Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus


  • This topic is locked This topic is locked
57 replies to this topic

#1 paulwenman

paulwenman

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 12 November 2011 - 03:56 PM

We have re-direct problems. Running Vista on 64 bit Mesh PC. Have Avast and Comodo firewall.

Found re-direct on Firefox and also IE. IE also started by itself while Firefox running.

Ran Malware Bytes. Found 2 trojans and deleted. Ran CC Cleaner and Registry option. Uninstalled Firefox and re-installed.

Still have same problem.

Found ComboFix and ran. Still have same prob.

Log here ... can u help pls?





ComboFix 11-11-12.04 - Susie 12/11/2011 17:47:29.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.1782 [GMT 0:00]
Running from: c:\users\Susie\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-12 18:37 . 2011-11-12 18:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8DE22B-1E97-4B92-9E2C-0E5E79B52193}\offreg.dll
2011-11-12 18:33 . 2011-11-12 18:33 -------- d-----w- c:\users\System User\AppData\Local\temp
2011-11-12 18:33 . 2011-11-12 18:33 -------- d-----w- c:\users\Public.SystemUser-PC\AppData\Local\temp
2011-11-12 18:33 . 2011-11-12 18:33 -------- d-----w- c:\users\Elliot\AppData\Local\temp
2011-11-12 18:33 . 2011-11-12 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-12 18:33 . 2011-11-12 18:33 -------- d-----w- c:\users\Chloe\AppData\Local\temp
2011-11-12 18:33 . 2011-11-12 18:33 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-11-12 16:38 . 2010-04-12 17:29 411368 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-11-12 16:38 . 2010-04-12 17:29 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-12 15:57 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8DE22B-1E97-4B92-9E2C-0E5E79B52193}\mpengine.dll
2011-11-09 17:24 . 2011-11-09 17:24 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2011-11-09 17:22 . 2011-11-09 17:22 -------- d-----w- c:\users\Admin\AppData\Roaming\Yahoo!
2011-11-09 16:55 . 2011-11-12 15:44 -------- d-----w- c:\programdata\STOPzilla!
2011-11-09 14:13 . 2011-11-09 16:26 -------- d-----w- c:\programdata\Comodo
2011-11-09 07:49 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:49 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 07:49 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 07:49 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 07:49 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 07:49 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 18:47 . 2011-10-07 18:47 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 18:47 . 2011-10-07 18:47 42224 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 18:47 . 2011-10-07 18:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 18:47 . 2011-10-07 18:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 18:47 . 2011-10-07 18:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 18:47 . 2011-10-07 18:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
2011-10-07 18:47 . 2011-10-07 18:47 388280 ----a-w- c:\windows\system32\guard64.dll
2011-09-06 20:45 . 2010-07-08 12:52 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-12-12 15:41 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-01-18 17:19 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-24 18:49 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2009-12-12 15:41 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-12-12 15:41 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-12 15:41 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-12 15:41 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2009-12-12 15:41 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 13:56 . 2011-10-13 08:33 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 18:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 18:01 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 18:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 18:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 18:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 18:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 17:00 . 2010-11-19 11:16 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:20 . 2011-10-13 08:33 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-13 08:33 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:19 . 2011-10-13 08:33 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:15 . 2011-10-13 08:33 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 08:33 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14 . 2011-10-13 08:33 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 13:54 . 2011-10-13 08:33 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-13 08:33 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-08-17 09:25 . 2011-05-15 14:15 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
.
c:\users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-07-15 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-04-19 1181328]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
S3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 rt61x64;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:42]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:42]
.
2011-07-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2843706990-1233415060-1280206708-1002.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2843706990-1233415060-1280206708-1003.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-10-25 c:\windows\Tasks\RNUpgradeHelperResumePrompt_Susie.job
- c:\users\Susie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe [2011-10-24 13:55]
.
2011-11-04 c:\windows\Tasks\User_Feed_Synchronization-{CA490A94-494C-4F97-B64A-3DD30082AF0C}.job
- c:\windows\system32\msfeedssync.exe [2011-05-22 12:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/news/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Local Website Archive - c:\users\Susie\AppData\Roaming\aignes\Local Website Archive\config\iearc.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7E58556C-7E59-4A1C-B8B0-F89815F5C2EF}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E3687D27-D34F-4970-BC5F-71E2544BDB36}: NameServer = 8.26.56.26,156.154.70.22
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100308103451
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Susie\AppData\Roaming\Mozilla\Firefox\Profiles\lxi9uh08.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-12 19:45:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 19:45
.
Pre-Run: 172,269,228,032 bytes free
Post-Run: 171,989,987,328 bytes free
.
- - End Of File - - 534985948B878EBFB947DCB4B5CF90FC

BC AdBot (Login to Remove)

 


#2 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 16 November 2011 - 09:00 AM

Hi, I would very much appreciate help with a virus. Started with fake System restore which tried to take over the machine. I think we removed it. But then we got web search re-direct problems.

We run Avast anti-virus live and Comodo firewall in Safe mode.

Steps take so far: 1) Ran Avast Boot time scan - found 4 Java infections and deleted. 2) Ran Malwarebytes which found a few Trojans and deleted. 3) ran combofix (sorry) 4)ran AVZ - found ACPI hooks hijacked, but did not resolve 5) Followed BC procudeure to remove Sysetm Restore virus - RKill, TDSSKiller, Malwarebytes again - found nothing on this run.

Preparation for Forum help: followed instructions - including DeFogger, DDS, not GMER (64 bit Vista)

Here is the DDS output and zip attached.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Admin at 12:42:26 on 2011-11-16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.1680 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnp2std.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100308103451
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7E58556C-7E59-4A1C-B8B0-F89815F5C2EF} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E3687D27-D34F-4970-BC5F-71E2544BDB36} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E3687D27-D34F-4970-BC5F-71E2544BDB36} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO-X64: Skype add-on (mastermind) - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjbex4ex.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-1-20 44768]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-26 161080]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 3xHybr64;3xHybrid service;C:\Windows\system32\DRIVERS\3xHybr64.sys --> C:\Windows\system32\DRIVERS\3xHybr64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 rt61x64;RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-9-3 16392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-12 89920]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-12-2 1181328]
S4 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-15 22:20:49 -------- d-----w- C:\Users\Admin\AppData\Local\Mozilla
2011-11-15 21:24:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02A44F02-8064-4D5E-8B08-56C2B5B00F68}\offreg.dll
2011-11-15 15:30:32 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02A44F02-8064-4D5E-8B08-56C2B5B00F68}\mpengine.dll
2011-11-12 20:19:36 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-12 19:46:36 -------- d-----w- C:\Users\Admin\AppData\Local\temp
2011-11-12 17:31:49 98816 ----a-w- C:\Windows\sed.exe
2011-11-12 17:31:49 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-12 17:31:49 256000 ----a-w- C:\Windows\PEV.exe
2011-11-12 17:31:49 208896 ----a-w- C:\Windows\MBR.exe
2011-11-12 17:30:28 -------- d-----w- C:\ComboFix
2011-11-12 16:38:35 411368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-11-12 16:38:34 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-09 17:24:05 -------- d-----w- C:\Users\Admin\AppData\Local\Apple Computer
2011-11-09 16:55:59 -------- d-----w- C:\ProgramData\STOPzilla!
2011-11-09 14:13:50 -------- d-----w- C:\ProgramData\Comodo
2011-11-09 07:49:38 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 07:49:36 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-09 07:49:36 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 07:49:34 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 07:49:34 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 07:49:34 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
.
==================== Find3M ====================
.
2011-10-07 18:47:50 42224 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-10-07 18:47:48 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-10-07 18:47:48 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-10-07 18:47:14 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-10-07 18:47:12 300200 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-10-07 18:47:10 388280 ----a-w- C:\Windows\System32\guard64.dll
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 17:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2006-05-03 11:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 12:53:57.30 ===============


Sorry if we started with wrong steps but we did not know about your forum to start with. Hope we have now set up things for your help - much appreciated :)

Attached Files


Edited by Orange Blossom, 16 November 2011 - 02:19 PM.
Merged topics. ~ OB


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:59 PM

Posted 17 November 2011 - 04:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427594 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 18 November 2011 - 01:17 PM

Description already provided together witj all available scan logs

System CD available

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:59 PM

Posted 19 November 2011 - 12:54 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 19 November 2011 - 06:57 PM

Hi Gringo, here is the Combofix log. It seemed to run twice. It spent over 20 nins workingthrough many stages and I had to leave the PC. When I returned the PC was asleep, but when I woke it up the Combofix window was blank and starting up again.

Also, before I rn it the first time, and since the second time, there continues to be almost continuous hard disk activity but task Manager shows no significant processes running and we have disconnected from the internet (anti-virus and firewall inactive)

ComboFix 11-11-19.03 - Paul 19/11/2011 17:23:28.2.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.2167 [GMT 0:00]
Running from: c:\users\Paul\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 18:09 . 2011-11-19 18:09 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DDA9927-FDA6-4DFD-9AF2-CC2526C34B4A}\offreg.dll
2011-11-19 18:05 . 2011-11-19 18:05 -------- d-----w- c:\users\System User\AppData\Local\temp
2011-11-19 18:05 . 2011-11-19 18:05 -------- d-----w- c:\users\Susie\AppData\Local\temp
2011-11-19 18:05 . 2011-11-19 18:05 -------- d-----w- c:\users\Public.SystemUser-PC\AppData\Local\temp
2011-11-19 18:05 . 2011-11-19 18:05 -------- d-----w- c:\users\Elliot\AppData\Local\temp
2011-11-19 18:05 . 2011-11-19 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-19 18:05 . 2011-11-19 18:05 -------- d-----w- c:\users\Chloe\AppData\Local\temp
2011-11-19 18:05 . 2011-11-19 18:05 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-11-18 13:46 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DDA9927-FDA6-4DFD-9AF2-CC2526C34B4A}\mpengine.dll
2011-11-16 13:32 . 2011-11-16 13:32 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2011-11-15 22:20 . 2011-11-15 22:20 -------- d-----w- c:\users\Admin\AppData\Local\Mozilla
2011-11-12 16:38 . 2010-04-12 17:29 411368 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-11-12 16:38 . 2010-04-12 17:29 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-09 17:24 . 2011-11-09 17:24 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2011-11-09 17:22 . 2011-11-09 17:22 -------- d-----w- c:\users\Admin\AppData\Roaming\Yahoo!
2011-11-09 16:55 . 2011-11-12 15:44 -------- d-----w- c:\programdata\STOPzilla!
2011-11-09 14:13 . 2011-11-09 16:26 -------- d-----w- c:\programdata\Comodo
2011-11-09 07:49 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:49 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 07:49 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 07:49 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 07:49 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 07:49 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 18:47 . 2011-10-07 18:47 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 18:47 . 2011-10-07 18:47 42224 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 18:47 . 2011-10-07 18:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 18:47 . 2011-10-07 18:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 18:47 . 2011-10-07 18:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 18:47 . 2011-10-07 18:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
2011-10-07 18:47 . 2011-10-07 18:47 388280 ----a-w- c:\windows\system32\guard64.dll
2011-09-06 20:45 . 2010-07-08 12:52 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-12-12 15:41 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-01-18 17:19 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-24 18:49 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2009-12-12 15:41 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-12-12 15:41 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-12 15:41 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-12 15:41 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2009-12-12 15:41 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 13:56 . 2011-10-13 08:33 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 18:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 18:01 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 18:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 18:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 18:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 18:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 17:00 . 2010-11-19 11:16 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:20 . 2011-10-13 08:33 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-13 08:33 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:19 . 2011-10-13 08:33 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:15 . 2011-10-13 08:33 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 08:33 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14 . 2011-10-13 08:33 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 13:54 . 2011-10-13 08:33 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-13 08:33 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_18.44.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:19 . 2011-11-19 18:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:19 . 2011-11-12 18:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:19 . 2011-11-19 18:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:19 . 2011-11-12 18:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:19 . 2011-11-12 18:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:19 . 2011-11-19 18:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:09 . 2011-11-15 14:57 56284 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2011-11-15 14:57 68326 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-15 08:14 . 2011-11-15 14:57 16108 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2843706990-1233415060-1280206708-1005_UserData.bin
+ 2009-12-08 14:00 . 2011-11-19 20:53 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-08 14:00 . 2011-11-12 18:42 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-08 14:00 . 2011-11-12 18:42 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-08 14:00 . 2011-11-19 20:53 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-08 14:00 . 2011-11-12 18:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-08 14:00 . 2011-11-19 20:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-12 23:44 . 2011-11-12 23:44 22016 c:\windows\Installer\1190e4e.msi
+ 2011-11-19 18:09 . 2011-11-19 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-12 18:37 . 2011-11-12 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-12 18:37 . 2011-11-12 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-19 18:09 . 2011-11-19 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-12 13:55 . 2011-11-19 10:39 324362 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-11-09 13:54 611664 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-19 14:42 611664 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-11-09 13:54 109112 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-11-19 14:42 109112 c:\windows\system32\perfc009.dat
- 2011-02-10 22:43 . 2011-11-12 18:36 369012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 22:43 . 2011-11-19 18:08 369012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-09 14:26 . 2011-11-19 18:08 776480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-05-17 22:56 . 2011-11-19 18:08 8438964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2843706990-1233415060-1280206708-1003-12288.dat
+ 2011-11-09 17:27 . 2011-11-19 18:08 5655952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2843706990-1233415060-1280206708-1001-12288.dat
+ 2006-11-02 12:33 . 2011-11-12 19:11 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-11-09 13:46 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-05-16 19:57 . 2011-11-19 18:08 16319460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2843706990-1233415060-1280206708-1005-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
.
c:\users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-07-15 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-04-19 1181328]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
S3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 rt61x64;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2010-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 11:48]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:42]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:42]
.
2011-07-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2843706990-1233415060-1280206708-1002.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-10-25 c:\windows\Tasks\RNUpgradeHelperResumePrompt_Susie.job
- c:\users\Susie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe [2011-10-24 13:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ecosia.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E3687D27-D34F-4970-BC5F-71E2544BDB36}: NameServer = 8.26.56.26,156.154.70.22
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100308103451
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ksxbzzz2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ecosia.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\windows\SysWOW64\WerFault.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-19 21:30:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 21:30
ComboFix2.txt 2011-11-12 19:46
.
Pre-Run: 211,503,640,576 bytes free
Post-Run: 212,061,343,744 bytes free
.
- - End Of File - - 9337FAB1FC70918529CBEB88A4551DDE


Thanks

Paul

Attached Files


Edited by gringo_pr, 19 November 2011 - 11:19 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:59 PM

Posted 19 November 2011 - 11:21 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 20 November 2011 - 09:51 AM

Hi Gringo - thanks for yr help so far.

Here is the 2nd combofix log. It asked me if I want to download new version of Combo - I declined.
Web browser still being re-directed.

Still ongoing hard disc activity.

Attached Files



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:59 PM

Posted 20 November 2011 - 12:48 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 20 November 2011 - 01:51 PM

ok TDS killer ran - no threats

18:41:34.0466 3160 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
18:41:34.0793 3160 ============================================================
18:41:34.0793 3160 Current date / time: 2011/11/20 18:41:34.0793
18:41:34.0793 3160 SystemInfo:
18:41:34.0793 3160
18:41:34.0793 3160 OS Version: 6.0.6002 ServicePack: 2.0
18:41:34.0793 3160 Product type: Workstation
18:41:34.0793 3160 ComputerName: MESH
18:41:34.0793 3160 UserName: Paul
18:41:34.0793 3160 Windows directory: C:\Windows
18:41:34.0793 3160 System windows directory: C:\Windows
18:41:34.0793 3160 Running under WOW64
18:41:34.0793 3160 Processor architecture: Intel x64
18:41:34.0793 3160 Number of processors: 2
18:41:34.0793 3160 Page size: 0x1000
18:41:34.0793 3160 Boot type: Normal boot
18:41:34.0793 3160 ============================================================
18:41:36.0540 3160 Initialize success
18:42:29.0884 1256 ============================================================
18:42:29.0884 1256 Scan started
18:42:29.0884 1256 Mode: Manual;
18:42:29.0884 1256 ============================================================
18:42:31.0943 1256 3xHybr64 (07373507704a202b263796a040057e7d) C:\Windows\system32\DRIVERS\3xHybr64.sys
18:42:31.0943 1256 3xHybr64 - ok
18:42:31.0990 1256 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:42:31.0990 1256 ACPI - ok
18:42:32.0068 1256 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:42:32.0083 1256 adp94xx - ok
18:42:32.0114 1256 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:42:32.0130 1256 adpahci - ok
18:42:32.0146 1256 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:42:32.0146 1256 adpu160m - ok
18:42:32.0177 1256 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:42:32.0177 1256 adpu320 - ok
18:42:32.0224 1256 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
18:42:32.0224 1256 AFD - ok
18:42:32.0255 1256 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:42:32.0255 1256 agp440 - ok
18:42:32.0302 1256 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:42:32.0302 1256 aic78xx - ok
18:42:32.0317 1256 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
18:42:32.0317 1256 aliide - ok
18:42:32.0333 1256 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:42:32.0333 1256 amdide - ok
18:42:32.0348 1256 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:42:32.0348 1256 AmdK8 - ok
18:42:33.0425 1256 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:33.0503 1256 amdkmdag - ok
18:42:33.0628 1256 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:42:33.0659 1256 amdkmdap - ok
18:42:33.0737 1256 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:42:33.0737 1256 arc - ok
18:42:33.0784 1256 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:42:33.0784 1256 arcsas - ok
18:42:33.0830 1256 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
18:42:33.0830 1256 aswFsBlk - ok
18:42:33.0877 1256 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
18:42:33.0877 1256 aswMonFlt - ok
18:42:33.0924 1256 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
18:42:33.0924 1256 aswRdr - ok
18:42:34.0002 1256 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
18:42:34.0018 1256 aswSnx - ok
18:42:34.0049 1256 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
18:42:34.0049 1256 aswSP - ok
18:42:34.0080 1256 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
18:42:34.0080 1256 aswTdi - ok
18:42:34.0127 1256 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:34.0127 1256 AsyncMac - ok
18:42:34.0158 1256 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:42:34.0158 1256 atapi - ok
18:42:34.0564 1256 atikmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:34.0595 1256 atikmdag - ok
18:42:34.0766 1256 Beep - ok
18:42:34.0813 1256 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:42:34.0813 1256 blbdrive - ok
18:42:34.0860 1256 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:42:34.0860 1256 bowser - ok
18:42:34.0907 1256 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:42:34.0907 1256 BrFiltLo - ok
18:42:34.0907 1256 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:42:34.0907 1256 BrFiltUp - ok
18:42:34.0969 1256 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:42:34.0969 1256 Brserid - ok
18:42:34.0969 1256 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:42:34.0969 1256 BrSerWdm - ok
18:42:34.0985 1256 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:42:34.0985 1256 BrUsbMdm - ok
18:42:34.0985 1256 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:42:34.0985 1256 BrUsbSer - ok
18:42:34.0985 1256 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:42:34.0985 1256 BTHMODEM - ok
18:42:35.0078 1256 catchme - ok
18:42:35.0094 1256 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:35.0094 1256 cdfs - ok
18:42:35.0125 1256 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:42:35.0125 1256 cdrom - ok
18:42:35.0141 1256 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:42:35.0141 1256 circlass - ok
18:42:35.0172 1256 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:42:35.0188 1256 CLFS - ok
18:42:35.0312 1256 cmdGuard (a339327ce8f49575a28ede61732b115a) C:\Windows\system32\DRIVERS\cmdguard.sys
18:42:35.0312 1256 cmdGuard - ok
18:42:35.0344 1256 cmdHlp (0d0349f47ad9694dd3cfba507e641226) C:\Windows\system32\DRIVERS\cmdhlp.sys
18:42:35.0344 1256 cmdHlp - ok
18:42:35.0359 1256 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:42:35.0359 1256 cmdide - ok
18:42:35.0359 1256 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
18:42:35.0375 1256 Compbatt - ok
18:42:35.0390 1256 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:42:35.0390 1256 crcdisk - ok
18:42:35.0453 1256 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
18:42:35.0453 1256 CSC - ok
18:42:35.0500 1256 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:42:35.0500 1256 DfsC - ok
18:42:35.0578 1256 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:42:35.0593 1256 disk - ok
18:42:35.0734 1256 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:42:35.0749 1256 drmkaud - ok
18:42:36.0046 1256 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:36.0155 1256 DXGKrnl - ok
18:42:36.0217 1256 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:42:36.0217 1256 E1G60 - ok
18:42:36.0280 1256 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:42:36.0280 1256 Ecache - ok
18:42:36.0295 1256 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:42:36.0311 1256 elxstor - ok
18:42:36.0311 1256 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:42:36.0311 1256 ErrDev - ok
18:42:36.0404 1256 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:42:36.0404 1256 exfat - ok
18:42:36.0436 1256 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:42:36.0436 1256 fastfat - ok
18:42:36.0467 1256 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:42:36.0467 1256 fdc - ok
18:42:36.0467 1256 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:42:36.0467 1256 FileInfo - ok
18:42:36.0482 1256 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:42:36.0482 1256 Filetrace - ok
18:42:36.0482 1256 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:36.0482 1256 flpydisk - ok
18:42:36.0514 1256 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:42:36.0529 1256 FltMgr - ok
18:42:36.0638 1256 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:36.0638 1256 Fs_Rec - ok
18:42:36.0670 1256 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
18:42:36.0670 1256 fvevol - ok
18:42:36.0685 1256 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:42:36.0685 1256 gagp30kx - ok
18:42:36.0732 1256 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:42:36.0732 1256 GEARAspiWDM - ok
18:42:36.0810 1256 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
18:42:36.0810 1256 HdAudAddService - ok
18:42:36.0841 1256 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:42:36.0841 1256 HDAudBus - ok
18:42:36.0857 1256 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:42:36.0857 1256 HidBth - ok
18:42:36.0888 1256 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
18:42:36.0888 1256 HidIr - ok
18:42:36.0950 1256 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:36.0950 1256 HidUsb - ok
18:42:36.0982 1256 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:42:36.0982 1256 HpCISSs - ok
18:42:37.0075 1256 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:42:37.0075 1256 HTCAND64 - ok
18:42:37.0169 1256 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
18:42:37.0169 1256 htcnprot - ok
18:42:37.0231 1256 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:42:37.0231 1256 HTTP - ok
18:42:37.0262 1256 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:42:37.0262 1256 i2omp - ok
18:42:37.0294 1256 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:42:37.0294 1256 i8042prt - ok
18:42:37.0325 1256 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:42:37.0325 1256 iaStorV - ok
18:42:37.0325 1256 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:42:37.0325 1256 iirsp - ok
18:42:37.0356 1256 inspect (1310eeee91712589f8c08e2505733a64) C:\Windows\system32\DRIVERS\inspect.sys
18:42:37.0356 1256 inspect - ok
18:42:37.0372 1256 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:42:37.0372 1256 intelide - ok
18:42:37.0387 1256 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:37.0387 1256 intelppm - ok
18:42:37.0450 1256 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:37.0450 1256 IpFilterDriver - ok
18:42:37.0450 1256 IpInIp - ok
18:42:37.0481 1256 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:42:37.0481 1256 IPMIDRV - ok
18:42:37.0481 1256 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:42:37.0481 1256 IPNAT - ok
18:42:37.0512 1256 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:42:37.0512 1256 IRENUM - ok
18:42:37.0528 1256 is3srv - ok
18:42:37.0543 1256 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:42:37.0543 1256 isapnp - ok
18:42:37.0574 1256 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:42:37.0574 1256 iScsiPrt - ok
18:42:37.0574 1256 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:42:37.0590 1256 iteatapi - ok
18:42:37.0606 1256 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:42:37.0606 1256 iteraid - ok
18:42:37.0621 1256 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:37.0621 1256 kbdclass - ok
18:42:37.0637 1256 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:37.0637 1256 kbdhid - ok
18:42:37.0684 1256 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
18:42:37.0684 1256 KSecDD - ok
18:42:37.0699 1256 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:42:37.0699 1256 ksthunk - ok
18:42:37.0777 1256 Lbd (a352cdb69af6e18d60c0001d540d8478) C:\Windows\system32\DRIVERS\Lbd.sys
18:42:37.0777 1256 Lbd - ok
18:42:37.0808 1256 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:37.0808 1256 lltdio - ok
18:42:37.0840 1256 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:42:37.0840 1256 LSI_FC - ok
18:42:37.0840 1256 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:42:37.0855 1256 LSI_SAS - ok
18:42:37.0855 1256 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:42:37.0855 1256 LSI_SCSI - ok
18:42:37.0886 1256 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:42:37.0886 1256 luafv - ok
18:42:37.0886 1256 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:42:37.0886 1256 megasas - ok
18:42:37.0918 1256 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:42:37.0918 1256 MegaSR - ok
18:42:37.0933 1256 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:42:37.0933 1256 Modem - ok
18:42:37.0949 1256 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:42:37.0949 1256 monitor - ok
18:42:37.0964 1256 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:37.0964 1256 mouclass - ok
18:42:37.0964 1256 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:37.0980 1256 mouhid - ok
18:42:37.0980 1256 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:42:37.0980 1256 MountMgr - ok
18:42:38.0027 1256 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:42:38.0027 1256 mpio - ok
18:42:38.0042 1256 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:42:38.0042 1256 mpsdrv - ok
18:42:38.0058 1256 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:42:38.0058 1256 Mraid35x - ok
18:42:38.0198 1256 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:42:38.0198 1256 MRxDAV - ok
18:42:38.0230 1256 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:38.0230 1256 mrxsmb - ok
18:42:38.0276 1256 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:38.0276 1256 mrxsmb10 - ok
18:42:38.0292 1256 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:38.0292 1256 mrxsmb20 - ok
18:42:38.0308 1256 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
18:42:38.0308 1256 msahci - ok
18:42:38.0323 1256 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:42:38.0323 1256 msdsm - ok
18:42:38.0323 1256 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:42:38.0323 1256 Msfs - ok
18:42:38.0339 1256 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:42:38.0339 1256 msisadrv - ok
18:42:38.0386 1256 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:38.0386 1256 MSKSSRV - ok
18:42:38.0401 1256 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:38.0401 1256 MSPCLOCK - ok
18:42:38.0432 1256 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:42:38.0432 1256 MSPQM - ok
18:42:38.0464 1256 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:42:38.0479 1256 MsRPC - ok
18:42:38.0479 1256 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:42:38.0479 1256 mssmbios - ok
18:42:38.0526 1256 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:42:38.0526 1256 MSTEE - ok
18:42:38.0573 1256 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
18:42:38.0573 1256 MTsensor - ok
18:42:38.0588 1256 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:42:38.0588 1256 Mup - ok
18:42:38.0651 1256 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:38.0651 1256 NativeWifiP - ok
18:42:38.0713 1256 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:42:38.0713 1256 NDIS - ok
18:42:38.0760 1256 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:38.0760 1256 NdisTapi - ok
18:42:38.0776 1256 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:38.0776 1256 Ndisuio - ok
18:42:38.0822 1256 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:38.0822 1256 NdisWan - ok
18:42:38.0838 1256 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:42:38.0838 1256 NDProxy - ok
18:42:38.0885 1256 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:42:38.0885 1256 NetBIOS - ok
18:42:38.0916 1256 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:42:38.0916 1256 netbt - ok
18:42:38.0963 1256 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:42:38.0963 1256 nfrd960 - ok
18:42:38.0978 1256 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:42:38.0978 1256 Npfs - ok
18:42:39.0010 1256 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:42:39.0010 1256 nsiproxy - ok
18:42:39.0056 1256 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:42:39.0072 1256 Ntfs - ok
18:42:39.0197 1256 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:42:39.0212 1256 Null - ok
18:42:39.0306 1256 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
18:42:39.0322 1256 NVENETFD - ok
18:42:39.0337 1256 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:42:39.0337 1256 nvraid - ok
18:42:39.0353 1256 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:42:39.0353 1256 nvstor - ok
18:42:39.0368 1256 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:42:39.0368 1256 nv_agp - ok
18:42:39.0368 1256 NwlnkFlt - ok
18:42:39.0368 1256 NwlnkFwd - ok
18:42:39.0400 1256 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
18:42:39.0400 1256 ohci1394 - ok
18:42:39.0446 1256 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
18:42:39.0446 1256 Parport - ok
18:42:39.0493 1256 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:42:39.0493 1256 partmgr - ok
18:42:39.0524 1256 pccsmcfd - ok
18:42:39.0524 1256 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:42:39.0540 1256 pci - ok
18:42:39.0556 1256 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
18:42:39.0571 1256 pciide - ok
18:42:39.0587 1256 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:42:39.0587 1256 pcmcia - ok
18:42:39.0618 1256 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:42:39.0634 1256 PEAUTH - ok
18:42:39.0665 1256 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:39.0665 1256 PptpMiniport - ok
18:42:39.0680 1256 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:42:39.0680 1256 Processor - ok
18:42:39.0696 1256 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:42:39.0696 1256 PSched - ok
18:42:39.0743 1256 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:42:39.0743 1256 ql2300 - ok
18:42:39.0758 1256 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:42:39.0758 1256 ql40xx - ok
18:42:39.0774 1256 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:42:39.0774 1256 QWAVEdrv - ok
18:42:39.0774 1256 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:39.0790 1256 RasAcd - ok
18:42:39.0790 1256 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:39.0805 1256 Rasl2tp - ok
18:42:39.0836 1256 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:39.0836 1256 RasPppoe - ok
18:42:39.0852 1256 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:39.0852 1256 RasSstp - ok
18:42:39.0899 1256 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:39.0899 1256 rdbss - ok
18:42:39.0914 1256 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:39.0914 1256 RDPCDD - ok
18:42:39.0914 1256 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
18:42:39.0914 1256 rdpdr - ok
18:42:39.0930 1256 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:42:39.0930 1256 RDPENCDD - ok
18:42:39.0961 1256 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
18:42:39.0961 1256 RDPWD - ok
18:42:40.0008 1256 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:40.0008 1256 rspndr - ok
18:42:40.0086 1256 rt61x64 (0de3a20c7dbc58fcf8587045b25379a0) C:\Windows\system32\DRIVERS\netr6164.sys
18:42:40.0086 1256 rt61x64 - ok
18:42:40.0102 1256 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:42:40.0102 1256 sbp2port - ok
18:42:40.0133 1256 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:42:40.0133 1256 secdrv - ok
18:42:40.0133 1256 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
18:42:40.0133 1256 Serenum - ok
18:42:40.0148 1256 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
18:42:40.0148 1256 Serial - ok
18:42:40.0164 1256 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:42:40.0164 1256 sermouse - ok
18:42:40.0226 1256 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:42:40.0226 1256 sffdisk - ok
18:42:40.0226 1256 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:42:40.0226 1256 sffp_mmc - ok
18:42:40.0242 1256 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:42:40.0242 1256 sffp_sd - ok
18:42:40.0273 1256 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
18:42:40.0273 1256 sfloppy - ok
18:42:40.0289 1256 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:42:40.0289 1256 SiSRaid2 - ok
18:42:40.0304 1256 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:42:40.0304 1256 SiSRaid4 - ok
18:42:40.0382 1256 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:42:40.0414 1256 Smb - ok
18:42:40.0632 1256 SNP2STD (ac8f1ef394faf226b64a8e937e6d812b) C:\Windows\system32\DRIVERS\snp2sxp.sys
18:42:40.0757 1256 SNP2STD - ok
18:42:40.0804 1256 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:42:40.0819 1256 spldr - ok
18:42:40.0850 1256 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:42:40.0850 1256 srv - ok
18:42:40.0882 1256 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:42:40.0882 1256 srv2 - ok
18:42:40.0897 1256 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:40.0897 1256 srvnet - ok
18:42:40.0944 1256 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
18:42:40.0944 1256 sscdbus - ok
18:42:41.0006 1256 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:42:41.0006 1256 sscdmdfl - ok
18:42:41.0038 1256 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
18:42:41.0038 1256 sscdmdm - ok
18:42:41.0100 1256 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
18:42:41.0100 1256 StillCam - ok
18:42:41.0131 1256 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:42:41.0131 1256 swenum - ok
18:42:41.0162 1256 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:42:41.0162 1256 Symc8xx - ok
18:42:41.0194 1256 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:42:41.0194 1256 Sym_hi - ok
18:42:41.0194 1256 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:42:41.0194 1256 Sym_u3 - ok
18:42:41.0194 1256 szkg5 - ok
18:42:41.0272 1256 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
18:42:41.0287 1256 Tcpip - ok
18:42:41.0303 1256 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:41.0318 1256 Tcpip6 - ok
18:42:41.0459 1256 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:42:41.0459 1256 tcpipreg - ok
18:42:41.0474 1256 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:42:41.0474 1256 TDPIPE - ok
18:42:41.0474 1256 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:42:41.0474 1256 TDTCP - ok
18:42:41.0506 1256 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:42:41.0506 1256 tdx - ok
18:42:41.0552 1256 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:42:41.0552 1256 TermDD - ok
18:42:41.0615 1256 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
18:42:41.0615 1256 TFsExDisk - ok
18:42:41.0646 1256 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:41.0646 1256 tssecsrv - ok
18:42:41.0677 1256 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:42:41.0693 1256 tunmp - ok
18:42:41.0724 1256 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:41.0724 1256 tunnel - ok
18:42:41.0740 1256 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:42:41.0740 1256 uagp35 - ok
18:42:41.0786 1256 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:42:41.0786 1256 udfs - ok
18:42:41.0833 1256 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:42:41.0833 1256 uliagpkx - ok
18:42:41.0864 1256 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:42:41.0864 1256 uliahci - ok
18:42:41.0864 1256 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:42:41.0880 1256 UlSata - ok
18:42:41.0880 1256 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:42:41.0880 1256 ulsata2 - ok
18:42:41.0911 1256 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:42:41.0911 1256 umbus - ok
18:42:41.0958 1256 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:42:41.0958 1256 USBAAPL64 - ok
18:42:42.0020 1256 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
18:42:42.0036 1256 usbaudio - ok
18:42:42.0067 1256 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:42.0067 1256 usbccgp - ok
18:42:42.0083 1256 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
18:42:42.0083 1256 usbcir - ok
18:42:42.0130 1256 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:42:42.0130 1256 usbehci - ok
18:42:42.0145 1256 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:42:42.0161 1256 usbhub - ok
18:42:42.0161 1256 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
18:42:42.0161 1256 usbohci - ok
18:42:42.0192 1256 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:42.0208 1256 usbprint - ok
18:42:42.0223 1256 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:42.0223 1256 USBSTOR - ok
18:42:42.0239 1256 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:42.0239 1256 usbuhci - ok
18:42:42.0254 1256 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:42.0254 1256 vga - ok
18:42:42.0254 1256 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:42:42.0270 1256 VgaSave - ok
18:42:42.0286 1256 VIAHdAudAddService (c1a48bceba3e76d933a007828013a62c) C:\Windows\system32\drivers\viahduaa.sys
18:42:42.0286 1256 VIAHdAudAddService - ok
18:42:42.0301 1256 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:42:42.0301 1256 viaide - ok
18:42:42.0301 1256 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:42:42.0301 1256 volmgr - ok
18:42:42.0317 1256 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:42:42.0317 1256 volmgrx - ok
18:42:42.0364 1256 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:42:42.0364 1256 volsnap - ok
18:42:42.0395 1256 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:42:42.0395 1256 vsmraid - ok
18:42:42.0442 1256 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:42:42.0442 1256 WacomPen - ok
18:42:42.0457 1256 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:42.0457 1256 Wanarp - ok
18:42:42.0473 1256 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:42.0473 1256 Wanarpv6 - ok
18:42:42.0504 1256 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:42:42.0504 1256 Wd - ok
18:42:42.0598 1256 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:42:42.0598 1256 Wdf01000 - ok
18:42:42.0644 1256 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
18:42:42.0644 1256 WmiAcpi - ok
18:42:42.0707 1256 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:42:42.0707 1256 WpdUsb - ok
18:42:42.0722 1256 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:42.0738 1256 ws2ifsl - ok
18:42:42.0800 1256 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:42:42.0800 1256 WSDPrintDevice - ok
18:42:42.0816 1256 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:42.0816 1256 WUDFRd - ok
18:42:42.0863 1256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:42:42.0878 1256 \Device\Harddisk0\DR0 - ok
18:42:42.0878 1256 Boot (0x1200) (44ef457d16cde250fd3a6343762d8d46) \Device\Harddisk0\DR0\Partition0
18:42:42.0878 1256 \Device\Harddisk0\DR0\Partition0 - ok
18:42:42.0878 1256 ============================================================
18:42:42.0878 1256 Scan finished
18:42:42.0878 1256 ============================================================
18:42:42.0878 1524 Detected object count: 0
18:42:42.0878 1524 Actual detected object count: 0
18:43:30.0692 0336 ============================================================
18:43:30.0692 0336 Scan started
18:43:30.0692 0336 Mode: Manual;
18:43:30.0692 0336 ============================================================
18:43:31.0129 0336 3xHybr64 (07373507704a202b263796a040057e7d) C:\Windows\system32\DRIVERS\3xHybr64.sys
18:43:31.0129 0336 3xHybr64 - ok
18:43:31.0176 0336 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:43:31.0176 0336 ACPI - ok
18:43:31.0223 0336 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:43:31.0223 0336 adp94xx - ok
18:43:31.0238 0336 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:43:31.0238 0336 adpahci - ok
18:43:31.0254 0336 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:43:31.0254 0336 adpu160m - ok
18:43:31.0270 0336 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:43:31.0270 0336 adpu320 - ok
18:43:31.0316 0336 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
18:43:31.0316 0336 AFD - ok
18:43:31.0332 0336 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:43:31.0332 0336 agp440 - ok
18:43:31.0348 0336 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:43:31.0348 0336 aic78xx - ok
18:43:31.0363 0336 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
18:43:31.0363 0336 aliide - ok
18:43:31.0379 0336 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:43:31.0379 0336 amdide - ok
18:43:31.0394 0336 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:43:31.0394 0336 AmdK8 - ok
18:43:31.0535 0336 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:43:31.0582 0336 amdkmdag - ok
18:43:31.0597 0336 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:43:31.0597 0336 amdkmdap - ok
18:43:31.0597 0336 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:43:31.0597 0336 arc - ok
18:43:31.0628 0336 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:43:31.0628 0336 arcsas - ok
18:43:31.0660 0336 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
18:43:31.0660 0336 aswFsBlk - ok
18:43:31.0675 0336 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
18:43:31.0675 0336 aswMonFlt - ok
18:43:31.0722 0336 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
18:43:31.0722 0336 aswRdr - ok
18:43:31.0769 0336 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
18:43:31.0769 0336 aswSnx - ok
18:43:31.0800 0336 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
18:43:31.0800 0336 aswSP - ok
18:43:31.0831 0336 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
18:43:31.0831 0336 aswTdi - ok
18:43:31.0847 0336 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:43:31.0847 0336 AsyncMac - ok
18:43:31.0847 0336 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:43:31.0847 0336 atapi - ok
18:43:31.0925 0336 atikmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:43:31.0972 0336 atikmdag - ok
18:43:31.0972 0336 Beep - ok
18:43:32.0003 0336 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:43:32.0003 0336 blbdrive - ok
18:43:32.0034 0336 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:43:32.0034 0336 bowser - ok
18:43:32.0034 0336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:43:32.0034 0336 BrFiltLo - ok
18:43:32.0034 0336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:43:32.0034 0336 BrFiltUp - ok
18:43:32.0065 0336 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:43:32.0065 0336 Brserid - ok
18:43:32.0065 0336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:43:32.0065 0336 BrSerWdm - ok
18:43:32.0081 0336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:43:32.0081 0336 BrUsbMdm - ok
18:43:32.0081 0336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:43:32.0081 0336 BrUsbSer - ok
18:43:32.0096 0336 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:43:32.0096 0336 BTHMODEM - ok
18:43:32.0159 0336 catchme - ok
18:43:32.0174 0336 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:43:32.0174 0336 cdfs - ok
18:43:32.0206 0336 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:43:32.0206 0336 cdrom - ok
18:43:32.0221 0336 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:43:32.0221 0336 circlass - ok
18:43:32.0252 0336 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:43:32.0252 0336 CLFS - ok
18:43:32.0299 0336 cmdGuard (a339327ce8f49575a28ede61732b115a) C:\Windows\system32\DRIVERS\cmdguard.sys
18:43:32.0299 0336 cmdGuard - ok
18:43:32.0315 0336 cmdHlp (0d0349f47ad9694dd3cfba507e641226) C:\Windows\system32\DRIVERS\cmdhlp.sys
18:43:32.0315 0336 cmdHlp - ok
18:43:32.0346 0336 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:43:32.0346 0336 cmdide - ok
18:43:32.0346 0336 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
18:43:32.0346 0336 Compbatt - ok
18:43:32.0377 0336 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:43:32.0377 0336 crcdisk - ok
18:43:32.0408 0336 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
18:43:32.0424 0336 CSC - ok
18:43:32.0518 0336 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:43:32.0518 0336 DfsC - ok
18:43:32.0596 0336 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:43:32.0596 0336 disk - ok
18:43:32.0627 0336 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:43:32.0627 0336 drmkaud - ok
18:43:32.0689 0336 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:43:32.0689 0336 DXGKrnl - ok
18:43:32.0705 0336 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:43:32.0705 0336 E1G60 - ok
18:43:32.0736 0336 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:43:32.0736 0336 Ecache - ok
18:43:32.0767 0336 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:43:32.0767 0336 elxstor - ok
18:43:32.0767 0336 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:43:32.0767 0336 ErrDev - ok
18:43:32.0830 0336 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:43:32.0830 0336 exfat - ok
18:43:32.0861 0336 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:43:32.0861 0336 fastfat - ok
18:43:32.0861 0336 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:43:32.0876 0336 fdc - ok
18:43:32.0876 0336 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:43:32.0876 0336 FileInfo - ok
18:43:32.0876 0336 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:43:32.0892 0336 Filetrace - ok
18:43:32.0892 0336 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:43:32.0892 0336 flpydisk - ok
18:43:32.0923 0336 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:43:32.0923 0336 FltMgr - ok
18:43:32.0939 0336 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:43:32.0939 0336 Fs_Rec - ok
18:43:32.0970 0336 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
18:43:32.0970 0336 fvevol - ok
18:43:32.0986 0336 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:43:32.0986 0336 gagp30kx - ok
18:43:33.0017 0336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:43:33.0017 0336 GEARAspiWDM - ok
18:43:33.0048 0336 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
18:43:33.0048 0336 HdAudAddService - ok
18:43:33.0064 0336 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:43:33.0064 0336 HDAudBus - ok
18:43:33.0079 0336 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:43:33.0079 0336 HidBth - ok
18:43:33.0110 0336 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
18:43:33.0110 0336 HidIr - ok
18:43:33.0142 0336 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:43:33.0142 0336 HidUsb - ok
18:43:33.0142 0336 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:43:33.0142 0336 HpCISSs - ok
18:43:33.0173 0336 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:43:33.0173 0336 HTCAND64 - ok
18:43:33.0204 0336 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
18:43:33.0204 0336 htcnprot - ok
18:43:33.0251 0336 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:43:33.0251 0336 HTTP - ok
18:43:33.0266 0336 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:43:33.0266 0336 i2omp - ok
18:43:33.0282 0336 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:43:33.0282 0336 i8042prt - ok
18:43:33.0298 0336 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:43:33.0298 0336 iaStorV - ok
18:43:33.0313 0336 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:43:33.0313 0336 iirsp - ok
18:43:33.0344 0336 inspect (1310eeee91712589f8c08e2505733a64) C:\Windows\system32\DRIVERS\inspect.sys
18:43:33.0344 0336 inspect - ok
18:43:33.0344 0336 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:43:33.0344 0336 intelide - ok
18:43:33.0360 0336 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:43:33.0360 0336 intelppm - ok
18:43:33.0391 0336 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:43:33.0391 0336 IpFilterDriver - ok
18:43:33.0407 0336 IpInIp - ok
18:43:33.0422 0336 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:43:33.0422 0336 IPMIDRV - ok
18:43:33.0422 0336 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:43:33.0422 0336 IPNAT - ok
18:43:33.0438 0336 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:43:33.0438 0336 IRENUM - ok
18:43:33.0438 0336 is3srv - ok
18:43:33.0454 0336 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:43:33.0454 0336 isapnp - ok
18:43:33.0563 0336 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:43:33.0563 0336 iScsiPrt - ok
18:43:33.0594 0336 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:43:33.0594 0336 iteatapi - ok
18:43:33.0625 0336 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:43:33.0625 0336 iteraid - ok
18:43:33.0641 0336 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:43:33.0641 0336 kbdclass - ok
18:43:33.0656 0336 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:43:33.0656 0336 kbdhid - ok
18:43:33.0703 0336 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
18:43:33.0719 0336 KSecDD - ok
18:43:33.0719 0336 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:43:33.0719 0336 ksthunk - ok
18:43:33.0750 0336 Lbd (a352cdb69af6e18d60c0001d540d8478) C:\Windows\system32\DRIVERS\Lbd.sys
18:43:33.0750 0336 Lbd - ok
18:43:33.0766 0336 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:43:33.0766 0336 lltdio - ok
18:43:33.0797 0336 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:43:33.0797 0336 LSI_FC - ok
18:43:33.0812 0336 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:43:33.0812 0336 LSI_SAS - ok
18:43:33.0828 0336 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:43:33.0828 0336 LSI_SCSI - ok
18:43:33.0828 0336 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:43:33.0828 0336 luafv - ok
18:43:33.0844 0336 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:43:33.0844 0336 megasas - ok
18:43:33.0859 0336 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:43:33.0859 0336 MegaSR - ok
18:43:33.0859 0336 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:43:33.0859 0336 Modem - ok
18:43:33.0875 0336 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:43:33.0875 0336 monitor - ok
18:43:33.0890 0336 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:43:33.0890 0336 mouclass - ok
18:43:33.0890 0336 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:43:33.0890 0336 mouhid - ok
18:43:33.0906 0336 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:43:33.0906 0336 MountMgr - ok
18:43:33.0922 0336 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:43:33.0922 0336 mpio - ok
18:43:33.0937 0336 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:43:33.0937 0336 mpsdrv - ok
18:43:33.0937 0336 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:43:33.0937 0336 Mraid35x - ok
18:43:33.0968 0336 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:43:33.0968 0336 MRxDAV - ok
18:43:34.0000 0336 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:43:34.0000 0336 mrxsmb - ok
18:43:34.0031 0336 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:43:34.0031 0336 mrxsmb10 - ok
18:43:34.0046 0336 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:43:34.0046 0336 mrxsmb20 - ok
18:43:34.0078 0336 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
18:43:34.0078 0336 msahci - ok
18:43:34.0078 0336 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:43:34.0078 0336 msdsm - ok
18:43:34.0109 0336 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:43:34.0109 0336 Msfs - ok
18:43:34.0124 0336 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:43:34.0124 0336 msisadrv - ok
18:43:34.0140 0336 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:43:34.0140 0336 MSKSSRV - ok
18:43:34.0156 0336 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:43:34.0156 0336 MSPCLOCK - ok
18:43:34.0171 0336 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:43:34.0171 0336 MSPQM - ok
18:43:34.0202 0336 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:43:34.0202 0336 MsRPC - ok
18:43:34.0218 0336 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:43:34.0218 0336 mssmbios - ok
18:43:34.0234 0336 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:43:34.0234 0336 MSTEE - ok
18:43:34.0249 0336 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
18:43:34.0249 0336 MTsensor - ok
18:43:34.0265 0336 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:43:34.0265 0336 Mup - ok
18:43:34.0312 0336 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:43:34.0312 0336 NativeWifiP - ok
18:43:34.0358 0336 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:43:34.0374 0336 NDIS - ok
18:43:34.0374 0336 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:43:34.0374 0336 NdisTapi - ok
18:43:34.0390 0336 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:43:34.0390 0336 Ndisuio - ok
18:43:34.0405 0336 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:43:34.0405 0336 NdisWan - ok
18:43:34.0452 0336 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:43:34.0452 0336 NDProxy - ok
18:43:34.0452 0336 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:43:34.0452 0336 NetBIOS - ok
18:43:34.0514 0336 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:43:34.0514 0336 netbt - ok
18:43:34.0561 0336 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:43:34.0561 0336 nfrd960 - ok
18:43:34.0639 0336 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:43:34.0639 0336 Npfs - ok
18:43:34.0655 0336 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:43:34.0655 0336 nsiproxy - ok
18:43:34.0717 0336 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:43:34.0717 0336 Ntfs - ok
18:43:34.0748 0336 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:43:34.0748 0336 Null - ok
18:43:34.0795 0336 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
18:43:34.0795 0336 NVENETFD - ok
18:43:34.0811 0336 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:43:34.0811 0336 nvraid - ok
18:43:34.0826 0336 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:43:34.0826 0336 nvstor - ok
18:43:34.0842 0336 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:43:34.0842 0336 nv_agp - ok
18:43:34.0842 0336 NwlnkFlt - ok
18:43:34.0842 0336 NwlnkFwd - ok
18:43:34.0858 0336 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
18:43:34.0858 0336 ohci1394 - ok
18:43:34.0873 0336 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
18:43:34.0889 0336 Parport - ok
18:43:34.0889 0336 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:43:34.0889 0336 partmgr - ok
18:43:34.0904 0336 pccsmcfd - ok
18:43:34.0904 0336 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:43:34.0920 0336 pci - ok
18:43:34.0920 0336 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
18:43:34.0920 0336 pciide - ok
18:43:34.0936 0336 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:43:34.0936 0336 pcmcia - ok
18:43:34.0967 0336 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:43:34.0967 0336 PEAUTH - ok
18:43:34.0998 0336 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:43:34.0998 0336 PptpMiniport - ok
18:43:35.0014 0336 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:43:35.0014 0336 Processor - ok
18:43:35.0045 0336 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:43:35.0045 0336 PSched - ok
18:43:35.0092 0336 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:43:35.0092 0336 ql2300 - ok
18:43:35.0092 0336 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:43:35.0092 0336 ql40xx - ok
18:43:35.0123 0336 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:43:35.0123 0336 QWAVEdrv - ok
18:43:35.0123 0336 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:43:35.0123 0336 RasAcd - ok
18:43:35.0138 0336 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:43:35.0138 0336 Rasl2tp - ok
18:43:35.0170 0336 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:43:35.0170 0336 RasPppoe - ok
18:43:35.0170 0336 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:43:35.0170 0336 RasSstp - ok
18:43:35.0216 0336 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:43:35.0216 0336 rdbss - ok
18:43:35.0216 0336 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:43:35.0216 0336 RDPCDD - ok
18:43:35.0232 0336 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
18:43:35.0232 0336 rdpdr - ok
18:43:35.0232 0336 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:43:35.0232 0336 RDPENCDD - ok
18:43:35.0263 0336 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
18:43:35.0263 0336 RDPWD - ok
18:43:35.0294 0336 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:43:35.0294 0336 rspndr - ok
18:43:35.0326 0336 rt61x64 (0de3a20c7dbc58fcf8587045b25379a0) C:\Windows\system32\DRIVERS\netr6164.sys
18:43:35.0326 0336 rt61x64 - ok
18:43:35.0357 0336 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:43:35.0357 0336 sbp2port - ok
18:43:35.0372 0336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:43:35.0388 0336 secdrv - ok
18:43:35.0388 0336 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
18:43:35.0388 0336 Serenum - ok
18:43:35.0404 0336 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
18:43:35.0404 0336 Serial - ok
18:43:35.0419 0336 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:43:35.0419 0336 sermouse - ok
18:43:35.0435 0336 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:43:35.0435 0336 sffdisk - ok
18:43:35.0435 0336 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:43:35.0435 0336 sffp_mmc - ok
18:43:35.0450 0336 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:43:35.0450 0336 sffp_sd - ok
18:43:35.0482 0336 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
18:43:35.0482 0336 sfloppy - ok
18:43:35.0513 0336 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:43:35.0513 0336 SiSRaid2 - ok
18:43:35.0560 0336 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:43:35.0560 0336 SiSRaid4 - ok
18:43:35.0622 0336 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:43:35.0622 0336 Smb - ok
18:43:35.0887 0336 SNP2STD (ac8f1ef394faf226b64a8e937e6d812b) C:\Windows\system32\DRIVERS\snp2sxp.sys
18:43:35.0950 0336 SNP2STD - ok
18:43:35.0981 0336 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:43:35.0981 0336 spldr - ok
18:43:36.0028 0336 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:43:36.0028 0336 srv - ok
18:43:36.0059 0336 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:43:36.0059 0336 srv2 - ok
18:43:36.0074 0336 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:43:36.0074 0336 srvnet - ok
18:43:36.0106 0336 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
18:43:36.0106 0336 sscdbus - ok
18:43:36.0152 0336 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:43:36.0152 0336 sscdmdfl - ok
18:43:36.0184 0336 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
18:43:36.0184 0336 sscdmdm - ok
18:43:36.0215 0336 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
18:43:36.0215 0336 StillCam - ok
18:43:36.0230 0336 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:43:36.0230 0336 swenum - ok
18:43:36.0262 0336 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:43:36.0262 0336 Symc8xx - ok
18:43:36.0262 0336 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:43:36.0262 0336 Sym_hi - ok
18:43:36.0277 0336 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:43:36.0277 0336 Sym_u3 - ok
18:43:36.0277 0336 szkg5 - ok
18:43:36.0324 0336 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
18:43:36.0324 0336 Tcpip - ok
18:43:36.0355 0336 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
18:43:36.0355 0336 Tcpip6 - ok
18:43:36.0402 0336 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:43:36.0402 0336 tcpipreg - ok
18:43:36.0418 0336 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:43:36.0418 0336 TDPIPE - ok
18:43:36.0418 0336 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:43:36.0418 0336 TDTCP - ok
18:43:36.0449 0336 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:43:36.0449 0336 tdx - ok
18:43:36.0496 0336 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:43:36.0496 0336 TermDD - ok
18:43:36.0527 0336 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
18:43:36.0527 0336 TFsExDisk - ok
18:43:36.0558 0336 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:43:36.0574 0336 tssecsrv - ok
18:43:36.0589 0336 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:43:36.0589 0336 tunmp - ok
18:43:36.0683 0336 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:43:36.0683 0336 tunnel - ok
18:43:36.0730 0336 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:43:36.0730 0336 uagp35 - ok
18:43:36.0776 0336 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:43:36.0776 0336 udfs - ok
18:43:36.0808 0336 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:43:36.0808 0336 uliagpkx - ok
18:43:36.0823 0336 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:43:36.0823 0336 uliahci - ok
18:43:36.0839 0336 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:43:36.0839 0336 UlSata - ok
18:43:36.0839 0336 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:43:36.0839 0336 ulsata2 - ok
18:43:36.0870 0336 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:43:36.0870 0336 umbus - ok
18:43:36.0901 0336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:43:36.0901 0336 USBAAPL64 - ok
18:43:36.0948 0336 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
18:43:36.0948 0336 usbaudio - ok
18:43:36.0979 0336 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:43:36.0995 0336 usbccgp - ok
18:43:36.0995 0336 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
18:43:36.0995 0336 usbcir - ok
18:43:37.0042 0336 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:43:37.0042 0336 usbehci - ok
18:43:37.0057 0336 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:43:37.0057 0336 usbhub - ok
18:43:37.0073 0336 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
18:43:37.0073 0336 usbohci - ok
18:43:37.0088 0336 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:43:37.0088 0336 usbprint - ok
18:43:37.0104 0336 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:43:37.0120 0336 USBSTOR - ok
18:43:37.0135 0336 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:43:37.0135 0336 usbuhci - ok
18:43:37.0135 0336 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:43:37.0135 0336 vga - ok
18:43:37.0151 0336 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:43:37.0151 0336 VgaSave - ok
18:43:37.0198 0336 VIAHdAudAddService (c1a48bceba3e76d933a007828013a62c) C:\Windows\system32\drivers\viahduaa.sys
18:43:37.0198 0336 VIAHdAudAddService - ok
18:43:37.0198 0336 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:43:37.0198 0336 viaide - ok
18:43:37.0213 0336 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:43:37.0213 0336 volmgr - ok
18:43:37.0229 0336 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:43:37.0229 0336 volmgrx - ok
18:43:37.0260 0336 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:43:37.0260 0336 volsnap - ok
18:43:37.0307 0336 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:43:37.0307 0336 vsmraid - ok
18:43:37.0307 0336 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:43:37.0307 0336 WacomPen - ok
18:43:37.0338 0336 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:37.0338 0336 Wanarp - ok
18:43:37.0338 0336 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:37.0338 0336 Wanarpv6 - ok
18:43:37.0354 0336 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:43:37.0354 0336 Wd - ok
18:43:37.0385 0336 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:43:37.0385 0336 Wdf01000 - ok
18:43:37.0432 0336 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
18:43:37.0432 0336 WmiAcpi - ok
18:43:37.0463 0336 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:43:37.0463 0336 WpdUsb - ok
18:43:37.0478 0336 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:43:37.0478 0336 ws2ifsl - ok
18:43:37.0510 0336 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:43:37.0510 0336 WSDPrintDevice - ok
18:43:37.0541 0336 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:43:37.0541 0336 WUDFRd - ok
18:43:37.0556 0336 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:43:37.0572 0336 \Device\Harddisk0\DR0 - ok
18:43:37.0572 0336 Boot (0x1200) (44ef457d16cde250fd3a6343762d8d46) \Device\Harddisk0\DR0\Partition0
18:43:37.0572 0336 \Device\Harddisk0\DR0\Partition0 - ok
18:43:37.0572 0336 ============================================================
18:43:37.0572 0336 Scan finished
18:43:37.0572 0336 ============================================================
18:43:37.0572 4908 Detected object count: 0
18:43:37.0572 4908 Actual detected object count: 0


Still have web redirect problem.....

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:59 PM

Posted 20 November 2011 - 05:11 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 21 November 2011 - 10:39 AM

Bad news. I ran the Avast Scan and immediately got a blue screen and shut down

#13 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 21 November 2011 - 10:56 AM

I ran it again.... same problem.

Computer starts up again ok.

PS and all this time, as said before, there is constant hard disc access - what can that mean?

By coincidence (I hope) my laptop, which is conneected to sam network by wirlesss, has recently started haveing boot problems and can only stay looged on a short while before BSOD or system restart. I mention this only for infornation, in case its connected.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:59 PM

Posted 21 November 2011 - 03:07 PM

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 paulwenman

paulwenman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 22 November 2011 - 07:29 PM

ok I ran it. Found a corrupted or infected MBR. Asked if I wanted further options or quit. I quit for now.

Here is the log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 160):
0x05A51000 \SystemRoot\system32\ntoskrnl.exe
0x05A0B000 \SystemRoot\system32\hal.dll
0x0060B000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00649000 \SystemRoot\system32\PSHED.dll
0x0065D000 \SystemRoot\system32\CLFS.SYS
0x006BA000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\acpi.sys
0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095F000 \SystemRoot\system32\drivers\pci.sys
0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
0x009A4000 \SystemRoot\system32\drivers\volmgr.sys
0x0076C000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B8000 \SystemRoot\system32\drivers\pciide.sys
0x009BF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CF000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E2000 \SystemRoot\system32\drivers\atapi.sys
0x007D2000 \SystemRoot\system32\drivers\ataport.SYS
0x00A00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A47000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A5B000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x00A70000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0D000 \SystemRoot\system32\drivers\ndis.sys
0x00AF7000 \SystemRoot\system32\drivers\msrpc.sys
0x00B47000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0C000 \SystemRoot\System32\drivers\tcpip.sys
0x00F81000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01001000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01181000 \SystemRoot\system32\drivers\volsnap.sys
0x011C5000 \SystemRoot\System32\Drivers\spldr.sys
0x011CD000 \SystemRoot\System32\Drivers\mup.sys
0x00FAD000 \SystemRoot\System32\drivers\ecache.sys
0x00DD0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x011DF000 \SystemRoot\system32\drivers\disk.sys
0x00BA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011F3000 \SystemRoot\system32\drivers\crcdisk.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BDF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0220F000 \SystemRoot\system32\DRIVERS\serial.sys
0x0222C000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02238000 \SystemRoot\system32\DRIVERS\parport.sys
0x02254000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0225C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02267000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x022AD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x022BE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02408000 \SystemRoot\system32\DRIVERS\3xHybr64.sys
0x02536000 \SystemRoot\system32\DRIVERS\ks.sys
0x0256A000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x0256E000 \SystemRoot\system32\drivers\ksthunk.sys
0x02574000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x02608000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02E0A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02EED000 \SystemRoot\System32\drivers\watchdog.sys
0x02EFD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F19000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02F26000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F5F000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FBC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02FC9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02FEC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D76000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DA7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DB7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DD5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03007000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x030A1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x030B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x030C2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x030CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x030D0000 \SystemRoot\system32\DRIVERS\circlass.sys
0x030E1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x030EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x030FC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03144000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03158000 \SystemRoot\system32\drivers\viahduaa.sys
0x0319F000 \SystemRoot\system32\drivers\portcls.sys
0x031DA000 \SystemRoot\system32\drivers\drmk.sys
0x023AB000 \SystemRoot\system32\drivers\HdAudio.sys
0x03808000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x038A0000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x03930000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0393A000 \SystemRoot\System32\Drivers\Null.SYS
0x03964000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0396C000 \SystemRoot\System32\drivers\vga.sys
0x0397A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0399F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x039A8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x039B1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x039BC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x039CD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x039D6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x039F3000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x03943000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x025BB000 \SystemRoot\system32\DRIVERS\smb.sys
0x03A04000 \SystemRoot\system32\drivers\afd.sys
0x03A6F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03A7C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03AC0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03ADE000 \SystemRoot\system32\DRIVERS\inspect.sys
0x03AF6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B05000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B20000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03B6D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03B79000 \SystemRoot\system32\drivers\csc.sys
0x025D6000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C00000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03C50000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03C6C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03C6E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03C77000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03C89000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03C94000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03C9F000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x03E09000 \SystemRoot\system32\DRIVERS\snp2sxp.sys
0x049D8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x049E9000 \SystemRoot\system32\DRIVERS\SNCAMD.SYS
0x03CB9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x049F2000 \SystemRoot\system32\DRIVERS\hidir.sys
0x03CD1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03CDF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03E00000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x03CEB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x03CFE000 \SystemRoot\System32\drivers\Dxapi.sys
0x03D0A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x03D1D000 \SystemRoot\system32\drivers\luafv.sys
0x03D3F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x03D79000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x06808000 \SystemRoot\system32\drivers\spsys.sys
0x068A2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x068B6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x068EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x068F5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0690D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06918000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0694D000 \SystemRoot\system32\drivers\HTTP.sys
0x03D82000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03DAB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03DC9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x00FD9000 \SystemRoot\system32\drivers\mrxdav.sys
0x08407000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08430000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08479000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08498000 \SystemRoot\System32\DRIVERS\srv2.sys
0x084CA000 \SystemRoot\System32\DRIVERS\srv.sys
0x08C08000 \SystemRoot\system32\drivers\peauth.sys
0x08CBE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08CC9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08CD9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x08CF9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x08D0F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x08D2B000 \SystemRoot\system32\drivers\MSPQM.sys
0x777E0000 \Windows\System32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
568 csrss.exe
628 C:\Windows\System32\wininit.exe
644 csrss.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\winlogon.exe
896 C:\Windows\System32\svchost.exe
956 C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
984 C:\Windows\System32\svchost.exe
204 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
308 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\atiesrxx.exe
680 C:\Windows\System32\svchost.exe
560 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\audiodg.exe
1148 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1468 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1556 C:\Windows\System32\atieclxx.exe
1672 C:\Windows\System32\dwm.exe
1248 C:\Windows\System32\taskeng.exe
1644 C:\Windows\System32\spoolsv.exe
1008 C:\Windows\System32\svchost.exe
1652 C:\Windows\explorer.exe
932 C:\Windows\System32\taskeng.exe
2496 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2544 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2588 C:\Windows\System32\svchost.exe
2616 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2652 C:\Windows\System32\svchost.exe
2704 C:\Windows\System32\SearchIndexer.exe
2216 WUDFHost.exe
2572 C:\Windows\vsnp2std.exe
2448 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
3152 C:\Windows\System32\mobsync.exe
3316 C:\Program Files\Windows Sidebar\sidebar.exe
3332 C:\Windows\ehome\ehtray.exe
3648 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3664 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3720 C:\Windows\ehome\ehmsas.exe
3748 C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
3760 C:\Windows\ehome\ehsched.exe
2604 C:\Windows\System32\svchost.exe
3860 C:\Windows\ehome\ehrecvr.exe
4056 WmiPrvSE.exe
3140 C:\Users\Admin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000009`c4014000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users