Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search redirects and random music/advert through speakers.


  • This topic is locked This topic is locked
15 replies to this topic

#1 matt2012

matt2012

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 25 November 2011 - 11:48 PM

I tried the "infected" forum and they said to post dss and gmer logs here. Gmer would not let me check the boxes shown in the instructions. they were all greyed out except for services, registry and files. I ran it anyway so the log may not be of much help.



Attached File  DDS.txt   15.97KB   2 downloads

Attached File  Attach.txt   10.45KB   0 downloads

Attached File  gmer log.log   16.72KB   0 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 27 November 2011 - 11:24 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 matt2012

matt2012
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 28 November 2011 - 08:04 PM

it took a really long time time to run...an hour or better. I forgot to turn off an old virus scan that I didn't even know was still running. I truned it off after combo fix notified me to. hope it didn't mess anything up.




ComboFix 11-11-28.02 - Kristin 11/28/2011 18:59:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1596 [GMT -5:00]
Running from: c:\users\Kristin\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.
c:\users\Kristin\AppData\Roaming\mIRC\logs\status.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 00:29 . 2011-11-29 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 21:43 . 2011-11-20 21:43 -------- d-----w- c:\programdata\Uniblue
2011-11-17 02:46 . 2011-11-17 02:46 -------- d-----w- c:\users\Kristin\AppData\Roaming\Canneverbe Limited
2011-11-17 02:46 . 2011-11-17 02:46 -------- d-----w- c:\programdata\Canneverbe Limited
2011-11-17 02:45 . 2011-11-20 21:38 -------- d-----w- c:\program files (x86)\CDBurnerXP
2011-11-17 02:45 . 2011-11-17 02:45 -------- d-----w- c:\users\Kristin\AppData\Roaming\OpenCandy
2011-11-15 00:58 . 2011-11-15 00:58 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-11-15 00:55 . 2011-11-15 02:12 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-11-07 01:50 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-07 01:50 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-07 01:50 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-07 01:50 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-07 01:50 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-07 01:50 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-07 01:50 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-07 01:49 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-07 01:49 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-07 01:49 . 2011-11-07 01:49 -------- d-----w- c:\programdata\AVAST Software
2011-11-07 01:49 . 2011-11-07 01:49 -------- d-----w- c:\program files\AVAST Software
2011-11-02 02:32 . 2011-11-15 01:46 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-02 02:31 . 2011-11-02 02:31 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-02 02:29 . 2011-11-02 02:29 -------- d-----w- c:\users\Kristin\AppData\Local\Sunbelt Software
2011-11-02 02:29 . 2011-11-15 01:47 -------- d-----w- c:\programdata\Lavasoft
2011-11-02 02:29 . 2011-11-02 02:29 -------- d-----w- c:\program files (x86)\Lavasoft
2011-10-30 15:04 . 2011-11-02 02:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-30 15:04 . 2011-11-02 02:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-30 05:46 . 2011-11-20 23:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 23:08 . 2011-05-14 20:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-21 04:13 . 2011-09-21 04:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-21 04:13 . 2011-09-21 04:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-21 04:13 . 2011-09-21 04:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-21 04:13 . 2011-09-21 04:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-21 04:13 . 2011-09-21 04:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-21 04:13 . 2011-09-21 04:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-21 04:13 . 2011-09-21 04:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-21 04:13 . 2011-09-21 04:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-21 04:13 . 2011-09-21 04:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-21 04:13 . 2011-09-21 04:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-21 04:13 . 2011-09-21 04:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-21 04:13 . 2011-09-21 04:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-21 04:13 . 2011-09-21 04:13 448512 ----a-w- c:\windows\system32\html.iec
2011-09-21 04:13 . 2011-09-21 04:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-21 04:13 . 2011-09-21 04:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-21 04:13 . 2011-09-21 04:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-21 04:13 . 2011-09-21 04:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-21 04:13 . 2011-09-21 04:13 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-21 04:13 . 2011-09-21 04:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-21 04:13 . 2011-09-21 04:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-21 04:13 . 2011-09-21 04:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-21 04:13 . 2011-09-21 04:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-21 04:13 . 2011-09-21 04:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-21 04:13 . 2011-09-21 04:13 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-21 04:13 . 2011-09-21 04:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-21 04:13 . 2011-09-21 04:13 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-21 04:13 . 2011-09-21 04:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-21 04:13 . 2011-09-21 04:13 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-21 04:13 . 2011-09-21 04:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-21 04:13 . 2011-09-21 04:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-21 04:13 . 2011-09-21 04:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-21 04:13 . 2011-09-21 04:13 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-21 04:13 . 2011-09-21 04:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-21 04:13 . 2011-09-21 04:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-21 04:13 . 2011-09-21 04:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-21 04:13 . 2011-09-21 04:13 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-21 02:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-21 02:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-06 03:03 . 2011-10-11 17:42 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-12 22:41 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 22:41 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 22:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 22:41 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 22:41 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 22:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2011-07-03 20:20 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-28 19:51:46
ComboFix-quarantined-files.txt 2011-11-29 00:51
.
Pre-Run: 266,358,571,008 bytes free
Post-Run: 265,972,412,416 bytes free
.
- - End Of File - - 35CF3EF9C8BBA569C404A2098923BAA0

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 28 November 2011 - 08:32 PM

Hello

I need you to let me know how the computer is doing after each scan

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 matt2012

matt2012
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 28 November 2011 - 08:55 PM

TDSSKiller did not find anything.

no change after running TDSSkiller. redirects still remain


20:52:04.0873 5024 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:52:05.0481 5024 ============================================================
20:52:05.0481 5024 Current date / time: 2011/11/28 20:52:05.0481
20:52:05.0481 5024 SystemInfo:
20:52:05.0481 5024
20:52:05.0481 5024 OS Version: 6.1.7601 ServicePack: 1.0
20:52:05.0481 5024 Product type: Workstation
20:52:05.0481 5024 ComputerName: KRISTIN-PC
20:52:05.0481 5024 UserName: Kristin
20:52:05.0481 5024 Windows directory: C:\windows
20:52:05.0481 5024 System windows directory: C:\windows
20:52:05.0481 5024 Running under WOW64
20:52:05.0481 5024 Processor architecture: Intel x64
20:52:05.0481 5024 Number of processors: 2
20:52:05.0481 5024 Page size: 0x1000
20:52:05.0481 5024 Boot type: Normal boot
20:52:05.0481 5024 ============================================================
20:52:05.0934 5024 Initialize success
20:52:15.0855 5524 ============================================================
20:52:15.0855 5524 Scan started
20:52:15.0855 5524 Mode: Manual;
20:52:15.0855 5524 ============================================================
20:52:17.0056 5524 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:52:17.0056 5524 1394ohci - ok
20:52:17.0088 5524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:52:17.0103 5524 ACPI - ok
20:52:17.0134 5524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:52:17.0134 5524 AcpiPmi - ok
20:52:17.0259 5524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:52:17.0259 5524 adp94xx - ok
20:52:17.0368 5524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:52:17.0384 5524 adpahci - ok
20:52:17.0431 5524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:52:17.0431 5524 adpu320 - ok
20:52:17.0540 5524 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
20:52:17.0540 5524 AFD - ok
20:52:17.0649 5524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:52:17.0649 5524 agp440 - ok
20:52:17.0712 5524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:52:17.0712 5524 aliide - ok
20:52:17.0743 5524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:52:17.0743 5524 amdide - ok
20:52:17.0836 5524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:52:17.0836 5524 AmdK8 - ok
20:52:17.0883 5524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:52:17.0883 5524 AmdPPM - ok
20:52:17.0930 5524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:52:17.0930 5524 amdsata - ok
20:52:18.0008 5524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:52:18.0008 5524 amdsbs - ok
20:52:18.0086 5524 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:52:18.0086 5524 amdxata - ok
20:52:18.0180 5524 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:52:18.0180 5524 AppID - ok
20:52:18.0273 5524 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:52:18.0289 5524 arc - ok
20:52:18.0351 5524 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:52:18.0351 5524 arcsas - ok
20:52:18.0414 5524 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\windows\system32\drivers\aswFsBlk.sys
20:52:18.0414 5524 aswFsBlk - ok
20:52:18.0507 5524 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\windows\system32\drivers\aswMonFlt.sys
20:52:18.0507 5524 aswMonFlt - ok
20:52:18.0554 5524 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\windows\system32\drivers\aswRdr.sys
20:52:18.0554 5524 aswRdr - ok
20:52:18.0601 5524 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\windows\system32\drivers\aswSnx.sys
20:52:18.0601 5524 aswSnx - ok
20:52:18.0694 5524 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\windows\system32\drivers\aswSP.sys
20:52:18.0694 5524 aswSP - ok
20:52:18.0757 5524 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\windows\system32\drivers\aswTdi.sys
20:52:18.0757 5524 aswTdi - ok
20:52:18.0850 5524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:52:18.0850 5524 AsyncMac - ok
20:52:18.0913 5524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:52:18.0913 5524 atapi - ok
20:52:19.0084 5524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:52:19.0084 5524 b06bdrv - ok
20:52:19.0209 5524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:52:19.0209 5524 b57nd60a - ok
20:52:19.0256 5524 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:52:19.0256 5524 Beep - ok
20:52:19.0381 5524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:52:19.0381 5524 blbdrive - ok
20:52:19.0443 5524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:52:19.0443 5524 bowser - ok
20:52:19.0537 5524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:52:19.0537 5524 BrFiltLo - ok
20:52:19.0552 5524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:52:19.0568 5524 BrFiltUp - ok
20:52:19.0630 5524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:52:19.0630 5524 Brserid - ok
20:52:19.0724 5524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:52:19.0724 5524 BrSerWdm - ok
20:52:19.0786 5524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:52:19.0786 5524 BrUsbMdm - ok
20:52:19.0849 5524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:52:19.0849 5524 BrUsbSer - ok
20:52:19.0911 5524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:52:19.0911 5524 BTHMODEM - ok
20:52:20.0052 5524 catchme - ok
20:52:20.0145 5524 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:52:20.0145 5524 cdfs - ok
20:52:20.0176 5524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
20:52:20.0192 5524 cdrom - ok
20:52:20.0301 5524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:52:20.0301 5524 circlass - ok
20:52:20.0332 5524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:52:20.0348 5524 CLFS - ok
20:52:20.0473 5524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:52:20.0473 5524 CmBatt - ok
20:52:20.0504 5524 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:52:20.0504 5524 cmdide - ok
20:52:20.0613 5524 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
20:52:20.0613 5524 CNG - ok
20:52:20.0722 5524 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
20:52:20.0722 5524 CnxtHdAudService - ok
20:52:20.0832 5524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:52:20.0832 5524 Compbatt - ok
20:52:20.0847 5524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
20:52:20.0863 5524 CompositeBus - ok
20:52:20.0941 5524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:52:20.0941 5524 crcdisk - ok
20:52:21.0019 5524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:52:21.0019 5524 DfsC - ok
20:52:21.0112 5524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:52:21.0112 5524 discache - ok
20:52:21.0159 5524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:52:21.0175 5524 Disk - ok
20:52:21.0268 5524 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:52:21.0268 5524 drmkaud - ok
20:52:21.0346 5524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:52:21.0362 5524 DXGKrnl - ok
20:52:21.0534 5524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:52:21.0549 5524 ebdrv - ok
20:52:21.0674 5524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:52:21.0674 5524 elxstor - ok
20:52:21.0783 5524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:52:21.0783 5524 ErrDev - ok
20:52:21.0846 5524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:52:21.0861 5524 exfat - ok
20:52:21.0939 5524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:52:21.0939 5524 fastfat - ok
20:52:21.0986 5524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:52:21.0986 5524 fdc - ok
20:52:22.0080 5524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:52:22.0080 5524 FileInfo - ok
20:52:22.0095 5524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:52:22.0111 5524 Filetrace - ok
20:52:22.0126 5524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:52:22.0126 5524 flpydisk - ok
20:52:22.0173 5524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:52:22.0173 5524 FltMgr - ok
20:52:22.0251 5524 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:52:22.0267 5524 FsDepends - ok
20:52:22.0282 5524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:52:22.0282 5524 Fs_Rec - ok
20:52:22.0376 5524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:52:22.0376 5524 fvevol - ok
20:52:22.0423 5524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:52:22.0423 5524 gagp30kx - ok
20:52:22.0579 5524 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\windows\system32\drivers\hcmon.sys
20:52:22.0579 5524 hcmon - ok
20:52:22.0610 5524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:52:22.0610 5524 hcw85cir - ok
20:52:22.0719 5524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:52:22.0719 5524 HdAudAddService - ok
20:52:22.0782 5524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
20:52:22.0782 5524 HDAudBus - ok
20:52:22.0860 5524 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:52:22.0860 5524 HECIx64 - ok
20:52:22.0891 5524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:52:22.0906 5524 HidBatt - ok
20:52:22.0922 5524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:52:22.0922 5524 HidBth - ok
20:52:23.0016 5524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:52:23.0016 5524 HidIr - ok
20:52:23.0094 5524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
20:52:23.0094 5524 HidUsb - ok
20:52:23.0187 5524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:52:23.0187 5524 HpSAMD - ok
20:52:23.0265 5524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:52:23.0265 5524 HTTP - ok
20:52:23.0374 5524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:52:23.0374 5524 hwpolicy - ok
20:52:23.0421 5524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
20:52:23.0437 5524 i8042prt - ok
20:52:23.0530 5524 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
20:52:23.0530 5524 iaStor - ok
20:52:23.0640 5524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:52:23.0640 5524 iaStorV - ok
20:52:23.0967 5524 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
20:52:24.0030 5524 igfx - ok
20:52:24.0123 5524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:52:24.0123 5524 iirsp - ok
20:52:24.0217 5524 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:52:24.0217 5524 Impcd - ok
20:52:24.0295 5524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:52:24.0295 5524 intelide - ok
20:52:24.0373 5524 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:52:24.0373 5524 intelppm - ok
20:52:24.0435 5524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:52:24.0451 5524 IpFilterDriver - ok
20:52:24.0498 5524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:52:24.0498 5524 IPMIDRV - ok
20:52:24.0591 5524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:52:24.0591 5524 IPNAT - ok
20:52:24.0638 5524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:52:24.0654 5524 IRENUM - ok
20:52:24.0716 5524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:52:24.0732 5524 isapnp - ok
20:52:24.0763 5524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:52:24.0778 5524 iScsiPrt - ok
20:52:24.0810 5524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
20:52:24.0810 5524 kbdclass - ok
20:52:24.0888 5524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:52:24.0888 5524 kbdhid - ok
20:52:25.0044 5524 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
20:52:25.0059 5524 KL1 - ok
20:52:25.0168 5524 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
20:52:25.0168 5524 kl2 - ok
20:52:25.0293 5524 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys
20:52:25.0309 5524 KLIF - ok
20:52:25.0434 5524 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
20:52:25.0434 5524 KLIM6 - ok
20:52:25.0449 5524 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
20:52:25.0449 5524 klmouflt - ok
20:52:25.0543 5524 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
20:52:25.0543 5524 KSecDD - ok
20:52:25.0574 5524 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
20:52:25.0574 5524 KSecPkg - ok
20:52:25.0668 5524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:52:25.0668 5524 ksthunk - ok
20:52:25.0730 5524 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
20:52:25.0730 5524 L1C - ok
20:52:25.0855 5524 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:52:25.0855 5524 lltdio - ok
20:52:25.0902 5524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:52:25.0902 5524 LSI_FC - ok
20:52:25.0995 5524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:52:26.0011 5524 LSI_SAS - ok
20:52:26.0042 5524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:52:26.0042 5524 LSI_SAS2 - ok
20:52:26.0136 5524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:52:26.0151 5524 LSI_SCSI - ok
20:52:26.0167 5524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:52:26.0167 5524 luafv - ok
20:52:26.0260 5524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:52:26.0260 5524 megasas - ok
20:52:26.0292 5524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:52:26.0292 5524 MegaSR - ok
20:52:26.0307 5524 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:52:26.0307 5524 Modem - ok
20:52:26.0401 5524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:52:26.0401 5524 monitor - ok
20:52:26.0463 5524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:52:26.0463 5524 mouclass - ok
20:52:26.0557 5524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:52:26.0557 5524 mouhid - ok
20:52:26.0604 5524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:52:26.0604 5524 mountmgr - ok
20:52:26.0650 5524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:52:26.0650 5524 mpio - ok
20:52:26.0744 5524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:52:26.0744 5524 mpsdrv - ok
20:52:26.0791 5524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:52:26.0791 5524 MRxDAV - ok
20:52:26.0853 5524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:52:26.0853 5524 mrxsmb - ok
20:52:26.0916 5524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:52:26.0931 5524 mrxsmb10 - ok
20:52:26.0962 5524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:52:26.0962 5524 mrxsmb20 - ok
20:52:27.0009 5524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:52:27.0025 5524 msahci - ok
20:52:27.0087 5524 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:52:27.0087 5524 msdsm - ok
20:52:27.0165 5524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:52:27.0165 5524 Msfs - ok
20:52:27.0212 5524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:52:27.0212 5524 mshidkmdf - ok
20:52:27.0259 5524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:52:27.0274 5524 msisadrv - ok
20:52:27.0368 5524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:52:27.0368 5524 MSKSSRV - ok
20:52:27.0415 5524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:52:27.0415 5524 MSPCLOCK - ok
20:52:27.0430 5524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:52:27.0430 5524 MSPQM - ok
20:52:27.0477 5524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:52:27.0477 5524 MsRPC - ok
20:52:27.0555 5524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
20:52:27.0555 5524 mssmbios - ok
20:52:27.0618 5524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:52:27.0618 5524 MSTEE - ok
20:52:27.0680 5524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:52:27.0696 5524 MTConfig - ok
20:52:27.0789 5524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:52:27.0789 5524 Mup - ok
20:52:27.0914 5524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:52:27.0914 5524 NativeWifiP - ok
20:52:28.0008 5524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
20:52:28.0023 5524 NDIS - ok
20:52:28.0117 5524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:52:28.0117 5524 NdisCap - ok
20:52:28.0132 5524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:52:28.0132 5524 NdisTapi - ok
20:52:28.0179 5524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:52:28.0179 5524 Ndisuio - ok
20:52:28.0273 5524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:52:28.0273 5524 NdisWan - ok
20:52:28.0320 5524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:52:28.0320 5524 NDProxy - ok
20:52:28.0429 5524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:52:28.0429 5524 NetBIOS - ok
20:52:28.0460 5524 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:52:28.0460 5524 NetBT - ok
20:52:28.0585 5524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:52:28.0585 5524 nfrd960 - ok
20:52:28.0632 5524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:52:28.0647 5524 Npfs - ok
20:52:28.0725 5524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:52:28.0725 5524 nsiproxy - ok
20:52:28.0803 5524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:52:28.0819 5524 Ntfs - ok
20:52:28.0912 5524 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:52:28.0912 5524 Null - ok
20:52:28.0959 5524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:52:28.0959 5524 nvraid - ok
20:52:28.0990 5524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:52:28.0990 5524 nvstor - ok
20:52:29.0100 5524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:52:29.0115 5524 nv_agp - ok
20:52:29.0146 5524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:52:29.0146 5524 ohci1394 - ok
20:52:29.0287 5524 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:52:29.0302 5524 Parport - ok
20:52:29.0334 5524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
20:52:29.0334 5524 partmgr - ok
20:52:29.0396 5524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:52:29.0396 5524 pci - ok
20:52:29.0474 5524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:52:29.0474 5524 pciide - ok
20:52:29.0505 5524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:52:29.0521 5524 pcmcia - ok
20:52:29.0536 5524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:52:29.0536 5524 pcw - ok
20:52:29.0646 5524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:52:29.0661 5524 PEAUTH - ok
20:52:29.0770 5524 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
20:52:29.0770 5524 PGEffect - ok
20:52:29.0895 5524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:52:29.0911 5524 PptpMiniport - ok
20:52:30.0004 5524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:52:30.0020 5524 Processor - ok
20:52:30.0067 5524 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:52:30.0082 5524 Psched - ok
20:52:30.0176 5524 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
20:52:30.0176 5524 QIOMem - ok
20:52:30.0238 5524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:52:30.0270 5524 ql2300 - ok
20:52:30.0348 5524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:52:30.0363 5524 ql40xx - ok
20:52:30.0379 5524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:52:30.0394 5524 QWAVEdrv - ok
20:52:30.0410 5524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:52:30.0410 5524 RasAcd - ok
20:52:30.0519 5524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:52:30.0519 5524 RasAgileVpn - ok
20:52:30.0550 5524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:52:30.0566 5524 Rasl2tp - ok
20:52:30.0660 5524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:52:30.0675 5524 RasPppoe - ok
20:52:30.0691 5524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:52:30.0691 5524 RasSstp - ok
20:52:30.0738 5524 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:52:30.0738 5524 rdbss - ok
20:52:30.0831 5524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:52:30.0831 5524 rdpbus - ok
20:52:30.0862 5524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:52:30.0862 5524 RDPCDD - ok
20:52:30.0894 5524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:52:30.0894 5524 RDPENCDD - ok
20:52:30.0972 5524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:52:30.0972 5524 RDPREFMP - ok
20:52:31.0003 5524 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
20:52:31.0018 5524 RDPWD - ok
20:52:31.0065 5524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:52:31.0065 5524 rdyboost - ok
20:52:31.0174 5524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:52:31.0174 5524 rspndr - ok
20:52:31.0237 5524 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
20:52:31.0237 5524 RSUSBSTOR - ok
20:52:31.0346 5524 rtl8192Ce (b89c0601a05e1140ac96fa965d94c340) C:\windows\system32\DRIVERS\rtl8192Ce.sys
20:52:31.0362 5524 rtl8192Ce - ok
20:52:31.0455 5524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:52:31.0455 5524 sbp2port - ok
20:52:31.0486 5524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:52:31.0486 5524 scfilter - ok
20:52:31.0611 5524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:52:31.0611 5524 secdrv - ok
20:52:31.0658 5524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:52:31.0658 5524 Serenum - ok
20:52:31.0689 5524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:52:31.0689 5524 Serial - ok
20:52:31.0736 5524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:52:31.0736 5524 sermouse - ok
20:52:31.0845 5524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:52:31.0845 5524 sffdisk - ok
20:52:31.0876 5524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:52:31.0876 5524 sffp_mmc - ok
20:52:31.0970 5524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:52:31.0970 5524 sffp_sd - ok
20:52:32.0001 5524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:52:32.0017 5524 sfloppy - ok
20:52:32.0126 5524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:52:32.0126 5524 SiSRaid2 - ok
20:52:32.0157 5524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:52:32.0157 5524 SiSRaid4 - ok
20:52:32.0188 5524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:52:32.0204 5524 Smb - ok
20:52:32.0329 5524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:52:32.0329 5524 spldr - ok
20:52:32.0391 5524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:52:32.0391 5524 srv - ok
20:52:32.0500 5524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:52:32.0500 5524 srv2 - ok
20:52:32.0563 5524 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
20:52:32.0563 5524 SrvHsfHDA - ok
20:52:32.0703 5524 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
20:52:32.0734 5524 SrvHsfV92 - ok
20:52:32.0844 5524 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
20:52:32.0844 5524 SrvHsfWinac - ok
20:52:32.0953 5524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:52:32.0968 5524 srvnet - ok
20:52:33.0015 5524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:52:33.0015 5524 stexstor - ok
20:52:33.0124 5524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
20:52:33.0124 5524 swenum - ok
20:52:33.0171 5524 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
20:52:33.0171 5524 SynTP - ok
20:52:33.0343 5524 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
20:52:33.0358 5524 Tcpip - ok
20:52:33.0514 5524 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
20:52:33.0530 5524 TCPIP6 - ok
20:52:33.0639 5524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:52:33.0639 5524 tcpipreg - ok
20:52:33.0748 5524 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:52:33.0748 5524 tdcmdpst - ok
20:52:33.0858 5524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:52:33.0858 5524 TDPIPE - ok
20:52:33.0889 5524 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:52:33.0889 5524 TDTCP - ok
20:52:33.0936 5524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:52:33.0936 5524 tdx - ok
20:52:33.0998 5524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
20:52:33.0998 5524 TermDD - ok
20:52:34.0154 5524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:52:34.0154 5524 tssecsrv - ok
20:52:34.0185 5524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:52:34.0185 5524 TsUsbFlt - ok
20:52:34.0294 5524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:52:34.0294 5524 tunnel - ok
20:52:34.0326 5524 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:52:34.0326 5524 TVALZ - ok
20:52:34.0372 5524 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:52:34.0372 5524 TVALZFL - ok
20:52:34.0482 5524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:52:34.0482 5524 uagp35 - ok
20:52:34.0528 5524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:52:34.0544 5524 udfs - ok
20:52:34.0669 5524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:52:34.0669 5524 uliagpkx - ok
20:52:34.0716 5524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
20:52:34.0731 5524 umbus - ok
20:52:34.0825 5524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:52:34.0840 5524 UmPass - ok
20:52:34.0887 5524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:52:34.0887 5524 usbccgp - ok
20:52:34.0950 5524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:52:34.0965 5524 usbcir - ok
20:52:35.0028 5524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
20:52:35.0028 5524 usbehci - ok
20:52:35.0090 5524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:52:35.0090 5524 usbhub - ok
20:52:35.0121 5524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:52:35.0121 5524 usbohci - ok
20:52:35.0199 5524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:52:35.0199 5524 usbprint - ok
20:52:35.0246 5524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
20:52:35.0262 5524 USBSTOR - ok
20:52:35.0277 5524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:52:35.0277 5524 usbuhci - ok
20:52:35.0371 5524 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
20:52:35.0386 5524 usbvideo - ok
20:52:35.0464 5524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:52:35.0464 5524 vdrvroot - ok
20:52:35.0542 5524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:52:35.0542 5524 vga - ok
20:52:35.0589 5524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:52:35.0589 5524 VgaSave - ok
20:52:35.0636 5524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:52:35.0636 5524 vhdmp - ok
20:52:35.0714 5524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:52:35.0714 5524 viaide - ok
20:52:35.0792 5524 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\windows\system32\drivers\vmci.sys
20:52:35.0792 5524 vmci - ok
20:52:35.0870 5524 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\windows\system32\drivers\VMkbd.sys
20:52:35.0870 5524 vmkbd - ok
20:52:35.0948 5524 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\windows\system32\DRIVERS\vmnetadapter.sys
20:52:35.0948 5524 VMnetAdapter - ok
20:52:35.0979 5524 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\windows\system32\DRIVERS\vmnetbridge.sys
20:52:35.0979 5524 VMnetBridge - ok
20:52:36.0057 5524 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\windows\system32\drivers\vmnetuserif.sys
20:52:36.0057 5524 VMnetuserif - ok
20:52:36.0135 5524 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\windows\system32\drivers\vmx86.sys
20:52:36.0135 5524 vmx86 - ok
20:52:36.0213 5524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:52:36.0213 5524 volmgr - ok
20:52:36.0276 5524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:52:36.0276 5524 volmgrx - ok
20:52:36.0338 5524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:52:36.0338 5524 volsnap - ok
20:52:36.0447 5524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:52:36.0447 5524 vsmraid - ok
20:52:36.0525 5524 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
20:52:36.0525 5524 vstor2-ws60 - ok
20:52:36.0619 5524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:52:36.0619 5524 vwifibus - ok
20:52:36.0650 5524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:52:36.0650 5524 vwififlt - ok
20:52:36.0681 5524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:52:36.0681 5524 WacomPen - ok
20:52:36.0790 5524 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:52:36.0790 5524 WANARP - ok
20:52:36.0790 5524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:52:36.0806 5524 Wanarpv6 - ok
20:52:36.0853 5524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:52:36.0868 5524 Wd - ok
20:52:36.0962 5524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:52:36.0978 5524 Wdf01000 - ok
20:52:37.0118 5524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:52:37.0118 5524 WfpLwf - ok
20:52:37.0149 5524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:52:37.0149 5524 WIMMount - ok
20:52:37.0305 5524 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:52:37.0305 5524 WinUsb - ok
20:52:37.0352 5524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:52:37.0352 5524 WmiAcpi - ok
20:52:37.0461 5524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:52:37.0461 5524 ws2ifsl - ok
20:52:37.0524 5524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:52:37.0539 5524 WudfPf - ok
20:52:37.0633 5524 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:52:37.0633 5524 WUDFRd - ok
20:52:37.0711 5524 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:52:37.0726 5524 \Device\Harddisk0\DR0 - ok
20:52:37.0742 5524 Boot (0x1200) (6a4047103c82b68602958f46eec19e17) \Device\Harddisk0\DR0\Partition0
20:52:37.0742 5524 \Device\Harddisk0\DR0\Partition0 - ok
20:52:37.0742 5524 ============================================================
20:52:37.0742 5524 Scan finished
20:52:37.0742 5524 ============================================================
20:52:37.0758 1208 Detected object count: 0
20:52:37.0758 1208 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 28 November 2011 - 09:15 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 matt2012

matt2012
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 28 November 2011 - 09:56 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-28 21:36:43
-----------------------------
21:36:43.025 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:43.025 Number of processors: 2 586 0x2505
21:36:43.025 ComputerName: KRISTIN-PC UserName: Kristin
21:36:45.658 Initialize success
21:36:45.778 AVAST engine defs: 11112802
21:36:54.580 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:36:54.580 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
21:36:54.610 Disk 0 MBR read successfully
21:36:54.610 Disk 0 MBR scan
21:36:54.620 Disk 0 Windows VISTA default MBR code
21:36:54.620 Service scanning
21:36:55.280 Service KL1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5
21:36:55.280 Service kl2 C:\windows\system32\DRIVERS\kl2.sys **LOCKED** 5
21:36:55.290 Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5
21:36:55.290 Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
21:36:55.960 Modules scanning
21:36:55.971 Disk 0 trace - called modules:
21:36:55.999 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80033c0334]<<
21:36:56.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003330660]
21:36:56.338 3 CLASSPNP.SYS[fffff88001c5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031a5050]
21:36:56.347 \Driver\iaStor[0xfffffa8002cbac10] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80033c0334
21:36:57.377 AVAST engine scan C:\windows
21:36:59.455 AVAST engine scan C:\windows\system32
21:38:14.339 AVAST engine scan C:\windows\system32\drivers
21:38:23.219 AVAST engine scan C:\Users\Kristin
21:40:08.957 AVAST engine scan C:\ProgramData
21:42:03.610 Scan finished successfully
21:53:24.356 Disk 0 MBR has been saved successfully to "C:\Users\Kristin\Desktop\MBR.dat"
21:53:24.361 The log file has been saved successfully to "C:\Users\Kristin\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 29 November 2011 - 08:14 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 matt2012

matt2012
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 29 November 2011 - 05:51 PM

tried running fixTDSS and got the BSOD. I was unable to get the computer to boot regular or safe mode. ran "last known good configuration" and was able to boot.

I finally saw what is playing the random sounds. after I got the computer to boot a video popped up. I could always here the sound but never see the video. the video was for something called "ADME"

Edited by matt2012, 29 November 2011 - 05:54 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 29 November 2011 - 07:29 PM

Hello


give me a fresh scan from aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 matt2012

matt2012
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 29 November 2011 - 08:52 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-28 21:36:43
-----------------------------
21:36:43.025 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:43.025 Number of processors: 2 586 0x2505
21:36:43.025 ComputerName: KRISTIN-PC UserName: Kristin
21:36:45.658 Initialize success
21:36:45.778 AVAST engine defs: 11112802
21:36:54.580 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:36:54.580 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
21:36:54.610 Disk 0 MBR read successfully
21:36:54.610 Disk 0 MBR scan
21:36:54.620 Disk 0 Windows VISTA default MBR code
21:36:54.620 Service scanning
21:36:55.280 Service KL1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5
21:36:55.280 Service kl2 C:\windows\system32\DRIVERS\kl2.sys **LOCKED** 5
21:36:55.290 Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5
21:36:55.290 Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
21:36:55.960 Modules scanning
21:36:55.971 Disk 0 trace - called modules:
21:36:55.999 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80033c0334]<<
21:36:56.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003330660]
21:36:56.338 3 CLASSPNP.SYS[fffff88001c5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031a5050]
21:36:56.347 \Driver\iaStor[0xfffffa8002cbac10] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80033c0334
21:36:57.377 AVAST engine scan C:\windows
21:36:59.455 AVAST engine scan C:\windows\system32
21:38:14.339 AVAST engine scan C:\windows\system32\drivers
21:38:23.219 AVAST engine scan C:\Users\Kristin
21:40:08.957 AVAST engine scan C:\ProgramData
21:42:03.610 Scan finished successfully
21:53:24.356 Disk 0 MBR has been saved successfully to "C:\Users\Kristin\Desktop\MBR.dat"
21:53:24.361 The log file has been saved successfully to "C:\Users\Kristin\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-29 20:44:04
-----------------------------
20:44:04.561 OS Version: Windows x64 6.1.7601 Service Pack 1
20:44:04.561 Number of processors: 2 586 0x2505
20:44:04.561 ComputerName: KRISTIN-PC UserName: Kristin
20:44:05.741 Initialize success
20:44:05.871 AVAST engine defs: 11112902
20:44:11.681 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:44:11.681 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
20:44:11.711 Disk 0 MBR read successfully
20:44:11.711 Disk 0 MBR scan
20:44:11.721 Disk 0 Windows VISTA default MBR code
20:44:11.721 Service scanning
20:44:12.741 Service KL1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5
20:44:12.751 Service kl2 C:\windows\system32\DRIVERS\kl2.sys **LOCKED** 5
20:44:12.751 Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5
20:44:12.761 Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
20:44:13.461 Modules scanning
20:44:13.461 Disk 0 trace - called modules:
20:44:13.491 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800512f334]<<
20:44:13.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003338790]
20:44:13.521 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031c5050]
20:44:13.531 \Driver\iaStor[0xfffffa800232adc0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800512f334
20:44:14.251 AVAST engine scan C:\windows
20:44:20.523 AVAST engine scan C:\windows\system32
20:45:51.115 AVAST engine scan C:\windows\system32\drivers
20:46:01.056 AVAST engine scan C:\Users\Kristin
20:47:29.039 AVAST engine scan C:\ProgramData
20:49:05.191 Scan finished successfully
20:51:52.855 Disk 0 MBR has been saved successfully to "C:\Users\Kristin\Desktop\MBR.dat"
20:51:52.860 The log file has been saved successfully to "C:\Users\Kristin\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 30 November 2011 - 08:05 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 matt2012

matt2012
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 30 November 2011 - 10:36 PM

don't have time to do all that tonight....I will try tomorrow evening. Thank you for all your help!!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 30 November 2011 - 11:41 PM

you are welcome and see you tomarrow

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:41 PM

Posted 05 December 2011 - 12:21 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users