Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezing


  • This topic is locked This topic is locked
13 replies to this topic

#1 Rewster

Rewster

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 January 2012 - 11:38 PM

Ever since last night, my computer has been freezing randomly anywhere from mere minutes after a reboot for a couple hours. This has happened well over 10 times today, and probably 20 - 25 times total since last night. When the freeze happens, sound still is running from any videos or games that are running, but all windows are unresponsive, and the mouse still moves. I cannot use Alt+F4 to close anything, cannot use the "Start" key on my keyboard to try and open up the start menu, or use ctrl+alt+delete. The only other option I can think of is doing a hard shutdown and reboot.

I was instructed to create a new topic here by jntkwx (Jason); original topic is here. http://www.bleepingcomputer.com/forums/topic440326.html



Editing the logs in. When running GMER, almost all of the boxes are greyed out.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by home at 22:49:35 on 2012-01-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2316 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\ehome\ehtray.exe
C:\Users\home\AppData\Local\Akamai\netsession_win.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ModLedKey.exe
C:\Users\home\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page =
uSearch Bar =
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0309&m=dx4200-09
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - C:\Program Files (x86)\ToolKitService\splash.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - C:\Program Files (x86)\ToolKitService\toolbar_v2.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Akamai NetSession Interface] "C:\Users\home\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [<NO NAME>]
mRun: [ApnUpdater] c:\program files (x86)\ask.com\updater\updater.exe
mRun: [iTunesHelper] c:\program files (x86)\itunes\ituneshelper.exe
mRun: [APSDaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
mRun: [ATICustomerCare] c:\program files (x86)\ati\aticustomercare\aticustomercare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{1992F39F-F220-494B-8C47-EE921282AC4A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{456A550C-9587-4D8B-8F84-21643FF07297} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{474ED958-0284-48BC-8A90-641738FB0BC7} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{474ED958-0284-48BC-8A90-641738FB0BC7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{730C9B21-7DF2-4BFE-9771-E4A2B7945333} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{84B60BFD-472E-44F5-B9D0-CDCD8A29C728} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{84B60BFD-472E-44F5-B9D0-CDCD8A29C728} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll
BHO-X64: ToolKit IE Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB-X64: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar_v2.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] c:\program files (x86)\ask.com\updater\updater.exe
mRun-x64: [iTunesHelper] c:\program files (x86)\itunes\ituneshelper.exe
mRun-x64: [APSDaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
mRun-x64: [ATICustomerCare] c:\program files (x86)\ati\aticustomercare\aticustomercare.exe
SEH-X64: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 74.208.10.249 gs.apple.com
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-26 652872]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000va.sys --> C:\Windows\system32\DRIVERS\ae1000va.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
S3 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-3-25 24576]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-1-27 517632]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\8A2A.tmp --> C:\Windows\system32\8A2A.tmp [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys --> C:\Windows\system32\DRIVERS\Ph3xIB64.sys [?]
S3 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 ToolkitSvc;Toolkit Service;C:\Program Files (x86)\ToolKitService\toolkitservice.exe [2011-12-14 683664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-21 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-29 21:43:26 -------- d-----w- C:\Users\home\AppData\Roaming\f-secure
2012-01-29 16:42:25 -------- d-----w- C:\Users\home\AppData\Local\Deployment
2012-01-29 16:42:25 -------- d-----w- C:\Users\home\AppData\Local\Apps
2012-01-27 02:54:15 -------- d-----w- C:\Program Files (x86)\HyperCam 3
2012-01-27 01:24:56 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-01-27 00:42:13 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-26 23:29:46 679936 ----a-w- C:\Windows\System32\D3DX81ab.dll
2012-01-22 23:57:09 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-01-22 19:00:31 -------- d-----w- C:\Games
2012-01-22 18:58:56 -------- d-----w- C:\Users\home\AppData\Local\Black_Tree_Gaming
2012-01-22 18:58:51 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-01-22 04:05:09 40960 ----a-r- C:\Users\home\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-01-22 04:05:09 40960 ----a-r- C:\Users\home\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-01-21 01:18:41 23896 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-01-18 03:00:38 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-01-16 05:09:56 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-01-16 05:09:45 -------- d-----w- C:\Users\home\AppData\Local\APN
2012-01-16 05:09:39 -------- d-----w- C:\Users\home\AppData\Roaming\Video2Webcam
2012-01-16 05:09:39 -------- d-----w- C:\ProgramData\Video2Webcam
2012-01-16 05:09:33 1053056 ----a-w- C:\Windows\SysWow64\drivers\V2WCDRV.sys
2012-01-16 03:19:54 -------- d-----w- C:\ProgramData\YouTube Downloader
2012-01-16 03:19:38 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2012-01-15 20:52:50 84480 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2012-01-15 20:52:50 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2012-01-15 20:52:50 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2012-01-15 16:48:57 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-15 16:48:57 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-01-15 16:48:57 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-01-15 16:48:56 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-01-15 16:48:56 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-01-15 16:48:56 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-15 16:48:56 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-15 16:48:56 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-15 16:48:56 11264 ----a-w- C:\Windows\System32\lsass.exe
2012-01-11 23:02:28 -------- d-----w- C:\Program Files\iPod
2012-01-11 23:02:25 -------- d-----w- C:\Program Files\iTunes
2012-01-11 23:02:25 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-11 05:05:21 -------- d-----w- C:\Users\home\AppData\Roaming\AnvSoft
2012-01-09 05:17:36 -------- d-----w- C:\.Creative-Scape.com
2012-01-08 18:31:12 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-01-08 18:30:34 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-01-07 01:00:40 -------- d-----w- C:\Users\home\AppData\Roaming\redsn0w
2012-01-03 05:27:03 -------- d-----w- C:\Users\home\AppData\Local\Microsoft Help
2012-01-02 23:21:55 -------- d-----w- C:\ProgramData\CPA_VA
2012-01-02 22:14:21 -------- d-----w- C:\Program Files (x86)\Comodo
2012-01-02 03:28:23 -------- d-----w- C:\Program Files (x86)\AC Tool
.
==================== Find3M ====================
.
2011-12-28 19:23:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-20 00:59:10 42224 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-12-20 00:59:08 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-12-20 00:58:58 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-12-20 00:58:56 389840 ----a-w- C:\Windows\System32\guard64.dll
2011-12-20 00:58:56 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-12-15 01:50:35 62552 ----a-w- C:\Windows\System32\drivers\toolkitdisk.sys
2011-12-07 16:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-04 01:45:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-13 00:00:56 530488 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-11-10 04:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-11-10 04:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-11-10 04:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-11-10 04:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-11-10 04:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll
2011-11-10 04:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-11-10 04:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-11-10 04:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll
2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll
2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe
2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll
2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll
2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-11-10 02:11:14 45056 ----a-w- C:\Windows\System32\atitmp64.dll
2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:50:30.19 ===============

Attached Files


Edited by Rewster, 29 January 2012 - 11:59 PM.


BC AdBot (Login to Remove)

 


#2 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 30 January 2012 - 11:56 PM

So far the computer hasn't frozen at all today, for the past 6 hours I have been on. Last night I decided to try and put my box fan next to the computer and let that blow on it. Would overheating be a possible cause to the computer locking up? I NEVER turn my computer off, it is basically running 24/7.

#3 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 02 February 2012 - 06:38 PM

Well the freezing hasn't happened at all since I first posted the topic (still curious if this could have been overheating, I have had my boxfan blowing on it all day for 5 or 6 days). However, I would still like to make sure i got all the Malware off my computer.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 PM

Posted 03 February 2012 - 10:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I have reviewed your log and have a question.
Do you need this proxy setting?
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please post the logs for my review.

#5 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 03 February 2012 - 06:21 PM

As far as I know, I don't need the proxy. I'm not sure why I would be using a proxy if I was.


17:20:57.0448 2620 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
17:20:58.0132 2620 ============================================================
17:20:58.0133 2620 Current date / time: 2012/02/03 17:20:58.0132
17:20:58.0133 2620 SystemInfo:
17:20:58.0133 2620
17:20:58.0133 2620 OS Version: 6.0.6002 ServicePack: 2.0
17:20:58.0133 2620 Product type: Workstation
17:20:58.0133 2620 ComputerName: HOME-PC
17:20:58.0134 2620 UserName: home
17:20:58.0134 2620 Windows directory: C:\Windows
17:20:58.0134 2620 System windows directory: C:\Windows
17:20:58.0134 2620 Running under WOW64
17:20:58.0134 2620 Processor architecture: Intel x64
17:20:58.0134 2620 Number of processors: 4
17:20:58.0134 2620 Page size: 0x1000
17:20:58.0134 2620 Boot type: Normal boot
17:20:58.0134 2620 ============================================================
17:20:59.0273 2620 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:20:59.0381 2620 Drive \Device\Harddisk5\DR11 - Size: 0x3BA400000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:20:59.0385 2620 \Device\Harddisk0\DR0:
17:20:59.0386 2620 MBR used
17:20:59.0386 2620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800
17:20:59.0386 2620 \Device\Harddisk5\DR11:
17:20:59.0387 2620 MBR used
17:20:59.0387 2620 \Device\Harddisk5\DR11\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DD0000
17:20:59.0437 2620 Initialize success
17:20:59.0437 2620 ============================================================
17:21:10.0175 6004 ============================================================
17:21:10.0175 6004 Scan started
17:21:10.0175 6004 Mode: Manual;
17:21:10.0175 6004 ============================================================
17:21:11.0452 6004 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:21:11.0496 6004 ACPI - ok
17:21:11.0741 6004 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:21:11.0758 6004 adp94xx - ok
17:21:11.0812 6004 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:21:11.0829 6004 adpahci - ok
17:21:11.0852 6004 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:21:11.0855 6004 adpu160m - ok
17:21:11.0879 6004 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:21:11.0882 6004 adpu320 - ok
17:21:11.0938 6004 AE1000 (852d8034ffd1a1f076318039872fc500) C:\Windows\system32\DRIVERS\ae1000va.sys
17:21:11.0955 6004 AE1000 - ok
17:21:11.0987 6004 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
17:21:11.0995 6004 AFD - ok
17:21:12.0039 6004 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
17:21:12.0065 6004 AgereSoftModem - ok
17:21:12.0092 6004 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:21:12.0094 6004 agp440 - ok
17:21:12.0139 6004 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:21:12.0142 6004 aic78xx - ok
17:21:12.0174 6004 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:21:12.0176 6004 aliide - ok
17:21:12.0206 6004 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:21:12.0208 6004 amdide - ok
17:21:12.0235 6004 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:21:12.0237 6004 amdiox64 - ok
17:21:12.0266 6004 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:21:12.0268 6004 AmdK8 - ok
17:21:12.0490 6004 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:12.0675 6004 amdkmdag - ok
17:21:12.0701 6004 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
17:21:12.0706 6004 amdkmdap - ok
17:21:12.0754 6004 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:21:12.0756 6004 AODDriver4.01 - ok
17:21:12.0810 6004 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:21:12.0813 6004 arc - ok
17:21:12.0829 6004 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:21:12.0831 6004 arcsas - ok
17:21:12.0861 6004 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:12.0862 6004 AsyncMac - ok
17:21:12.0899 6004 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:21:12.0900 6004 atapi - ok
17:21:13.0120 6004 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:13.0237 6004 atikmdag - ok
17:21:13.0253 6004 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:21:13.0256 6004 AtiPcie - ok
17:21:13.0264 6004 ATP - ok
17:21:13.0318 6004 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:21:13.0320 6004 blbdrive - ok
17:21:13.0357 6004 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:21:13.0359 6004 bowser - ok
17:21:13.0386 6004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:21:13.0387 6004 BrFiltLo - ok
17:21:13.0407 6004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:21:13.0409 6004 BrFiltUp - ok
17:21:13.0439 6004 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:21:13.0441 6004 Brserid - ok
17:21:13.0463 6004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:21:13.0465 6004 BrSerWdm - ok
17:21:13.0486 6004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:21:13.0488 6004 BrUsbMdm - ok
17:21:13.0509 6004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:21:13.0511 6004 BrUsbSer - ok
17:21:13.0532 6004 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:21:13.0534 6004 BTHMODEM - ok
17:21:13.0551 6004 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:21:13.0554 6004 cdfs - ok
17:21:13.0586 6004 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:21:13.0589 6004 cdrom - ok
17:21:13.0616 6004 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
17:21:13.0618 6004 circlass - ok
17:21:13.0662 6004 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:21:13.0678 6004 CLFS - ok
17:21:13.0717 6004 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:21:13.0719 6004 cmdide - ok
17:21:13.0733 6004 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
17:21:13.0736 6004 Compbatt - ok
17:21:13.0768 6004 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:21:13.0769 6004 crcdisk - ok
17:21:13.0817 6004 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:21:13.0819 6004 DfsC - ok
17:21:13.0846 6004 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:21:13.0849 6004 disk - ok
17:21:13.0883 6004 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:21:13.0884 6004 drmkaud - ok
17:21:13.0924 6004 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:21:13.0941 6004 DXGKrnl - ok
17:21:13.0958 6004 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:21:13.0961 6004 E1G60 - ok
17:21:13.0969 6004 EagleX64 - ok
17:21:14.0003 6004 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:21:14.0006 6004 Ecache - ok
17:21:14.0054 6004 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:21:14.0060 6004 elxstor - ok
17:21:14.0088 6004 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:21:14.0089 6004 ErrDev - ok
17:21:14.0154 6004 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:21:14.0157 6004 exfat - ok
17:21:14.0200 6004 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:21:14.0203 6004 fastfat - ok
17:21:14.0222 6004 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:21:14.0223 6004 fdc - ok
17:21:14.0248 6004 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:21:14.0250 6004 FileInfo - ok
17:21:14.0273 6004 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:21:14.0275 6004 Filetrace - ok
17:21:14.0293 6004 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:14.0294 6004 flpydisk - ok
17:21:14.0323 6004 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:21:14.0328 6004 FltMgr - ok
17:21:14.0344 6004 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
17:21:14.0346 6004 Fs_Rec - ok
17:21:14.0372 6004 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:21:14.0374 6004 gagp30kx - ok
17:21:14.0408 6004 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:21:14.0410 6004 GEARAspiWDM - ok
17:21:14.0479 6004 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:21:14.0481 6004 hamachi - ok
17:21:14.0509 6004 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
17:21:14.0518 6004 HdAudAddService - ok
17:21:14.0563 6004 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:21:14.0589 6004 HDAudBus - ok
17:21:14.0622 6004 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:21:14.0624 6004 HidBth - ok
17:21:14.0640 6004 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
17:21:14.0642 6004 HidIr - ok
17:21:14.0682 6004 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:21:14.0684 6004 HidUsb - ok
17:21:14.0700 6004 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:21:14.0702 6004 HpCISSs - ok
17:21:14.0735 6004 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:21:14.0738 6004 HTCAND64 - ok
17:21:14.0769 6004 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
17:21:14.0771 6004 htcnprot - ok
17:21:14.0805 6004 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:21:14.0822 6004 HTTP - ok
17:21:14.0848 6004 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:21:14.0850 6004 i2omp - ok
17:21:14.0874 6004 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:21:14.0876 6004 i8042prt - ok
17:21:14.0904 6004 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:21:14.0911 6004 iaStorV - ok
17:21:14.0932 6004 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:21:14.0934 6004 iirsp - ok
17:21:15.0004 6004 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
17:21:15.0006 6004 int15 - ok
17:21:15.0015 6004 IntcAzAudAddService - ok
17:21:15.0029 6004 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:21:15.0031 6004 intelide - ok
17:21:15.0057 6004 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:21:15.0060 6004 intelppm - ok
17:21:15.0100 6004 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:21:15.0103 6004 IpFilterDriver - ok
17:21:15.0132 6004 IpInIp - ok
17:21:15.0164 6004 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:21:15.0168 6004 IPMIDRV - ok
17:21:15.0188 6004 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:21:15.0191 6004 IPNAT - ok
17:21:15.0217 6004 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:21:15.0219 6004 IRENUM - ok
17:21:15.0229 6004 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:21:15.0232 6004 isapnp - ok
17:21:15.0277 6004 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:21:15.0283 6004 iScsiPrt - ok
17:21:15.0310 6004 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:21:15.0313 6004 iteatapi - ok
17:21:15.0323 6004 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:21:15.0326 6004 iteraid - ok
17:21:15.0355 6004 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:21:15.0357 6004 kbdclass - ok
17:21:15.0427 6004 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
17:21:15.0429 6004 kbdhid - ok
17:21:15.0475 6004 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
17:21:15.0492 6004 KSecDD - ok
17:21:15.0504 6004 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:21:15.0506 6004 ksthunk - ok
17:21:15.0552 6004 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:21:15.0555 6004 lltdio - ok
17:21:15.0592 6004 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:21:15.0596 6004 LSI_FC - ok
17:21:15.0616 6004 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:21:15.0621 6004 LSI_SAS - ok
17:21:15.0640 6004 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:21:15.0644 6004 LSI_SCSI - ok
17:21:15.0669 6004 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:21:15.0674 6004 luafv - ok
17:21:15.0712 6004 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:21:15.0714 6004 MBAMProtector - ok
17:21:15.0764 6004 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:21:15.0767 6004 megasas - ok
17:21:15.0795 6004 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:21:15.0813 6004 MegaSR - ok
17:21:15.0853 6004 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\8A2A.tmp
17:21:15.0855 6004 MEMSWEEP2 - ok
17:21:15.0882 6004 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:21:15.0884 6004 Modem - ok
17:21:15.0914 6004 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:21:15.0916 6004 monitor - ok
17:21:15.0936 6004 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:21:15.0939 6004 mouclass - ok
17:21:15.0949 6004 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:21:15.0951 6004 mouhid - ok
17:21:15.0964 6004 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:21:15.0967 6004 MountMgr - ok
17:21:15.0994 6004 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:21:15.0998 6004 mpio - ok
17:21:16.0022 6004 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:21:16.0025 6004 mpsdrv - ok
17:21:16.0053 6004 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:21:16.0055 6004 Mraid35x - ok
17:21:16.0108 6004 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
17:21:16.0110 6004 MREMP50 - ok
17:21:16.0147 6004 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
17:21:16.0149 6004 MRESP50 - ok
17:21:16.0178 6004 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:21:16.0183 6004 MRxDAV - ok
17:21:16.0208 6004 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:21:16.0212 6004 mrxsmb - ok
17:21:16.0241 6004 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:21:16.0248 6004 mrxsmb10 - ok
17:21:16.0260 6004 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:21:16.0264 6004 mrxsmb20 - ok
17:21:16.0274 6004 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
17:21:16.0276 6004 msahci - ok
17:21:16.0303 6004 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:21:16.0307 6004 msdsm - ok
17:21:16.0344 6004 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:21:16.0346 6004 Msfs - ok
17:21:16.0355 6004 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:21:16.0358 6004 msisadrv - ok
17:21:16.0397 6004 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:21:16.0398 6004 MSKSSRV - ok
17:21:16.0443 6004 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:21:16.0444 6004 MSPCLOCK - ok
17:21:16.0461 6004 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:21:16.0462 6004 MSPQM - ok
17:21:16.0497 6004 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:21:16.0504 6004 MsRPC - ok
17:21:16.0530 6004 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:21:16.0532 6004 mssmbios - ok
17:21:16.0562 6004 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:21:16.0564 6004 MSTEE - ok
17:21:16.0576 6004 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:21:16.0579 6004 Mup - ok
17:21:16.0621 6004 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:21:16.0626 6004 NativeWifiP - ok
17:21:16.0671 6004 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:21:16.0688 6004 NDIS - ok
17:21:16.0796 6004 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:21:16.0857 6004 NdisTapi - ok
17:21:16.0965 6004 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:21:16.0967 6004 Ndisuio - ok
17:21:16.0991 6004 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:21:16.0996 6004 NdisWan - ok
17:21:17.0019 6004 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:21:17.0021 6004 NDProxy - ok
17:21:17.0033 6004 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:21:17.0036 6004 NetBIOS - ok
17:21:17.0066 6004 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:21:17.0072 6004 netbt - ok
17:21:17.0129 6004 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:21:17.0131 6004 nfrd960 - ok
17:21:17.0145 6004 Normandy - ok
17:21:17.0183 6004 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:21:17.0185 6004 Npfs - ok
17:21:17.0201 6004 NPPTNT2 - ok
17:21:17.0219 6004 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:21:17.0221 6004 nsiproxy - ok
17:21:17.0271 6004 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:21:17.0306 6004 Ntfs - ok
17:21:17.0323 6004 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:21:17.0325 6004 Null - ok
17:21:17.0348 6004 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:21:17.0352 6004 nvraid - ok
17:21:17.0372 6004 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:21:17.0374 6004 nvstor - ok
17:21:17.0398 6004 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:21:17.0401 6004 nv_agp - ok
17:21:17.0412 6004 NwlnkFlt - ok
17:21:17.0426 6004 NwlnkFwd - ok
17:21:17.0461 6004 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
17:21:17.0464 6004 ohci1394 - ok
17:21:17.0499 6004 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
17:21:17.0502 6004 Parport - ok
17:21:17.0531 6004 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:21:17.0534 6004 partmgr - ok
17:21:17.0570 6004 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:21:17.0574 6004 pci - ok
17:21:17.0598 6004 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
17:21:17.0600 6004 pciide - ok
17:21:17.0638 6004 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:21:17.0644 6004 pcmcia - ok
17:21:17.0685 6004 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:21:17.0705 6004 PEAUTH - ok
17:21:17.0790 6004 Ph3xIB64 (e9158fa6923e80bd57cf068ce9cddaa2) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
17:21:17.0825 6004 Ph3xIB64 - ok
17:21:17.0890 6004 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:21:17.0893 6004 PptpMiniport - ok
17:21:17.0904 6004 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
17:21:17.0907 6004 Processor - ok
17:21:17.0953 6004 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:21:17.0957 6004 PSched - ok
17:21:18.0009 6004 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:21:18.0043 6004 ql2300 - ok
17:21:18.0063 6004 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:21:18.0068 6004 ql40xx - ok
17:21:18.0101 6004 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:21:18.0104 6004 QWAVEdrv - ok
17:21:18.0114 6004 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:21:18.0116 6004 RasAcd - ok
17:21:18.0137 6004 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:18.0142 6004 Rasl2tp - ok
17:21:18.0181 6004 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:18.0184 6004 RasPppoe - ok
17:21:18.0209 6004 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:21:18.0212 6004 RasSstp - ok
17:21:18.0243 6004 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:21:18.0250 6004 rdbss - ok
17:21:18.0273 6004 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:18.0275 6004 RDPCDD - ok
17:21:18.0308 6004 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:21:18.0322 6004 rdpdr - ok
17:21:18.0332 6004 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:21:18.0334 6004 RDPENCDD - ok
17:21:18.0368 6004 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
17:21:18.0374 6004 RDPWD - ok
17:21:18.0429 6004 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:21:18.0432 6004 rspndr - ok
17:21:18.0466 6004 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys
17:21:18.0471 6004 RTHDMIAzAudService - ok
17:21:18.0493 6004 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
17:21:18.0496 6004 RTSTOR - ok
17:21:18.0536 6004 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:21:18.0538 6004 SASDIFSV - ok
17:21:18.0543 6004 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:21:18.0546 6004 SASKUTIL - ok
17:21:18.0572 6004 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:21:18.0576 6004 sbp2port - ok
17:21:18.0647 6004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:21:18.0649 6004 secdrv - ok
17:21:18.0669 6004 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
17:21:18.0672 6004 Serenum - ok
17:21:18.0696 6004 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
17:21:18.0700 6004 Serial - ok
17:21:18.0730 6004 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:21:18.0733 6004 sermouse - ok
17:21:18.0772 6004 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:21:18.0774 6004 sffdisk - ok
17:21:18.0791 6004 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:21:18.0793 6004 sffp_mmc - ok
17:21:18.0813 6004 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:21:18.0815 6004 sffp_sd - ok
17:21:18.0843 6004 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:21:18.0845 6004 sfloppy - ok
17:21:18.0871 6004 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:21:18.0873 6004 SiSRaid2 - ok
17:21:18.0895 6004 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:21:18.0898 6004 SiSRaid4 - ok
17:21:18.0945 6004 SmartDefragDriver (b68385fd0cb677a1bb3eab0beb2999b7) C:\Windows\system32\Drivers\SmartDefragDriver.sys
17:21:18.0947 6004 SmartDefragDriver - ok
17:21:18.0975 6004 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:21:18.0978 6004 Smb - ok
17:21:19.0024 6004 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:21:19.0027 6004 spldr - ok
17:21:19.0044 6004 sptd - ok
17:21:19.0087 6004 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:21:19.0105 6004 srv - ok
17:21:19.0150 6004 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:21:19.0155 6004 srv2 - ok
17:21:19.0198 6004 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:21:19.0203 6004 srvnet - ok
17:21:19.0257 6004 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:21:19.0259 6004 swenum - ok
17:21:19.0287 6004 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:21:19.0290 6004 Symc8xx - ok
17:21:19.0305 6004 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:21:19.0308 6004 Sym_hi - ok
17:21:19.0319 6004 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:21:19.0321 6004 Sym_u3 - ok
17:21:19.0364 6004 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
17:21:19.0379 6004 taphss - ok
17:21:19.0455 6004 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
17:21:19.0489 6004 Tcpip - ok
17:21:19.0551 6004 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
17:21:19.0572 6004 Tcpip6 - ok
17:21:19.0598 6004 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
17:21:19.0600 6004 tcpipreg - ok
17:21:19.0645 6004 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:21:19.0646 6004 TDPIPE - ok
17:21:19.0689 6004 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:21:19.0692 6004 TDTCP - ok
17:21:19.0725 6004 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:21:19.0729 6004 tdx - ok
17:21:19.0751 6004 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:21:19.0754 6004 TermDD - ok
17:21:19.0801 6004 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:19.0803 6004 tssecsrv - ok
17:21:19.0822 6004 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:21:19.0824 6004 tunmp - ok
17:21:19.0845 6004 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:21:19.0846 6004 tunnel - ok
17:21:19.0870 6004 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:21:19.0873 6004 uagp35 - ok
17:21:19.0919 6004 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:21:19.0926 6004 udfs - ok
17:21:19.0953 6004 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:21:19.0956 6004 uliagpkx - ok
17:21:19.0985 6004 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:21:19.0992 6004 uliahci - ok
17:21:20.0014 6004 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:21:20.0018 6004 UlSata - ok
17:21:20.0038 6004 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:21:20.0043 6004 ulsata2 - ok
17:21:20.0068 6004 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:21:20.0070 6004 umbus - ok
17:21:20.0098 6004 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
17:21:20.0100 6004 UMPass - ok
17:21:20.0137 6004 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:21:20.0140 6004 USBAAPL64 - ok
17:21:20.0175 6004 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
17:21:20.0178 6004 usbaudio - ok
17:21:20.0211 6004 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:20.0215 6004 usbccgp - ok
17:21:20.0241 6004 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:21:20.0244 6004 usbcir - ok
17:21:20.0277 6004 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:21:20.0279 6004 usbehci - ok
17:21:20.0298 6004 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:21:20.0307 6004 usbhub - ok
17:21:20.0327 6004 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
17:21:20.0329 6004 usbohci - ok
17:21:20.0361 6004 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:21:20.0363 6004 usbprint - ok
17:21:20.0406 6004 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:21:20.0409 6004 usbscan - ok
17:21:20.0450 6004 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:20.0453 6004 USBSTOR - ok
17:21:20.0503 6004 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:20.0505 6004 usbuhci - ok
17:21:20.0557 6004 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
17:21:20.0561 6004 usbvideo - ok
17:21:20.0584 6004 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
17:21:20.0587 6004 usb_rndisx - ok
17:21:20.0621 6004 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:20.0623 6004 vga - ok
17:21:20.0671 6004 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:21:20.0673 6004 VgaSave - ok
17:21:20.0695 6004 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:21:20.0698 6004 viaide - ok
17:21:20.0728 6004 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:21:20.0732 6004 volmgr - ok
17:21:20.0771 6004 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:21:20.0789 6004 volmgrx - ok
17:21:20.0811 6004 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:21:20.0819 6004 volsnap - ok
17:21:20.0844 6004 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:21:20.0849 6004 vsmraid - ok
17:21:20.0902 6004 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:21:20.0905 6004 WacomPen - ok
17:21:20.0940 6004 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:20.0944 6004 Wanarp - ok
17:21:20.0955 6004 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:20.0957 6004 Wanarpv6 - ok
17:21:20.0979 6004 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:21:20.0981 6004 Wd - ok
17:21:21.0018 6004 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
17:21:21.0044 6004 Wdf01000 - ok
17:21:21.0150 6004 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
17:21:21.0152 6004 WmiAcpi - ok
17:21:21.0219 6004 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:21:21.0221 6004 WpdUsb - ok
17:21:21.0246 6004 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:21:21.0248 6004 ws2ifsl - ok
17:21:21.0290 6004 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:21.0294 6004 WUDFRd - ok
17:21:21.0359 6004 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
17:21:21.0386 6004 xnacc - ok
17:21:21.0431 6004 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
17:21:21.0434 6004 xusb21 - ok
17:21:21.0477 6004 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
17:21:21.0495 6004 yukonx64 - ok
17:21:21.0528 6004 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0
17:21:25.0678 6004 \Device\Harddisk0\DR0 - ok
17:21:25.0691 6004 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR11
17:21:25.0698 6004 \Device\Harddisk5\DR11 - ok
17:21:25.0716 6004 Boot (0x1200) (4095eb59d8b26087687d26edc79b90c5) \Device\Harddisk0\DR0\Partition0
17:21:25.0717 6004 \Device\Harddisk0\DR0\Partition0 - ok
17:21:25.0728 6004 Boot (0x1200) (22fdabb13c4f889e16080a6b671ef73b) \Device\Harddisk5\DR11\Partition0
17:21:25.0730 6004 \Device\Harddisk5\DR11\Partition0 - ok
17:21:25.0731 6004 ============================================================
17:21:25.0731 6004 Scan finished
17:21:25.0731 6004 ============================================================
17:21:25.0753 2344 Detected object count: 0
17:21:25.0754 2344 Actual detected object count: 0

Edited by Rewster, 03 February 2012 - 06:23 PM.


#6 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 03 February 2012 - 10:01 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 17:22:36
-----------------------------
17:22:36.665 OS Version: Windows x64 6.0.6002 Service Pack 2
17:22:36.665 Number of processors: 4 586 0x203
17:22:36.665 ComputerName: HOME-PC UserName: home
17:22:39.131 Initialize success
17:24:24.807 AVAST engine defs: 12020301
17:25:53.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:25:53.525 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
17:25:53.540 Disk 0 MBR read successfully
17:25:53.543 Disk 0 MBR scan
17:25:53.548 Disk 0 unknown MBR code
17:25:53.552 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
17:25:53.569 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096
17:25:53.577 Service scanning
17:25:54.921 Modules scanning
17:25:54.926 Disk 0 trace - called modules:
17:25:54.932 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:25:54.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004854060]
17:25:54.942 3 CLASSPNP.SYS[fffffa6000dcac33] -> nt!IofCallDriver -> [0xfffffa8004845520]
17:25:54.947 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004840940]
17:25:56.794 AVAST engine scan C:\Windows
17:26:02.744 AVAST engine scan C:\Windows\system32
17:30:32.222 AVAST engine scan C:\Windows\system32\drivers
17:30:57.736 AVAST engine scan C:\Users\home
17:43:28.278 Disk 0 MBR has been saved successfully to "C:\Users\home\Documents\MBR.dat"
17:43:28.287 The log file has been saved successfully to "C:\Users\home\Documents\aswMBR.txt"
18:19:13.285 AVAST engine scan C:\ProgramData
18:23:36.130 Scan finished successfully
20:01:34.029 Disk 0 MBR has been saved successfully to "C:\Users\home\Documents\MBR.dat"
20:01:34.050 The log file has been saved successfully to "C:\Users\home\Documents\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   487bytes   0 downloads

Edited by Rewster, 03 February 2012 - 10:01 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 PM

Posted 04 February 2012 - 09:12 AM

.
In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:9421 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#8 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 04 February 2012 - 08:07 PM

I just now found out a few minutes ago about something with a family member, but I don't know the full details yet. So, I may or may not be able to post for a couple days because of family issues.



ComboFix 12-02-05.01 - home 02/04/2012 17:58:20.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1527 [GMT -6:00]
Running from: c:\users\home\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\home\AppData\Local\Windows Server
c:\users\home\AppData\Local\Windows Server\server.dat
c:\users\home\AppData\Roaming\Dyyno
c:\users\home\AppData\Roaming\Dyyno\dyyno.xml
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 00:26 . 2012-02-05 00:26 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-02-05 00:26 . 2012-02-05 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 23:58 . 2012-02-02 00:44 -------- d-----w- c:\users\home\AppData\Roaming\GameTracker
2012-02-01 23:58 . 2012-02-01 23:58 -------- d-----w- c:\program files (x86)\GameTracker
2012-02-01 05:54 . 2012-02-01 05:54 709968 ----a-w- c:\windows\isRS-000.tmp
2012-02-01 03:42 . 2012-02-01 03:42 -------- d-----w- c:\program files (x86)\BitTorrent
2012-02-01 03:41 . 2012-02-01 06:12 -------- d-----w- c:\users\home\AppData\Roaming\BitTorrent
2012-01-29 21:43 . 2012-01-29 21:43 -------- d-----w- c:\users\home\AppData\Roaming\f-secure
2012-01-29 16:42 . 2012-01-29 16:42 -------- d-----w- c:\users\home\AppData\Local\Deployment
2012-01-29 16:42 . 2012-01-29 16:42 -------- d-----w- c:\users\home\AppData\Local\Apps
2012-01-27 02:54 . 2012-01-30 00:57 -------- d-----w- c:\program files (x86)\HyperCam 3
2012-01-27 01:24 . 2012-01-27 01:24 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-01-27 00:42 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-26 23:29 . 2001-11-12 02:34 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2012-01-22 23:57 . 2012-01-22 23:57 -------- d-----w- c:\programdata\NCH Software
2012-01-22 23:57 . 2012-01-22 23:57 -------- d-----w- c:\program files (x86)\NCH Software
2012-01-22 19:00 . 2012-01-22 19:00 -------- d-----w- C:\Games
2012-01-22 18:58 . 2012-01-22 18:58 -------- d-----w- c:\users\home\AppData\Local\Black_Tree_Gaming
2012-01-22 18:58 . 2012-01-22 18:58 -------- d-----w- c:\program files\Nexus Mod Manager
2012-01-22 04:05 . 2012-01-22 04:05 40960 ----a-r- c:\users\home\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-01-22 04:05 . 2012-01-22 04:05 40960 ----a-r- c:\users\home\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-01-21 01:18 . 2011-12-30 23:02 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-18 03:00 . 2012-01-18 03:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-01-16 05:09 . 2012-01-16 05:10 -------- d-----w- c:\program files (x86)\Ask.com
2012-01-16 05:09 . 2012-01-16 05:09 -------- d-----w- c:\users\home\AppData\Local\APN
2012-01-16 05:09 . 2012-01-16 05:11 -------- d-----w- c:\programdata\Video2Webcam
2012-01-16 05:09 . 2012-01-16 05:09 -------- d-----w- c:\users\home\AppData\Roaming\Video2Webcam
2012-01-16 05:09 . 2010-04-17 14:31 1053056 ----a-w- c:\windows\SysWow64\drivers\V2WCDRV.sys
2012-01-16 03:19 . 2012-01-16 03:19 -------- d-----w- c:\programdata\YouTube Downloader
2012-01-16 03:19 . 2012-01-16 03:19 -------- d-----w- c:\program files (x86)\YouTube Downloader
2012-01-15 20:52 . 2012-01-15 20:52 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2012-01-15 20:52 . 2012-01-15 20:52 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2012-01-15 20:52 . 2012-01-15 20:52 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2012-01-15 16:48 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 16:48 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 16:48 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-15 16:48 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 16:48 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 16:48 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 16:48 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-15 16:48 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-15 16:48 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 23:48 . 2012-01-11 23:49 -------- d-----w- c:\users\iphone
2012-01-11 23:02 . 2012-01-11 23:02 -------- d-----w- c:\program files\iPod
2012-01-11 23:02 . 2012-01-11 23:03 -------- d-----w- c:\program files\iTunes
2012-01-11 23:02 . 2012-01-11 23:03 -------- d-----w- c:\program files (x86)\iTunes
2012-01-11 05:05 . 2012-01-11 05:05 -------- d-----w- c:\users\home\AppData\Roaming\AnvSoft
2012-01-09 05:17 . 2012-01-09 05:18 -------- d-----w- C:\.Creative-Scape.com
2012-01-08 18:31 . 2012-01-08 19:06 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-01-08 18:30 . 2012-01-08 18:30 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-01-07 01:00 . 2012-01-07 01:06 -------- d-----w- c:\users\home\AppData\Roaming\redsn0w
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 06:52 . 2009-10-03 16:56 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 19:23 . 2011-05-19 22:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-20 00:59 . 2011-12-20 00:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-20 00:59 . 2011-12-20 00:59 42224 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-20 00:59 . 2011-12-20 00:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-20 00:58 . 2011-12-20 00:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-20 00:58 . 2011-12-20 00:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-20 00:58 . 2011-12-20 00:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-15 01:50 . 2011-12-15 01:50 62552 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2011-12-04 01:45 . 2010-09-03 02:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-23 13:57 . 2011-12-30 05:09 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 00:00 . 2011-11-13 00:00 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-10 04:39 . 2011-11-10 04:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-10 04:39 . 2011-11-10 04:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-10 04:39 . 2011-11-10 04:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-10 04:39 . 2011-11-10 04:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-10 04:39 . 2011-11-10 04:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-10 04:38 . 2011-11-10 04:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-10 04:37 . 2011-11-10 04:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 04:37 . 2011-11-10 04:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2011-11-10 03:16 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2011-11-10 03:15 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2011-11-10 03:06 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2011-11-10 02:51 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2011-11-10 02:40 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2011-11-10 02:33 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2011-11-10 02:29 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 02:24 . 2011-11-10 02:24 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 02:18 . 2011-01-08 19:07 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2011-11-10 02:11 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2011-11-10 02:11 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 02:11 . 2011-01-08 19:11 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 02:11 . 2011-01-08 19:13 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 02:11 . 2011-01-08 19:07 45056 ----a-w- c:\windows\system32\atitmp64.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-08 14:58 . 2011-12-30 05:09 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-30 05:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-09-01 01:29 110208 ----a-w- c:\program files (x86)\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files (x86)\ToolKitService\toolbar_v2.dll" [2011-11-04 851600]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\home\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-02-01 6056304]
"GameTracker"="c:\program files (x86)\GameTracker\GTLite.exe" [2011-11-09 4018448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"ApnUpdater"="c:\program files (x86)\ask.com\updater\updater.exe" [2012-01-03 1391272]
"iTunesHelper"="c:\program files (x86)\itunes\ituneshelper.exe" [2011-12-08 421736]
"APSDaemon"="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" [2011-11-02 59240]
"ATICustomerCare"="c:\program files (x86)\ati\aticustomercare\aticustomercare.exe" [2010-05-04 311296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000va.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 04:59]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 04:59]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000Core.job
- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-13 16:02]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000UA.job
- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-13 16:02]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1005Core.job
- c:\users\iphone\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 04:32]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1005UA.job
- c:\users\iphone\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0309&m=dx4200-09
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
TCP: Interfaces\{456A550C-9587-4D8B-8F84-21643FF07297}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{474ED958-0284-48BC-8A90-641738FB0BC7}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{84B60BFD-472E-44F5-B9D0-CDCD8A29C728}: NameServer = 8.26.56.26,156.154.70.22
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
SafeBoot-drmkaud
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
HKLM-Run-Windows Defender - c:\program files (x86)\windows defender\msascui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8A2A.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,8f,4a,9a,c4,d0,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\GameTracker\GSInGameService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\MHotKey.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2012-02-04 19:02:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-05 01:02
.
Pre-Run: 330,602,082,304 bytes free
Post-Run: 331,420,950,528 bytes free
.
- - End Of File - - 5C642C027CFAC8BB037502BF48B326FB


Results of screen317's Security Check version 0.99.30
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java™ SE Development Kit 6 Update 14
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 PM

Posted 05 February 2012 - 09:38 AM

Your ComboFix log is clean.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29
Java™ SE Development Kit 6 Update 14


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know if your problem persists.

I understand your present situation.
Should this topic be closed when you return please send me a personal message and I will re open the topic.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 PM

Posted 12 February 2012 - 08:50 AM

Are you still with me?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 PM

Posted 23 February 2012 - 08:44 AM

Topic reopened.

#12 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 23 February 2012 - 10:32 PM

All the programs have been updated.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 PM

Posted 24 February 2012 - 10:03 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 PM

Posted 01 March 2012 - 10:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users