Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 (64 Bit) Browser Hijack, Possible Gen-PEC


  • This topic is locked This topic is locked
17 replies to this topic

#1 casimar

casimar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 24 January 2012 - 08:40 PM

Info: Dell Studio, Windows Professional (64 bit),
Windows Defender, Avast, and Spybot S&D.

I am getting symptoms of a browser-redirect, either when I try to research the problem or just occasionally when no browser is even running:

-SAS occasionally detects and removes a Trojan Gen-PEC, as well as 70-100 Adware Cookies. The cookies always return by next reboot & scan, and the Trojan seems to be detectable every second or third reboot/scan.
-MalwareBytes, Spybot and a few others found nothing
-Avast found nothing in a scan, but occasionally reported "malicious url has been blocked", even when no browser was running!

Most of the other tools I have tried don't seem to work in 64-bit, nor can I get TDSKiller or RKILL to run. (Nothing at all happens--whatever is wrong seems to be blocking them.) I also see browser redirect if I try to go to a security site, or anywhere that might help (like this site...)

DDS is attached; I didn't try GMER since I am 64-bit. Any help would be greatly appreciated. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by casimar at 19:06:02 on 2012-01-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4682 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A7AD5801-E822-4CFE-84DF-581DB3BB8EC9} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\casimar\AppData\Roaming\Mozilla\Firefox\Profiles\vo4xp55m.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\dddskx64.sys --> C:\Windows\system32\drivers\dddskx64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-23 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-5 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-5 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 Usb5200;This service handles communication with the USB Device;C:\Windows\system32\Drivers\usb5200.sys --> C:\Windows\system32\Drivers\usb5200.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
.
=============== Created Last 30 ================
.
2012-01-25 01:03:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-24 18:43:46 98816 ----a-w- C:\Windows\sed.exe
2012-01-24 18:43:46 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-24 18:43:46 256000 ----a-w- C:\Windows\PEV.exe
2012-01-24 18:43:46 208896 ----a-w- C:\Windows\MBR.exe
2012-01-24 18:42:42 -------- d-----w- C:\ComboFix
2012-01-23 19:09:40 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-01-23 19:09:40 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-01-23 19:09:40 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-01-23 19:09:29 -------- d-----w- C:\Program Files\iPod
2012-01-23 19:09:28 -------- d-----w- C:\Program Files\iTunes
2012-01-23 19:09:28 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-23 02:35:56 -------- d-----w- C:\_lifeboat
2012-01-23 02:29:54 -------- d-----w- C:\ProgramData\SUPERSetup
2012-01-22 15:12:07 -------- d-----w- C:\Users\casimar\AppData\Roaming\SUPERAntiSpyware.com
2012-01-22 15:11:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-22 15:11:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-22 14:36:28 -------- d-----w- C:\Users\casimar\AppData\Local\Google
2012-01-22 14:35:59 -------- d-----w- C:\Program Files\AVAST Software
2012-01-22 06:58:51 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2012-01-22 03:55:36 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-22 03:08:28 -------- d-----w- C:\Users\casimar\AppData\Local\Mozilla
2012-01-22 03:08:19 -------- d-----w- C:\Users\casimar\AppData\Local\Mozilla Firefox
2012-01-21 00:50:36 -------- d-----w- C:\Users\casimar\AppData\Roaming\Mp3tag
2012-01-20 14:05:56 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2281C6FF-3FD7-49E4-9BE5-CA4CC35F3916}\mpengine.dll
2012-01-20 13:59:26 8602168 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-01-18 05:33:13 -------- d-----w- C:\Users\casimar\AppData\Roaming\Malwarebytes
2012-01-18 05:33:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-18 05:33:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-12 01:56:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 01:56:24 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 01:56:24 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 01:56:23 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 01:56:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 01:56:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 01:56:21 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 01:56:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-02 23:03:38 -------- d-----w- C:\Program Files\Defraggler
.
==================== Find3M ====================
.
2012-01-06 13:41:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:13:41.27 ===============

Edited by casimar, 24 January 2012 - 08:49 PM.


BC AdBot (Login to Remove)

 


#2 casimar

casimar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 25 January 2012 - 09:42 PM

When rkill does work (occasionally, in safe mode) it deactivates c:\windows\syswow64\rundlll.exe which of course is not a file I can delete, even with Administrator Permission because it is owned by TrustedInstaller.

I've been reading up, tdss seems to be what's happening to me, but unfortunately the tdsskiller does not run, under any filename.

I tried the solution at this site, but only got as far as tdskiller not seeming to launch:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskille

Edited by casimar, 25 January 2012 - 11:49 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 26 January 2012 - 07:54 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 casimar

casimar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 26 January 2012 - 07:20 PM

Thank you for your help! Here is the info from the scan:

ComboFix 12-01-26.01 - casimar 01/26/2012 13:02:04.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4786 [GMT -6:00]
Running from: c:\users\casimar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 19:30 . 2012-01-26 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 05:57 . 2012-01-26 05:57 -------- d-----w- c:\program files\AVAST Software
2012-01-26 04:04 . 2012-01-26 04:04 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-26 02:33 . 2012-01-26 02:33 35712 ----a-w- c:\windows\SysWow64\drivers\RKUn.sys
2012-01-25 06:55 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{180288CA-78F5-4488-96CD-25FA6EBB0BA6}\mpengine.dll
2012-01-24 06:49 . 2012-01-24 06:49 -------- d-----w- c:\users\beagle
2012-01-24 05:38 . 2012-01-25 05:06 -------- d-----w- c:\users\turtle
2012-01-23 19:09 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-23 19:09 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-01-23 19:09 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-01-23 02:35 . 2012-01-23 02:36 -------- d-----w- C:\_lifeboat
2012-01-22 14:36 . 2012-01-22 14:56 -------- d-----w- c:\users\casimar\AppData\Local\Google
2012-01-22 06:58 . 2012-01-22 13:35 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-22 03:08 . 2012-01-22 03:08 -------- d-----w- c:\users\casimar\AppData\Local\Mozilla
2012-01-22 03:08 . 2012-01-22 03:55 -------- d-----w- c:\users\casimar\AppData\Local\Mozilla Firefox
2012-01-21 00:50 . 2012-01-21 00:52 -------- d-----w- c:\users\casimar\AppData\Roaming\Mp3tag
2012-01-18 05:33 . 2012-01-18 05:33 -------- d-----w- c:\users\casimar\AppData\Roaming\Malwarebytes
2012-01-18 05:33 . 2012-01-18 05:33 -------- d-----w- c:\programdata\Malwarebytes
2012-01-18 05:33 . 2012-01-26 02:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-12 01:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 01:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 01:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 01:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 01:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 01:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 01:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 01:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 04:56 . 2011-02-25 02:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-28 18:01 . 2011-02-23 04:54 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 04:52 . 2011-12-14 20:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 20:29 . 2011-02-23 04:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 20:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 09:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 09:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 09:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 09:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 09:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 09:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_18.30.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-01-26 18:54 31072 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-23 04:11 . 2012-01-26 18:54 9440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-244664084-4116943101-1205205197-1000_UserData.bin
- 2011-02-23 04:11 . 2012-01-26 14:14 9440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-244664084-4116943101-1205205197-1000_UserData.bin
- 2012-01-26 14:57 . 2012-01-26 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-26 19:32 . 2012-01-26 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-26 19:32 . 2012-01-26 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-26 14:57 . 2012-01-26 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-01-26 19:31 342288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-26 14:56 342288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 BlackBox;BlackBox SR2; [x]
R0 RKUn;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Usb5200;This service handles communication with the USB Device;c:\windows\system32\Drivers\usb5200.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddskx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\casimar\AppData\Roaming\Mozilla\Firefox\Profiles\vo4xp55m.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\0c\02 \0c?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-26 17:48:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-26 23:48
ComboFix2.txt 2012-01-26 18:46
ComboFix3.txt 2012-01-24 23:51
.
Pre-Run: 499,351,523,328 bytes free
Post-Run: 499,055,202,304 bytes free
.
- - End Of File - - 4B0BDE856C7E5869E31FB206AACFCEED

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 26 January 2012 - 08:47 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 casimar

casimar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 26 January 2012 - 10:01 PM

Gringo,

Sure thing. I ran FixTDSS and it came back with "***Infected MBR detected" after the reboot, and the repair succeeded.

When I rebooted and ran TDSKiller it found no threats.

The log is below but I am not going to touch the machine until I hear back from you. :-)

Oh, and very importantly thank you.

----------------------------------



20:54:52.0979 3024 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
20:54:53.0104 3024 ============================================================
20:54:53.0104 3024 Current date / time: 2012/01/26 20:54:53.0104
20:54:53.0104 3024 SystemInfo:
20:54:53.0104 3024
20:54:53.0104 3024 OS Version: 6.1.7601 ServicePack: 1.0
20:54:53.0104 3024 Product type: Workstation
20:54:53.0104 3024 ComputerName: CASIMAR-CASIMAR
20:54:53.0104 3024 UserName: casimar
20:54:53.0104 3024 Windows directory: C:\Windows
20:54:53.0104 3024 System windows directory: C:\Windows
20:54:53.0104 3024 Running under WOW64
20:54:53.0104 3024 Processor architecture: Intel x64
20:54:53.0104 3024 Number of processors: 6
20:54:53.0104 3024 Page size: 0x1000
20:54:53.0104 3024 Boot type: Normal boot
20:54:53.0104 3024 ============================================================
20:54:54.0711 3024 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:54:54.0742 3024 Drive \Device\Harddisk6\DR6 - Size: 0x3B97FE00 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:54:54.0773 3024 Initialize success
20:55:01.0965 3064 ============================================================
20:55:01.0965 3064 Scan started
20:55:01.0965 3064 Mode: Manual;
20:55:01.0965 3064 ============================================================
20:55:02.0761 3064 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:55:02.0761 3064 1394ohci - ok
20:55:02.0776 3064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:55:02.0792 3064 ACPI - ok
20:55:02.0807 3064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:55:02.0807 3064 AcpiPmi - ok
20:55:02.0854 3064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:55:02.0854 3064 adp94xx - ok
20:55:02.0870 3064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:55:02.0870 3064 adpahci - ok
20:55:02.0885 3064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:55:02.0885 3064 adpu320 - ok
20:55:02.0932 3064 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:55:02.0932 3064 AFD - ok
20:55:02.0948 3064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:55:02.0948 3064 agp440 - ok
20:55:02.0963 3064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:55:02.0963 3064 aliide - ok
20:55:02.0995 3064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:55:02.0995 3064 amdide - ok
20:55:03.0026 3064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:55:03.0026 3064 AmdK8 - ok
20:55:03.0697 3064 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
20:55:03.0775 3064 amdkmdag - ok
20:55:03.0806 3064 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
20:55:03.0806 3064 amdkmdap - ok
20:55:03.0837 3064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:55:03.0837 3064 AmdPPM - ok
20:55:03.0868 3064 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:55:03.0868 3064 amdsata - ok
20:55:03.0899 3064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:55:03.0899 3064 amdsbs - ok
20:55:03.0915 3064 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:55:03.0915 3064 amdxata - ok
20:55:03.0931 3064 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:55:03.0931 3064 AppID - ok
20:55:03.0962 3064 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:55:03.0977 3064 arc - ok
20:55:03.0977 3064 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:55:03.0977 3064 arcsas - ok
20:55:04.0009 3064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:55:04.0009 3064 AsyncMac - ok
20:55:04.0024 3064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:55:04.0024 3064 atapi - ok
20:55:04.0087 3064 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
20:55:04.0102 3064 athr - ok
20:55:04.0165 3064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:55:04.0165 3064 b06bdrv - ok
20:55:04.0180 3064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:55:04.0180 3064 b57nd60a - ok
20:55:04.0196 3064 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:55:04.0196 3064 Beep - ok
20:55:04.0243 3064 BlackBox - ok
20:55:04.0258 3064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:55:04.0258 3064 blbdrive - ok
20:55:04.0274 3064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:55:04.0274 3064 bowser - ok
20:55:04.0289 3064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:55:04.0289 3064 BrFiltLo - ok
20:55:04.0305 3064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:55:04.0305 3064 BrFiltUp - ok
20:55:04.0336 3064 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:55:04.0336 3064 BridgeMP - ok
20:55:04.0367 3064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:55:04.0367 3064 Brserid - ok
20:55:04.0383 3064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:55:04.0383 3064 BrSerWdm - ok
20:55:04.0399 3064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:55:04.0399 3064 BrUsbMdm - ok
20:55:04.0414 3064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:55:04.0414 3064 BrUsbSer - ok
20:55:04.0430 3064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:55:04.0430 3064 BTHMODEM - ok
20:55:04.0586 3064 catchme - ok
20:55:04.0617 3064 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:55:04.0617 3064 cdfs - ok
20:55:04.0633 3064 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:55:04.0648 3064 cdrom - ok
20:55:04.0664 3064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:55:04.0664 3064 circlass - ok
20:55:04.0679 3064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:55:04.0679 3064 CLFS - ok
20:55:04.0695 3064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:55:04.0695 3064 CmBatt - ok
20:55:04.0711 3064 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:55:04.0711 3064 cmdide - ok
20:55:04.0742 3064 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:55:04.0757 3064 CNG - ok
20:55:04.0773 3064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:55:04.0773 3064 Compbatt - ok
20:55:04.0804 3064 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:55:04.0820 3064 CompositeBus - ok
20:55:04.0835 3064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:55:04.0835 3064 crcdisk - ok
20:55:04.0882 3064 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:55:04.0882 3064 DfsC - ok
20:55:04.0913 3064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:55:04.0913 3064 discache - ok
20:55:04.0945 3064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:55:04.0945 3064 Disk - ok
20:55:05.0007 3064 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:55:05.0007 3064 drmkaud - ok
20:55:05.0054 3064 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:55:05.0054 3064 DXGKrnl - ok
20:55:05.0631 3064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:55:05.0678 3064 ebdrv - ok
20:55:05.0709 3064 ElRawDisk (4778eeecb75c6fb419745beed3530b9d) C:\Windows\system32\drivers\dddskx64.sys
20:55:05.0709 3064 ElRawDisk - ok
20:55:05.0740 3064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:55:05.0740 3064 elxstor - ok
20:55:05.0756 3064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:55:05.0756 3064 ErrDev - ok
20:55:05.0787 3064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:55:05.0787 3064 exfat - ok
20:55:05.0803 3064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:55:05.0803 3064 fastfat - ok
20:55:05.0818 3064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:55:05.0818 3064 fdc - ok
20:55:05.0834 3064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:55:05.0834 3064 FileInfo - ok
20:55:05.0849 3064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:55:05.0849 3064 Filetrace - ok
20:55:05.0849 3064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:55:05.0865 3064 flpydisk - ok
20:55:05.0881 3064 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:55:05.0881 3064 FltMgr - ok
20:55:05.0896 3064 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:55:05.0896 3064 FsDepends - ok
20:55:05.0912 3064 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:55:05.0912 3064 Fs_Rec - ok
20:55:05.0927 3064 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:55:05.0927 3064 fvevol - ok
20:55:05.0943 3064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:55:05.0943 3064 gagp30kx - ok
20:55:05.0990 3064 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:55:05.0990 3064 GEARAspiWDM - ok
20:55:06.0005 3064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:55:06.0005 3064 hcw85cir - ok
20:55:06.0037 3064 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:55:06.0037 3064 HdAudAddService - ok
20:55:06.0068 3064 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:55:06.0068 3064 HDAudBus - ok
20:55:06.0083 3064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:55:06.0083 3064 HidBatt - ok
20:55:06.0099 3064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:55:06.0099 3064 HidBth - ok
20:55:06.0115 3064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:55:06.0130 3064 HidIr - ok
20:55:06.0161 3064 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:55:06.0161 3064 HidUsb - ok
20:55:06.0177 3064 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:55:06.0177 3064 HpSAMD - ok
20:55:06.0208 3064 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:55:06.0224 3064 HTTP - ok
20:55:06.0255 3064 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:55:06.0255 3064 hwpolicy - ok
20:55:06.0286 3064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:55:06.0286 3064 i8042prt - ok
20:55:06.0302 3064 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:55:06.0302 3064 iaStorV - ok
20:55:06.0317 3064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:55:06.0317 3064 iirsp - ok
20:55:06.0349 3064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:55:06.0349 3064 intelide - ok
20:55:06.0364 3064 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:55:06.0364 3064 intelppm - ok
20:55:06.0380 3064 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:55:06.0380 3064 IpFilterDriver - ok
20:55:06.0395 3064 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:55:06.0411 3064 IPMIDRV - ok
20:55:06.0442 3064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:55:06.0442 3064 IPNAT - ok
20:55:06.0458 3064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:55:06.0458 3064 IRENUM - ok
20:55:06.0473 3064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:55:06.0473 3064 isapnp - ok
20:55:06.0489 3064 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:55:06.0489 3064 iScsiPrt - ok
20:55:06.0536 3064 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:55:06.0536 3064 k57nd60a - ok
20:55:06.0567 3064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:55:06.0567 3064 kbdclass - ok
20:55:06.0567 3064 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:55:06.0567 3064 kbdhid - ok
20:55:06.0614 3064 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:55:06.0614 3064 KSecDD - ok
20:55:06.0645 3064 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:55:06.0692 3064 KSecPkg - ok
20:55:06.0707 3064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:55:06.0707 3064 ksthunk - ok
20:55:06.0739 3064 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:55:06.0739 3064 lltdio - ok
20:55:06.0754 3064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:55:06.0754 3064 LSI_FC - ok
20:55:06.0770 3064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:55:06.0770 3064 LSI_SAS - ok
20:55:06.0785 3064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:55:06.0785 3064 LSI_SAS2 - ok
20:55:06.0801 3064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:55:06.0801 3064 LSI_SCSI - ok
20:55:06.0817 3064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:55:06.0817 3064 luafv - ok
20:55:06.0832 3064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:55:06.0832 3064 megasas - ok
20:55:06.0863 3064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:55:06.0863 3064 MegaSR - ok
20:55:06.0879 3064 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:55:06.0879 3064 Modem - ok
20:55:06.0910 3064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:55:06.0910 3064 monitor - ok
20:55:06.0926 3064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:55:06.0926 3064 mouclass - ok
20:55:06.0941 3064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:55:06.0941 3064 mouhid - ok
20:55:06.0957 3064 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:55:06.0957 3064 mountmgr - ok
20:55:06.0973 3064 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:55:06.0973 3064 mpio - ok
20:55:06.0988 3064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:55:07.0004 3064 mpsdrv - ok
20:55:07.0035 3064 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:55:07.0035 3064 MRxDAV - ok
20:55:07.0066 3064 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:55:07.0066 3064 mrxsmb - ok
20:55:07.0113 3064 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:55:07.0113 3064 mrxsmb10 - ok
20:55:07.0129 3064 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:55:07.0129 3064 mrxsmb20 - ok
20:55:07.0144 3064 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:55:07.0144 3064 msahci - ok
20:55:07.0191 3064 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:55:07.0191 3064 msdsm - ok
20:55:07.0207 3064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:55:07.0207 3064 Msfs - ok
20:55:07.0207 3064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:55:07.0207 3064 mshidkmdf - ok
20:55:07.0222 3064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:55:07.0222 3064 msisadrv - ok
20:55:07.0269 3064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:55:07.0269 3064 MSKSSRV - ok
20:55:07.0285 3064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:55:07.0285 3064 MSPCLOCK - ok
20:55:07.0300 3064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:55:07.0300 3064 MSPQM - ok
20:55:07.0347 3064 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:55:07.0347 3064 MsRPC - ok
20:55:07.0378 3064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:55:07.0378 3064 mssmbios - ok
20:55:07.0394 3064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:55:07.0394 3064 MSTEE - ok
20:55:07.0409 3064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:55:07.0409 3064 MTConfig - ok
20:55:07.0425 3064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:55:07.0425 3064 Mup - ok
20:55:07.0456 3064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:55:07.0456 3064 NativeWifiP - ok
20:55:07.0503 3064 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:55:07.0519 3064 NDIS - ok
20:55:07.0519 3064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:55:07.0519 3064 NdisCap - ok
20:55:07.0550 3064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:55:07.0550 3064 NdisTapi - ok
20:55:07.0581 3064 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:55:07.0581 3064 Ndisuio - ok
20:55:07.0612 3064 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:55:07.0612 3064 NdisWan - ok
20:55:07.0628 3064 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:55:07.0628 3064 NDProxy - ok
20:55:07.0643 3064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:55:07.0643 3064 NetBIOS - ok
20:55:07.0675 3064 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:55:07.0675 3064 NetBT - ok
20:55:07.0706 3064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:55:07.0706 3064 nfrd960 - ok
20:55:07.0737 3064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:55:07.0737 3064 Npfs - ok
20:55:07.0753 3064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:55:07.0753 3064 nsiproxy - ok
20:55:07.0799 3064 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:55:07.0815 3064 Ntfs - ok
20:55:07.0831 3064 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:55:07.0877 3064 Null - ok
20:55:07.0909 3064 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:55:07.0909 3064 nvraid - ok
20:55:07.0924 3064 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:55:07.0924 3064 nvstor - ok
20:55:07.0940 3064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:55:07.0940 3064 nv_agp - ok
20:55:07.0971 3064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:55:07.0971 3064 ohci1394 - ok
20:55:07.0987 3064 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:55:07.0987 3064 Parport - ok
20:55:08.0018 3064 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:55:08.0018 3064 partmgr - ok
20:55:08.0033 3064 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:55:08.0033 3064 pci - ok
20:55:08.0049 3064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:55:08.0049 3064 pciide - ok
20:55:08.0065 3064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:55:08.0065 3064 pcmcia - ok
20:55:08.0080 3064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:55:08.0080 3064 pcw - ok
20:55:08.0096 3064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:55:08.0096 3064 PEAUTH - ok
20:55:08.0158 3064 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:55:08.0158 3064 PptpMiniport - ok
20:55:08.0174 3064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:55:08.0174 3064 Processor - ok
20:55:08.0205 3064 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:55:08.0205 3064 Psched - ok
20:55:08.0267 3064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:55:08.0283 3064 ql2300 - ok
20:55:08.0283 3064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:55:08.0283 3064 ql40xx - ok
20:55:08.0299 3064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:55:08.0299 3064 QWAVEdrv - ok
20:55:08.0314 3064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:55:08.0314 3064 RasAcd - ok
20:55:08.0345 3064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:55:08.0345 3064 RasAgileVpn - ok
20:55:08.0361 3064 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:55:08.0361 3064 Rasl2tp - ok
20:55:08.0377 3064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:55:08.0377 3064 RasPppoe - ok
20:55:08.0377 3064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:55:08.0377 3064 RasSstp - ok
20:55:08.0408 3064 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:55:08.0408 3064 rdbss - ok
20:55:08.0423 3064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:55:08.0423 3064 rdpbus - ok
20:55:08.0439 3064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:55:08.0439 3064 RDPCDD - ok
20:55:08.0455 3064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:55:08.0455 3064 RDPENCDD - ok
20:55:08.0470 3064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:55:08.0470 3064 RDPREFMP - ok
20:55:08.0501 3064 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:55:08.0501 3064 RDPWD - ok
20:55:08.0533 3064 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:55:08.0533 3064 rdyboost - ok
20:55:08.0564 3064 RKUn - ok
20:55:08.0595 3064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:55:08.0595 3064 rspndr - ok
20:55:08.0611 3064 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:55:08.0611 3064 sbp2port - ok
20:55:08.0657 3064 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:55:08.0657 3064 scfilter - ok
20:55:08.0673 3064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:55:08.0673 3064 secdrv - ok
20:55:08.0704 3064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:55:08.0704 3064 Serenum - ok
20:55:08.0720 3064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:55:08.0720 3064 Serial - ok
20:55:08.0735 3064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:55:08.0735 3064 sermouse - ok
20:55:08.0767 3064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:55:08.0767 3064 sffdisk - ok
20:55:08.0782 3064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:55:08.0782 3064 sffp_mmc - ok
20:55:08.0798 3064 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:55:08.0798 3064 sffp_sd - ok
20:55:08.0813 3064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:55:08.0813 3064 sfloppy - ok
20:55:08.0845 3064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:55:08.0845 3064 SiSRaid2 - ok
20:55:08.0860 3064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:55:08.0860 3064 SiSRaid4 - ok
20:55:08.0860 3064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:55:08.0876 3064 Smb - ok
20:55:08.0891 3064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:55:08.0891 3064 spldr - ok
20:55:08.0938 3064 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:55:08.0954 3064 srv - ok
20:55:08.0969 3064 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:55:08.0969 3064 srv2 - ok
20:55:09.0016 3064 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:55:09.0016 3064 srvnet - ok
20:55:09.0063 3064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:55:09.0079 3064 stexstor - ok
20:55:09.0110 3064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:55:09.0110 3064 swenum - ok
20:55:09.0188 3064 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:55:09.0203 3064 Tcpip - ok
20:55:09.0219 3064 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:55:09.0235 3064 TCPIP6 - ok
20:55:09.0266 3064 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:55:09.0266 3064 tcpipreg - ok
20:55:09.0281 3064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:55:09.0281 3064 TDPIPE - ok
20:55:09.0297 3064 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:55:09.0297 3064 TDTCP - ok
20:55:09.0328 3064 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:55:09.0328 3064 tdx - ok
20:55:09.0359 3064 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:55:09.0359 3064 TermDD - ok
20:55:09.0391 3064 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:55:09.0391 3064 tssecsrv - ok
20:55:09.0406 3064 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:55:09.0406 3064 TsUsbFlt - ok
20:55:09.0437 3064 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:55:09.0437 3064 tunnel - ok
20:55:09.0453 3064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:55:09.0453 3064 uagp35 - ok
20:55:09.0500 3064 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:55:09.0500 3064 udfs - ok
20:55:09.0531 3064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:55:09.0531 3064 uliagpkx - ok
20:55:09.0562 3064 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:55:09.0562 3064 umbus - ok
20:55:09.0578 3064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:55:09.0578 3064 UmPass - ok
20:55:09.0625 3064 Usb5200 (2560602030ea252208783afc9ed0e738) C:\Windows\system32\Drivers\usb5200.sys
20:55:09.0625 3064 Usb5200 - ok
20:55:09.0656 3064 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:55:09.0656 3064 USBAAPL64 - ok
20:55:09.0671 3064 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:55:09.0687 3064 usbaudio - ok
20:55:09.0687 3064 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:55:09.0687 3064 usbccgp - ok
20:55:09.0718 3064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:55:09.0734 3064 usbcir - ok
20:55:09.0734 3064 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:55:09.0734 3064 usbehci - ok
20:55:09.0765 3064 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:55:09.0765 3064 usbhub - ok
20:55:09.0781 3064 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:55:09.0781 3064 usbohci - ok
20:55:09.0796 3064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:55:09.0796 3064 usbprint - ok
20:55:09.0827 3064 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:55:09.0827 3064 usbscan - ok
20:55:09.0843 3064 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:55:09.0843 3064 USBSTOR - ok
20:55:09.0859 3064 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:55:09.0859 3064 usbuhci - ok
20:55:09.0890 3064 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:55:09.0890 3064 usbvideo - ok
20:55:09.0905 3064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:55:09.0905 3064 vdrvroot - ok
20:55:09.0937 3064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:55:09.0937 3064 vga - ok
20:55:09.0952 3064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:55:09.0952 3064 VgaSave - ok
20:55:09.0968 3064 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:55:09.0968 3064 vhdmp - ok
20:55:09.0999 3064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:55:09.0999 3064 viaide - ok
20:55:10.0015 3064 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:55:10.0015 3064 volmgr - ok
20:55:10.0046 3064 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:55:10.0061 3064 volmgrx - ok
20:55:10.0093 3064 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:55:10.0093 3064 volsnap - ok
20:55:10.0124 3064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:55:10.0124 3064 vsmraid - ok
20:55:10.0139 3064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:55:10.0139 3064 vwifibus - ok
20:55:10.0155 3064 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:55:10.0155 3064 vwififlt - ok
20:55:10.0171 3064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:55:10.0171 3064 WacomPen - ok
20:55:10.0202 3064 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:55:10.0202 3064 WANARP - ok
20:55:10.0202 3064 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:55:10.0202 3064 Wanarpv6 - ok
20:55:10.0217 3064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:55:10.0217 3064 Wd - ok
20:55:10.0249 3064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:55:10.0249 3064 Wdf01000 - ok
20:55:10.0280 3064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:55:10.0280 3064 WfpLwf - ok
20:55:10.0280 3064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:55:10.0280 3064 WIMMount - ok
20:55:10.0327 3064 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:55:10.0327 3064 WinUsb - ok
20:55:10.0358 3064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:55:10.0358 3064 WmiAcpi - ok
20:55:10.0389 3064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:55:10.0389 3064 ws2ifsl - ok
20:55:10.0420 3064 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:55:10.0420 3064 WudfPf - ok
20:55:10.0451 3064 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:55:10.0451 3064 WUDFRd - ok
20:55:10.0483 3064 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
20:55:10.0483 3064 xusb21 - ok
20:55:10.0498 3064 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:55:10.0561 3064 \Device\Harddisk0\DR0 - ok
20:55:10.0561 3064 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk6\DR6
20:55:21.0028 3064 \Device\Harddisk6\DR6 - ok
20:55:21.0044 3064 Boot (0x1200) (74ee58ebfb236838e3d23eec6d412791) \Device\Harddisk0\DR0\Partition0
20:55:21.0044 3064 \Device\Harddisk0\DR0\Partition0 - ok
20:55:21.0059 3064 Boot (0x1200) (26b43af28135f1d06ae70e0b5e6ef4a0) \Device\Harddisk0\DR0\Partition1
20:55:21.0059 3064 \Device\Harddisk0\DR0\Partition1 - ok
20:55:21.0059 3064 Boot (0x1200) (8928be2b70246d0db4f58328695d5970) \Device\Harddisk6\DR6\Partition0
20:55:21.0059 3064 \Device\Harddisk6\DR6\Partition0 - ok
20:55:21.0059 3064 ============================================================
20:55:21.0059 3064 Scan finished
20:55:21.0059 3064 ============================================================
20:55:21.0091 3056 Detected object count: 0
20:55:21.0091 3056 Actual detected object count: 0
20:55:27.0970 0708 ============================================================
20:55:27.0970 0708 Scan started
20:55:27.0970 0708 Mode: Manual;
20:55:27.0970 0708 ============================================================
20:55:28.0360 0708 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:55:28.0360 0708 1394ohci - ok
20:55:28.0376 0708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:55:28.0376 0708 ACPI - ok
20:55:28.0391 0708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:55:28.0391 0708 AcpiPmi - ok
20:55:28.0438 0708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:55:28.0438 0708 adp94xx - ok
20:55:28.0454 0708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:55:28.0454 0708 adpahci - ok
20:55:28.0454 0708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:55:28.0454 0708 adpu320 - ok
20:55:28.0501 0708 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:55:28.0501 0708 AFD - ok
20:55:28.0516 0708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:55:28.0516 0708 agp440 - ok
20:55:28.0532 0708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:55:28.0532 0708 aliide - ok
20:55:28.0547 0708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:55:28.0547 0708 amdide - ok
20:55:28.0563 0708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:55:28.0563 0708 AmdK8 - ok
20:55:28.0688 0708 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
20:55:28.0735 0708 amdkmdag - ok
20:55:28.0750 0708 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
20:55:28.0750 0708 amdkmdap - ok
20:55:28.0766 0708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:55:28.0766 0708 AmdPPM - ok
20:55:28.0797 0708 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:55:28.0797 0708 amdsata - ok
20:55:28.0797 0708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:55:28.0797 0708 amdsbs - ok
20:55:28.0813 0708 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:55:28.0813 0708 amdxata - ok
20:55:28.0844 0708 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:55:28.0844 0708 AppID - ok
20:55:28.0859 0708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:55:28.0859 0708 arc - ok
20:55:28.0875 0708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:55:28.0875 0708 arcsas - ok
20:55:28.0875 0708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:55:28.0875 0708 AsyncMac - ok
20:55:28.0906 0708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:55:28.0906 0708 atapi - ok
20:55:28.0953 0708 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
20:55:28.0953 0708 athr - ok
20:55:28.0984 0708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:55:28.0984 0708 b06bdrv - ok
20:55:29.0000 0708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:55:29.0000 0708 b57nd60a - ok
20:55:29.0015 0708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:55:29.0015 0708 Beep - ok
20:55:29.0031 0708 BlackBox - ok
20:55:29.0031 0708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:55:29.0031 0708 blbdrive - ok
20:55:29.0062 0708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:55:29.0062 0708 bowser - ok
20:55:29.0078 0708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:55:29.0078 0708 BrFiltLo - ok
20:55:29.0093 0708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:55:29.0093 0708 BrFiltUp - ok
20:55:29.0109 0708 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:55:29.0109 0708 BridgeMP - ok
20:55:29.0125 0708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:55:29.0125 0708 Brserid - ok
20:55:29.0140 0708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:55:29.0140 0708 BrSerWdm - ok
20:55:29.0156 0708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:55:29.0156 0708 BrUsbMdm - ok
20:55:29.0171 0708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:55:29.0171 0708 BrUsbSer - ok
20:55:29.0187 0708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:55:29.0187 0708 BTHMODEM - ok
20:55:29.0296 0708 catchme - ok
20:55:29.0312 0708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:55:29.0312 0708 cdfs - ok
20:55:29.0343 0708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:55:29.0343 0708 cdrom - ok
20:55:29.0359 0708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:55:29.0359 0708 circlass - ok
20:55:29.0390 0708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:55:29.0390 0708 CLFS - ok
20:55:29.0405 0708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:55:29.0405 0708 CmBatt - ok
20:55:29.0421 0708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:55:29.0421 0708 cmdide - ok
20:55:29.0452 0708 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:55:29.0452 0708 CNG - ok
20:55:29.0468 0708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:55:29.0468 0708 Compbatt - ok
20:55:29.0483 0708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:55:29.0483 0708 CompositeBus - ok
20:55:29.0499 0708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:55:29.0499 0708 crcdisk - ok
20:55:29.0530 0708 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:55:29.0530 0708 DfsC - ok
20:55:29.0546 0708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:55:29.0546 0708 discache - ok
20:55:29.0577 0708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:55:29.0577 0708 Disk - ok
20:55:29.0608 0708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:55:29.0608 0708 drmkaud - ok
20:55:29.0639 0708 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:55:29.0655 0708 DXGKrnl - ok
20:55:29.0702 0708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:55:29.0717 0708 ebdrv - ok
20:55:29.0749 0708 ElRawDisk (4778eeecb75c6fb419745beed3530b9d) C:\Windows\system32\drivers\dddskx64.sys
20:55:29.0749 0708 ElRawDisk - ok
20:55:29.0780 0708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:55:29.0780 0708 elxstor - ok
20:55:29.0795 0708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:55:29.0795 0708 ErrDev - ok
20:55:29.0811 0708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:55:29.0811 0708 exfat - ok
20:55:29.0842 0708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:55:29.0842 0708 fastfat - ok
20:55:29.0842 0708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:55:29.0842 0708 fdc - ok
20:55:29.0858 0708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:55:29.0858 0708 FileInfo - ok
20:55:29.0873 0708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:55:29.0873 0708 Filetrace - ok
20:55:29.0889 0708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:55:29.0889 0708 flpydisk - ok
20:55:29.0905 0708 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:55:29.0920 0708 FltMgr - ok
20:55:29.0920 0708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:55:29.0920 0708 FsDepends - ok
20:55:29.0936 0708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:55:29.0936 0708 Fs_Rec - ok
20:55:29.0967 0708 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:55:29.0967 0708 fvevol - ok
20:55:29.0983 0708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:55:29.0983 0708 gagp30kx - ok
20:55:30.0014 0708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:55:30.0014 0708 GEARAspiWDM - ok
20:55:30.0029 0708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:55:30.0029 0708 hcw85cir - ok
20:55:30.0045 0708 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:55:30.0061 0708 HdAudAddService - ok
20:55:30.0076 0708 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:55:30.0076 0708 HDAudBus - ok
20:55:30.0092 0708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:55:30.0092 0708 HidBatt - ok
20:55:30.0107 0708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:55:30.0107 0708 HidBth - ok
20:55:30.0123 0708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:55:30.0123 0708 HidIr - ok
20:55:30.0139 0708 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:55:30.0139 0708 HidUsb - ok
20:55:30.0154 0708 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:55:30.0154 0708 HpSAMD - ok
20:55:30.0185 0708 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:55:30.0185 0708 HTTP - ok
20:55:30.0217 0708 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:55:30.0217 0708 hwpolicy - ok
20:55:30.0232 0708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:55:30.0232 0708 i8042prt - ok
20:55:30.0248 0708 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:55:30.0248 0708 iaStorV - ok
20:55:30.0263 0708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:55:30.0263 0708 iirsp - ok
20:55:30.0295 0708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:55:30.0295 0708 intelide - ok
20:55:30.0310 0708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:55:30.0310 0708 intelppm - ok
20:55:30.0326 0708 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:55:30.0326 0708 IpFilterDriver - ok
20:55:30.0341 0708 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:55:30.0341 0708 IPMIDRV - ok
20:55:30.0357 0708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:55:30.0357 0708 IPNAT - ok
20:55:30.0373 0708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:55:30.0373 0708 IRENUM - ok
20:55:30.0388 0708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:55:30.0388 0708 isapnp - ok
20:55:30.0404 0708 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:55:30.0404 0708 iScsiPrt - ok
20:55:30.0435 0708 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:55:30.0451 0708 k57nd60a - ok
20:55:30.0451 0708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:55:30.0451 0708 kbdclass - ok
20:55:30.0466 0708 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:55:30.0466 0708 kbdhid - ok
20:55:30.0497 0708 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:55:30.0497 0708 KSecDD - ok
20:55:30.0513 0708 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:55:30.0513 0708 KSecPkg - ok
20:55:30.0529 0708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:55:30.0529 0708 ksthunk - ok
20:55:30.0560 0708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:55:30.0560 0708 lltdio - ok
20:55:30.0575 0708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:55:30.0575 0708 LSI_FC - ok
20:55:30.0591 0708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:55:30.0591 0708 LSI_SAS - ok
20:55:30.0591 0708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:55:30.0591 0708 LSI_SAS2 - ok
20:55:30.0607 0708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:55:30.0607 0708 LSI_SCSI - ok
20:55:30.0622 0708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:55:30.0622 0708 luafv - ok
20:55:30.0638 0708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:55:30.0638 0708 megasas - ok
20:55:30.0669 0708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:55:30.0669 0708 MegaSR - ok
20:55:30.0685 0708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:55:30.0685 0708 Modem - ok
20:55:30.0700 0708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:55:30.0700 0708 monitor - ok
20:55:30.0716 0708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:55:30.0716 0708 mouclass - ok
20:55:30.0731 0708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:55:30.0731 0708 mouhid - ok
20:55:30.0747 0708 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:55:30.0747 0708 mountmgr - ok
20:55:30.0763 0708 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:55:30.0763 0708 mpio - ok
20:55:30.0778 0708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:55:30.0778 0708 mpsdrv - ok
20:55:30.0809 0708 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:55:30.0809 0708 MRxDAV - ok
20:55:30.0841 0708 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:55:30.0841 0708 mrxsmb - ok
20:55:30.0872 0708 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:55:30.0872 0708 mrxsmb10 - ok
20:55:30.0887 0708 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:55:30.0887 0708 mrxsmb20 - ok
20:55:30.0903 0708 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:55:30.0903 0708 msahci - ok
20:55:30.0919 0708 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:55:30.0919 0708 msdsm - ok
20:55:30.0934 0708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:55:30.0934 0708 Msfs - ok
20:55:30.0950 0708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:55:30.0950 0708 mshidkmdf - ok
20:55:30.0965 0708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:55:30.0965 0708 msisadrv - ok
20:55:30.0981 0708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:55:30.0981 0708 MSKSSRV - ok
20:55:30.0997 0708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:55:30.0997 0708 MSPCLOCK - ok
20:55:30.0997 0708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:55:30.0997 0708 MSPQM - ok
20:55:31.0028 0708 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:55:31.0028 0708 MsRPC - ok
20:55:31.0043 0708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:55:31.0059 0708 mssmbios - ok
20:55:31.0075 0708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:55:31.0075 0708 MSTEE - ok
20:55:31.0075 0708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:55:31.0075 0708 MTConfig - ok
20:55:31.0090 0708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:55:31.0090 0708 Mup - ok
20:55:31.0121 0708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:55:31.0121 0708 NativeWifiP - ok
20:55:31.0168 0708 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:55:31.0168 0708 NDIS - ok
20:55:31.0168 0708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:55:31.0168 0708 NdisCap - ok
20:55:31.0184 0708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:55:31.0184 0708 NdisTapi - ok
20:55:31.0215 0708 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:55:31.0215 0708 Ndisuio - ok
20:55:31.0231 0708 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:55:31.0231 0708 NdisWan - ok
20:55:31.0246 0708 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:55:31.0246 0708 NDProxy - ok
20:55:31.0277 0708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:55:31.0277 0708 NetBIOS - ok
20:55:31.0293 0708 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:55:31.0309 0708 NetBT - ok
20:55:31.0324 0708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:55:31.0324 0708 nfrd960 - ok
20:55:31.0355 0708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:55:31.0355 0708 Npfs - ok
20:55:31.0371 0708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:55:31.0371 0708 nsiproxy - ok
20:55:31.0418 0708 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:55:31.0418 0708 Ntfs - ok
20:55:31.0449 0708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:55:31.0449 0708 Null - ok
20:55:31.0465 0708 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:55:31.0465 0708 nvraid - ok
20:55:31.0480 0708 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:55:31.0480 0708 nvstor - ok
20:55:31.0496 0708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:55:31.0496 0708 nv_agp - ok
20:55:31.0511 0708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:55:31.0511 0708 ohci1394 - ok
20:55:31.0527 0708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:55:31.0527 0708 Parport - ok
20:55:31.0543 0708 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:55:31.0558 0708 partmgr - ok
20:55:31.0574 0708 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:55:31.0574 0708 pci - ok
20:55:31.0574 0708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:55:31.0574 0708 pciide - ok
20:55:31.0589 0708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:55:31.0589 0708 pcmcia - ok
20:55:31.0605 0708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:55:31.0605 0708 pcw - ok
20:55:31.0621 0708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:55:31.0636 0708 PEAUTH - ok
20:55:31.0667 0708 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:55:31.0667 0708 PptpMiniport - ok
20:55:31.0699 0708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:55:31.0699 0708 Processor - ok
20:55:31.0714 0708 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:55:31.0714 0708 Psched - ok
20:55:31.0745 0708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:55:31.0745 0708 ql2300 - ok
20:55:31.0761 0708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:55:31.0761 0708 ql40xx - ok
20:55:31.0777 0708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:55:31.0777 0708 QWAVEdrv - ok
20:55:31.0792 0708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:55:31.0792 0708 RasAcd - ok
20:55:31.0823 0708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:55:31.0823 0708 RasAgileVpn - ok
20:55:31.0855 0708 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:55:31.0855 0708 Rasl2tp - ok
20:55:31.0855 0708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:55:31.0855 0708 RasPppoe - ok
20:55:31.0870 0708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:55:31.0870 0708 RasSstp - ok
20:55:31.0901 0708 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:55:31.0901 0708 rdbss - ok
20:55:31.0917 0708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:55:31.0917 0708 rdpbus - ok
20:55:31.0933 0708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:55:31.0933 0708 RDPCDD - ok
20:55:31.0948 0708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:55:31.0948 0708 RDPENCDD - ok
20:55:31.0948 0708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:55:31.0948 0708 RDPREFMP - ok
20:55:31.0979 0708 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:55:31.0979 0708 RDPWD - ok
20:55:31.0995 0708 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:55:32.0011 0708 rdyboost - ok
20:55:32.0011 0708 RKUn - ok
20:55:32.0026 0708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:55:32.0026 0708 rspndr - ok
20:55:32.0042 0708 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:55:32.0042 0708 sbp2port - ok
20:55:32.0073 0708 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:55:32.0073 0708 scfilter - ok
20:55:32.0089 0708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:55:32.0089 0708 secdrv - ok
20:55:32.0120 0708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:55:32.0120 0708 Serenum - ok
20:55:32.0135 0708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:55:32.0135 0708 Serial - ok
20:55:32.0135 0708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:55:32.0135 0708 sermouse - ok
20:55:32.0182 0708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:55:32.0182 0708 sffdisk - ok
20:55:32.0198 0708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:55:32.0198 0708 sffp_mmc - ok
20:55:32.0213 0708 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:55:32.0213 0708 sffp_sd - ok
20:55:32.0213 0708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:55:32.0213 0708 sfloppy - ok
20:55:32.0229 0708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:55:32.0229 0708 SiSRaid2 - ok
20:55:32.0245 0708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:55:32.0245 0708 SiSRaid4 - ok
20:55:32.0260 0708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:55:32.0260 0708 Smb - ok
20:55:32.0291 0708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:55:32.0291 0708 spldr - ok
20:55:32.0323 0708 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:55:32.0323 0708 srv - ok
20:55:32.0354 0708 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:55:32.0354 0708 srv2 - ok
20:55:32.0369 0708 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:55:32.0369 0708 srvnet - ok
20:55:32.0385 0708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:55:32.0385 0708 stexstor - ok
20:55:32.0416 0708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:55:32.0416 0708 swenum - ok
20:55:32.0463 0708 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:55:32.0463 0708 Tcpip - ok
20:55:32.0494 0708 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:55:32.0494 0708 TCPIP6 - ok
20:55:32.0525 0708 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:55:32.0525 0708 tcpipreg - ok
20:55:32.0541 0708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:55:32.0541 0708 TDPIPE - ok
20:55:32.0557 0708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:55:32.0557 0708 TDTCP - ok
20:55:32.0588 0708 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:55:32.0588 0708 tdx - ok
20:55:32.0588 0708 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:55:32.0603 0708 TermDD - ok
20:55:32.0619 0708 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:55:32.0619 0708 tssecsrv - ok
20:55:32.0650 0708 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:55:32.0650 0708 TsUsbFlt - ok
20:55:32.0666 0708 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:55:32.0666 0708 tunnel - ok
20:55:32.0697 0708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:55:32.0697 0708 uagp35 - ok
20:55:32.0713 0708 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:55:32.0713 0708 udfs - ok
20:55:32.0728 0708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:55:32.0728 0708 uliagpkx - ok
20:55:32.0759 0708 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:55:32.0759 0708 umbus - ok
20:55:32.0775 0708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:55:32.0775 0708 UmPass - ok
20:55:32.0806 0708 Usb5200 (2560602030ea252208783afc9ed0e738) C:\Windows\system32\Drivers\usb5200.sys
20:55:32.0806 0708 Usb5200 - ok
20:55:32.0822 0708 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:55:32.0822 0708 USBAAPL64 - ok
20:55:32.0853 0708 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:55:32.0853 0708 usbaudio - ok
20:55:32.0869 0708 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:55:32.0869 0708 usbccgp - ok
20:55:32.0884 0708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:55:32.0884 0708 usbcir - ok
20:55:32.0900 0708 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:55:32.0900 0708 usbehci - ok
20:55:32.0915 0708 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:55:32.0915 0708 usbhub - ok
20:55:32.0931 0708 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:55:32.0931 0708 usbohci - ok
20:55:32.0947 0708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:55:32.0947 0708 usbprint - ok
20:55:32.0947 0708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:55:32.0962 0708 usbscan - ok
20:55:32.0978 0708 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:55:32.0978 0708 USBSTOR - ok
20:55:32.0993 0708 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:55:32.0993 0708 usbuhci - ok
20:55:33.0009 0708 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:55:33.0009 0708 usbvideo - ok
20:55:33.0040 0708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:55:33.0040 0708 vdrvroot - ok
20:55:33.0071 0708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:55:33.0071 0708 vga - ok
20:55:33.0071 0708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:55:33.0071 0708 VgaSave - ok
20:55:33.0103 0708 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:55:33.0103 0708 vhdmp - ok
20:55:33.0118 0708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:55:33.0118 0708 viaide - ok
20:55:33.0134 0708 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:55:33.0134 0708 volmgr - ok
20:55:33.0181 0708 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:55:33.0181 0708 volmgrx - ok
20:55:33.0196 0708 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:55:33.0196 0708 volsnap - ok
20:55:33.0212 0708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:55:33.0212 0708 vsmraid - ok
20:55:33.0227 0708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:55:33.0227 0708 vwifibus - ok
20:55:33.0243 0708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:55:33.0243 0708 vwififlt - ok
20:55:33.0259 0708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:55:33.0274 0708 WacomPen - ok
20:55:33.0290 0708 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:55:33.0290 0708 WANARP - ok
20:55:33.0290 0708 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:55:33.0290 0708 Wanarpv6 - ok
20:55:33.0305 0708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:55:33.0305 0708 Wd - ok
20:55:33.0337 0708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:55:33.0337 0708 Wdf01000 - ok
20:55:33.0368 0708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:55:33.0368 0708 WfpLwf - ok
20:55:33.0368 0708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:55:33.0368 0708 WIMMount - ok
20:55:33.0399 0708 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:55:33.0399 0708 WinUsb - ok
20:55:33.0415 0708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:55:33.0415 0708 WmiAcpi - ok
20:55:33.0430 0708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:55:33.0430 0708 ws2ifsl - ok
20:55:33.0477 0708 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:55:33.0477 0708 WudfPf - ok
20:55:33.0493 0708 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:55:33.0493 0708 WUDFRd - ok
20:55:33.0508 0708 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
20:55:33.0508 0708 xusb21 - ok
20:55:33.0524 0708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:55:33.0586 0708 \Device\Harddisk0\DR0 - ok
20:55:33.0586 0708 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk6\DR6
20:55:44.0054 0708 \Device\Harddisk6\DR6 - ok
20:55:44.0054 0708 Boot (0x1200) (74ee58ebfb236838e3d23eec6d412791) \Device\Harddisk0\DR0\Partition0
20:55:44.0054 0708 \Device\Harddisk0\DR0\Partition0 - ok
20:55:44.0085 0708 Boot (0x1200) (26b43af28135f1d06ae70e0b5e6ef4a0) \Device\Harddisk0\DR0\Partition1
20:55:44.0085 0708 \Device\Harddisk0\DR0\Partition1 - ok
20:55:44.0085 0708 Boot (0x1200) (8928be2b70246d0db4f58328695d5970) \Device\Harddisk6\DR6\Partition0
20:55:44.0085 0708 \Device\Harddisk6\DR6\Partition0 - ok
20:55:44.0085 0708 ============================================================
20:55:44.0085 0708 Scan finished
20:55:44.0085 0708 ============================================================
20:55:44.0101 1188 Detected object count: 0
20:55:44.0101 1188 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 26 January 2012 - 10:38 PM

Greetings

Check out the computer and let me know how things are


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 casimar

casimar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 26 January 2012 - 11:07 PM

Hi, I followed your instructions and ran the script in Combofix. The script is below.

I had physically disconnected from the internet when this started, so I will reinstall Avast/Spybot and reconnect my ethernet cable to see if the other symptoms have disappeared. I will also run SAS just to make sure it is not still detecting that trojan.

The log from Combofix is below:

ComboFix 12-01-26.01 - casimar 01/26/2012 21:43:44.4.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.5055 [GMT -6:00]
Running from: c:\users\casimar\Desktop\ComboFix.exe
Command switches used :: c:\users\casimar\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 03:46 . 2012-01-27 03:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 05:57 . 2012-01-26 05:57 -------- d-----w- c:\program files\AVAST Software
2012-01-26 04:04 . 2012-01-26 04:04 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-26 02:33 . 2012-01-26 02:33 35712 ----a-w- c:\windows\SysWow64\drivers\RKUn.sys
2012-01-25 06:55 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{180288CA-78F5-4488-96CD-25FA6EBB0BA6}\mpengine.dll
2012-01-24 06:49 . 2012-01-24 06:49 -------- d-----w- c:\users\beagle
2012-01-24 05:38 . 2012-01-25 05:06 -------- d-----w- c:\users\turtle
2012-01-23 19:09 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-23 19:09 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-01-23 19:09 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-01-23 02:35 . 2012-01-23 02:36 -------- d-----w- C:\_lifeboat
2012-01-22 14:36 . 2012-01-22 14:56 -------- d-----w- c:\users\casimar\AppData\Local\Google
2012-01-22 06:58 . 2012-01-22 13:35 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-22 03:08 . 2012-01-22 03:08 -------- d-----w- c:\users\casimar\AppData\Local\Mozilla
2012-01-22 03:08 . 2012-01-22 03:55 -------- d-----w- c:\users\casimar\AppData\Local\Mozilla Firefox
2012-01-21 00:50 . 2012-01-21 00:52 -------- d-----w- c:\users\casimar\AppData\Roaming\Mp3tag
2012-01-18 05:33 . 2012-01-18 05:33 -------- d-----w- c:\users\casimar\AppData\Roaming\Malwarebytes
2012-01-18 05:33 . 2012-01-18 05:33 -------- d-----w- c:\programdata\Malwarebytes
2012-01-18 05:33 . 2012-01-26 02:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-12 01:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 01:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 01:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 01:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 01:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 01:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 01:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 01:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 04:56 . 2011-02-25 02:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-28 18:01 . 2011-02-23 04:54 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 04:52 . 2011-12-14 20:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 20:29 . 2011-02-23 04:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 20:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 09:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 09:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 09:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 09:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 09:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 09:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_18.30.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-23 07:54 . 2012-01-27 02:55 32586 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-27 02:55 31140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-23 04:11 . 2012-01-27 02:55 9582 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-244664084-4116943101-1205205197-1000_UserData.bin
- 2012-01-26 14:57 . 2012-01-26 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 03:47 . 2012-01-27 03:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-26 14:57 . 2012-01-26 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-27 03:47 . 2012-01-27 03:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-01-26 14:56 342288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-27 03:46 342288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 BlackBox;BlackBox SR2; [x]
R0 RKUn;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Usb5200;This service handles communication with the USB Device;c:\windows\system32\Drivers\usb5200.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddskx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\casimar\AppData\Roaming\Mozilla\Firefox\Profiles\vo4xp55m.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\0c\02 \0c?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-26 21:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 03:50
ComboFix2.txt 2012-01-26 23:48
ComboFix3.txt 2012-01-26 18:46
ComboFix4.txt 2012-01-24 23:51
.
Pre-Run: 499,111,280,640 bytes free
Post-Run: 499,007,053,824 bytes free
.
- - End Of File - - 206BC4C69523D6C465A67428CE7F4A96

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 26 January 2012 - 11:15 PM

Hello

Check things out and let me know how they are doing

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 casimar

casimar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 26 January 2012 - 11:25 PM

Gringo, thanks again and here is that report.

One thing that gives me pause is the reference to Google Updater. I checked in control panel and I don't have any programs by Google installed.

I am still reinstalling my Avast before I plug in the ethernet, then I will let you know what else I may see.


7-Zip 9.20
Amazon MP3 Downloader 1.0.12
Atarimax Maxflash Cartridge Studio
DVD EZ Copy 1.2
DW 1525 Driver Installation
Google Update Helper
Invader Saver - The Space Invaders Screen Saver
IrfanView (remove only)
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Suite 2006
Microsoft Digital Image Suite 2006 Editor
Microsoft Digital Image Suite 2006 Library
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 9.0.1 (x86 en-US)
Mp3tag v2.48
NTFS Undelete v0.93
R-Studio 5.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SereneScreen Marine Aquarium 3
Skype™ 5.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Vuze
Wisdom-soft Set up ScreenHunter 5.1 Free

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 26 January 2012 - 11:29 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Vuze

and click on remove

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 casimar

casimar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 27 January 2012 - 12:58 AM

Gringo, I followed the steps. So far I am not seeing the intermittent blocked url warnings, and I didn't notice a redirect when I tried to come to this site on the affected machine. MBAM and HiJackThis are below. Thanks very much for your help so far. I should mention that I don't have Google Update running, nor does the directory listed for it exist as far as I can tell.

-----------------------------------------------

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
casimar :: CASIMAR-CASIMAR [administrator]

1/26/2012 11:42:21 PM
mbam-log-2012-01-26 (23-42-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212071
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:10 PM, on 1/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5695 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 27 January 2012 - 01:49 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 casimar

casimar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 27 January 2012 - 01:24 PM

I did as you asked, and here is the ESET log. It found two threats:

Win32\Toolbar.AskSBar application
Win32\OpenCandy application

This is all the log file said:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Incidentally, when I tried to remove some of the "file missing" entires with HiJackThis, that I know to be bogus, they merely returned on the next scan. i.e.

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)

Edited by casimar, 27 January 2012 - 01:47 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:46 AM

Posted 27 January 2012 - 03:10 PM

Hello

hijack this is not fully compatible with 64 bit computers so it will report most of that section with files missing - it is not missing as it is looking in the incorrect location so when you try to fix it it is also going to the incorrect location



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users