Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake AntiVirus program blocking windows defender


  • This topic is locked This topic is locked
41 replies to this topic

#1 meantforsea

meantforsea

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 04 December 2011 - 09:07 PM

I am using Windows 7, 64bit.

Friday evening I was browsing youtube, facebook, and then ultimately old liverjournal entries, when suddenly my browser turned off unexpectedly and a fake antivirus program popped up claiming that I needed to run it. I exited and then windows alerted me that something was trying to make changes to my harddrive. I denied it over and over (about 20 - 30 times) and then Microsoft Security Essentials wouldn't turn on (I tried to click it to scan my computer, but it was not in my tray near the clock anymore--nothing was but the clock and bluetooth [that I do not use]). I restarted my computer, but nothing happened. I kept getting an antivirus program popping up and saying I needed to pay to protect myself. I could not get online because everything was a threat, apparently.

Then I took the harddrive out of my laptop and placed it in an enclosure and had another computer run Microsoft Security Essentials on it. At the same time, AVG was running. AVG found six items and deleted them all. MSE found nothing.

Put the hard drive back into the laptop and it started up normal. No more antivirus stuff. However, when I tried to execute any program, I received an error saying "how would you like to open this program." I could not open internet, calculator, or any program except for word and photos. I found a loophole. Under the "how you like to.." there was a link that said "check online for programs" and that link did take me to the internet. I managed to run MSE by right-clicking the internet icon and "scan with MSE". That did not find anything. I installed AVG through the loophole and ran that, but it did not find anything.

Then I ran SuperAntiVirus, which found a bunch of things that I removed. I rebooted, but to no avail. I took the hard drive out and had another computer scan it with ClamAV (I think, I'm not entirely sure if it scanned the driver or not, as some of the items were not on my hard drive).

Finally, I decided to run Combofix. I read that I probably shouldnt, however, I was at a loss. I tried to run it, however it said that MSE was running and needed to be turned off. I turned off the real-time protection, but it said that it was still running. Immediately after turning off MSE, my icons worked. I uninstalled MSE and the tray at the bottom of my screen worked again and everything seems to be going okay. I've run AVG and AVG tune-up. AVG did not find any viruses, but AVG found registry errors that it attempted to fix.

I went into Action Center, but I could not turn on any firewall, I could not turn on Windows Defender, and I could not make any changes to anything in the Security center. "Windows Security Center Cannot Be Started" is my error message.

Then I ran combofix and have the log, but I don't know what to do with it. Instead, I came here to ask for help, since I've exhausted all of my options.



Please help me. I have final papers I need to finish before the semester is over and very little time. I realize I was stupid in using something I didn't know how to use, but I was desperate.


DDS



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Omega at 20:46:23 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1863 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\boostspeed.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{29CF362E-5005-4B95-B713-547AD19C913C} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{29CF362E-5005-4B95-B713-547AD19C913C}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{29CF362E-5005-4B95-B713-547AD19C913C}\271697E27696C6C696E6D27657563747 : DhcpNameServer = 192.168.33.1 68.87.64.150 68.87.75.198
TCP: Interfaces\{29CF362E-5005-4B95-B713-547AD19C913C}\84F4D454D283532483 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{29CF362E-5005-4B95-B713-547AD19C913C}\C696E6B6379737 : DhcpNameServer = 10.1.10.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\windows\system32\DRIVERS\fspad_wlh64.sys --> C:\windows\system32\DRIVERS\fspad_wlh64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-4 366152]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-5-27 160768]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;C:\windows\system32\DRIVERS\fspad_xp64.sys --> C:\windows\system32\DRIVERS\fspad_xp64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-25 91456]
.
=============== Created Last 30 ================
.
2011-12-05 01:24:44 98816 ----a-w- C:\windows\sed.exe
2011-12-05 01:24:44 518144 ----a-w- C:\windows\SWREG.exe
2011-12-05 01:24:44 256000 ----a-w- C:\windows\PEV.exe
2011-12-05 01:24:44 208896 ----a-w- C:\windows\MBR.exe
2011-12-05 00:31:29 -------- d-----w- C:\Users\Omega\AppData\Roaming\AVG
2011-12-04 14:05:13 -------- d-----w- C:\Users\Omega\AppData\Roaming\Malwarebytes
2011-12-04 14:05:04 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-04 14:05:00 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-12-04 14:05:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-04 04:17:42 -------- d-----w- C:\Users\Omega\AppData\Roaming\SUPERAntiSpyware.com
2011-12-04 04:17:42 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-04 01:34:50 -------- d-----w- C:\Users\Omega\AppData\Roaming\AVG2012
2011-12-04 01:34:39 -------- d--h--w- C:\ProgramData\Common Files
2011-12-04 01:34:30 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2011-12-04 01:33:06 -------- d-----w- C:\windows\System32\drivers\AVG
2011-12-04 01:33:06 -------- d-----w- C:\ProgramData\AVG2012
2011-12-04 01:31:56 -------- d-----w- C:\Program Files (x86)\AVG
2011-12-04 01:29:42 -------- d-----w- C:\ProgramData\MFAData
2011-11-24 12:12:26 -------- d-----w- C:\Users\Omega\AppData\Local\Mozilla
2011-11-13 05:03:33 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-11-13 05:03:33 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-11-13 05:03:33 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-11-13 05:02:28 -------- d-----w- C:\Program Files\iPod
2011-11-13 05:02:27 -------- d-----w- C:\Program Files\iTunes
2011-11-13 05:00:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-13 05:00:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-09 13:48:31 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 13:48:30 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 13:48:29 1897328 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-11-09 13:48:27 3141120 ----a-w- C:\windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-10-24 19:55:02 286720 ----a-w- C:\windows\iun506.exe
2011-10-24 19:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2011-10-07 11:23:46 283728 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-09-13 11:30:08 37456 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2011-09-07 13:02:36 62552 ----a-w- C:\windows\System32\drivers\toolkitdisk.sys
.
============= FINISH: 20:46:51.34 ===============

Attached Files


Edited by meantforsea, 04 December 2011 - 09:11 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 07 December 2011 - 11:15 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 07 December 2011 - 02:54 PM

Thank you Gringo,

I had combofix already, but reinstalled and it updated itself.

Before it ran, it told me that I had to disable Microsoft Security Essentials... I do not have MSE anymore. I uninstalled it over the weekend. Combofix said that it is at my discretion to go on, but I continued.

My computer has been running okay, except I cannot access the action center or any administrative features on my computer. Firewall, windows defender, etc.


This is my log:

ComboFix 11-12-06.02 - Omega 12/07/2011 14:43:18.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2780 [GMT -5:00]
Running from: c:\users\Omega\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Omega\Documents\~WRL0419.tmp
c:\users\Omega\Documents\~WRL0421.tmp
c:\users\Omega\Documents\~WRL1406.tmp
c:\users\Omega\Documents\~WRL2021.tmp
c:\users\Omega\Documents\~WRL2273.tmp
c:\users\Omega\Documents\~WRL2531.tmp
c:\users\Omega\Documents\~WRL2749.tmp
c:\users\Omega\Documents\~WRL2763.tmp
c:\users\Omega\Documents\~WRL2815.tmp
c:\users\Omega\Documents\~WRL3731.tmp
c:\users\Omega\Documents\~WRL3781.tmp
c:\users\Omega\Documents\~WRL3806.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-05 04:55 . 2011-12-05 04:55 -------- d-----w- c:\users\Omega\AppData\Roaming\IsolatedStorage
2011-12-05 04:54 . 2011-12-05 04:55 -------- d-----w- c:\program files (x86)\ljArchive
2011-12-05 04:46 . 2011-12-05 04:58 -------- d-----w- c:\program files (x86)\Semagic
2011-12-05 04:16 . 2011-12-05 04:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-05 02:38 . 2011-12-05 02:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-05 00:31 . 2011-12-05 00:34 -------- d-----w- c:\users\Omega\AppData\Roaming\AVG
2011-12-04 14:05 . 2011-12-04 14:05 -------- d-----w- c:\users\Omega\AppData\Roaming\Malwarebytes
2011-12-04 14:05 . 2011-12-04 14:05 -------- d-----w- c:\programdata\Malwarebytes
2011-12-04 14:05 . 2011-12-04 14:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 14:05 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 04:17 . 2011-12-04 04:17 -------- d-----w- c:\users\Omega\AppData\Roaming\SUPERAntiSpyware.com
2011-12-04 04:17 . 2011-12-04 04:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-04 01:34 . 2011-12-04 01:34 -------- d--h--w- c:\programdata\Common Files
2011-12-04 01:34 . 2011-12-04 01:34 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-12-04 01:33 . 2011-12-07 19:39 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-04 01:33 . 2011-12-04 01:43 -------- d-----w- c:\programdata\AVG2012
2011-12-04 01:31 . 2011-12-05 00:30 -------- d-----w- c:\program files (x86)\AVG
2011-12-04 01:29 . 2011-12-07 19:39 -------- d-----w- c:\programdata\MFAData
2011-11-24 12:12 . 2011-11-24 12:12 -------- d-----w- c:\users\Omega\AppData\Local\Mozilla
2011-11-14 01:06 . 2011-11-14 01:06 -------- d-----w- c:\windows\system32\Macromed
2011-11-13 05:03 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-13 05:03 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-13 05:03 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-13 05:02 . 2011-11-13 05:02 -------- d-----w- c:\program files\iPod
2011-11-13 05:02 . 2011-11-13 05:03 -------- d-----w- c:\program files\iTunes
2011-11-13 05:01 . 2011-11-13 05:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-13 05:01 . 2011-11-13 05:01 -------- d-----w- c:\program files\Common Files\Apple
2011-11-13 05:00 . 2011-11-13 05:00 -------- d-----w- c:\program files\Bonjour
2011-11-13 05:00 . 2011-11-13 05:00 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-09 13:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:48 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 23:17 . 2010-08-29 21:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-03 23:15 . 2010-08-29 21:17 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-03 23:15 . 2010-08-29 21:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-03 21:40 . 2010-08-29 21:16 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-02 02:40 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-24 19:55 . 2011-10-24 19:51 286720 ----a-w- c:\windows\iun506.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 11:23 . 2011-10-07 11:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-01 03:21 . 2011-10-13 13:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 13:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-13 11:30 . 2011-09-13 11:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-05_01.33.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-12-04 13:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-07 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-04 13:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-07 19:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-07 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-04 13:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-12-05 21:13 52108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-16 09:15 . 2011-12-05 21:13 13404 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3591633545-1928785074-1052949616-1000_UserData.bin
+ 2010-06-12 17:55 . 2011-12-07 19:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-12 17:55 . 2011-12-04 23:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-12 17:55 . 2011-12-04 23:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-12 17:55 . 2011-12-07 19:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-07 19:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-04 23:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-17 01:15 . 2011-12-05 21:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-17 01:15 . 2011-12-05 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-17 01:15 . 2011-12-05 21:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-17 01:15 . 2011-12-05 00:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-17 01:15 . 2011-12-05 21:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-17 01:15 . 2011-12-05 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-16 09:30 . 2011-12-07 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-16 09:30 . 2011-12-05 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-16 09:30 . 2011-12-05 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-16 09:30 . 2011-12-07 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 17:55 . 2011-06-06 17:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2011-12-04 15:42 . 2011-12-05 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-04 15:42 . 2011-12-05 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-04 15:42 . 2011-12-05 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-04 15:42 . 2011-12-05 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-05 04:16 . 2011-12-05 04:16 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-05 04:16 . 2011-12-05 04:16 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2010-11-13 22:30 . 2011-12-06 13:34 268814 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-08-17 01:31 . 2011-12-07 05:31 352442 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-12-07 04:18 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-05 00:25 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-07 04:18 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-05 00:25 106756 c:\windows\system32\perfc009.dat
+ 2011-12-05 04:16 . 2011-12-05 04:16 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2011-12-05 04:16 . 2011-12-05 04:16 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-01-14 12:10 . 2011-01-14 12:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\7f90e2.msi
+ 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\2d1cc9a.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-01-14 12:10 . 2011-01-14 12:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
- 2009-07-14 02:34 . 2011-12-05 00:05 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-12-07 04:35 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\7f90e3.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-06-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-07-24 2068480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-15 1086240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\DRIVERS\fspad_xp64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 MGHwCtrl;MGHwCtrl;c:\program files (x86)\msi\msi Software Install\MGHwCtrl.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\users\Omega\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\Omega\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-10-25 2398512]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-07 16328736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"fspuip"="c:\program files (x86)\FSP\fspuip.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Copy to Semagic - c:\program files (x86)\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Semagic - c:\program files (x86)\Semagic\link.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-07 14:51:48
ComboFix-quarantined-files.txt 2011-12-07 19:51
ComboFix2.txt 2011-12-05 01:35
.
Pre-Run: 49,942,523,904 bytes free
Post-Run: 49,872,723,968 bytes free
.
- - End Of File - - 0C7BAF66D6B67ADD1477DBCAEA3193D5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 07 December 2011 - 05:19 PM

ello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 07 December 2011 - 05:29 PM

Thank you again, Gringo,


No threats were detected.

Here is the log:



17:26:51.0460 4164 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
17:26:51.0554 4164 ============================================================
17:26:51.0554 4164 Current date / time: 2011/12/07 17:26:51.0554
17:26:51.0554 4164 SystemInfo:
17:26:51.0554 4164
17:26:51.0554 4164 OS Version: 6.1.7600 ServicePack: 0.0
17:26:51.0554 4164 Product type: Workstation
17:26:51.0554 4164 ComputerName: MSI-CR500
17:26:51.0554 4164 UserName: Omega
17:26:51.0554 4164 Windows directory: C:\windows
17:26:51.0554 4164 System windows directory: C:\windows
17:26:51.0554 4164 Running under WOW64
17:26:51.0554 4164 Processor architecture: Intel x64
17:26:51.0554 4164 Number of processors: 2
17:26:51.0554 4164 Page size: 0x1000
17:26:51.0554 4164 Boot type: Normal boot
17:26:51.0554 4164 ============================================================
17:26:54.0206 4164 Initialize success
17:27:17.0340 1796 ============================================================
17:27:17.0340 1796 Scan started
17:27:17.0340 1796 Mode: Manual;
17:27:17.0340 1796 ============================================================
17:27:21.0147 1796 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
17:27:21.0147 1796 1394ohci - ok
17:27:21.0552 1796 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
17:27:21.0630 1796 ACPI - ok
17:27:21.0989 1796 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
17:27:21.0989 1796 AcpiPmi - ok
17:27:22.0348 1796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
17:27:22.0395 1796 adp94xx - ok
17:27:22.0676 1796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
17:27:22.0691 1796 adpahci - ok
17:27:22.0863 1796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
17:27:22.0863 1796 adpu320 - ok
17:27:23.0315 1796 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
17:27:23.0315 1796 AFD - ok
17:27:23.0658 1796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
17:27:23.0658 1796 agp440 - ok
17:27:23.0768 1796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
17:27:23.0768 1796 aliide - ok
17:27:23.0830 1796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
17:27:23.0830 1796 amdide - ok
17:27:23.0908 1796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
17:27:23.0908 1796 AmdK8 - ok
17:27:24.0142 1796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
17:27:24.0142 1796 AmdPPM - ok
17:27:24.0251 1796 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
17:27:24.0251 1796 amdsata - ok
17:27:24.0329 1796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
17:27:24.0329 1796 amdsbs - ok
17:27:24.0376 1796 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
17:27:24.0376 1796 amdxata - ok
17:27:24.0423 1796 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
17:27:24.0423 1796 AppID - ok
17:27:24.0516 1796 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
17:27:24.0516 1796 arc - ok
17:27:24.0579 1796 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
17:27:24.0594 1796 arcsas - ok
17:27:24.0641 1796 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:27:24.0641 1796 ArcSoftKsUFilter - ok
17:27:24.0719 1796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:27:24.0735 1796 AsyncMac - ok
17:27:24.0766 1796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
17:27:24.0766 1796 atapi - ok
17:27:24.0875 1796 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys
17:27:24.0938 1796 Avgfwfd - ok
17:27:25.0062 1796 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
17:27:25.0078 1796 AVGIDSDriver - ok
17:27:25.0140 1796 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
17:27:25.0140 1796 AVGIDSEH - ok
17:27:25.0187 1796 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
17:27:25.0187 1796 AVGIDSFilter - ok
17:27:25.0250 1796 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
17:27:25.0250 1796 Avgldx64 - ok
17:27:25.0406 1796 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
17:27:25.0406 1796 Avgmfx64 - ok
17:27:25.0515 1796 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
17:27:25.0515 1796 Avgrkx64 - ok
17:27:25.0608 1796 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
17:27:25.0624 1796 Avgtdia - ok
17:27:26.0014 1796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
17:27:26.0061 1796 b06bdrv - ok
17:27:26.0154 1796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:27:26.0154 1796 b57nd60a - ok
17:27:26.0201 1796 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:27:26.0201 1796 Beep - ok
17:27:26.0264 1796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:27:26.0279 1796 blbdrive - ok
17:27:26.0404 1796 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
17:27:26.0420 1796 bowser - ok
17:27:26.0466 1796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:27:26.0482 1796 BrFiltLo - ok
17:27:26.0529 1796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:27:26.0529 1796 BrFiltUp - ok
17:27:26.0685 1796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:27:26.0856 1796 Brserid - ok
17:27:26.0888 1796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:27:26.0903 1796 BrSerWdm - ok
17:27:26.0919 1796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:27:26.0919 1796 BrUsbMdm - ok
17:27:26.0934 1796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:27:26.0934 1796 BrUsbSer - ok
17:27:26.0981 1796 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
17:27:26.0997 1796 BthEnum - ok
17:27:27.0012 1796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
17:27:27.0012 1796 BTHMODEM - ok
17:27:27.0059 1796 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
17:27:27.0059 1796 BthPan - ok
17:27:27.0137 1796 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
17:27:27.0153 1796 BTHPORT - ok
17:27:27.0246 1796 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
17:27:27.0246 1796 BTHUSB - ok
17:27:27.0309 1796 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\windows\system32\drivers\btusbflt.sys
17:27:27.0309 1796 btusbflt - ok
17:27:27.0371 1796 btwaudio (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys
17:27:27.0371 1796 btwaudio - ok
17:27:27.0402 1796 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\DRIVERS\btwavdt.sys
17:27:27.0402 1796 btwavdt - ok
17:27:27.0465 1796 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
17:27:27.0465 1796 btwl2cap - ok
17:27:27.0543 1796 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys
17:27:27.0543 1796 btwrchid - ok
17:27:27.0574 1796 catchme - ok
17:27:27.0605 1796 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:27:27.0621 1796 cdfs - ok
17:27:27.0652 1796 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
17:27:27.0652 1796 cdrom - ok
17:27:27.0699 1796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
17:27:27.0699 1796 circlass - ok
17:27:27.0730 1796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:27:27.0730 1796 CLFS - ok
17:27:27.0777 1796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:27:27.0777 1796 CmBatt - ok
17:27:27.0792 1796 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
17:27:27.0792 1796 cmdide - ok
17:27:27.0824 1796 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
17:27:27.0855 1796 CNG - ok
17:27:27.0870 1796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
17:27:27.0870 1796 Compbatt - ok
17:27:27.0902 1796 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
17:27:27.0902 1796 CompositeBus - ok
17:27:27.0933 1796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
17:27:27.0933 1796 crcdisk - ok
17:27:28.0011 1796 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\windows\system32\DRIVERS\dc3d.sys
17:27:28.0011 1796 dc3d - ok
17:27:28.0089 1796 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
17:27:28.0089 1796 DfsC - ok
17:27:28.0136 1796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:27:28.0136 1796 discache - ok
17:27:28.0151 1796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
17:27:28.0167 1796 Disk - ok
17:27:28.0229 1796 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:27:28.0229 1796 drmkaud - ok
17:27:28.0416 1796 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
17:27:28.0432 1796 DXGKrnl - ok
17:27:28.0650 1796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
17:27:28.0744 1796 ebdrv - ok
17:27:28.0822 1796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
17:27:28.0838 1796 elxstor - ok
17:27:28.0853 1796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
17:27:28.0853 1796 ErrDev - ok
17:27:28.0900 1796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:27:28.0900 1796 exfat - ok
17:27:28.0916 1796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:27:28.0931 1796 fastfat - ok
17:27:28.0947 1796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
17:27:28.0947 1796 fdc - ok
17:27:28.0994 1796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:27:28.0994 1796 FileInfo - ok
17:27:29.0009 1796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:27:29.0009 1796 Filetrace - ok
17:27:29.0025 1796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
17:27:29.0025 1796 flpydisk - ok
17:27:29.0103 1796 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
17:27:29.0118 1796 FltMgr - ok
17:27:29.0384 1796 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:27:29.0384 1796 FsDepends - ok
17:27:29.0415 1796 fspad_wlh64 (768fae6c348e5538b370fa62ab1b43b1) C:\windows\system32\DRIVERS\fspad_wlh64.sys
17:27:29.0415 1796 fspad_wlh64 - ok
17:27:29.0462 1796 fspad_xp64 (768fae6c348e5538b370fa62ab1b43b1) C:\windows\system32\DRIVERS\fspad_xp64.sys
17:27:29.0462 1796 fspad_xp64 - ok
17:27:29.0477 1796 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
17:27:29.0477 1796 Fs_Rec - ok
17:27:29.0555 1796 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
17:27:29.0571 1796 fvevol - ok
17:27:29.0618 1796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
17:27:29.0618 1796 gagp30kx - ok
17:27:29.0680 1796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:27:29.0696 1796 GEARAspiWDM - ok
17:27:29.0914 1796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:27:29.0914 1796 hcw85cir - ok
17:27:29.0961 1796 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
17:27:29.0961 1796 HdAudAddService - ok
17:27:29.0992 1796 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
17:27:29.0992 1796 HDAudBus - ok
17:27:30.0023 1796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
17:27:30.0023 1796 HidBatt - ok
17:27:30.0039 1796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
17:27:30.0039 1796 HidBth - ok
17:27:30.0054 1796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
17:27:30.0054 1796 HidIr - ok
17:27:30.0086 1796 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
17:27:30.0086 1796 HidUsb - ok
17:27:30.0117 1796 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
17:27:30.0117 1796 HpSAMD - ok
17:27:30.0164 1796 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
17:27:30.0179 1796 HTTP - ok
17:27:30.0195 1796 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
17:27:30.0195 1796 hwpolicy - ok
17:27:30.0226 1796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
17:27:30.0226 1796 i8042prt - ok
17:27:30.0273 1796 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
17:27:30.0320 1796 iaStorV - ok
17:27:30.0366 1796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
17:27:30.0366 1796 iirsp - ok
17:27:30.0616 1796 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\windows\system32\drivers\RTKVHD64.sys
17:27:30.0647 1796 IntcAzAudAddService - ok
17:27:30.0678 1796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
17:27:30.0694 1796 intelide - ok
17:27:30.0741 1796 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
17:27:30.0741 1796 intelppm - ok
17:27:30.0772 1796 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:27:30.0772 1796 IpFilterDriver - ok
17:27:30.0788 1796 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
17:27:30.0788 1796 IPMIDRV - ok
17:27:30.0819 1796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:27:30.0819 1796 IPNAT - ok
17:27:30.0866 1796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:27:30.0866 1796 IRENUM - ok
17:27:30.0881 1796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
17:27:30.0881 1796 isapnp - ok
17:27:30.0912 1796 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
17:27:30.0912 1796 iScsiPrt - ok
17:27:30.0928 1796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
17:27:30.0928 1796 kbdclass - ok
17:27:30.0944 1796 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
17:27:30.0944 1796 kbdhid - ok
17:27:30.0990 1796 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
17:27:30.0990 1796 KSecDD - ok
17:27:31.0022 1796 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
17:27:31.0037 1796 KSecPkg - ok
17:27:31.0084 1796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:27:31.0084 1796 ksthunk - ok
17:27:31.0443 1796 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:27:31.0458 1796 lltdio - ok
17:27:31.0505 1796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
17:27:31.0505 1796 LSI_FC - ok
17:27:31.0552 1796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
17:27:31.0552 1796 LSI_SAS - ok
17:27:31.0614 1796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:27:31.0630 1796 LSI_SAS2 - ok
17:27:31.0661 1796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:27:31.0661 1796 LSI_SCSI - ok
17:27:31.0692 1796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:27:31.0692 1796 luafv - ok
17:27:31.0755 1796 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\windows\system32\drivers\mbam.sys
17:27:31.0755 1796 MBAMProtector - ok
17:27:31.0786 1796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
17:27:31.0786 1796 megasas - ok
17:27:31.0833 1796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
17:27:31.0833 1796 MegaSR - ok
17:27:31.0864 1796 MGHwCtrl - ok
17:27:32.0004 1796 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:27:32.0004 1796 Modem - ok
17:27:32.0472 1796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:27:32.0472 1796 monitor - ok
17:27:32.0566 1796 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\windows\system32\DRIVERS\motmodem.sys
17:27:32.0566 1796 motmodem - ok
17:27:32.0628 1796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:27:32.0628 1796 mouclass - ok
17:27:32.0660 1796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:27:32.0660 1796 mouhid - ok
17:27:32.0675 1796 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
17:27:32.0675 1796 mountmgr - ok
17:27:32.0691 1796 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
17:27:32.0706 1796 mpio - ok
17:27:32.0722 1796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:27:32.0722 1796 mpsdrv - ok
17:27:32.0753 1796 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
17:27:32.0753 1796 MRxDAV - ok
17:27:32.0816 1796 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
17:27:32.0816 1796 mrxsmb - ok
17:27:32.0862 1796 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:27:32.0862 1796 mrxsmb10 - ok
17:27:32.0894 1796 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:27:32.0894 1796 mrxsmb20 - ok
17:27:32.0909 1796 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
17:27:32.0909 1796 msahci - ok
17:27:32.0925 1796 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
17:27:32.0940 1796 msdsm - ok
17:27:32.0972 1796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:27:32.0972 1796 Msfs - ok
17:27:32.0987 1796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:27:32.0987 1796 mshidkmdf - ok
17:27:33.0003 1796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
17:27:33.0003 1796 msisadrv - ok
17:27:33.0081 1796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:27:33.0081 1796 MSKSSRV - ok
17:27:33.0128 1796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:27:33.0128 1796 MSPCLOCK - ok
17:27:33.0159 1796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:27:33.0159 1796 MSPQM - ok
17:27:33.0190 1796 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
17:27:33.0190 1796 MsRPC - ok
17:27:33.0221 1796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
17:27:33.0221 1796 mssmbios - ok
17:27:33.0237 1796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:27:33.0252 1796 MSTEE - ok
17:27:33.0268 1796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
17:27:33.0268 1796 MTConfig - ok
17:27:33.0284 1796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:27:33.0284 1796 Mup - ok
17:27:33.0346 1796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:27:33.0346 1796 NativeWifiP - ok
17:27:33.0393 1796 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
17:27:33.0424 1796 NDIS - ok
17:27:33.0440 1796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:27:33.0440 1796 NdisCap - ok
17:27:33.0471 1796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:27:33.0471 1796 NdisTapi - ok
17:27:33.0502 1796 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
17:27:33.0502 1796 Ndisuio - ok
17:27:33.0533 1796 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
17:27:33.0533 1796 NdisWan - ok
17:27:33.0549 1796 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
17:27:33.0549 1796 NDProxy - ok
17:27:33.0564 1796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:27:33.0564 1796 NetBIOS - ok
17:27:33.0580 1796 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
17:27:33.0596 1796 NetBT - ok
17:27:33.0627 1796 netr28x (b6e1bf8dbff4b18f1a2d65da6e40bc7c) C:\windows\system32\DRIVERS\netr28x.sys
17:27:33.0642 1796 netr28x - ok
17:27:33.0674 1796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
17:27:33.0674 1796 nfrd960 - ok
17:27:33.0705 1796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:27:33.0705 1796 Npfs - ok
17:27:33.0720 1796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:27:33.0720 1796 nsiproxy - ok
17:27:33.0814 1796 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
17:27:33.0876 1796 Ntfs - ok
17:27:33.0939 1796 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\windows\system32\DRIVERS\NuidFltr.sys
17:27:33.0939 1796 NuidFltr - ok
17:27:33.0970 1796 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:27:33.0970 1796 Null - ok
17:27:34.0017 1796 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\windows\system32\DRIVERS\nvm62x64.sys
17:27:34.0032 1796 NVENETFD - ok
17:27:34.0048 1796 NVHDA (6e41a4df26340a07a489b721f9721ec1) C:\windows\system32\drivers\nvhda64v.sys
17:27:34.0064 1796 NVHDA - ok
17:27:34.0719 1796 nvlddmkm (9e286a3e6fdfdbcadfb042de3508968a) C:\windows\system32\DRIVERS\nvlddmkm.sys
17:27:34.0953 1796 nvlddmkm - ok
17:27:35.0031 1796 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\windows\system32\DRIVERS\nvmf6264.sys
17:27:35.0046 1796 NVNET - ok
17:27:35.0187 1796 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
17:27:35.0202 1796 nvraid - ok
17:27:35.0249 1796 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\windows\system32\DRIVERS\nvsmu.sys
17:27:35.0249 1796 nvsmu - ok
17:27:35.0312 1796 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
17:27:35.0312 1796 nvstor - ok
17:27:35.0358 1796 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\windows\system32\DRIVERS\nvstor64.sys
17:27:35.0374 1796 nvstor64 - ok
17:27:35.0421 1796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
17:27:35.0436 1796 nv_agp - ok
17:27:35.0468 1796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
17:27:35.0468 1796 ohci1394 - ok
17:27:35.0530 1796 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
17:27:35.0530 1796 Parport - ok
17:27:35.0592 1796 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
17:27:35.0592 1796 partmgr - ok
17:27:35.0639 1796 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
17:27:35.0655 1796 pci - ok
17:27:35.0686 1796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
17:27:35.0686 1796 pciide - ok
17:27:35.0858 1796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
17:27:35.0873 1796 pcmcia - ok
17:27:35.0936 1796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:27:35.0936 1796 pcw - ok
17:27:35.0982 1796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:27:36.0014 1796 PEAUTH - ok
17:27:36.0123 1796 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
17:27:36.0123 1796 PptpMiniport - ok
17:27:36.0170 1796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
17:27:36.0170 1796 Processor - ok
17:27:36.0232 1796 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
17:27:36.0248 1796 Psched - ok
17:27:36.0419 1796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
17:27:36.0466 1796 ql2300 - ok
17:27:36.0669 1796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
17:27:36.0669 1796 ql40xx - ok
17:27:36.0716 1796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:27:36.0716 1796 QWAVEdrv - ok
17:27:36.0747 1796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:27:36.0762 1796 RasAcd - ok
17:27:36.0825 1796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:27:36.0825 1796 RasAgileVpn - ok
17:27:36.0872 1796 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
17:27:36.0872 1796 Rasl2tp - ok
17:27:36.0918 1796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:27:36.0918 1796 RasPppoe - ok
17:27:36.0965 1796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:27:36.0981 1796 RasSstp - ok
17:27:37.0043 1796 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
17:27:37.0059 1796 rdbss - ok
17:27:37.0106 1796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
17:27:37.0106 1796 rdpbus - ok
17:27:37.0386 1796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:27:37.0386 1796 RDPCDD - ok
17:27:37.0464 1796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:27:37.0464 1796 RDPENCDD - ok
17:27:37.0511 1796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:27:37.0511 1796 RDPREFMP - ok
17:27:37.0620 1796 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
17:27:37.0636 1796 RDPWD - ok
17:27:37.0683 1796 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
17:27:37.0683 1796 rdyboost - ok
17:27:38.0120 1796 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
17:27:38.0135 1796 RFCOMM - ok
17:27:38.0166 1796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:27:38.0166 1796 rspndr - ok
17:27:38.0213 1796 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\windows\System32\Drivers\RtsUStor.sys
17:27:38.0229 1796 RSUSBSTOR - ok
17:27:38.0260 1796 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
17:27:38.0260 1796 RTL8167 - ok
17:27:38.0276 1796 RtsUIR - ok
17:27:38.0369 1796 SASDIFSV - ok
17:27:38.0385 1796 SASKUTIL - ok
17:27:38.0416 1796 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
17:27:38.0416 1796 sbp2port - ok
17:27:38.0447 1796 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
17:27:38.0447 1796 scfilter - ok
17:27:38.0525 1796 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
17:27:38.0525 1796 sdbus - ok
17:27:38.0572 1796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:27:38.0572 1796 secdrv - ok
17:27:38.0619 1796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
17:27:38.0634 1796 Serenum - ok
17:27:38.0666 1796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
17:27:38.0666 1796 Serial - ok
17:27:38.0681 1796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
17:27:38.0697 1796 sermouse - ok
17:27:38.0728 1796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
17:27:38.0728 1796 sffdisk - ok
17:27:38.0759 1796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
17:27:38.0759 1796 sffp_mmc - ok
17:27:38.0775 1796 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
17:27:38.0790 1796 sffp_sd - ok
17:27:38.0806 1796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
17:27:38.0806 1796 sfloppy - ok
17:27:38.0853 1796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:27:38.0853 1796 SiSRaid2 - ok
17:27:38.0868 1796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
17:27:38.0884 1796 SiSRaid4 - ok
17:27:38.0900 1796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:27:38.0915 1796 Smb - ok
17:27:38.0962 1796 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
17:27:39.0009 1796 smserial - ok
17:27:39.0056 1796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:27:39.0071 1796 spldr - ok
17:27:39.0149 1796 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
17:27:39.0149 1796 srv - ok
17:27:39.0212 1796 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
17:27:39.0212 1796 srv2 - ok
17:27:39.0258 1796 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
17:27:39.0274 1796 srvnet - ok
17:27:39.0305 1796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
17:27:39.0305 1796 stexstor - ok
17:27:39.0336 1796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:27:39.0352 1796 swenum - ok
17:27:39.0477 1796 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
17:27:39.0555 1796 Tcpip - ok
17:27:39.0602 1796 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
17:27:39.0617 1796 TCPIP6 - ok
17:27:39.0648 1796 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
17:27:39.0648 1796 tcpipreg - ok
17:27:39.0680 1796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:27:39.0680 1796 TDPIPE - ok
17:27:39.0695 1796 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
17:27:39.0695 1796 TDTCP - ok
17:27:39.0711 1796 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
17:27:39.0711 1796 tdx - ok
17:27:39.0742 1796 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
17:27:39.0742 1796 TermDD - ok
17:27:39.0789 1796 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
17:27:39.0789 1796 tssecsrv - ok
17:27:39.0820 1796 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
17:27:39.0820 1796 tunnel - ok
17:27:39.0836 1796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
17:27:39.0836 1796 uagp35 - ok
17:27:39.0867 1796 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
17:27:39.0867 1796 udfs - ok
17:27:39.0898 1796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
17:27:39.0898 1796 uliagpkx - ok
17:27:39.0929 1796 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
17:27:39.0929 1796 umbus - ok
17:27:39.0945 1796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
17:27:39.0945 1796 UmPass - ok
17:27:40.0007 1796 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
17:27:40.0007 1796 USBAAPL64 - ok
17:27:40.0054 1796 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
17:27:40.0054 1796 usbccgp - ok
17:27:40.0070 1796 USBCCID - ok
17:27:40.0101 1796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
17:27:40.0101 1796 usbcir - ok
17:27:40.0148 1796 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
17:27:40.0163 1796 usbehci - ok
17:27:40.0194 1796 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
17:27:40.0194 1796 usbhub - ok
17:27:40.0210 1796 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\DRIVERS\usbohci.sys
17:27:40.0210 1796 usbohci - ok
17:27:40.0257 1796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:27:40.0257 1796 usbprint - ok
17:27:40.0272 1796 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
17:27:40.0272 1796 usbscan - ok
17:27:40.0304 1796 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:27:40.0304 1796 USBSTOR - ok
17:27:40.0335 1796 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
17:27:40.0335 1796 usbuhci - ok
17:27:40.0382 1796 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
17:27:40.0397 1796 usbvideo - ok
17:27:40.0444 1796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
17:27:40.0444 1796 vdrvroot - ok
17:27:40.0491 1796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:27:40.0491 1796 vga - ok
17:27:40.0506 1796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:27:40.0522 1796 VgaSave - ok
17:27:40.0538 1796 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
17:27:40.0553 1796 vhdmp - ok
17:27:40.0569 1796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
17:27:40.0569 1796 viaide - ok
17:27:40.0600 1796 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
17:27:40.0600 1796 volmgr - ok
17:27:40.0631 1796 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
17:27:40.0631 1796 volmgrx - ok
17:27:40.0662 1796 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
17:27:40.0662 1796 volsnap - ok
17:27:40.0694 1796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
17:27:40.0709 1796 vsmraid - ok
17:27:40.0725 1796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:27:40.0725 1796 vwifibus - ok
17:27:40.0756 1796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:27:40.0756 1796 vwififlt - ok
17:27:40.0803 1796 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
17:27:40.0803 1796 vwifimp - ok
17:27:40.0834 1796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
17:27:40.0834 1796 WacomPen - ok
17:27:40.0865 1796 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
17:27:40.0881 1796 WANARP - ok
17:27:40.0881 1796 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
17:27:40.0881 1796 Wanarpv6 - ok
17:27:40.0943 1796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
17:27:40.0943 1796 Wd - ok
17:27:40.0974 1796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:27:41.0006 1796 Wdf01000 - ok
17:27:41.0084 1796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:27:41.0084 1796 WfpLwf - ok
17:27:41.0115 1796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:27:41.0115 1796 WIMMount - ok
17:27:41.0208 1796 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
17:27:41.0208 1796 WinUsb - ok
17:27:41.0255 1796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
17:27:41.0255 1796 WmiAcpi - ok
17:27:41.0318 1796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:27:41.0318 1796 ws2ifsl - ok
17:27:41.0380 1796 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
17:27:41.0380 1796 WudfPf - ok
17:27:41.0411 1796 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
17:27:41.0427 1796 WUDFRd - ok
17:27:41.0489 1796 MBR (0x1B8) (a3095e5b8060d0d6b97e87ec1bb50c3c) \Device\Harddisk0\DR0
17:27:41.0505 1796 \Device\Harddisk0\DR0 - ok
17:27:41.0552 1796 Boot (0x1200) (b3da1f6bf52614b83bf0ee25e684c88c) \Device\Harddisk0\DR0\Partition0
17:27:41.0552 1796 \Device\Harddisk0\DR0\Partition0 - ok
17:27:41.0583 1796 Boot (0x1200) (c0aafc418d2db301ed11521430214b13) \Device\Harddisk0\DR0\Partition1
17:27:41.0598 1796 \Device\Harddisk0\DR0\Partition1 - ok
17:27:41.0598 1796 ============================================================
17:27:41.0598 1796 Scan finished
17:27:41.0598 1796 ============================================================
17:27:41.0630 3868 Detected object count: 0
17:27:41.0630 3868 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 07 December 2011 - 07:31 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 07 December 2011 - 07:51 PM

Thank you again, Gringo.

It asked me to download Avast, but since you didnt say to, I did not.

Here is the log.



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 19:49:52
-----------------------------
19:49:52.532 OS Version: Windows x64 6.1.7600
19:49:52.532 Number of processors: 2 586 0x170A
19:49:52.532 ComputerName: MSI-CR500 UserName: Omega
19:49:54.186 Initialize success
19:50:21.767 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
19:50:21.767 Disk 0 Vendor: ST932042 0002 Size: 305245MB BusType: 3
19:50:23.810 Disk 0 MBR read successfully
19:50:23.810 Disk 0 MBR scan
19:50:23.810 Disk 0 unknown MBR code
19:50:23.826 Service scanning
19:50:26.462 Modules scanning
19:50:26.462 Disk 0 trace - called modules:
19:50:26.494 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:50:26.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044aa060]
19:50:26.509 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80040a6230]
19:50:26.509 5 ACPI.sys[fffff88000ecd781] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80040a6450]
19:50:26.509 Scan finished successfully
19:51:05.603 Disk 0 MBR has been saved successfully to "C:\Users\Omega\Desktop\MBR.dat"
19:51:05.603 The log file has been saved successfully to "C:\Users\Omega\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 08 December 2011 - 07:11 AM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 08 December 2011 - 07:39 AM

Thank you, Gringo.

I did what you said and here is the log.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 07:35:09
-----------------------------
07:35:09.165 OS Version: Windows x64 6.1.7600
07:35:09.165 Number of processors: 2 586 0x170A
07:35:09.165 ComputerName: MSI-CR500 UserName: Omega
07:35:11.099 Initialize success
07:35:20.065 Verifying
07:35:30.095 Disk 0 Windows 601 MBR fixed successfully
07:37:07.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
07:37:07.450 Disk 0 Vendor: ST932042 0002 Size: 305245MB BusType: 3
07:37:09.509 Disk 0 MBR read successfully
07:37:09.509 Disk 0 MBR scan
07:37:09.509 Disk 0 Windows 7 default MBR code
07:37:09.525 Service scanning
07:37:14.533 Modules scanning
07:37:14.533 Disk 0 trace - called modules:
07:37:14.564 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
07:37:14.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044aa060]
07:37:14.564 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80040a6230]
07:37:14.579 5 ACPI.sys[fffff88000ecd781] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80040a6450]
07:37:15.094 Scan finished successfully
07:37:30.141 Verifying
07:37:40.187 Disk 0 Windows 601 MBR fixed successfully
07:38:10.514 Disk 0 MBR has been saved successfully to "C:\Users\Omega\Desktop\MBR.dat"
07:38:10.529 The log file has been saved successfully to "C:\Users\Omega\Desktop\aswMBR3.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 08 December 2011 - 09:57 AM

How are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 08 December 2011 - 10:55 AM

The same. I still cannot get into the Action Center to turn on my firewall or to turn Windows Defender on.

#12 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 08 December 2011 - 11:02 AM

I'm attaching a screenshot of my problem. All of the antivirus programs require me to run them as administrator, otherwise they do not run (this wasn't a problem before). Also, I cannot get into the firewall or windows defender.


WINDOWS 7 COMPATABILIT randomly appeared the day that my computer got the virus. It will not go away and it is not in programs and features...

Attached Files


Edited by meantforsea, 08 December 2011 - 11:03 AM.


#13 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 10 December 2011 - 08:25 PM

48 hours. bump.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 14 December 2011 - 01:29 AM

Hello


I want to check something


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 meantforsea

meantforsea
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 14 December 2011 - 07:59 AM

Thank you. There was no option to Include All Files. Just Scan, Search, and Export. Nevertheless, this is the log:



Farbar Service Scanner
Ran by Omega (administrator) on 14-12-2011 at 07:54:54
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
********************************************************

Service Check:
==============

File Check:
===========
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users