: Service Control Manager [7023] - The PSI_SVC_2 service terminated with the following error: Access is denied.
24/02/2012 22:43:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows Mail Junk E-mail Filter [January 2012] (KB905866).
24/02/2012 22:42:14, Error: Service Control Manager [7023] - The WcesComm service terminated with the following error: Access is denied.
24/02/2012 22:41:13, Error: Service Control Manager [7023] - The Cmudau service terminated with the following error: Access is denied.
24/02/2012 22:06:38, Error: EventLog [6008] - The previous system shutdown at 19:37:12 on 24/02/2012 was unexpected.
24/02/2012 18:14:18, Error: EventLog [6008] - The previous system shutdown at 18:12:11 on 24/02/2012 was unexpected.
24/02/2012 17:32:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
22/02/2012 01:06:51, Error: EventLog [6008] - The previous system shutdown at 01:03:51 on 22/02/2012 was unexpected.
17/02/2012 22:55:28, Error: EventLog [6008] - The previous system shutdown at 22:53:18 on 17/02/2012 was unexpected.
17/02/2012 21:57:10, Error: netbt [4313] - Unable to open the Registry Linkage to read configuration information.
17/02/2012 14:45:20, Error: EventLog [6008] - The previous system shutdown at 21:08:02 on 14/02/2012 was unexpected.
.
==== End Of File ===========================

Pr011, Feb 24, 2012

#3
Pr011 Newcomer, in training Posts: 66

Logs posted above,

Thanks for your help guys!

Pr011, Feb 24, 2012

#4
Broni Malware Annihilator Posts: 39,323 +175
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
Broni, Feb 24, 2012

#5

Pr011 Newcomer, in training Posts: 66

Hello again

Are there some posts missing from this thread?

I thought I was going mad but found the email notifications from the thread telling me to install combofix, but they no longer appear in the thread?!

Anyhow, I uninstalled AVG and now when the computer boots I get a suspicious pop up box stating "The recycle bin on C:\ is corrupted, Do you want to empty the recycle bin on this drive?" with a yes and no option,

I ran Combofix as instructed but the system seemed to lock up on the search part. I let it run for a few hours and got an error message stating that "freeware implementation of XCACLAS has stopped working". I closed that, I then got a message stating it was a bad infection that would take time to clear up. The machine then rebooted itself but got into a cycle where it would reboot on reaching the password prompt screen, briefly displaying a message about group access before rebooting. I let it reboot itself about a dozen times and then launched it in safe mode which was successful, but I still get the prompt box about Recycle bin, and when running in safe mode, combofix upacks itself but doesn't seem to run...

Pr011, Feb 25, 2012

#6

Pr011 Newcomer, in training Posts: 66

Further to the above, any attempt to boot normally puts the machine into a reboot loop again.

Pr011, Feb 25, 2012

#7
Broni Malware Annihilator Posts: 39,323 +175

First of all I didn't ask you to run Combofix.

Run tools mentioned in my previous reply from safe mode.

Broni, Feb 25, 2012

#8
Pr011 Newcomer, in training Posts: 66

Hello again,

I am very grateful for your help, which I know I am not being charged for; and I will donate to your site regardless of the outcome, but I do have this email in my account; and the post was definately in the thread:

"Dear Pr011,

Broni has just replied to a discussion you have subscribed to entitled "Trojan Horse Crypt.AQLW, Internet pops up, computer crashing" in the Virus and Malware Removal forum at TechSpot.

You can read this discussion at:
http://www.techspot.com/vb/newintopic177970.html

Here is the message that has just been posted:

***************
Please download ComboFix from *Here* (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or *Here* (http://www.infospyware.net/antimalware/combofix/) to your Desktop.

***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***
* Never rename Combofix unless instructed.
* Close any open browsers.
* Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix..." etc etc

I do not wish to cause any problems and it is not for me to argue when I am being helped (esp. for free!), but I did get the instruction to run combofix, I know there was sever maintenance last night on site, maybe that explains it??

I will run the tools requested from safe mode and post. Again, thanks for your help.

Pr011, Feb 25, 2012

#9
Pr011 Newcomer, in training Posts: 66

My logs:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 00:34:37
-----------------------------
00:34:37.958 OS Version: Windows 6.0.6002 Service Pack 2
00:34:37.958 Number of processors: 4 586 0xF0B
00:34:37.959 ComputerName: MARK-PC UserName: Mark
00:34:55.903 Initialize success
00:39:56.449 AVAST engine defs: 12022502
00:41:12.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
00:41:12.288 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
00:41:12.291 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000059
00:41:12.295 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
00:41:12.323 Disk 0 MBR read successfully
00:41:12.326 Disk 0 MBR scan
00:41:12.331 Disk 0 Windows VISTA default MBR code
00:41:12.336 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
00:41:12.342 Disk 0 scanning sectors +312578048
00:41:12.409 Disk 0 scanning C:\Windows\system32\drivers
00:41:13.676 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
00:41:21.994 Disk 0 trace - called modules:
00:41:22.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
00:41:22.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3d470]
00:41:22.053 3 CLASSPNP.SYS[8b5a78b3] -> nt!IofCallDriver -> [0x85c5c598]
00:41:22.060 5 acpi.sys[82e0f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c9a8a0]
00:41:22.067 \Driver\atapi[0x85c6c6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
00:41:22.724 AVAST engine scan C:\Windows
00:41:26.017 AVAST engine scan C:\Windows\system32
00:44:05.788 AVAST engine scan C:\Windows\system32\drivers
00:44:06.973 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
00:44:16.571 AVAST engine scan C:\Users\Mark
00:45:18.898 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
00:45:18.915 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

Pr011, Feb 25, 2012

#10
Pr011 Newcomer, in training Posts: 66

Hello again,

The download link for BTKR_runbox appears to be dead... I get an error screen in french telling me it's not available.

Pr011, Feb 25, 2012

#11
Broni Malware Annihilator Posts: 39,323 +175
Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Click on SCAN.
[/b]

A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Broni, Feb 25, 2012

#12
Pr011 Newcomer, in training Posts: 66

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Mark [Admin rights]
Mode: Scan -- Date: 02/26/2012 01:13:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJB-00PVA0 ATA Device +++++
--- User ---
[MBR] 7be4d50977873353752aa4c68214641c
[BSP] 40f40e7e33546ef3548f3ee71c27c7ca : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD64 01AALS-00L3B SCSI Disk Device +++++
--- User ---
[MBR] 8a22d489db3b89375fd554178146aad4
[BSP] bac0c001ecfd76fe391e8a7490c585ab : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Pr011, Feb 25, 2012

#13
Broni Malware Annihilator Posts: 39,323 +175
Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Feb 25, 2012

#14
Pr011 Newcomer, in training Posts: 66

01:22:01.0653 0512 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
01:22:01.0789 0512 ============================================================
01:22:01.0789 0512 Current date / time: 2012/02/26 01:22:01.0789
01:22:01.0789 0512 SystemInfo:
01:22:01.0789 0512
01:22:01.0789 0512 OS Version: 6.0.6002 ServicePack: 2.0
01:22:01.0789 0512 Product type: Workstation
01:22:01.0789 0512 ComputerName: MARK-PC
01:22:01.0789 0512 UserName: Mark
01:22:01.0789 0512 Windows directory: C:\Windows
01:22:01.0789 0512 System windows directory: C:\Windows
01:22:01.0789 0512 Processor architecture: Intel x86
01:22:01.0789 0512 Number of processors: 4
01:22:01.0789 0512 Page size: 0x1000
01:22:01.0789 0512 Boot type: Safe boot with network
01:22:01.0789 0512 ============================================================
01:22:02.0721 0512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:22:02.0728 0512 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:22:02.0729 0512 \Device\Harddisk0\DR0:
01:22:02.0730 0512 MBR used
01:22:02.0730 0512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
01:22:02.0730 0512 \Device\Harddisk1\DR1:
01:22:02.0730 0512 MBR used
01:22:02.0730 0512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
01:22:02.0765 0512 Initialize success
01:22:02.0765 0512 ============================================================
01:22:11.0706 1620 ============================================================
01:22:11.0706 1620 Scan started
01:22:11.0706 1620 Mode: Manual;
01:22:11.0706 1620 ============================================================
01:22:12.0155 1620 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:22:12.0159 1620 ACPI - ok
01:22:12.0216 1620 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
01:22:12.0220 1620 ADIHdAudAddService - ok
01:22:12.0256 1620 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:22:12.0262 1620 adp94xx - ok
01:22:12.0290 1620 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:22:12.0294 1620 adpahci - ok
01:22:12.0318 1620 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:22:12.0319 1620 adpu160m - ok
01:22:12.0344 1620 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:22:12.0345 1620 adpu320 - ok
01:22:12.0416 1620 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:22:12.0419 1620 AFD - ok
01:22:12.0449 1620 AFGMp50 - ok
01:22:12.0504 1620 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
01:22:12.0505 1620 AFGSp50 - ok
01:22:12.0548 1620 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
01:22:12.0549 1620 agp440 - ok
01:22:12.0582 1620 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:22:12.0583 1620 aic78xx - ok
01:22:12.0628 1620 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
01:22:12.0629 1620 aliide - ok
01:22:12.0667 1620 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
01:22:12.0667 1620 amdagp - ok
01:22:12.0683 1620 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
01:22:12.0683 1620 amdide - ok
01:22:12.0706 1620 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:22:12.0706 1620 AmdK7 - ok
01:22:12.0740 1620 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
01:22:12.0740 1620 AmdK8 - ok
01:22:12.0773 1620 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:22:12.0773 1620 arc - ok
01:22:12.0796 1620 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:22:12.0796 1620 arcsas - ok
01:22:12.0840 1620 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:22:12.0840 1620 AsyncMac - ok
01:22:12.0882 1620 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:22:12.0882 1620 atapi - ok
01:22:12.0983 1620 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:22:12.0984 1620 Beep - ok
01:22:13.0009 1620 blbdrive - ok
01:22:13.0053 1620 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:22:13.0053 1620 bowser - ok
01:22:13.0086 1620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:22:13.0087 1620 BrFiltLo - ok
01:22:13.0111 1620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:22:13.0111 1620 BrFiltUp - ok
01:22:13.0142 1620 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:22:13.0143 1620 Brserid - ok
01:22:13.0166 1620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:22:13.0166 1620 BrSerWdm - ok
01:22:13.0189 1620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:22:13.0189 1620 BrUsbMdm - ok
01:22:13.0213 1620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:22:13.0214 1620 BrUsbSer - ok
01:22:13.0243 1620 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:22:13.0243 1620 BTHMODEM - ok
01:22:13.0300 1620 catchme - ok
01:22:13.0347 1620 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:22:13.0348 1620 cdfs - ok
01:22:13.0387 1620 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:22:13.0387 1620 cdrom - ok
01:22:13.0438 1620 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:22:13.0439 1620 circlass - ok
01:22:13.0485 1620 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:22:13.0488 1620 CLFS - ok
01:22:13.0520 1620 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
01:22:13.0520 1620 cmdide - ok
01:22:13.0542 1620 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
01:22:13.0542 1620 Compbatt - ok
01:22:13.0566 1620 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:22:13.0566 1620 crcdisk - ok
01:22:13.0598 1620 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:22:13.0598 1620 Crusoe - ok
01:22:13.0695 1620 DfsC (048d6fec8033b3c0ed624693ec9ada2b) C:\Windows\system32\Drivers\dfsc.sys
01:22:13.0696 1620 DfsC ( Virus.Win32.ZAccess.c ) - infected
01:22:13.0696 1620 DfsC - detected Virus.Win32.ZAccess.c (0)
01:22:13.0763 1620 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:22:13.0763 1620 disk - ok
01:22:13.0823 1620 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
01:22:13.0824 1620 Dot4 - ok
01:22:13.0870 1620 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:22:13.0870 1620 Dot4Print - ok
01:22:13.0888 1620 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
01:22:13.0888 1620 dot4usb - ok
01:22:13.0920 1620 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:22:13.0920 1620 drmkaud - ok
01:22:13.0974 1620 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:22:13.0984 1620 DXGKrnl - ok
01:22:14.0023 1620 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:22:14.0025 1620 E1G60 - ok
01:22:14.0100 1620 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:22:14.0101 1620 Ecache - ok
01:22:14.0146 1620 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:22:14.0150 1620 elxstor - ok
01:22:14.0215 1620 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:22:14.0216 1620 exfat - ok
01:22:14.0264 1620 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:22:14.0265 1620 fastfat - ok
01:22:14.0304 1620 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
01:22:14.0304 1620 fdc - ok
01:22:14.0356 1620 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:22:14.0356 1620 FileInfo - ok
01:22:14.0393 1620 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:22:14.0393 1620 Filetrace - ok
01:22:14.0420 1620 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:22:14.0420 1620 flpydisk - ok
01:22:14.0460 1620 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:22:14.0462 1620 FltMgr - ok
01:22:14.0524 1620 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
01:22:14.0524 1620 Fs_Rec - ok
01:22:14.0562 1620 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:22:14.0563 1620 gagp30kx - ok
01:22:14.0648 1620 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:22:14.0650 1620 HdAudAddService - ok
01:22:14.0695 1620 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:22:14.0704 1620 HDAudBus - ok
01:22:14.0854 1620 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:22:14.0854 1620 HidBth - ok
01:22:14.0899 1620 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:22:14.0900 1620 HidIr - ok
01:22:14.0945 1620 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:22:14.0946 1620 HidUsb - ok
01:22:14.0976 1620 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:22:14.0977 1620 HpCISSs - ok
01:22:15.0071 1620 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:22:15.0077 1620 HTTP - ok
01:22:15.0121 1620 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:22:15.0121 1620 hwdatacard - ok
01:22:15.0153 1620 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:22:15.0153 1620 i2omp - ok
01:22:15.0209 1620 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:22:15.0210 1620 i8042prt - ok
01:22:15.0242 1620 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:22:15.0244 1620 iaStorV - ok
01:22:15.0274 1620 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:22:15.0275 1620 iirsp - ok
01:22:15.0302 1620 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
01:22:15.0302 1620 intelide - ok
01:22:15.0347 1620 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:22:15.0347 1620 intelppm - ok
01:22:15.0396 1620 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:22:15.0397 1620 IpFilterDriver - ok
01:22:15.0414 1620 IpInIp - ok
01:22:15.0450 1620 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:22:15.0451 1620 IPMIDRV - ok
01:22:15.0492 1620 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:22:15.0493 1620 IPNAT - ok
01:22:15.0528 1620 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:22:15.0528 1620 IRENUM - ok
01:22:15.0552 1620 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
01:22:15.0553 1620 isapnp - ok
01:22:15.0599 1620 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:22:15.0600 1620 iScsiPrt - ok
01:22:15.0624 1620 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:22:15.0625 1620 iteatapi - ok
01:22:15.0665 1620 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:22:15.0666 1620 iteraid - ok
01:22:15.0755 1620 jbridgep (22fabdc07b4de09773a92d49201c9f94) C:\Users\Mark\AppData\Local\Temp\jbridgep.sys
01:22:15.0756 1620 jbridgep - ok
01:22:15.0787 1620 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:22:15.0787 1620 kbdclass - ok
01:22:15.0815 1620 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:22:15.0815 1620 kbdhid - ok
01:22:15.0868 1620 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
01:22:15.0874 1620 KSecDD - ok
01:22:15.0916 1620 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:22:15.0917 1620 lltdio - ok
01:22:15.0965 1620 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:22:15.0966 1620 LSI_FC - ok
01:22:15.0992 1620 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:22:15.0993 1620 LSI_SAS - ok
01:22:16.0020 1620 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:22:16.0021 1620 LSI_SCSI - ok
01:22:16.0061 1620 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:22:16.0062 1620 luafv - ok
01:22:16.0095 1620 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
01:22:16.0096 1620 massfilter - ok
01:22:16.0131 1620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
01:22:16.0131 1620 MBAMProtector - ok
01:22:16.0196 1620 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
01:22:16.0197 1620 mbmiodrvr - ok
01:22:16.0233 1620 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:22:16.0233 1620 megasas - ok
01:22:16.0264 1620 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:22:16.0264 1620 Modem - ok
01:22:16.0323 1620 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:22:16.0324 1620 monitor - ok
01:22:16.0354 1620 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:22:16.0354 1620 mouclass - ok
01:22:16.0388 1620 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:22:16.0388 1620 mouhid - ok
01:22:16.0419 1620 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:22:16.0420 1620 MountMgr - ok
01:22:16.0468 1620 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:22:16.0468 1620 mpio - ok
01:22:16.0535 1620 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:22:16.0536 1620 mpsdrv - ok
01:22:16.0565 1620 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:22:16.0566 1620 Mraid35x - ok
01:22:16.0635 1620 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
01:22:16.0638 1620 MRV6X32P - ok
01:22:16.0685 1620 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:22:16.0685 1620 MRxDAV - ok
01:22:16.0725 1620 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:22:16.0725 1620 mrxsmb - ok
01:22:16.0776 1620 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:22:16.0778 1620 mrxsmb10 - ok
01:22:16.0797 1620 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:22:16.0798 1620 mrxsmb20 - ok
01:22:16.0827 1620 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
01:22:16.0828 1620 msahci - ok
01:22:16.0852 1620 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:22:16.0853 1620 msdsm - ok
01:22:16.0902 1620 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:22:16.0903 1620 Msfs - ok
01:22:16.0952 1620 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:22:16.0952 1620 msisadrv - ok
01:22:16.0993 1620 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:22:16.0993 1620 MSKSSRV - ok
01:22:17.0037 1620 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:22:17.0037 1620 MSPCLOCK - ok
01:22:17.0071 1620 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:22:17.0071 1620 MSPQM - ok
01:22:17.0112 1620 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:22:17.0114 1620 MsRPC - ok
01:22:17.0157 1620 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:22:17.0158 1620 mssmbios - ok
01:22:17.0191 1620 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:22:17.0191 1620 MSTEE - ok
01:22:17.0222 1620 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
01:22:17.0222 1620 MTsensor - ok
01:22:17.0236 1620 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:22:17.0237 1620 Mup - ok
01:22:17.0280 1620 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:22:17.0281 1620 NativeWifiP - ok
01:22:17.0332 1620 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:22:17.0341 1620 NDIS - ok
01:22:17.0371 1620 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:22:17.0371 1620 NdisTapi - ok
01:22:17.0409 1620 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:22:17.0409 1620 Ndisuio - ok
01:22:17.0440 1620 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:22:17.0441 1620 NdisWan - ok
01:22:17.0490 1620 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:22:17.0491 1620 NDProxy - ok
01:22:17.0517 1620 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:22:17.0518 1620 NetBIOS - ok
01:22:17.0574 1620 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:22:17.0574 1620 nfrd960 - ok
01:22:17.0618 1620 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:22:17.0618 1620 Npfs - ok
01:22:17.0657 1620 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:22:17.0658 1620 nsiproxy - ok
01:22:17.0722 1620 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:22:17.0748 1620 Ntfs - ok
01:22:17.0778 1620 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:22:17.0778 1620 ntrigdigi - ok
01:22:17.0837 1620 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
01:22:17.0838 1620 NuidFltr - ok
01:22:17.0892 1620 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:22:17.0892 1620 Null - ok
01:22:17.0949 1620 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
01:22:17.0955 1620 NVENETFD - ok
01:22:18.0218 1620 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:22:18.0414 1620 nvlddmkm - ok
01:22:18.0453 1620 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
01:22:18.0453 1620 nvraid - ok
01:22:18.0497 1620 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
01:22:18.0497 1620 nvstor - ok
01:22:18.0531 1620 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
01:22:18.0531 1620 nvstor32 - ok
01:22:18.0577 1620 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
01:22:18.0578 1620 nv_agp - ok
01:22:18.0595 1620 NwlnkFlt - ok
01:22:18.0609 1620 NwlnkFwd - ok
01:22:18.0659 1620 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:22:18.0660 1620 ohci1394 - ok
01:22:18.0689 1620 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:22:18.0690 1620 Parport - ok
01:22:18.0732 1620 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:22:18.0732 1620 partmgr - ok
01:22:18.0759 1620 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:22:18.0759 1620 Parvdm - ok
01:22:18.0787 1620 PCASp50 - ok
01:22:18.0836 1620 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:22:18.0837 1620 pci - ok
01:22:18.0864 1620 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
01:22:18.0864 1620 pciide - ok
01:22:18.0899 1620 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:22:18.0900 1620 pcmcia - ok
01:22:18.0950 1620 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:22:18.0967 1620 PEAUTH - ok
01:22:19.0045 1620 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
01:22:19.0046 1620 Point32 - ok
01:22:19.0085 1620 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:22:19.0086 1620 PptpMiniport - ok
01:22:19.0111 1620 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:22:19.0112 1620 Processor - ok
01:22:19.0176 1620 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:22:19.0177 1620 PSched - ok
01:22:19.0235 1620 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:22:19.0259 1620 ql2300 - ok
01:22:19.0286 1620 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:22:19.0287 1620 ql40xx - ok
01:22:19.0327 1620 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:22:19.0328 1620 QWAVEdrv - ok
01:22:19.0371 1620 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:22:19.0371 1620 RasAcd - ok
01:22:19.0408 1620 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:22:19.0409 1620 Rasl2tp - ok
01:22:19.0464 1620 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:22:19.0465 1620 RasPppoe - ok
01:22:19.0481 1620 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:22:19.0482 1620 RasSstp - ok
01:22:19.0533 1620 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:22:19.0535 1620 rdbss - ok
01:22:19.0576 1620 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:22:19.0577 1620 RDPCDD - ok
01:22:19.0625 1620 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
01:22:19.0628 1620 rdpdr - ok
01:22:19.0641 1620 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:22:19.0641 1620 RDPENCDD - ok
01:22:19.0677 1620 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
01:22:19.0680 1620 RDPWD - ok
01:22:19.0722 1620 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:22:19.0722 1620 rspndr - ok
01:22:19.0745 1620 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:22:19.0746 1620 sbp2port - ok
01:22:19.0791 1620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:22:19.0792 1620 secdrv - ok
01:22:19.0816 1620 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:22:19.0816 1620 Serenum - ok
01:22:19.0851 1620 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:22:19.0851 1620 Serial - ok
01:22:19.0910 1620 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:22:19.0910 1620 sermouse - ok
01:22:19.0938 1620 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
01:22:19.0938 1620 sffdisk - ok
01:22:19.0958 1620 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
01:22:19.0959 1620 sffp_mmc - ok
01:22:19.0981 1620 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
01:22:19.0981 1620 sffp_sd - ok
01:22:20.0006 1620 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:22:20.0007 1620 sfloppy - ok
01:22:20.0041 1620 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
01:22:20.0042 1620 sisagp - ok
01:22:20.0068 1620 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:22:20.0068 1620 SiSRaid2 - ok
01:22:20.0094 1620 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:22:20.0095 1620 SiSRaid4 - ok
01:22:20.0139 1620 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:22:20.0140 1620 Smb - ok
01:22:20.0187 1620 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:22:20.0187 1620 spldr - ok
01:22:20.0238 1620 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
01:22:20.0238 1620 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
01:22:20.0245 1620 sptd ( LockedFile.Multi.Generic ) - warning
01:22:20.0245 1620 sptd - detected LockedFile.Multi.Generic (1)
01:22:20.0292 1620 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:22:20.0296 1620 srv - ok
01:22:20.0337 1620 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:22:20.0339 1620 srv2 - ok
01:22:20.0378 1620 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:22:20.0379 1620 srvnet - ok
01:22:20.0466 1620 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:22:20.0467 1620 swenum - ok
01:22:20.0499 1620 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:22:20.0499 1620 Symc8xx - ok
01:22:20.0525 1620 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:22:20.0526 1620 Sym_hi - ok
01:22:20.0550 1620 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:22:20.0551 1620 Sym_u3 - ok
01:22:20.0608 1620 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
01:22:20.0626 1620 Tcpip - ok
01:22:20.0657 1620 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
01:22:20.0662 1620 Tcpip6 - ok
01:22:20.0705 1620 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:22:20.0706 1620 tcpipreg - ok
01:22:20.0741 1620 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:22:20.0742 1620 TDPIPE - ok
01:22:20.0767 1620 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:22:20.0767 1620 TDTCP - ok
01:22:20.0805 1620 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:22:20.0806 1620 tdx - ok
01:22:20.0848 1620 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:22:20.0849 1620 TermDD - ok
01:22:20.0882 1620 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:22:20.0883 1620 tssecsrv - ok
01:22:20.0940 1620 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:22:20.0940 1620 tunmp - ok
01:22:20.0976 1620 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:22:20.0977 1620 tunnel - ok
01:22:21.0029 1620 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:22:21.0029 1620 uagp35 - ok
01:22:21.0071 1620 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:22:21.0074 1620 udfs - ok
01:22:21.0117 1620 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
01:22:21.0118 1620 uliagpkx - ok
01:22:21.0144 1620 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:22:21.0147 1620 uliahci - ok
01:22:21.0174 1620 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:22:21.0174 1620 UlSata - ok
01:22:21.0204 1620 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:22:21.0205 1620 ulsata2 - ok
01:22:21.0243 1620 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:22:21.0244 1620 umbus - ok
01:22:21.0285 1620 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:22:21.0285 1620 usbccgp - ok
01:22:21.0311 1620 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:22:21.0312 1620 usbcir - ok
01:22:21.0343 1620 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:22:21.0344 1620 usbehci - ok
01:22:21.0379 1620 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:22:21.0381 1620 usbhub - ok
01:22:21.0410 1620 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
01:22:21.0410 1620 usbohci - ok
01:22:21.0456 1620 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:22:21.0457 1620 usbprint - ok
01:22:21.0504 1620 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
01:22:21.0505 1620 usbscan - ok
01:22:21.0528 1620 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:22:21.0529 1620 USBSTOR - ok
01:22:21.0553 1620 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
01:22:21.0554 1620 usbuhci - ok
01:22:21.0593 1620 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
01:22:21.0593 1620 USB_RNDIS - ok
01:22:21.0645 1620 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
01:22:21.0646 1620 vga - ok
01:22:21.0685 1620 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:22:21.0686 1620 VgaSave - ok
01:22:21.0722 1620 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
01:22:21.0723 1620 viaagp - ok
01:22:21.0745 1620 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:22:21.0745 1620 ViaC7 - ok
01:22:21.0770 1620 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
01:22:21.0771 1620 viaide - ok
01:22:21.0809 1620 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:22:21.0810 1620 volmgr - ok
01:22:21.0859 1620 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:22:21.0863 1620 volmgrx - ok
01:22:21.0902 1620 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:22:21.0905 1620 volsnap - ok
01:22:21.0939 1620 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:22:21.0940 1620 vsmraid - ok
01:22:21.0974 1620 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:22:21.0974 1620 WacomPen - ok
01:22:22.0007 1620 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:22:22.0008 1620 Wanarp - ok
01:22:22.0017 1620 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:22:22.0018 1620 Wanarpv6 - ok
01:22:22.0044 1620 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:22:22.0044 1620 Wd - ok
01:22:22.0089 1620 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
01:22:22.0097 1620 Wdf01000 - ok
01:22:22.0166 1620 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
01:22:22.0167 1620 WmiAcpi - ok
01:22:22.0207 1620 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
01:22:22.0207 1620 WpdUsb - ok
01:22:22.0244 1620 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:22:22.0244 1620 ws2ifsl - ok
01:22:22.0288 1620 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:22:22.0289 1620 WUDFRd - ok
01:22:22.0345 1620 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
01:22:22.0346 1620 ZTEusbmdm6k - ok
01:22:22.0413 1620 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
01:22:22.0414 1620 ZTEusbnmea - ok
01:22:22.0460 1620 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
01:22:22.0460 1620 ZTEusbser6k - ok
01:22:22.0497 1620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:22:22.0544 1620 \Device\Harddisk0\DR0 - ok
01:22:22.0554 1620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
01:22:22.0596 1620 \Device\Harddisk1\DR1 - ok
01:22:22.0598 1620 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
01:22:22.0599 1620 \Device\Harddisk0\DR0\Partition0 - ok
01:22:22.0601 1620 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
01:22:22.0602 1620 \Device\Harddisk1\DR1\Partition0 - ok
01:22:22.0603 1620 ============================================================
01:22:22.0603 1620 Scan finished
01:22:22.0603 1620 ============================================================
01:22:22.0609 1440 Detected object count: 2
01:22:22.0609 1440 Actual detected object count: 2
01:22:43.0548 1440 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
01:22:43.0551 1440 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
01:22:51.0390 1440 Backup copy not found, trying to cure infected file..
01:22:51.0391 1440 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
01:22:51.0391 1440 C:\Windows\system32\Drivers\dfsc.sys - processing error
01:22:54.0218 1440 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
01:22:54.0219 1440 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:22:54.0219 1440 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Pr011, Feb 25, 2012

#15
Broni Malware Annihilator Posts: 39,323 +175

We have one system file infected and that's causing the issues.

Delete your Combofix file, download fresh one and re-run it from Safe Mode.

Broni, Feb 25, 2012

#16
Pr011 Newcomer, in training Posts: 66

Please see the combofix log below:

ComboFix 12-02-24.02 - Mark 26/02/2012 3:03.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2934 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\cmdline.cfg
c:\program files\3
c:\program files\3\3Connect\3ConnectHelp.chm
c:\program files\3\3Connect\AceDb.encrypt
c:\program files\3\3Connect\AutoRun.dat
c:\program files\3\3Connect\AutoUpdateSrv.exe
c:\program files\3\3Connect\birdstepping.cmd
c:\program files\3\3Connect\BlackListedDev.cfg
c:\program files\3\3Connect\BlacklistedProcesses.xml
c:\program files\3\3Connect\browsing1.html
c:\program files\3\3Connect\capicom.dll
c:\program files\3\3Connect\checkdata_online.html
c:\program files\3\3Connect\CiscoApiWrapper.dll
c:\program files\3\3Connect\Config.encrypt
c:\program files\3\3Connect\Config.xml
c:\program files\3\3Connect\Config_23420.encrypt
c:\program files\3\3Connect\Config_23420.xml
c:\program files\3\3Connect\Config_27205.encrypt
c:\program files\3\3Connect\Config_27205.xml
c:\program files\3\3Connect\Config_Default.encrypt
c:\program files\3\3Connect\Config_Default.xml
c:\program files\3\3Connect\ConfigAup.encrypt
c:\program files\3\3Connect\ConfigAup.xml
c:\program files\3\3Connect\connecting1.html
c:\program files\3\3Connect\Content.css2
c:\program files\3\3Connect\Convert.xsl
c:\program files\3\3Connect\datausageguide1.html
c:\program files\3\3Connect\DeviceInstaller.exe
c:\program files\3\3Connect\Devices.xml
c:\program files\3\3Connect\Dialog.cfg
c:\program files\3\3Connect\ejectdisk.exe
c:\program files\3\3Connect\endpoint.css
c:\program files\3\3Connect\endpoint2.css
c:\program files\3\3Connect\Flash.ocx
c:\program files\3\3Connect\homepage1.html
c:\program files\3\3Connect\HuaweiE220.dll
c:\program files\3\3Connect\HuaweiE620.dll
c:\program files\3\3Connect\ImportConfiguration.exe
c:\program files\3\3Connect\incompatiblesoft.htm
c:\program files\3\3Connect\Instalhelper.log
c:\program files\3\3Connect\InstallHelpers.dll
c:\program files\3\3Connect\LanDevice.dll
c:\program files\3\3Connect\live.css
c:\program files\3\3Connect\Logger.dll
c:\program files\3\3Connect\mbbhelp.chm
c:\program files\3\3Connect\mfc80u.dll
c:\program files\3\3Connect\Microsoft.VC80.CRT.manifest
c:\program files\3\3Connect\Microsoft.VC80.MFC.manifest
c:\program files\3\3Connect\modemcust.cfg
c:\program files\3\3Connect\modeminfo.cfg
c:\program files\3\3Connect\Modems\ZTE_MF6X6_USB_MODEM_1.2050.0.6.exe
c:\program files\3\3Connect\msvcp80.dll
c:\program files\3\3Connect\msvcr80.dll
c:\program files\3\3Connect\NetworkCodes.cfg
c:\program files\3\3Connect\OperatorList.xml
c:\program files\3\3Connect\OptGlobetrotterGTMax72.dll
c:\program files\3\3Connect\PatchInfo.ini
c:\program files\3\3Connect\ping1.html
c:\program files\3\3Connect\pingtest.JPG
c:\program files\3\3Connect\proxy.JPG
c:\program files\3\3Connect\Res.dll
c:\program files\3\3Connect\Roaming\RoamingPrice_23420.ini
c:\program files\3\3Connect\Skins\FlashSkin\gui.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\account.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\exit.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\globe.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\graph.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\roaming.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\signal.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\banner.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\config.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\signal.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png
c:\program files\3\3Connect\Skins\FlexSkin\gui.swf
c:\program files\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf
c:\program files\3\3Connect\Sms.xml
c:\program files\3\3Connect\SmsApp2.dll
c:\program files\3\3Connect\SoftOpt.encrypt
c:\program files\3\3Connect\startup.exe
c:\program files\3\3Connect\Strings.txt
c:\program files\3\3Connect\SwiApiInterface.dll
c:\program files\3\3Connect\SwiApiMux.exe
c:\program files\3\3Connect\SwiCardDetect.dll
c:\program files\3\3Connect\SysConfig.dat
c:\program files\3\3Connect\SystemInfo.txt
c:\program files\3\3Connect\topup.html
c:\program files\3\3Connect\Update\ConfigAup.encrypt
c:\program files\3\3Connect\Update\ConfigAup.xml
c:\program files\3\3Connect\Wilog.exe
c:\program files\3\3Connect\WilogApp.exe
c:\program files\3\3Connect\WWanDevice.dll
c:\program files\3\3Connect\ZTE_MF636_startup.exe
c:\program files\3\3Connect\ZTE620.dll
c:\program files\INSTALL.LOG
c:\users\Mark\Documents\~WRL0002.tmp
c:\users\Mark\Documents\~WRL0004.tmp
c:\users\Mark\Documents\~WRL3743.tmp
c:\users\Mark\Documents\~WRL3991.tmp
c:\windows\$NtUninstallKB32240$\1873154646\cfg.ini
c:\windows\system32\AutoRun.inf
F:\install.exe
c:\windows\$NtUninstallKB32240$ . . . . Failed to delete
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!System32!drivers!netbt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 03:15 . 2012-02-26 03:20 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-02-26 03:15 . 2012-02-26 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 22:14 . 2011-12-15 06:21 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-22 00:17 . 2012-02-22 01:09 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-14 20:06 . 2012-02-17 20:29 -------- d-----w- c:\users\Mark\AppData\Roaming\Usukmo
2012-02-14 20:06 . 2012-02-14 20:06 -------- d-----w- c:\users\Mark\AppData\Roaming\Mywara
2012-02-12 11:17 . 2012-02-17 14:51 -------- d-----w- c:\users\Mark\AppData\Roaming\Aktuot
2012-02-12 11:17 . 2012-02-12 11:37 -------- d-----w- c:\users\Mark\AppData\Roaming\Xete
2012-02-11 23:20 . 2012-02-25 10:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-01-12 19:52 . 2012-02-24 22:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:22 . 2012-02-24 22:14 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-02 15:15 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
"Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Fallout Mod Manager_is1 - c:\program files\steam\steamapps\common\fallout 3\fomm\uninstall\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,92,72,63,87,4c,26,d5,74,ef,71,ff,4a,aa,92,e9,20,64,f7,bc,f8,
32,3b,d6,50,cc,b4,51,90,1d,35,56,e8,e2,2e,e2,dd,d9,c4,a7,e9,d2,7b,27,af,d3,\
"rkeysecu"=hex:1e,ae,06,95,0e,65,8d,3b,aa,24,d6,13,54,d5,ef,7b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2012-02-26 03:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 03:25
.
Pre-Run: 38,793,306,112 bytes free
Post-Run: 38,562,734,080 bytes free
.
- - End Of File - - A677ADA0F2097407EC75804B713FEC3F

Pr011, Feb 25, 2012

#17
Broni Malware Annihilator Posts: 39,323 +175
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator

Copy the content of the following box and paste it into the main textfield:

Code:

:filefind dfsc.sys

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
Broni, Feb 25, 2012

#18
Pr011 Newcomer, in training Posts: 66

SystemLook 30.07.11 by jpshortstuff
Log created at 04:12 on 26/02/2012 by Mark
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\System32\drivers\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:59 14/04/2011] 048D6FEC8033B3C0ED624693EC9ADA2B
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --a---- 74752 bytes [08:31 02/11/2006] [08:31 02/11/2006] A7179DE59AE269AB70345527894CCD7C
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --a---- 75264 bytes [10:51 10/06/2008] [05:28 19/01/2008] 9E635AE5E8AD93E2B5989E2E23679F97
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:24 14/04/2011] A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [13:22 13/04/2011] E20FB30D720810646ED24FB7CA9899A2
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys --a---- 75264 bytes [13:08 14/03/2011] [21:14 10/04/2009] 218D8AE46C88E82014F5D73D0236D9B2
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:59 14/04/2011] 048D6FEC8033B3C0ED624693EC9ADA2B
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:36 14/04/2011] 3A3436F7DFE0E0C58CD5C3B6C9F21634

-= EOF =-

Pr011, Feb 25, 2012

#19
Broni Malware Annihilator Posts: 39,323 +175
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy:: C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys | C:\Windows\System32\drivers\dfsc.sys File:: c:\windows\system32\dds_trash_log.cmd Folder:: c:\users\Mark\AppData\Roaming\Usukmo c:\users\Mark\AppData\Roaming\Mywara c:\users\Mark\AppData\Roaming\Aktuot c:\users\Mark\AppData\Roaming\Xete Driver:: Registry:: ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Broni, Feb 25, 2012

#20

Page 1 of 5

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.