Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv Activity 2 detected, google redirects


  • This topic is locked This topic is locked
21 replies to this topic

#1 falvelo

falvelo

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 05 November 2011 - 12:26 PM

Hello,

I'm new here, I'm desperate and I'm at my wit's end. I am running Windows 7 Professional 64-bit with Symantec Endpoint Protection.
I have recently been infected by the Windows Restore malware but I was successful in removing it with Malwarebytes' free Anti-Malware, and I also recovered or "unhid" all of my files using a program called Unhide.exe. Despite being rid of the Windows Restore virus my Start Menu remains empty. Is there a way to restore it?
What's more important is that I continue to get notifications from Symantec stating

"[SID: 23621] System Infected: Tidserv Activity detected. Traffic has been blocked from this application: C:\Program Files (x86)\Internet Explorer\iexplore.exe"

and

"[SID: 23615] System Infected: Tidserv Activity 2 detected.
Traffic has been blocked from this application: C:\Windows\System32\svchost.exe"

as well as messages like this...

"Traffic from IP address 27.255.64.111 is blocked from 11/5/2011 12:37:27 PM to 11/5/2011 12:47:27 PM."


I tried researching the Tidserv trojan but I can't find much about it and I have no idea how to get rid of it. It constantly redirects my google results and I fear that the longer it stays the worse the infection will get.
Also, I can't seem to enable my Windows firewall or adjust any settings on Symantec. I tried doing a system restore but was unsuccessful because Symantec is running and I cannot disable it.
Thanks in advance for any help.


The following is my DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Frankie at 12:51:13 on 2011-11-05
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2038.474 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Users\Frankie\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Frankie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\helppane.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Symantec Shared\COH\coh64.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.princetonreview.com/login3.aspx?RDN=1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer

\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Frankie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Frankie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Frankie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Frankie\AppData\Roaming\Dropbox\bin

\Dropbox.exe
StartupFolder: C:\Users\Frankie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79}\2496760274F6E696D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79}\34C616373727F6F6D6 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79}\46F677E63747164756 : DhcpNameServer = 138.5.1.12 138.5.50.6
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79}\84453402E6564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79}\84730333 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79}\D616E63796F6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2B3BB16-AC2B-4AF4-B189-DB2661BF2D79}\D6A616D6C637 : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer

\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\j5zcu632.default\
FF - prefs.js: browser.startup.homepage - mail.google.com
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Frankie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Frankie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Frankie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Frankie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\AESTSr64.exe --> C:\Windows\system32\AESTSr64.exe [?]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-1-26 827616]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-12-29 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-1 136824]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows

\system32\DRIVERS\netw5v64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18

138576]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\jrdusbser.sys --> C:\Windows\system32\DRIVERS\jrdusbser.sys

[?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-05 01:42:04 208896 ----a-w- C:\Windows\MBR.exe
2011-11-05 01:42:02 98816 ----a-w- C:\Windows\sed.exe
2011-11-05 01:42:02 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-05 01:42:02 256000 ----a-w- C:\Windows\PEV.exe
2011-11-05 01:40:25 -------- d-s---w- C:\ComboFix
2011-11-04 23:33:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
2011-11-04 22:20:48 -------- d-----we C:\Windows\system64
2011-11-03 00:43:19 -------- d-----w- C:\Users\Frankie\AppData\Local\Facebook
2011-10-25 21:20:33 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 21:20:33 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-21 02:43:33 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-10-21 02:43:32 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2011-10-21 02:17:51 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-21 00:03:38 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2011-10-13 01:26:15 3134976 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-26 02:49:40 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 21:37:25 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 13:01:54.98 ===============

Attached Files


Edited by falvelo, 05 November 2011 - 12:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 05 November 2011 - 09:29 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 07 November 2011 - 11:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 falvelo

falvelo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 November 2011 - 06:39 PM

Hi Gringo,

Thanks for your help. I ran Combofix on my laptop and here is the log:

ComboFix 11-11-06.01 - Frankie 11/07/2011 0:15.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2038.942 [GMT -5:00]
Running from: c:\users\Frankie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frankie\Documents\~WRL0004.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 05:51 . 2011-11-07 05:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 23:33 . 2011-11-05 07:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2
2011-11-03 00:43 . 2011-11-03 00:43 -------- d-----w- c:\users\Frankie\AppData\Local\Facebook
2011-10-25 21:20 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 21:20 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-21 02:43 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-10-21 02:43 . 2009-10-10 02:41 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-10-21 02:17 . 2011-11-05 07:10 -------- d-----w- c:\windows\system32\EventProviders
2011-10-21 00:03 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2011-10-13 01:26 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 02:49 . 2011-09-26 02:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 04:10 . 2011-08-30 12:11 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6BA0DD7-795C-4498-AAB2-C1B9BFC268A5}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Frankie\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-03 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-08-08 273544]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\users\Frankie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frankie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-8-11 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=myokent.dll
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AESTSr64.exe [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-789888559-1344882351-3297525246-1000Core.job
- c:\users\Frankie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 00:43]
.
2011-11-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-789888559-1344882351-3297525246-1000UA.job
- c:\users\Frankie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 00:43]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789888559-1344882351-3297525246-1000Core.job
- c:\users\Frankie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 04:27]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789888559-1344882351-3297525246-1000UA.job
- c:\users\Frankie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 04:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"combofix"="c:\combofix\CF32697.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.princetonreview.com/login3.aspx?RDN=1
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\j5zcu632.default\
FF - prefs.js: browser.startup.homepage - mail.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-07 01:20:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 06:20
.
Pre-Run: 209,998,995,456 bytes free
Post-Run: 223,560,527,872 bytes free
.
- - End Of File - - D3EEEDC407F725352CE962F371BEF71C




I had to uninstall Symantec Endpoint Protection as it was a school-owned centrally managed copy and I was thus unable to just simply disable it. Many of my google searches are still getting redirected. And what's peculiar is that every time I open this website on my laptop I get an error that my web browser has stopped working and then it closes itself after maybe 1 minute of the page being open. This happens whether I use Internet Explorer or Mozilla Firefox, but it has not happened with any other web pages. Also I can't seem to activate my Windows firewall.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 08 November 2011 - 07:36 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 falvelo

falvelo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 November 2011 - 11:11 PM

22:22:36.0290 2184 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
22:22:36.0430 2184 ============================================================
22:22:36.0430 2184 Current date / time: 2011/11/08 22:22:36.0430
22:22:36.0430 2184 SystemInfo:
22:22:36.0430 2184
22:22:36.0430 2184 OS Version: 6.1.7600 ServicePack: 0.0
22:22:36.0430 2184 Product type: Workstation
22:22:36.0430 2184 ComputerName: FRANKIE-PC
22:22:36.0430 2184 UserName: Frankie
22:22:36.0430 2184 Windows directory: C:\Windows
22:22:36.0430 2184 System windows directory: C:\Windows
22:22:36.0430 2184 Running under WOW64
22:22:36.0430 2184 Processor architecture: Intel x64
22:22:36.0430 2184 Number of processors: 2
22:22:36.0430 2184 Page size: 0x1000
22:22:36.0430 2184 Boot type: Normal boot
22:22:36.0430 2184 ============================================================
22:22:38.0084 2184 Initialize success
22:22:41.0329 3880 ============================================================
22:22:41.0329 3880 Scan started
22:22:41.0329 3880 Mode: Manual;
22:22:41.0329 3880 ============================================================
22:22:44.0137 3880 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:22:44.0137 3880 1394ohci - ok
22:22:44.0230 3880 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:22:44.0230 3880 ACPI - ok
22:22:44.0261 3880 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:22:44.0261 3880 AcpiPmi - ok
22:22:44.0308 3880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:22:44.0339 3880 adp94xx - ok
22:22:44.0386 3880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:22:44.0386 3880 adpahci - ok
22:22:44.0417 3880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:22:44.0417 3880 adpu320 - ok
22:22:44.0527 3880 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
22:22:44.0542 3880 AFD - ok
22:22:44.0573 3880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:22:44.0589 3880 agp440 - ok
22:22:44.0620 3880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:22:44.0620 3880 aliide - ok
22:22:44.0636 3880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:22:44.0636 3880 amdide - ok
22:22:44.0683 3880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:22:44.0683 3880 AmdK8 - ok
22:22:44.0698 3880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:22:44.0714 3880 AmdPPM - ok
22:22:44.0761 3880 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:22:44.0761 3880 amdsata - ok
22:22:44.0792 3880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:22:44.0792 3880 amdsbs - ok
22:22:44.0823 3880 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:22:44.0823 3880 amdxata - ok
22:22:44.0870 3880 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:22:44.0870 3880 AppID - ok
22:22:44.0932 3880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:22:44.0932 3880 arc - ok
22:22:44.0963 3880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:22:44.0963 3880 arcsas - ok
22:22:44.0995 3880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:44.0995 3880 AsyncMac - ok
22:22:45.0010 3880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:22:45.0010 3880 atapi - ok
22:22:45.0104 3880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:22:45.0119 3880 b06bdrv - ok
22:22:45.0166 3880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:22:45.0166 3880 b57nd60a - ok
22:22:45.0213 3880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:22:45.0213 3880 Beep - ok
22:22:45.0275 3880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:22:45.0275 3880 blbdrive - ok
22:22:45.0353 3880 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:22:45.0353 3880 bowser - ok
22:22:45.0385 3880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:22:45.0385 3880 BrFiltLo - ok
22:22:45.0416 3880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:22:45.0416 3880 BrFiltUp - ok
22:22:45.0447 3880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:22:45.0447 3880 Brserid - ok
22:22:45.0478 3880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:22:45.0478 3880 BrSerWdm - ok
22:22:45.0494 3880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:22:45.0494 3880 BrUsbMdm - ok
22:22:45.0509 3880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:22:45.0509 3880 BrUsbSer - ok
22:22:45.0541 3880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:22:45.0541 3880 BTHMODEM - ok
22:22:45.0603 3880 catchme - ok
22:22:45.0650 3880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:22:45.0650 3880 cdfs - ok
22:22:45.0697 3880 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:22:45.0697 3880 cdrom - ok
22:22:45.0743 3880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:22:45.0743 3880 circlass - ok
22:22:45.0790 3880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:22:45.0821 3880 CLFS - ok
22:22:45.0915 3880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:22:45.0915 3880 CmBatt - ok
22:22:46.0040 3880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:22:46.0055 3880 cmdide - ok
22:22:46.0102 3880 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:22:46.0118 3880 CNG - ok
22:22:46.0165 3880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:22:46.0165 3880 Compbatt - ok
22:22:46.0196 3880 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:22:46.0196 3880 CompositeBus - ok
22:22:46.0274 3880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:22:46.0274 3880 crcdisk - ok
22:22:46.0321 3880 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:22:46.0336 3880 CSC - ok
22:22:46.0430 3880 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:22:46.0430 3880 DfsC - ok
22:22:46.0477 3880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:22:46.0477 3880 discache - ok
22:22:46.0508 3880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:22:46.0508 3880 Disk - ok
22:22:46.0586 3880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:22:46.0586 3880 drmkaud - ok
22:22:46.0664 3880 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:22:46.0711 3880 DXGKrnl - ok
22:22:46.0851 3880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:22:46.0960 3880 ebdrv - ok
22:22:47.0007 3880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:22:47.0038 3880 elxstor - ok
22:22:47.0054 3880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:22:47.0054 3880 ErrDev - ok
22:22:47.0101 3880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:22:47.0116 3880 exfat - ok
22:22:47.0147 3880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:22:47.0147 3880 fastfat - ok
22:22:47.0179 3880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:22:47.0194 3880 fdc - ok
22:22:47.0225 3880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:22:47.0225 3880 FileInfo - ok
22:22:47.0257 3880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:22:47.0257 3880 Filetrace - ok
22:22:47.0272 3880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:22:47.0272 3880 flpydisk - ok
22:22:47.0319 3880 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:22:47.0319 3880 FltMgr - ok
22:22:47.0366 3880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:22:47.0366 3880 FsDepends - ok
22:22:47.0381 3880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:22:47.0381 3880 Fs_Rec - ok
22:22:47.0444 3880 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:22:47.0459 3880 fvevol - ok
22:22:47.0491 3880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:22:47.0491 3880 gagp30kx - ok
22:22:47.0537 3880 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:22:47.0537 3880 GEARAspiWDM - ok
22:22:47.0569 3880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:22:47.0584 3880 hcw85cir - ok
22:22:47.0678 3880 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:22:47.0693 3880 HdAudAddService - ok
22:22:47.0756 3880 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:47.0756 3880 HDAudBus - ok
22:22:47.0787 3880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:22:47.0787 3880 HidBatt - ok
22:22:47.0818 3880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:22:47.0818 3880 HidBth - ok
22:22:47.0849 3880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:22:47.0849 3880 HidIr - ok
22:22:47.0896 3880 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:22:47.0896 3880 HidUsb - ok
22:22:47.0943 3880 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:22:47.0959 3880 HpSAMD - ok
22:22:48.0021 3880 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
22:22:48.0021 3880 HtcUsbMdmV64 - ok
22:22:48.0083 3880 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
22:22:48.0099 3880 HtcVCom32 - ok
22:22:48.0161 3880 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:22:48.0208 3880 HTTP - ok
22:22:48.0224 3880 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:22:48.0224 3880 hwpolicy - ok
22:22:48.0286 3880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:48.0286 3880 i8042prt - ok
22:22:48.0364 3880 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:22:48.0395 3880 iaStorV - ok
22:22:48.0676 3880 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:22:48.0863 3880 igfx - ok
22:22:48.0910 3880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:22:48.0910 3880 iirsp - ok
22:22:48.0941 3880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:22:48.0941 3880 intelide - ok
22:22:48.0973 3880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:22:48.0973 3880 intelppm - ok
22:22:49.0004 3880 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:49.0004 3880 IpFilterDriver - ok
22:22:49.0035 3880 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:22:49.0035 3880 IPMIDRV - ok
22:22:49.0066 3880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:22:49.0066 3880 IPNAT - ok
22:22:49.0113 3880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:22:49.0113 3880 IRENUM - ok
22:22:49.0144 3880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:22:49.0144 3880 isapnp - ok
22:22:49.0160 3880 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:22:49.0175 3880 iScsiPrt - ok
22:22:49.0238 3880 jrdusbser (2d967bc62a651fea616ef787f787d796) C:\Windows\system32\DRIVERS\jrdusbser.sys
22:22:49.0238 3880 jrdusbser - ok
22:22:49.0269 3880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:22:49.0285 3880 kbdclass - ok
22:22:49.0300 3880 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:22:49.0316 3880 kbdhid - ok
22:22:49.0363 3880 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:22:49.0378 3880 KSecDD - ok
22:22:49.0425 3880 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:22:49.0441 3880 KSecPkg - ok
22:22:49.0456 3880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:22:49.0456 3880 ksthunk - ok
22:22:49.0534 3880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:22:49.0534 3880 lltdio - ok
22:22:49.0612 3880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:22:49.0612 3880 LSI_FC - ok
22:22:49.0628 3880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:22:49.0643 3880 LSI_SAS - ok
22:22:49.0659 3880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:22:49.0659 3880 LSI_SAS2 - ok
22:22:49.0690 3880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:22:49.0690 3880 LSI_SCSI - ok
22:22:49.0721 3880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:22:49.0737 3880 luafv - ok
22:22:49.0799 3880 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
22:22:49.0815 3880 mcdbus - ok
22:22:49.0862 3880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:22:49.0862 3880 megasas - ok
22:22:49.0893 3880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:22:49.0893 3880 MegaSR - ok
22:22:49.0971 3880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:22:49.0987 3880 Modem - ok
22:22:50.0018 3880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:22:50.0018 3880 monitor - ok
22:22:50.0049 3880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:22:50.0065 3880 mouclass - ok
22:22:50.0096 3880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:22:50.0096 3880 mouhid - ok
22:22:50.0143 3880 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:22:50.0158 3880 mountmgr - ok
22:22:50.0205 3880 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:22:50.0205 3880 mpio - ok
22:22:50.0236 3880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:22:50.0236 3880 mpsdrv - ok
22:22:50.0283 3880 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:22:50.0283 3880 MRxDAV - ok
22:22:50.0345 3880 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:22:50.0345 3880 mrxsmb - ok
22:22:50.0408 3880 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:22:50.0408 3880 mrxsmb10 - ok
22:22:50.0439 3880 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:22:50.0439 3880 mrxsmb20 - ok
22:22:50.0470 3880 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:22:50.0470 3880 msahci - ok
22:22:50.0486 3880 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:22:50.0501 3880 msdsm - ok
22:22:50.0533 3880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:22:50.0533 3880 Msfs - ok
22:22:50.0564 3880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:22:50.0564 3880 mshidkmdf - ok
22:22:50.0595 3880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:22:50.0595 3880 msisadrv - ok
22:22:50.0642 3880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:22:50.0642 3880 MSKSSRV - ok
22:22:50.0673 3880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:50.0673 3880 MSPCLOCK - ok
22:22:50.0689 3880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:22:50.0689 3880 MSPQM - ok
22:22:50.0735 3880 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:22:50.0735 3880 MsRPC - ok
22:22:50.0767 3880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:22:50.0782 3880 mssmbios - ok
22:22:50.0798 3880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:22:50.0798 3880 MSTEE - ok
22:22:50.0813 3880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:22:50.0829 3880 MTConfig - ok
22:22:50.0860 3880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:22:50.0860 3880 Mup - ok
22:22:50.0923 3880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:22:50.0938 3880 NativeWifiP - ok
22:22:51.0001 3880 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:22:51.0032 3880 NDIS - ok
22:22:51.0079 3880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:22:51.0079 3880 NdisCap - ok
22:22:51.0125 3880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:22:51.0125 3880 NdisTapi - ok
22:22:51.0157 3880 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:22:51.0157 3880 Ndisuio - ok
22:22:51.0172 3880 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:22:51.0188 3880 NdisWan - ok
22:22:51.0219 3880 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:22:51.0219 3880 NDProxy - ok
22:22:51.0250 3880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:22:51.0250 3880 NetBIOS - ok
22:22:51.0281 3880 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:22:51.0281 3880 NetBT - ok
22:22:51.0531 3880 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:22:51.0703 3880 netw5v64 - ok
22:22:51.0749 3880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:22:51.0749 3880 nfrd960 - ok
22:22:51.0765 3880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:22:51.0765 3880 Npfs - ok
22:22:51.0812 3880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:22:51.0812 3880 nsiproxy - ok
22:22:51.0921 3880 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:22:51.0983 3880 Ntfs - ok
22:22:51.0999 3880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:22:51.0999 3880 Null - ok
22:22:52.0061 3880 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:22:52.0077 3880 nvraid - ok
22:22:52.0124 3880 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:22:52.0139 3880 nvstor - ok
22:22:52.0155 3880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:22:52.0171 3880 nv_agp - ok
22:22:52.0249 3880 OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:22:52.0249 3880 OEM02Dev - ok
22:22:52.0280 3880 OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:22:52.0280 3880 OEM02Vfx - ok
22:22:52.0342 3880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:22:52.0342 3880 ohci1394 - ok
22:22:52.0436 3880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:22:52.0436 3880 Parport - ok
22:22:52.0483 3880 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:22:52.0483 3880 partmgr - ok
22:22:52.0545 3880 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:22:52.0545 3880 pci - ok
22:22:52.0607 3880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:22:52.0607 3880 pciide - ok
22:22:52.0639 3880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:22:52.0639 3880 pcmcia - ok
22:22:52.0670 3880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:22:52.0670 3880 pcw - ok
22:22:52.0717 3880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:22:52.0732 3880 PEAUTH - ok
22:22:52.0841 3880 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:22:52.0857 3880 PptpMiniport - ok
22:22:52.0873 3880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:22:52.0873 3880 Processor - ok
22:22:52.0935 3880 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:22:52.0951 3880 Psched - ok
22:22:53.0013 3880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:22:53.0075 3880 ql2300 - ok
22:22:53.0107 3880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:22:53.0107 3880 ql40xx - ok
22:22:53.0138 3880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:22:53.0138 3880 QWAVEdrv - ok
22:22:53.0169 3880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:22:53.0185 3880 RasAcd - ok
22:22:53.0216 3880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:22:53.0231 3880 RasAgileVpn - ok
22:22:53.0263 3880 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:53.0263 3880 Rasl2tp - ok
22:22:53.0294 3880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:53.0294 3880 RasPppoe - ok
22:22:53.0325 3880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:22:53.0325 3880 RasSstp - ok
22:22:53.0372 3880 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:22:53.0372 3880 rdbss - ok
22:22:53.0403 3880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:22:53.0403 3880 rdpbus - ok
22:22:53.0419 3880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:53.0419 3880 RDPCDD - ok
22:22:53.0481 3880 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:22:53.0481 3880 RDPDR - ok
22:22:53.0528 3880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:22:53.0528 3880 RDPENCDD - ok
22:22:53.0559 3880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:22:53.0559 3880 RDPREFMP - ok
22:22:53.0575 3880 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:22:53.0590 3880 RDPWD - ok
22:22:53.0621 3880 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:22:53.0637 3880 rdyboost - ok
22:22:53.0699 3880 rimmptsk (9c23519fc1fd331aaaedc145ab947293) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:22:53.0699 3880 rimmptsk - ok
22:22:53.0715 3880 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:22:53.0731 3880 rismxdp - ok
22:22:53.0777 3880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:22:53.0777 3880 rspndr - ok
22:22:53.0824 3880 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:22:53.0824 3880 s3cap - ok
22:22:53.0855 3880 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:22:53.0871 3880 sbp2port - ok
22:22:53.0887 3880 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:22:53.0887 3880 scfilter - ok
22:22:53.0980 3880 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
22:22:53.0980 3880 sdbus - ok
22:22:54.0027 3880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:22:54.0027 3880 secdrv - ok
22:22:54.0058 3880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:22:54.0074 3880 Serenum - ok
22:22:54.0089 3880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:22:54.0089 3880 Serial - ok
22:22:54.0105 3880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:22:54.0121 3880 sermouse - ok
22:22:54.0199 3880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:22:54.0199 3880 sffdisk - ok
22:22:54.0245 3880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:22:54.0245 3880 sffp_mmc - ok
22:22:54.0277 3880 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
22:22:54.0277 3880 sffp_sd - ok
22:22:54.0292 3880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:22:54.0308 3880 sfloppy - ok
22:22:54.0339 3880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:22:54.0339 3880 SiSRaid2 - ok
22:22:54.0370 3880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:22:54.0370 3880 SiSRaid4 - ok
22:22:54.0401 3880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:22:54.0401 3880 Smb - ok
22:22:54.0448 3880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:22:54.0448 3880 spldr - ok
22:22:54.0526 3880 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:22:54.0542 3880 srv - ok
22:22:54.0589 3880 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:22:54.0604 3880 srv2 - ok
22:22:54.0667 3880 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:22:54.0682 3880 SrvHsfHDA - ok
22:22:54.0745 3880 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:22:54.0791 3880 SrvHsfV92 - ok
22:22:54.0838 3880 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:22:54.0869 3880 SrvHsfWinac - ok
22:22:54.0916 3880 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:22:54.0932 3880 srvnet - ok
22:22:54.0994 3880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:22:54.0994 3880 stexstor - ok
22:22:55.0072 3880 STHDA (8435ed937f36ab0715e217c382c96a2b) C:\Windows\system32\drivers\stwrt64.sys
22:22:55.0088 3880 STHDA - ok
22:22:55.0135 3880 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:22:55.0135 3880 storflt - ok
22:22:55.0181 3880 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:22:55.0181 3880 storvsc - ok
22:22:55.0213 3880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:22:55.0213 3880 swenum - ok
22:22:55.0353 3880 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
22:22:55.0400 3880 Tcpip - ok
22:22:55.0493 3880 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
22:22:55.0525 3880 TCPIP6 - ok
22:22:55.0556 3880 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:22:55.0556 3880 tcpipreg - ok
22:22:55.0587 3880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:22:55.0603 3880 TDPIPE - ok
22:22:55.0618 3880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:22:55.0618 3880 TDTCP - ok
22:22:55.0665 3880 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:22:55.0665 3880 tdx - ok
22:22:55.0696 3880 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:22:55.0696 3880 TermDD - ok
22:22:55.0759 3880 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:55.0759 3880 tssecsrv - ok
22:22:55.0805 3880 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:22:55.0805 3880 tunnel - ok
22:22:55.0837 3880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:22:55.0837 3880 uagp35 - ok
22:22:55.0868 3880 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:22:55.0883 3880 udfs - ok
22:22:55.0930 3880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:22:55.0930 3880 uliagpkx - ok
22:22:55.0961 3880 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:22:55.0977 3880 umbus - ok
22:22:55.0993 3880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:22:56.0008 3880 UmPass - ok
22:22:56.0071 3880 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
22:22:56.0086 3880 USBAAPL64 - ok
22:22:56.0149 3880 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:22:56.0149 3880 usbaudio - ok
22:22:56.0195 3880 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
22:22:56.0195 3880 usbbus - ok
22:22:56.0258 3880 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:56.0273 3880 usbccgp - ok
22:22:56.0320 3880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:22:56.0320 3880 usbcir - ok
22:22:56.0336 3880 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
22:22:56.0351 3880 UsbDiag - ok
22:22:56.0383 3880 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
22:22:56.0398 3880 usbehci - ok
22:22:56.0461 3880 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:22:56.0461 3880 usbhub - ok
22:22:56.0507 3880 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
22:22:56.0507 3880 USBModem - ok
22:22:56.0570 3880 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
22:22:56.0570 3880 usbohci - ok
22:22:56.0601 3880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:22:56.0617 3880 usbprint - ok
22:22:56.0648 3880 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:56.0663 3880 USBSTOR - ok
22:22:56.0710 3880 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:56.0710 3880 usbuhci - ok
22:22:56.0773 3880 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:22:56.0788 3880 usbvideo - ok
22:22:56.0835 3880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:22:56.0835 3880 vdrvroot - ok
22:22:56.0882 3880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:56.0897 3880 vga - ok
22:22:56.0913 3880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:22:56.0913 3880 VgaSave - ok
22:22:56.0944 3880 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:22:56.0944 3880 vhdmp - ok
22:22:56.0975 3880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:22:56.0975 3880 viaide - ok
22:22:57.0022 3880 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:22:57.0022 3880 vmbus - ok
22:22:57.0038 3880 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:22:57.0053 3880 VMBusHID - ok
22:22:57.0069 3880 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:22:57.0069 3880 volmgr - ok
22:22:57.0100 3880 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:22:57.0116 3880 volmgrx - ok
22:22:57.0147 3880 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:22:57.0147 3880 volsnap - ok
22:22:57.0194 3880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:22:57.0194 3880 vsmraid - ok
22:22:57.0225 3880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:22:57.0225 3880 vwifibus - ok
22:22:57.0272 3880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:22:57.0272 3880 WacomPen - ok
22:22:57.0319 3880 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:22:57.0319 3880 WANARP - ok
22:22:57.0350 3880 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:22:57.0350 3880 Wanarpv6 - ok
22:22:57.0397 3880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:22:57.0412 3880 Wd - ok
22:22:57.0443 3880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:22:57.0459 3880 Wdf01000 - ok
22:22:57.0537 3880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:22:57.0537 3880 WfpLwf - ok
22:22:57.0568 3880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:22:57.0568 3880 WIMMount - ok
22:22:57.0677 3880 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:22:57.0677 3880 WinUsb - ok
22:22:57.0709 3880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:22:57.0709 3880 WmiAcpi - ok
22:22:57.0771 3880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:22:57.0771 3880 ws2ifsl - ok
22:22:57.0818 3880 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:22:57.0818 3880 WudfPf - ok
22:22:57.0849 3880 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:57.0849 3880 WUDFRd - ok
22:22:57.0927 3880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:22:57.0943 3880 \Device\Harddisk0\DR0 - ok
22:22:57.0958 3880 Boot (0x1200) (8a858c0ee9a10d124f2ab4526b165c8e) \Device\Harddisk0\DR0\Partition0
22:22:57.0958 3880 \Device\Harddisk0\DR0\Partition0 - ok
22:22:57.0958 3880 ============================================================
22:22:57.0958 3880 Scan finished
22:22:57.0958 3880 ============================================================
22:22:57.0989 4816 Detected object count: 0
22:22:57.0989 4816 Actual detected object count: 0
22:46:27.0774 3580 ============================================================
22:46:27.0775 3580 Scan started
22:46:27.0775 3580 Mode: Manual;
22:46:27.0775 3580 ============================================================
22:46:31.0387 3580 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:46:31.0389 3580 1394ohci - ok
22:46:31.0428 3580 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:46:31.0431 3580 ACPI - ok
22:46:31.0500 3580 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:46:31.0501 3580 AcpiPmi - ok
22:46:31.0648 3580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:46:31.0652 3580 adp94xx - ok
22:46:31.0682 3580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:46:31.0685 3580 adpahci - ok
22:46:31.0716 3580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:46:31.0717 3580 adpu320 - ok
22:46:31.0792 3580 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
22:46:31.0796 3580 AFD - ok
22:46:31.0826 3580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:46:31.0826 3580 agp440 - ok
22:46:31.0858 3580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:46:31.0859 3580 aliide - ok
22:46:31.0877 3580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:46:31.0878 3580 amdide - ok
22:46:31.0902 3580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:46:31.0903 3580 AmdK8 - ok
22:46:31.0928 3580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:46:31.0928 3580 AmdPPM - ok
22:46:31.0951 3580 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:46:31.0952 3580 amdsata - ok
22:46:31.0978 3580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:46:31.0980 3580 amdsbs - ok
22:46:32.0001 3580 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:46:32.0001 3580 amdxata - ok
22:46:32.0015 3580 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:46:32.0016 3580 AppID - ok
22:46:32.0054 3580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:46:32.0055 3580 arc - ok
22:46:32.0070 3580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:46:32.0071 3580 arcsas - ok
22:46:32.0095 3580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:46:32.0096 3580 AsyncMac - ok
22:46:32.0118 3580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:46:32.0119 3580 atapi - ok
22:46:32.0162 3580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:46:32.0165 3580 b06bdrv - ok
22:46:32.0221 3580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:46:32.0223 3580 b57nd60a - ok
22:46:32.0267 3580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:46:32.0267 3580 Beep - ok
22:46:32.0301 3580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:46:32.0302 3580 blbdrive - ok
22:46:32.0359 3580 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:46:32.0359 3580 bowser - ok
22:46:32.0383 3580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:46:32.0384 3580 BrFiltLo - ok
22:46:32.0403 3580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:46:32.0403 3580 BrFiltUp - ok
22:46:32.0435 3580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:46:32.0437 3580 Brserid - ok
22:46:32.0463 3580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:46:32.0463 3580 BrSerWdm - ok
22:46:32.0479 3580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:46:32.0479 3580 BrUsbMdm - ok
22:46:32.0503 3580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:46:32.0504 3580 BrUsbSer - ok
22:46:32.0530 3580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:46:32.0531 3580 BTHMODEM - ok
22:46:32.0563 3580 catchme - ok
22:46:32.0580 3580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:46:32.0581 3580 cdfs - ok
22:46:32.0604 3580 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:46:32.0606 3580 cdrom - ok
22:46:32.0630 3580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:46:32.0631 3580 circlass - ok
22:46:32.0668 3580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:46:32.0671 3580 CLFS - ok
22:46:32.0715 3580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:46:32.0716 3580 CmBatt - ok
22:46:32.0737 3580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:46:32.0737 3580 cmdide - ok
22:46:32.0797 3580 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:46:32.0800 3580 CNG - ok
22:46:32.0826 3580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:46:32.0827 3580 Compbatt - ok
22:46:32.0845 3580 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:46:32.0846 3580 CompositeBus - ok
22:46:32.0869 3580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:46:32.0870 3580 crcdisk - ok
22:46:32.0921 3580 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:46:32.0925 3580 CSC - ok
22:46:32.0998 3580 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:46:32.0999 3580 DfsC - ok
22:46:33.0027 3580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:46:33.0028 3580 discache - ok
22:46:33.0054 3580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:46:33.0055 3580 Disk - ok
22:46:33.0127 3580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:46:33.0128 3580 drmkaud - ok
22:46:33.0210 3580 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:46:33.0219 3580 DXGKrnl - ok
22:46:33.0318 3580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:46:33.0345 3580 ebdrv - ok
22:46:33.0398 3580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:46:33.0403 3580 elxstor - ok
22:46:33.0418 3580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:46:33.0419 3580 ErrDev - ok
22:46:33.0461 3580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:46:33.0463 3580 exfat - ok
22:46:33.0496 3580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:46:33.0497 3580 fastfat - ok
22:46:33.0530 3580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:46:33.0531 3580 fdc - ok
22:46:33.0558 3580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:46:33.0559 3580 FileInfo - ok
22:46:33.0583 3580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:46:33.0584 3580 Filetrace - ok
22:46:33.0603 3580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:46:33.0604 3580 flpydisk - ok
22:46:33.0627 3580 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:46:33.0629 3580 FltMgr - ok
22:46:33.0659 3580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:46:33.0660 3580 FsDepends - ok
22:46:33.0675 3580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:46:33.0676 3580 Fs_Rec - ok
22:46:33.0727 3580 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:46:33.0729 3580 fvevol - ok
22:46:33.0762 3580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:46:33.0763 3580 gagp30kx - ok
22:46:33.0814 3580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:46:33.0815 3580 GEARAspiWDM - ok
22:46:33.0848 3580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:46:33.0849 3580 hcw85cir - ok
22:46:33.0906 3580 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:46:33.0908 3580 HdAudAddService - ok
22:46:33.0933 3580 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:46:33.0934 3580 HDAudBus - ok
22:46:33.0957 3580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:46:33.0958 3580 HidBatt - ok
22:46:33.0986 3580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:46:33.0987 3580 HidBth - ok
22:46:34.0005 3580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:46:34.0006 3580 HidIr - ok
22:46:34.0032 3580 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:46:34.0032 3580 HidUsb - ok
22:46:34.0060 3580 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:46:34.0061 3580 HpSAMD - ok
22:46:34.0123 3580 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
22:46:34.0124 3580 HtcUsbMdmV64 - ok
22:46:34.0179 3580 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
22:46:34.0181 3580 HtcVCom32 - ok
22:46:34.0221 3580 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:46:34.0238 3580 HTTP - ok
22:46:34.0261 3580 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:46:34.0261 3580 hwpolicy - ok
22:46:34.0285 3580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:46:34.0287 3580 i8042prt - ok
22:46:34.0357 3580 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:46:34.0363 3580 iaStorV - ok
22:46:34.0618 3580 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:46:34.0819 3580 igfx - ok
22:46:34.0868 3580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:46:34.0871 3580 iirsp - ok
22:46:34.0924 3580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:46:34.0926 3580 intelide - ok
22:46:34.0967 3580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:46:34.0970 3580 intelppm - ok
22:46:35.0017 3580 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:46:35.0021 3580 IpFilterDriver - ok
22:46:35.0073 3580 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:46:35.0077 3580 IPMIDRV - ok
22:46:35.0165 3580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:46:35.0168 3580 IPNAT - ok
22:46:35.0214 3580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:46:35.0216 3580 IRENUM - ok
22:46:35.0260 3580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:46:35.0262 3580 isapnp - ok
22:46:35.0308 3580 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:46:35.0314 3580 iScsiPrt - ok
22:46:35.0371 3580 jrdusbser (2d967bc62a651fea616ef787f787d796) C:\Windows\system32\DRIVERS\jrdusbser.sys
22:46:35.0374 3580 jrdusbser - ok
22:46:35.0410 3580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:46:35.0412 3580 kbdclass - ok
22:46:35.0434 3580 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:46:35.0435 3580 kbdhid - ok
22:46:35.0504 3580 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:46:35.0506 3580 KSecDD - ok
22:46:35.0564 3580 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:46:35.0569 3580 KSecPkg - ok
22:46:35.0595 3580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:46:35.0596 3580 ksthunk - ok
22:46:35.0673 3580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:46:35.0675 3580 lltdio - ok
22:46:35.0729 3580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:46:35.0732 3580 LSI_FC - ok
22:46:35.0764 3580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:46:35.0767 3580 LSI_SAS - ok
22:46:35.0789 3580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:46:35.0792 3580 LSI_SAS2 - ok
22:46:35.0824 3580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:46:35.0827 3580 LSI_SCSI - ok
22:46:35.0862 3580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:46:35.0866 3580 luafv - ok
22:46:35.0926 3580 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
22:46:35.0931 3580 mcdbus - ok
22:46:35.0967 3580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:46:35.0969 3580 megasas - ok
22:46:36.0003 3580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:46:36.0009 3580 MegaSR - ok
22:46:36.0056 3580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:46:36.0058 3580 Modem - ok
22:46:36.0079 3580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:46:36.0080 3580 monitor - ok
22:46:36.0112 3580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:46:36.0122 3580 mouclass - ok
22:46:36.0152 3580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:46:36.0153 3580 mouhid - ok
22:46:36.0185 3580 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:46:36.0188 3580 mountmgr - ok
22:46:36.0212 3580 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:46:36.0215 3580 mpio - ok
22:46:36.0241 3580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:46:36.0243 3580 mpsdrv - ok
22:46:36.0280 3580 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:46:36.0284 3580 MRxDAV - ok
22:46:36.0329 3580 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:46:36.0333 3580 mrxsmb - ok
22:46:36.0392 3580 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:46:36.0396 3580 mrxsmb10 - ok
22:46:36.0438 3580 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:46:36.0441 3580 mrxsmb20 - ok
22:46:36.0455 3580 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:46:36.0456 3580 msahci - ok
22:46:36.0497 3580 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:46:36.0500 3580 msdsm - ok
22:46:36.0540 3580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:46:36.0540 3580 Msfs - ok
22:46:36.0566 3580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:46:36.0568 3580 mshidkmdf - ok
22:46:36.0592 3580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:46:36.0593 3580 msisadrv - ok
22:46:36.0620 3580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:46:36.0622 3580 MSKSSRV - ok
22:46:36.0668 3580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:46:36.0670 3580 MSPCLOCK - ok
22:46:36.0680 3580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:46:36.0681 3580 MSPQM - ok
22:46:36.0719 3580 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:46:36.0726 3580 MsRPC - ok
22:46:36.0742 3580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:46:36.0742 3580 mssmbios - ok
22:46:36.0758 3580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:46:36.0760 3580 MSTEE - ok
22:46:36.0788 3580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:46:36.0790 3580 MTConfig - ok
22:46:36.0819 3580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:46:36.0822 3580 Mup - ok
22:46:36.0858 3580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:46:36.0864 3580 NativeWifiP - ok
22:46:36.0909 3580 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:46:36.0944 3580 NDIS - ok
22:46:36.0975 3580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:46:36.0985 3580 NdisCap - ok
22:46:37.0007 3580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:46:37.0008 3580 NdisTapi - ok
22:46:37.0030 3580 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:46:37.0032 3580 Ndisuio - ok
22:46:37.0056 3580 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:37.0060 3580 NdisWan - ok
22:46:37.0079 3580 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:46:37.0081 3580 NDProxy - ok
22:46:37.0107 3580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:46:37.0109 3580 NetBIOS - ok
22:46:37.0191 3580 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:46:37.0196 3580 NetBT - ok
22:46:37.0447 3580 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:46:37.0645 3580 netw5v64 - ok
22:46:37.0687 3580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:46:37.0696 3580 nfrd960 - ok
22:46:37.0726 3580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:46:37.0729 3580 Npfs - ok
22:46:37.0773 3580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:46:37.0774 3580 nsiproxy - ok
22:46:37.0904 3580 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:46:37.0959 3580 Ntfs - ok
22:46:37.0981 3580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:46:37.0982 3580 Null - ok
22:46:38.0034 3580 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:46:38.0038 3580 nvraid - ok
22:46:38.0083 3580 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:46:38.0087 3580 nvstor - ok
22:46:38.0117 3580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:46:38.0120 3580 nv_agp - ok
22:46:38.0168 3580 OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:46:38.0174 3580 OEM02Dev - ok
22:46:38.0195 3580 OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:46:38.0196 3580 OEM02Vfx - ok
22:46:38.0219 3580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:46:38.0222 3580 ohci1394 - ok
22:46:38.0272 3580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:46:38.0275 3580 Parport - ok
22:46:38.0296 3580 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:46:38.0299 3580 partmgr - ok
22:46:38.0334 3580 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:46:38.0339 3580 pci - ok
22:46:38.0369 3580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:46:38.0371 3580 pciide - ok
22:46:38.0398 3580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:46:38.0403 3580 pcmcia - ok
22:46:38.0420 3580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:46:38.0423 3580 pcw - ok
22:46:38.0465 3580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:46:38.0483 3580 PEAUTH - ok
22:46:38.0580 3580 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:46:38.0583 3580 PptpMiniport - ok
22:46:38.0598 3580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:46:38.0601 3580 Processor - ok
22:46:38.0640 3580 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:46:38.0643 3580 Psched - ok
22:46:38.0702 3580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:46:38.0748 3580 ql2300 - ok
22:46:38.0766 3580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:46:38.0770 3580 ql40xx - ok
22:46:38.0795 3580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:46:38.0797 3580 QWAVEdrv - ok
22:46:38.0826 3580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:46:38.0828 3580 RasAcd - ok
22:46:38.0855 3580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:46:38.0857 3580 RasAgileVpn - ok
22:46:38.0880 3580 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:46:38.0884 3580 Rasl2tp - ok
22:46:38.0916 3580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:38.0919 3580 RasPppoe - ok
22:46:38.0939 3580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:46:38.0942 3580 RasSstp - ok
22:46:38.0977 3580 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:46:38.0983 3580 rdbss - ok
22:46:39.0003 3580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:46:39.0004 3580 rdpbus - ok
22:46:39.0024 3580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:46:39.0025 3580 RDPCDD - ok
22:46:39.0070 3580 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:46:39.0074 3580 RDPDR - ok
22:46:39.0100 3580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:46:39.0101 3580 RDPENCDD - ok
22:46:39.0156 3580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:46:39.0157 3580 RDPREFMP - ok
22:46:39.0227 3580 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:46:39.0231 3580 RDPWD - ok
22:46:39.0274 3580 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:46:39.0279 3580 rdyboost - ok
22:46:39.0332 3580 rimmptsk (9c23519fc1fd331aaaedc145ab947293) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:46:39.0334 3580 rimmptsk - ok
22:46:39.0356 3580 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:46:39.0358 3580 rismxdp - ok
22:46:39.0404 3580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:46:39.0407 3580 rspndr - ok
22:46:39.0439 3580 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:46:39.0441 3580 s3cap - ok
22:46:39.0472 3580 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:46:39.0476 3580 sbp2port - ok
22:46:39.0503 3580 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:46:39.0505 3580 scfilter - ok
22:46:39.0577 3580 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
22:46:39.0580 3580 sdbus - ok
22:46:39.0605 3580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:46:39.0606 3580 secdrv - ok
22:46:39.0645 3580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:46:39.0647 3580 Serenum - ok
22:46:39.0671 3580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:46:39.0674 3580 Serial - ok
22:46:39.0697 3580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:46:39.0699 3580 sermouse - ok
22:46:39.0775 3580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:46:39.0776 3580 sffdisk - ok
22:46:39.0829 3580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:46:39.0831 3580 sffp_mmc - ok
22:46:39.0851 3580 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
22:46:39.0853 3580 sffp_sd - ok
22:46:39.0877 3580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:46:39.0879 3580 sfloppy - ok
22:46:39.0928 3580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:46:39.0930 3580 SiSRaid2 - ok
22:46:39.0967 3580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:46:39.0975 3580 SiSRaid4 - ok
22:46:39.0999 3580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:46:40.0002 3580 Smb - ok
22:46:40.0044 3580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:46:40.0045 3580 spldr - ok
22:46:40.0132 3580 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:46:40.0149 3580 srv - ok
22:46:40.0189 3580 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:46:40.0202 3580 srv2 - ok
22:46:40.0258 3580 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:46:40.0264 3580 SrvHsfHDA - ok
22:46:40.0323 3580 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:46:40.0369 3580 SrvHsfV92 - ok
22:46:40.0426 3580 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:46:40.0448 3580 SrvHsfWinac - ok
22:46:40.0510 3580 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:46:40.0514 3580 srvnet - ok
22:46:40.0573 3580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:46:40.0575 3580 stexstor - ok
22:46:40.0632 3580 STHDA (8435ed937f36ab0715e217c382c96a2b) C:\Windows\system32\drivers\stwrt64.sys
22:46:40.0644 3580 STHDA - ok
22:46:40.0679 3580 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:46:40.0680 3580 storflt - ok
22:46:40.0707 3580 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:46:40.0709 3580 storvsc - ok
22:46:40.0758 3580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:46:40.0759 3580 swenum - ok
22:46:40.0886 3580 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
22:46:40.0944 3580 Tcpip - ok
22:46:41.0013 3580 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
22:46:41.0031 3580 TCPIP6 - ok
22:46:41.0060 3580 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:46:41.0063 3580 tcpipreg - ok
22:46:41.0095 3580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:46:41.0097 3580 TDPIPE - ok
22:46:41.0123 3580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:46:41.0125 3580 TDTCP - ok
22:46:41.0196 3580 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:46:41.0199 3580 tdx - ok
22:46:41.0238 3580 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:46:41.0241 3580 TermDD - ok
22:46:41.0304 3580 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:46:41.0306 3580 tssecsrv - ok
22:46:41.0330 3580 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:46:41.0333 3580 tunnel - ok
22:46:41.0362 3580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:46:41.0365 3580 uagp35 - ok
22:46:41.0400 3580 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:46:41.0406 3580 udfs - ok
22:46:41.0451 3580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:46:41.0453 3580 uliagpkx - ok
22:46:41.0479 3580 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:46:41.0481 3580 umbus - ok
22:46:41.0499 3580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:46:41.0501 3580 UmPass - ok
22:46:41.0557 3580 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
22:46:41.0559 3580 USBAAPL64 - ok
22:46:41.0598 3580 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:46:41.0601 3580 usbaudio - ok
22:46:41.0656 3580 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
22:46:41.0659 3580 usbbus - ok
22:46:41.0707 3580 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
22:46:41.0711 3580 usbccgp - ok
22:46:41.0741 3580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:46:41.0743 3580 usbcir - ok
22:46:41.0764 3580 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
22:46:41.0767 3580 UsbDiag - ok
22:46:41.0811 3580 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
22:46:41.0814 3580 usbehci - ok
22:46:41.0867 3580 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:46:41.0875 3580 usbhub - ok
22:46:41.0909 3580 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
22:46:41.0911 3580 USBModem - ok
22:46:41.0957 3580 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
22:46:41.0959 3580 usbohci - ok
22:46:41.0986 3580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:46:41.0989 3580 usbprint - ok
22:46:42.0031 3580 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:46:42.0034 3580 USBSTOR - ok
22:46:42.0073 3580 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:46:42.0075 3580 usbuhci - ok
22:46:42.0121 3580 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:46:42.0125 3580 usbvideo - ok
22:46:42.0162 3580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:46:42.0164 3580 vdrvroot - ok
22:46:42.0190 3580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:46:42.0192 3580 vga - ok
22:46:42.0215 3580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:46:42.0216 3580 VgaSave - ok
22:46:42.0240 3580 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:46:42.0245 3580 vhdmp - ok
22:46:42.0269 3580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:46:42.0271 3580 viaide - ok
22:46:42.0318 3580 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:46:42.0320 3580 vmbus - ok
22:46:42.0344 3580 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:46:42.0345 3580 VMBusHID - ok
22:46:42.0369 3580 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:46:42.0371 3580 volmgr - ok
22:46:42.0405 3580 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:46:42.0411 3580 volmgrx - ok
22:46:42.0433 3580 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:46:42.0438 3580 volsnap - ok
22:46:42.0468 3580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:46:42.0470 3580 vsmraid - ok
22:46:42.0493 3580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:46:42.0494 3580 vwifibus - ok
22:46:42.0525 3580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:46:42.0526 3580 WacomPen - ok
22:46:42.0552 3580 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:42.0554 3580 WANARP - ok
22:46:42.0565 3580 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:42.0566 3580 Wanarpv6 - ok
22:46:42.0614 3580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:46:42.0615 3580 Wd - ok
22:46:42.0651 3580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:46:42.0667 3580 Wdf01000 - ok
22:46:42.0705 3580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:46:42.0706 3580 WfpLwf - ok
22:46:42.0725 3580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:46:42.0726 3580 WIMMount - ok
22:46:42.0794 3580 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:46:42.0796 3580 WinUsb - ok
22:46:42.0823 3580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:46:42.0824 3580 WmiAcpi - ok
22:46:42.0869 3580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:46:42.0871 3580 ws2ifsl - ok
22:46:42.0909 3580 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:46:42.0911 3580 WudfPf - ok
22:46:42.0938 3580 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:42.0942 3580 WUDFRd - ok
22:46:42.0979 3580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:46:42.0994 3580 \Device\Harddisk0\DR0 - ok
22:46:43.0002 3580 Boot (0x1200) (8a858c0ee9a10d124f2ab4526b165c8e) \Device\Harddisk0\DR0\Partition0
22:46:43.0003 3580 \Device\Harddisk0\DR0\Partition0 - ok
22:46:43.0005 3580 ============================================================
22:46:43.0005 3580 Scan finished
22:46:43.0005 3580 ============================================================
22:46:43.0021 0188 Detected object count: 0
22:46:43.0021 0188 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 09 November 2011 - 09:40 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 falvelo

falvelo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 10 November 2011 - 09:32 PM

Are we getting anywhere with this? I'm still getting re-directed google results and my web browser continues to "stop working" seconds after I open this thread. Also, I have been having issues with iTunes more recently. It too gives me error messages that go something like "iTunes has stopped working. Windows will inform you of any solutions to this problem" (gives a "(Not Responding)" message then closes itself) and "iTunes has detected problems with your audio set up and may not function properly." Never had these before. I apologize that the error messages aren't precisely word for word, I am posting this response from another computer and don't have access to my laptop at the moment.
In any case here is the requested log from aswMBR.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-10 19:54:38
-----------------------------
19:54:38.510 OS Version: Windows x64 6.1.7600
19:54:38.510 Number of processors: 2 586 0xF0D
19:54:38.510 ComputerName: FRANKIE-PC UserName: Frankie
19:54:41.365 Initialize success
19:54:49.711 AVAST engine defs: 11111001
19:54:55.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:54:55.343 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
19:54:57.402 Disk 0 MBR read successfully
19:54:57.402 Disk 0 MBR scan
19:54:57.418 Disk 0 MBR:Alureon-I [Rtk]
19:54:57.418 Disk 0 TDL4@MBR code has been found
19:54:57.418 Disk 0 Windows 7 default MBR code found via API
19:54:57.433 Disk 0 MBR hidden
19:54:57.433 Disk 0 MBR [TDL4] **ROOTKIT**
19:54:57.433 Disk 0 trace - called modules:
19:54:57.449 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8002674254]<<
19:54:57.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002599060]
19:54:57.464 3 CLASSPNP.SYS[fffff880018ac43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002328680]
19:54:57.480 \Driver\atapi[0xfffffa80022a9920] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002674254
19:55:00.163 AVAST engine scan C:\Windows
19:55:08.447 AVAST engine scan C:\Windows\system32
19:57:30.937 AVAST engine scan C:\Windows\system32\drivers
19:57:44.166 AVAST engine scan C:\Users\Frankie
20:08:17.205 AVAST engine scan C:\ProgramData
20:10:54.734 Scan finished successfully
20:12:25.838 Disk 0 MBR has been saved successfully to "C:\Users\Frankie\Desktop\MBR.dat"
20:12:25.854 The log file has been saved successfully to "C:\Users\Frankie\Desktop\aswMBR.txt"


And thanks so much for your continued assistance. It is much appreciated.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 10 November 2011 - 09:37 PM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.


    If you have problems booting the computer please do the following



    System Recovery Environment

    To access the System Recovery Environment in Windows 7, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

[/list]
Gringo

Edited by gringo_pr, 10 November 2011 - 09:38 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 falvelo

falvelo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 12 November 2011 - 01:24 AM

So that seemed to do the trick. But because I had been working without an anti-virus this whole time I believe I acquired another one! I got a pop-up stating something about blasterworm.exe and had a brief experience with some fraudulent Privacy Protection program. I ran a program called SuperAntiSpyware which seems to have eradicated my new virus/trojan (I found it in another BleepingComputer.com thread about the same infection). But then I tried to run Malwarebyte's Anti-malware I got an error message "Runtime Error 0" and "Runtime Error 440." I tried uninstalling, rebooting, and re-installing to no avail. I think I am clean but I want to make sure everything is working as it should.
The following is the requested log from aswMBR: (mind you this was before I acquired the second virus)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-10 22:33:29
-----------------------------
22:33:29.345 OS Version: Windows x64 6.1.7600
22:33:29.345 Number of processors: 2 586 0xF0D
22:33:29.345 ComputerName: FRANKIE-PC UserName: Frankie
22:33:31.435 Initialize success
22:33:40.046 AVAST engine defs: 11111001
22:35:14.926 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
22:35:14.926 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
22:35:16.954 Disk 0 MBR read successfully
22:35:16.954 Disk 0 MBR scan
22:35:16.969 Disk 0 MBR:Alureon-I [Rtk]
22:35:16.969 Disk 0 TDL4@MBR code has been found
22:35:16.985 Disk 0 Windows 7 default MBR code found via API
22:35:16.985 Disk 0 MBR hidden
22:35:17.001 Disk 0 MBR [TDL4] **ROOTKIT**
22:35:17.001 Disk 0 trace - called modules:
22:35:17.016 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8002660254]<<
22:35:17.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800257b6f0]
22:35:17.032 3 CLASSPNP.SYS[fffff8800186e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002328680]
22:35:17.079 \Driver\atapi[0xfffffa800230a9a0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002660254
22:35:18.701 AVAST engine scan C:\Windows
22:35:22.944 AVAST engine scan C:\Windows\system32
22:37:50.552 AVAST engine scan C:\Windows\system32\drivers
22:38:06.635 AVAST engine scan C:\Users\Frankie
22:47:29.422 AVAST engine scan C:\ProgramData
22:50:10.664 Scan finished successfully
23:06:14.121 Disk 0 MBR read successfully
23:06:14.137 Disk 0 MBR:Alureon-I [Rtk]
23:06:14.153 Disk 0 TDL4@MBR code has been found
23:06:14.168 Disk 0 fixing MBR ...
23:06:24.199 Disk 0 MBR restored successfully
23:06:24.277 Verifying disinfection
23:06:36.367 Infection fixed successfully - please reboot ASAP
23:07:12.107 Disk 0 MBR has been saved successfully to "C:\Users\Frankie\Desktop\MBR.dat"
23:07:12.122 The log file has been saved successfully to "C:\Users\Frankie\Desktop\aswMBR-fix.txt"


and if it's helpful I can post the log from SuperAntiSpyware.

In the meantime could you suggest a free anti-virus program that will protect me from further infection?
Thanks so much.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 12 November 2011 - 11:50 AM

Hello

It does not look like it worked I need you to run it once more




aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.


    If you have problems booting the computer please do the following



    System Recovery Environment

    To access the System Recovery Environment in Windows 7, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

[/list]
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 falvelo

falvelo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 12 November 2011 - 01:52 PM

Since my last my post I have restored my system to after the first ASWmbr FIX that I ran but before the new virus came along. Internet is working fine but I can't tell if anything else is going on.
I tried running the ASWmbr fix again but after completing the scan the 'Fix' button was greyed out and unclickable, only the FixMBR was available so I didn't do anything. Here is the log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-12 13:06:36
-----------------------------
13:06:36.071 OS Version: Windows x64 6.1.7600
13:06:36.073 Number of processors: 2 586 0xF0D
13:06:36.075 ComputerName: FRANKIE-PC UserName: Frankie
13:06:37.555 Initialize success
13:07:08.592 AVAST engine defs: 11111200
13:07:15.231 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:07:15.234 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
13:07:17.334 Disk 0 MBR read successfully
13:07:17.340 Disk 0 MBR scan
13:07:17.350 Disk 0 Windows 7 default MBR code
13:07:17.358 Service scanning
13:07:19.364 Modules scanning
13:07:19.373 Disk 0 trace - called modules:
13:07:19.413 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:07:19.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002599060]
13:07:19.433 3 CLASSPNP.SYS[fffff8800190c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002334550]
13:07:25.364 AVAST engine scan C:\Windows
13:07:29.251 AVAST engine scan C:\Windows\system32
13:09:51.275 AVAST engine scan C:\Windows\system32\drivers
13:10:06.196 AVAST engine scan C:\Users\Frankie
13:19:47.474 AVAST engine scan C:\ProgramData
13:22:19.493 Scan finished successfully
13:41:46.683 Disk 0 MBR has been saved successfully to "C:\Users\Frankie\Desktop\MBR.dat"
13:41:46.697 The log file has been saved successfully to "C:\Users\Frankie\Desktop\aswMBR-2.txt"


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 12 November 2011 - 02:14 PM

Hello

right now that looks good - how is the computer doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 falvelo

falvelo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 12 November 2011 - 04:14 PM

I'm still having some issues. Twice in the past two days I have the following sequence of events:

After restarting...
1. Continually received this message from my web browsers:

Server not found

Firefox can't find the server at www.google.com.

Check the address for typing errors such as
ww.example.com instead of
www.example.com
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.


I checked for proxy settings and what not, but that's doesn't seem to be the problem.

2. received an onslaught of pop-up notifications stating that various .exe files (facebookupdate.exe, itunes.exe, aswmbr.exe, etc.) are corrupt and unusable, and that I should run the Chkdsk utility.
3. After several minutes my computer restarted itself and ran the Chkdsk utility. This seems to have fixed things but I fear it will happen again.

So now I'm here.
Also, I tried running Malwarebytes' Anti-Malware but received Runtime error '0' and Runtime error '440': Automation Error.

Edited by falvelo, 12 November 2011 - 04:15 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 12 November 2011 - 04:43 PM

Uninstall Malwarebytes

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users