Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detects root kit in DFSC.sys


  • This topic is locked This topic is locked
32 replies to this topic

#1 mcc-tech

mcc-tech

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 14 January 2012 - 11:37 PM

see this post : http://www.bleepingcomputer.com/forums/topic438147.html

dds log to follow :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Front_Desk at 21:12:50 on 2012-01-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3292.1771 [GMT -6:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
c:\program files\real\realplayer\update\realsched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort10reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\10\config\ereg\Ereg.ini
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [ScanSoft OmniPage SE 4-reminder] "c:\program files\scansoft\omnipagese4\ereg\ereg.exe" -r "c:\programdata\scansoft\omnipagese4.0\ereg\Ereg.ini
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{572AEC7F-719D-4BB7-BE40-FD0CFC09F8E8} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\front_desk\appdata\roaming\mozilla\firefox\profiles\wr49rx6o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-12-16 273448]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-9-4 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-24 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-13 15:59:51 -------- d-----w- c:\program files\Citrix
2012-01-13 15:59:38 -------- d-----w- c:\users\front_desk\appdata\local\Citrix
2012-01-13 15:59:36 110456 ----a-w- c:\users\front_desk\g2ax_customer_downloadhelper_win32_x86.exe
2012-01-12 13:14:06 -------- d-----w- c:\users\front_desk\appdata\local\Real
2012-01-12 13:14:00 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-01-12 13:13:48 -------- d-----w- c:\program files\common files\xing shared
2012-01-12 13:13:42 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-01-12 13:13:38 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2012-01-11 22:48:43 -------- d-----w- c:\users\front_desk\DoctorWeb
2012-01-11 13:15:39 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:15:38 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:15:37 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:15:37 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-09 13:19:56 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-09 13:19:56 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-09 13:19:56 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-09 13:19:56 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2012-01-12 13:13:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-12 13:13:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-12 22:55:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:42:38 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42:37 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 21:13:16.01 ===============


Attached File  Attach.txt   8.64KB   1 downloads

I tried running gmer a couple of times but it just wouldn't finish.... seemed to hang often.... I let it go for 8 hours and still didn't seem to get anywhere. Like I said this is not my computer I won't have access to it again till probably the 18th or so.... thanks for all assistance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:05 AM

Posted 18 January 2012 - 11:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mcc-tech

mcc-tech
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 18 January 2012 - 06:53 PM

Combofix continues to tell me that avg is still running. I followed the instructions to turn it off for 15 minutes but it still tells me its on and active... do I continue with combofix?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:05 AM

Posted 19 January 2012 - 12:51 AM

yes continue with combofix anyway


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mcc-tech

mcc-tech
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 January 2012 - 04:08 PM

Ok I appologize for how long this is taking as I have limited access to said computer as it is a friends... i should be at her location around 5:30pm my time which would be in a little less than 2 and a half hours... thanks again for your help.\

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:05 AM

Posted 19 January 2012 - 05:46 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mcc-tech

mcc-tech
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 January 2012 - 07:45 PM

Well it's been running now for about 30-40 minutes and so far the only thing besides the blue command prompt type windows was a popup from windows that said the following : "Freeware Implementation of XCACLS has stopped working" the description says : A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. there is a "Close Program" button. I can't tell if combofix is still running or not

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:05 AM

Posted 19 January 2012 - 07:59 PM

Hello

Go ahead and stop it and I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mcc-tech

mcc-tech
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 January 2012 - 08:05 PM

is it ok to run these from a thumb drive? When I went to run combofix today it said it had expired and when I tried to redownload it I got redirected and couldn't go to bleeping computer so I downloaded to a thumb with my laptop ( this machine I'm on now ) should I move to desktop or can I just run from a thumb?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:05 AM

Posted 19 January 2012 - 08:15 PM

Hello

It would be best to move to the desktop (but it will run from the jumpdrive if it is needed to)


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mcc-tech

mcc-tech
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 January 2012 - 08:23 PM

Ok well just so you know I did run combofix from the thumb but I did move tdsskiller to the desktop when I ran it. it said no threats found but here is the log anyway.

19:10:59.0302 10928 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
19:10:59.0318 10928 ============================================================
19:10:59.0318 10928 Current date / time: 2012/01/19 19:10:59.0318
19:10:59.0318 10928 SystemInfo:
19:10:59.0318 10928
19:10:59.0318 10928 OS Version: 6.1.7600 ServicePack: 0.0
19:10:59.0318 10928 Product type: Workstation
19:10:59.0318 10928 ComputerName: FRONT_DESK-PC
19:10:59.0318 10928 UserName: Front_Desk
19:10:59.0318 10928 Windows directory: C:\Windows
19:10:59.0318 10928 System windows directory: C:\Windows
19:10:59.0318 10928 Processor architecture: Intel x86
19:10:59.0318 10928 Number of processors: 2
19:10:59.0318 10928 Page size: 0x1000
19:10:59.0318 10928 Boot type: Normal boot
19:10:59.0318 10928 ============================================================
19:11:00.0613 10928 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:11:00.0628 10928 Drive \Device\Harddisk2\DR7 - Size: 0x78800000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:11:00.0628 10928 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:11:01.0018 10928 Initialize success
19:11:04.0138 11144 ============================================================
19:11:04.0138 11144 Scan started
19:11:04.0138 11144 Mode: Manual;
19:11:04.0138 11144 ============================================================
19:11:04.0778 11144 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
19:11:04.0794 11144 1394ohci - ok
19:11:04.0825 11144 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:11:04.0840 11144 ACPI - ok
19:11:04.0872 11144 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:11:04.0872 11144 AcpiPmi - ok
19:11:04.0918 11144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:11:04.0934 11144 adp94xx - ok
19:11:04.0950 11144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:11:04.0965 11144 adpahci - ok
19:11:04.0981 11144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:11:04.0981 11144 adpu320 - ok
19:11:05.0028 11144 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
19:11:05.0043 11144 AFD - ok
19:11:05.0059 11144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:11:05.0074 11144 agp440 - ok
19:11:05.0090 11144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:11:05.0106 11144 aic78xx - ok
19:11:05.0137 11144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:11:05.0152 11144 aliide - ok
19:11:05.0152 11144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:11:05.0168 11144 amdagp - ok
19:11:05.0184 11144 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:11:05.0199 11144 amdide - ok
19:11:05.0230 11144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:11:05.0230 11144 AmdK8 - ok
19:11:05.0246 11144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:11:05.0262 11144 AmdPPM - ok
19:11:05.0308 11144 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
19:11:05.0324 11144 amdsata - ok
19:11:05.0340 11144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:11:05.0355 11144 amdsbs - ok
19:11:05.0371 11144 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
19:11:05.0371 11144 amdxata - ok
19:11:05.0386 11144 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:11:05.0402 11144 AppID - ok
19:11:05.0418 11144 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:11:05.0433 11144 arc - ok
19:11:05.0464 11144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:11:05.0464 11144 arcsas - ok
19:11:05.0511 11144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:11:05.0527 11144 AsyncMac - ok
19:11:05.0558 11144 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:11:05.0558 11144 atapi - ok
19:11:05.0605 11144 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
19:11:05.0636 11144 Avgfwfd - ok
19:11:05.0667 11144 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:11:05.0667 11144 AVGIDSDriver - ok
19:11:05.0683 11144 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:11:05.0683 11144 AVGIDSEH - ok
19:11:05.0714 11144 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:11:05.0714 11144 AVGIDSFilter - ok
19:11:05.0730 11144 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:11:05.0745 11144 AVGIDSShim - ok
19:11:05.0761 11144 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
19:11:05.0776 11144 Avgldx86 - ok
19:11:05.0823 11144 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:11:05.0823 11144 Avgmfx86 - ok
19:11:05.0839 11144 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:11:05.0839 11144 Avgrkx86 - ok
19:11:05.0854 11144 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
19:11:05.0870 11144 Avgtdix - ok
19:11:05.0932 11144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:11:05.0948 11144 b06bdrv - ok
19:11:05.0995 11144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:11:06.0010 11144 b57nd60x - ok
19:11:06.0042 11144 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:11:06.0042 11144 Beep - ok
19:11:06.0057 11144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:11:06.0057 11144 blbdrive - ok
19:11:06.0104 11144 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
19:11:06.0135 11144 Blfp - ok
19:11:06.0182 11144 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
19:11:06.0182 11144 bowser - ok
19:11:06.0198 11144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:11:06.0198 11144 BrFiltLo - ok
19:11:06.0213 11144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:11:06.0213 11144 BrFiltUp - ok
19:11:06.0244 11144 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:11:06.0260 11144 BridgeMP - ok
19:11:06.0276 11144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:11:06.0291 11144 Brserid - ok
19:11:06.0307 11144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:11:06.0322 11144 BrSerWdm - ok
19:11:06.0338 11144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:11:06.0354 11144 BrUsbMdm - ok
19:11:06.0400 11144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:11:06.0416 11144 BrUsbSer - ok
19:11:06.0432 11144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:11:06.0432 11144 BTHMODEM - ok
19:11:06.0494 11144 catchme - ok
19:11:06.0525 11144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:11:06.0541 11144 cdfs - ok
19:11:06.0572 11144 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:11:06.0588 11144 cdrom - ok
19:11:06.0619 11144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:11:06.0619 11144 circlass - ok
19:11:06.0650 11144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:11:06.0650 11144 CLFS - ok
19:11:06.0697 11144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:11:06.0697 11144 CmBatt - ok
19:11:06.0712 11144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:11:06.0712 11144 cmdide - ok
19:11:06.0744 11144 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:11:06.0744 11144 CNG - ok
19:11:06.0775 11144 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:11:06.0775 11144 Compbatt - ok
19:11:06.0790 11144 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:11:06.0806 11144 CompositeBus - ok
19:11:06.0822 11144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:11:06.0837 11144 crcdisk - ok
19:11:06.0868 11144 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
19:11:06.0868 11144 CSC - ok
19:11:06.0915 11144 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
19:11:06.0915 11144 dc3d - ok
19:11:06.0962 11144 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:11:06.0962 11144 discache - ok
19:11:06.0978 11144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:11:07.0009 11144 Disk - ok
19:11:07.0040 11144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:11:07.0040 11144 drmkaud - ok
19:11:07.0087 11144 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
19:11:07.0102 11144 DXGKrnl - ok
19:11:07.0165 11144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:11:07.0212 11144 ebdrv - ok
19:11:07.0243 11144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:11:07.0258 11144 elxstor - ok
19:11:07.0274 11144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:11:07.0274 11144 ErrDev - ok
19:11:07.0305 11144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:11:07.0321 11144 exfat - ok
19:11:07.0336 11144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:11:07.0336 11144 fastfat - ok
19:11:07.0368 11144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:11:07.0383 11144 fdc - ok
19:11:07.0399 11144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:11:07.0399 11144 FileInfo - ok
19:11:07.0430 11144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:11:07.0430 11144 Filetrace - ok
19:11:07.0461 11144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:07.0461 11144 flpydisk - ok
19:11:07.0477 11144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:11:07.0492 11144 FltMgr - ok
19:11:07.0508 11144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:11:07.0508 11144 FsDepends - ok
19:11:07.0524 11144 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:11:07.0524 11144 Fs_Rec - ok
19:11:07.0570 11144 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
19:11:07.0570 11144 fvevol - ok
19:11:07.0602 11144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:11:07.0602 11144 gagp30kx - ok
19:11:07.0664 11144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:11:07.0680 11144 hcw85cir - ok
19:11:07.0695 11144 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:11:07.0695 11144 HDAudBus - ok
19:11:07.0726 11144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:11:07.0726 11144 HidBatt - ok
19:11:07.0742 11144 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:11:07.0758 11144 HidBth - ok
19:11:07.0773 11144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:11:07.0773 11144 HidIr - ok
19:11:07.0804 11144 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:11:07.0804 11144 HidUsb - ok
19:11:07.0836 11144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:11:07.0867 11144 HpSAMD - ok
19:11:07.0898 11144 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:11:07.0898 11144 HTTP - ok
19:11:07.0914 11144 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:11:07.0914 11144 hwpolicy - ok
19:11:07.0929 11144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:11:07.0945 11144 i8042prt - ok
19:11:07.0976 11144 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
19:11:08.0007 11144 iaStorV - ok
19:11:08.0194 11144 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:11:08.0288 11144 igfx - ok
19:11:08.0382 11144 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:11:08.0397 11144 iirsp - ok
19:11:08.0491 11144 IntcAzAudAddService (2d8d9516281e27a721897a388f17defb) C:\Windows\system32\drivers\RTDVHDA.sys
19:11:08.0538 11144 IntcAzAudAddService - ok
19:11:08.0553 11144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:11:08.0553 11144 intelide - ok
19:11:08.0569 11144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:11:08.0569 11144 intelppm - ok
19:11:08.0600 11144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:11:08.0600 11144 IpFilterDriver - ok
19:11:08.0616 11144 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:11:08.0631 11144 IPMIDRV - ok
19:11:08.0647 11144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:11:08.0647 11144 IPNAT - ok
19:11:08.0678 11144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:11:08.0678 11144 IRENUM - ok
19:11:08.0694 11144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:11:08.0709 11144 isapnp - ok
19:11:08.0740 11144 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:11:08.0756 11144 iScsiPrt - ok
19:11:08.0772 11144 k57nd60x (62632763d9b2b7f92d2968d40406e7aa) C:\Windows\system32\DRIVERS\k57nd60x.sys
19:11:08.0772 11144 k57nd60x - ok
19:11:08.0803 11144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:11:08.0818 11144 kbdclass - ok
19:11:08.0818 11144 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:11:08.0818 11144 kbdhid - ok
19:11:08.0834 11144 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
19:11:08.0834 11144 KSecDD - ok
19:11:08.0865 11144 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
19:11:08.0865 11144 KSecPkg - ok
19:11:08.0896 11144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:11:08.0896 11144 lltdio - ok
19:11:08.0943 11144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:11:08.0943 11144 LSI_FC - ok
19:11:08.0959 11144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:11:08.0974 11144 LSI_SAS - ok
19:11:08.0990 11144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:11:08.0990 11144 LSI_SAS2 - ok
19:11:09.0006 11144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:11:09.0021 11144 LSI_SCSI - ok
19:11:09.0021 11144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:11:09.0037 11144 luafv - ok
19:11:09.0052 11144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:11:09.0068 11144 megasas - ok
19:11:09.0084 11144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:11:09.0099 11144 MegaSR - ok
19:11:09.0115 11144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:11:09.0130 11144 Modem - ok
19:11:09.0162 11144 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:11:09.0162 11144 monitor - ok
19:11:09.0193 11144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:11:09.0208 11144 mouclass - ok
19:11:09.0224 11144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:11:09.0224 11144 mouhid - ok
19:11:09.0240 11144 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:11:09.0255 11144 mountmgr - ok
19:11:09.0333 11144 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:11:09.0333 11144 mpio - ok
19:11:09.0411 11144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:11:09.0411 11144 mpsdrv - ok
19:11:09.0442 11144 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:11:09.0458 11144 MRxDAV - ok
19:11:09.0505 11144 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:11:09.0505 11144 mrxsmb - ok
19:11:09.0552 11144 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:11:09.0552 11144 mrxsmb10 - ok
19:11:09.0567 11144 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:11:09.0567 11144 mrxsmb20 - ok
19:11:09.0583 11144 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
19:11:09.0598 11144 msahci - ok
19:11:09.0614 11144 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:11:09.0630 11144 msdsm - ok
19:11:09.0661 11144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:11:09.0661 11144 Msfs - ok
19:11:09.0661 11144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:11:09.0661 11144 mshidkmdf - ok
19:11:09.0676 11144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:11:09.0676 11144 msisadrv - ok
19:11:09.0708 11144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:11:09.0723 11144 MSKSSRV - ok
19:11:09.0739 11144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:11:09.0739 11144 MSPCLOCK - ok
19:11:09.0754 11144 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:11:09.0754 11144 MSPQM - ok
19:11:09.0770 11144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:11:09.0786 11144 MsRPC - ok
19:11:09.0801 11144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:11:09.0801 11144 mssmbios - ok
19:11:09.0817 11144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:11:09.0817 11144 MSTEE - ok
19:11:09.0832 11144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:11:09.0832 11144 MTConfig - ok
19:11:09.0848 11144 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:11:09.0864 11144 Mup - ok
19:11:09.0895 11144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:11:09.0895 11144 NativeWifiP - ok
19:11:09.0926 11144 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:11:09.0926 11144 NDIS - ok
19:11:09.0942 11144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:11:09.0957 11144 NdisCap - ok
19:11:09.0988 11144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:11:10.0004 11144 NdisTapi - ok
19:11:10.0020 11144 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:11:10.0035 11144 Ndisuio - ok
19:11:10.0035 11144 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:11:10.0051 11144 NdisWan - ok
19:11:10.0066 11144 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:11:10.0066 11144 NDProxy - ok
19:11:10.0082 11144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:11:10.0082 11144 NetBIOS - ok
19:11:10.0098 11144 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:11:10.0098 11144 NetBT - ok
19:11:10.0144 11144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:11:10.0144 11144 nfrd960 - ok
19:11:10.0176 11144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:11:10.0176 11144 Npfs - ok
19:11:10.0191 11144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:11:10.0191 11144 nsiproxy - ok
19:11:10.0269 11144 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
19:11:10.0285 11144 Ntfs - ok
19:11:10.0316 11144 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:11:10.0347 11144 NuidFltr - ok
19:11:10.0347 11144 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:11:10.0363 11144 Null - ok
19:11:10.0394 11144 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
19:11:10.0410 11144 nvraid - ok
19:11:10.0425 11144 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
19:11:10.0441 11144 nvstor - ok
19:11:10.0456 11144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:11:10.0472 11144 nv_agp - ok
19:11:10.0503 11144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:11:10.0503 11144 ohci1394 - ok
19:11:10.0550 11144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:11:10.0550 11144 Parport - ok
19:11:10.0566 11144 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:11:10.0566 11144 partmgr - ok
19:11:10.0581 11144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:11:10.0581 11144 Parvdm - ok
19:11:10.0628 11144 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
19:11:10.0628 11144 PBADRV - ok
19:11:10.0644 11144 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:11:10.0644 11144 pci - ok
19:11:10.0659 11144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:11:10.0675 11144 pciide - ok
19:11:10.0706 11144 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:11:10.0722 11144 pcmcia - ok
19:11:10.0737 11144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:11:10.0737 11144 pcw - ok
19:11:10.0768 11144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:11:10.0768 11144 PEAUTH - ok
19:11:10.0831 11144 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
19:11:10.0846 11144 Point32 - ok
19:11:10.0878 11144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:11:10.0893 11144 PptpMiniport - ok
19:11:10.0909 11144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:11:10.0924 11144 Processor - ok
19:11:10.0956 11144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:11:10.0956 11144 Psched - ok
19:11:10.0987 11144 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
19:11:10.0987 11144 PxHelp20 - ok
19:11:11.0018 11144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:11:11.0049 11144 ql2300 - ok
19:11:11.0049 11144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:11:11.0065 11144 ql40xx - ok
19:11:11.0096 11144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:11:11.0096 11144 QWAVEdrv - ok
19:11:11.0112 11144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:11:11.0112 11144 RasAcd - ok
19:11:11.0143 11144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:11:11.0143 11144 RasAgileVpn - ok
19:11:11.0174 11144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:11:11.0174 11144 Rasl2tp - ok
19:11:11.0205 11144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:11:11.0205 11144 RasPppoe - ok
19:11:11.0221 11144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:11:11.0236 11144 RasSstp - ok
19:11:11.0252 11144 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:11:11.0252 11144 rdbss - ok
19:11:11.0268 11144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:11:11.0268 11144 rdpbus - ok
19:11:11.0283 11144 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:11:11.0299 11144 RDPCDD - ok
19:11:11.0314 11144 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
19:11:11.0330 11144 RDPDR - ok
19:11:11.0361 11144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:11:11.0361 11144 RDPENCDD - ok
19:11:11.0377 11144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:11:11.0377 11144 RDPREFMP - ok
19:11:11.0392 11144 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:11:11.0408 11144 RDPWD - ok
19:11:11.0439 11144 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:11:11.0455 11144 rdyboost - ok
19:11:11.0486 11144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:11:11.0486 11144 rspndr - ok
19:11:11.0517 11144 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
19:11:11.0533 11144 s3cap - ok
19:11:11.0564 11144 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:11:11.0564 11144 sbp2port - ok
19:11:11.0580 11144 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:11:11.0580 11144 scfilter - ok
19:11:11.0595 11144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:11:11.0611 11144 secdrv - ok
19:11:11.0626 11144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:11:11.0642 11144 Serenum - ok
19:11:11.0658 11144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:11:11.0673 11144 Serial - ok
19:11:11.0673 11144 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:11:11.0689 11144 sermouse - ok
19:11:11.0704 11144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:11:11.0720 11144 sffdisk - ok
19:11:11.0907 11144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:11:11.0923 11144 sffp_mmc - ok
19:11:11.0938 11144 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:11:11.0954 11144 sffp_sd - ok
19:11:11.0970 11144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:11:11.0970 11144 sfloppy - ok
19:11:12.0001 11144 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:11:12.0001 11144 Sftfs - ok
19:11:12.0016 11144 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:11:12.0032 11144 Sftplay - ok
19:11:12.0048 11144 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:11:12.0048 11144 Sftredir - ok
19:11:12.0063 11144 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:11:12.0063 11144 Sftvol - ok
19:11:12.0094 11144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:11:12.0094 11144 sisagp - ok
19:11:12.0141 11144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:11:12.0141 11144 SiSRaid2 - ok
19:11:12.0172 11144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:11:12.0172 11144 SiSRaid4 - ok
19:11:12.0204 11144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:11:12.0219 11144 Smb - ok
19:11:12.0235 11144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:11:12.0235 11144 spldr - ok
19:11:12.0282 11144 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
19:11:12.0297 11144 srv - ok
19:11:12.0313 11144 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
19:11:12.0313 11144 srv2 - ok
19:11:12.0328 11144 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
19:11:12.0328 11144 srvnet - ok
19:11:12.0391 11144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:11:12.0406 11144 stexstor - ok
19:11:12.0453 11144 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
19:11:12.0453 11144 storflt - ok
19:11:12.0469 11144 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
19:11:12.0469 11144 storvsc - ok
19:11:12.0484 11144 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:11:12.0500 11144 swenum - ok
19:11:12.0562 11144 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
19:11:12.0578 11144 Tcpip - ok
19:11:12.0609 11144 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
19:11:12.0609 11144 TCPIP6 - ok
19:11:12.0640 11144 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:11:12.0640 11144 tcpipreg - ok
19:11:12.0656 11144 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:11:12.0672 11144 TDPIPE - ok
19:11:12.0687 11144 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:11:12.0687 11144 TDTCP - ok
19:11:12.0703 11144 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:11:12.0718 11144 tdx - ok
19:11:12.0718 11144 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:11:12.0734 11144 TermDD - ok
19:11:12.0765 11144 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:11:12.0765 11144 tssecsrv - ok
19:11:12.0796 11144 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:11:12.0812 11144 tunnel - ok
19:11:12.0828 11144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:11:12.0843 11144 uagp35 - ok
19:11:12.0859 11144 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
19:11:12.0874 11144 udfs - ok
19:11:12.0906 11144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:11:12.0921 11144 uliagpkx - ok
19:11:12.0937 11144 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:11:12.0952 11144 umbus - ok
19:11:12.0968 11144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:11:12.0968 11144 UmPass - ok
19:11:13.0030 11144 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
19:11:13.0030 11144 usbccgp - ok
19:11:13.0046 11144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:11:13.0062 11144 usbcir - ok
19:11:13.0077 11144 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys
19:11:13.0093 11144 usbehci - ok
19:11:13.0108 11144 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
19:11:13.0124 11144 usbhub - ok
19:11:13.0140 11144 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
19:11:13.0155 11144 usbohci - ok
19:11:13.0155 11144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:11:13.0171 11144 usbprint - ok
19:11:13.0202 11144 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:11:13.0202 11144 USBSTOR - ok
19:11:13.0233 11144 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:11:13.0233 11144 usbuhci - ok
19:11:13.0264 11144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:11:13.0264 11144 vdrvroot - ok
19:11:13.0280 11144 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:11:13.0280 11144 vga - ok
19:11:13.0296 11144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:11:13.0296 11144 VgaSave - ok
19:11:13.0327 11144 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:11:13.0327 11144 vhdmp - ok
19:11:13.0342 11144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:11:13.0358 11144 viaagp - ok
19:11:13.0374 11144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:11:13.0374 11144 ViaC7 - ok
19:11:13.0405 11144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:11:13.0420 11144 viaide - ok
19:11:13.0452 11144 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
19:11:13.0467 11144 vmbus - ok
19:11:13.0498 11144 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
19:11:13.0498 11144 VMBusHID - ok
19:11:13.0514 11144 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:11:13.0514 11144 volmgr - ok
19:11:13.0545 11144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:11:13.0545 11144 volmgrx - ok
19:11:13.0576 11144 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:11:13.0592 11144 volsnap - ok
19:11:13.0623 11144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:11:13.0623 11144 vsmraid - ok
19:11:13.0654 11144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:11:13.0654 11144 vwifibus - ok
19:11:13.0686 11144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:11:13.0686 11144 WacomPen - ok
19:11:13.0717 11144 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:13.0717 11144 WANARP - ok
19:11:13.0717 11144 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:13.0717 11144 Wanarpv6 - ok
19:11:13.0764 11144 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys
19:11:13.0764 11144 WavxDMgr - ok
19:11:13.0795 11144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:11:13.0810 11144 Wd - ok
19:11:13.0873 11144 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
19:11:13.0873 11144 WDC_SAM - ok
19:11:13.0904 11144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:11:13.0904 11144 Wdf01000 - ok
19:11:13.0951 11144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:11:13.0951 11144 WfpLwf - ok
19:11:13.0966 11144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:11:13.0982 11144 WIMMount - ok
19:11:14.0044 11144 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
19:11:14.0044 11144 WinUsb - ok
19:11:14.0247 11144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:11:14.0247 11144 WmiAcpi - ok
19:11:14.0263 11144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:11:14.0278 11144 ws2ifsl - ok
19:11:14.0310 11144 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
19:11:14.0310 11144 WudfPf - ok
19:11:14.0388 11144 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:11:14.0388 11144 WUDFRd - ok
19:11:14.0403 11144 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:11:14.0466 11144 \Device\Harddisk0\DR0 - ok
19:11:14.0466 11144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR7
19:11:18.0022 11144 \Device\Harddisk2\DR7 - ok
19:11:18.0022 11144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
19:11:18.0022 11144 \Device\Harddisk3\DR3 - ok
19:11:18.0022 11144 Boot (0x1200) (6a3a83637b506750f170d78f9dcc9849) \Device\Harddisk0\DR0\Partition0
19:11:18.0022 11144 \Device\Harddisk0\DR0\Partition0 - ok
19:11:18.0069 11144 Boot (0x1200) (b208374801b27a89c9e48aeefc96cf5d) \Device\Harddisk0\DR0\Partition1
19:11:18.0069 11144 \Device\Harddisk0\DR0\Partition1 - ok
19:11:18.0069 11144 Boot (0x1200) (fdc3caf89ed9ee2120747a990ccbc030) \Device\Harddisk2\DR7\Partition0
19:11:18.0069 11144 \Device\Harddisk2\DR7\Partition0 - ok
19:11:18.0069 11144 Boot (0x1200) (266fef5866865f2ad07f8f8650d59692) \Device\Harddisk3\DR3\Partition0
19:11:18.0069 11144 \Device\Harddisk3\DR3\Partition0 - ok
19:11:18.0069 11144 ============================================================
19:11:18.0069 11144 Scan finished
19:11:18.0069 11144 ============================================================
19:11:18.0085 11972 Detected object count: 0
19:11:18.0085 11972 Actual detected object count: 0


I had to use the txt file it created as it would let me select the stuff in the report but I was unable to actually copy it. Again I'm sending this from my laptop.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:05 AM

Posted 19 January 2012 - 08:32 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mcc-tech

mcc-tech
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 January 2012 - 08:42 PM

it's asking to download the avast free antivirus for scanning? do I let it?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:05 AM

Posted 19 January 2012 - 08:53 PM

yes allow it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mcc-tech

mcc-tech
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 January 2012 - 08:55 PM

well wasn't sure if I was suppose to but I downloaded avast to help that last scan ( it recommmended it ) and here is the log of the scan

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 19:41:23
-----------------------------
19:41:23.526 OS Version: Windows 6.1.7600
19:41:23.526 Number of processors: 2 586 0x170A
19:41:23.526 ComputerName: FRONT_DESK-PC UserName: Front_Desk
19:41:24.197 Initialize success
19:51:58.043 AVAST engine download error: 0
19:52:13.004 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:52:13.004 Disk 0 Vendor: SAMSUNG_HD253GJ 1AJ10001 Size: 238418MB BusType: 3
19:52:13.019 Disk 0 MBR read successfully
19:52:13.019 Disk 0 MBR scan
19:52:13.035 Disk 0 Windows VISTA default MBR code
19:52:13.035 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:52:13.050 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12042 MB offset 81920
19:52:13.066 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226335 MB offset 24743936
19:52:13.066 Disk 0 scanning sectors +488278016
19:52:13.144 Disk 0 scanning C:\Windows\system32\drivers
19:52:18.854 Service scanning
19:52:19.946 Modules scanning
19:52:39.383 Disk 0 trace - called modules:
19:52:39.524 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys
19:52:39.524 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f5030]
19:52:39.539 3 CLASSPNP.SYS[8bf8459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86243030]
19:52:39.539 Scan finished successfully
19:53:02.846 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
19:53:03.064 The log file has been saved successfully to "H:\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users