Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall down, ran ComboFix


  • This topic is locked This topic is locked
130 replies to this topic

#31 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 09:42 AM

I'm back at it. The missing %hs seems to be attributed mostly to AVG but I don't have that program.

I've run Win 7 repair from the win 7 disk. Repair wants to restore from an earlier restore point. I'm waiting that to finish. I hope I have jumped the wrong gun by not waiting for your instructions.

BC AdBot (Login to Remove)

 


#32 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 09:55 AM

Win 7 has started up now. Asked for login then hung at a bright teal colored blank screen with no mouse. Never seen that one before. Ive rebooted again now to safe boot successfully.

#33 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 10:12 AM

I checked this and found the consrv dll entry and I think that's a virus dll.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SubSystems

Under theses keys, i edited the data in the Value Name “Windows”, changing the text “consrv” to “winsrv”.

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

I have bolded the entry that previously said “consrv”.

It's rebooting now

#34 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 10:24 AM

IWindows is back up and running where it was before the last combo fix run so I'll stop here and wait for you. The only app running is malwarebytes which is busy blocking a nonstop pinging of my ports.

I'll post last nights combo fix log for you.

#35 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 10:27 AM

Here's last night's ;last combofix long. It doesn't look like it made it to the end

ComboFix 12-02-09.04 - rpbale 02/10/2012 22:39:43.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6134.4087 [GMT -5:00]
Running from: C:\Users\rpbale\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\cfg.ini
C:\Windows\system32\consrv.dll


((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))


2012-02-11 03:48:11 . 2012-02-11 04:02:30 -------- d-----w- C:\Users\rpbale\AppData\Local\temp
2012-02-11 03:48:11 . 2012-02-11 03:48:11 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-02-11 03:48:11 . 2012-02-11 03:48:11 -------- d-----w- C:\Users\Classic .NET AppPool\AppData\Local\temp
2012-02-10 01:29:52 . 2012-02-10 01:29:52 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-08 04:42:50 . 2012-02-08 04:42:50 -------- d-----w- C:\$WINDOWS.~LS
2012-02-08 02:30:41 . 2012-02-08 07:02:08 -------- d-----w- C:\Users\rpbale\AppData\Local\Mozilla Firefox
2012-02-06 03:44:59 . 2012-02-08 07:02:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-06 03:44:59 . 2012-02-06 03:51:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-06 03:06:44 . 2012-02-06 03:06:50 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-02-06 02:32:58 . 2012-02-08 06:56:47 -------- d-----w- C:\Users\rpbale\AppData\Roaming\Malwarebytes
2012-02-06 02:32:53 . 2012-02-06 02:32:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-06 02:32:52 . 2012-02-06 02:32:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-06 02:32:52 . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-02-05 22:13:30 . 2012-02-05 22:13:30 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-02-05 19:31:31 . 2012-02-05 19:31:31 -------- d-----r- C:\Users\rpbale\My Pictures
2012-02-05 19:30:50 . 2012-02-05 19:30:50 -------- d-----r- C:\Users\rpbale\My Video
2012-02-05 19:30:05 . 2012-02-08 04:42:05 -------- d-----r- C:\Users\rpbale\My Music
2012-02-05 17:33:10 . 2012-02-05 17:33:10 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2012-02-05 16:55:11 . 2012-02-08 07:02:47 -------- d-----w- C:\Users\DefaultAppPool
2012-02-05 16:31:21 . 2012-02-11 04:00:55 0 --sha-w- C:\Windows\system32\dds_trash_log.cmd
2012-02-05 07:16:43 . 2012-02-10 00:30:32 -------- d-----w- C:\Windows\system32\MpEngineStore
2012-02-05 06:33:53 . 2012-02-05 06:33:53 -------- d-----w- C:\Users\rpbale\AppData\Roaming\McAfee
2012-02-05 06:17:32 . 2011-12-06 22:22:38 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-02-05 00:02:28 . 2011-03-13 16:45:12 158832 ----a-w- C:\Windows\system32\mfevtps.exe.a138.deleteme
2012-02-04 23:57:16 . 2012-02-04 23:57:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-04 20:16:33 . 2012-02-11 02:00:36 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-04 20:16:33 . 2012-02-11 02:00:36 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-02-04 17:45:48 . 2012-02-05 02:42:00 -------- d-----w- C:\Program Files (x86)\BreezeSys
2012-01-26 00:31:43 . 2012-01-26 00:32:05 -------- d-----w- C:\Program Files\iTunes
2012-01-26 00:31:43 . 2012-01-26 00:32:05 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-26 00:31:43 . 2012-01-26 00:31:43 -------- d-----w- C:\Program Files\iPod
2012-01-25 00:24:59 . 2012-01-25 00:24:59 -------- d-----w- C:\Program Files\DIFX
2012-01-25 00:23:12 . 2012-01-21 02:05:30 85384 ----a-w- C:\Windows\system32\drivers\ftser2k.sys
2012-01-25 00:23:12 . 2012-01-21 02:05:30 74504 ----a-w- C:\Windows\system32\drivers\ftdibus.sys
2012-01-25 00:23:12 . 2012-01-21 02:05:30 65416 ----a-w- C:\Windows\system32\ftcserco.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 55176 ----a-w- C:\Windows\system32\ftserui2.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 237448 ----a-w- C:\Windows\system32\ftd2xx.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 214920 ----a-w- C:\Windows\system32\FTLang.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 203144 ----a-w- C:\Windows\SysWow64\ftd2xx.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 108936 ----a-w- C:\Windows\system32\ftbusui.dll
2012-01-25 00:23:11 . 2012-02-05 02:59:14 -------- d-----w- C:\Program Files\FAMC
2012-01-22 04:45:11 . 2012-01-27 01:21:30 -------- d-----w- C:\Users\rpbale\AppData\Local\Eclipse
2012-01-22 04:45:02 . 2012-01-22 04:45:02 -------- d-----w- C:\Users\rpbale\eclipse
2012-01-22 04:42:36 . 2012-01-27 01:21:07 -------- d-----w- C:\Program Files (x86)\eclipse
2012-01-15 21:13:32 . 2012-01-15 21:13:32 -------- d-----w- C:\Users\rpbale\AppData\Local\Geckofx
2012-01-15 20:11:26 . 2012-01-15 20:12:53 -------- d-sh--w- C:\ProgramData\{67AB9237-55B9-46D5-A72F-EACBA312AF4D}
2012-01-15 20:11:20 . 2012-01-15 20:11:20 -------- d-----w- C:\Users\rpbale\AppData\Roaming\NuSphere
2012-01-15 20:10:36 . 2012-01-15 20:10:36 -------- d-----w- C:\ProgramData\PHP
2012-01-15 20:09:52 . 2004-04-23 23:01:00 297984 ----a-w- C:\Windows\SysWow64\midas.dll
2012-01-15 20:09:35 . 2012-01-15 20:09:35 -------- d-----w- C:\Program Files (x86)\NuSphere
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-04 02:30:13 . 2011-03-28 23:36:46 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-30 07:21:30 . 2012-01-07 04:29:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4545DF22-D08E-46CC-BA50-483DFEC1051F}\mpengine.dll
2011-11-24 04:52:09 . 2012-01-04 21:47:00 3145216 ----a-w- C:\Windows\system32\win32k.sys
2011-11-18 23:20:23 . 2011-05-24 21:42:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 . 2010-11-21 03:27:21 270720 ------w- C:\Windows\system32\MpSigStub.exe


((((((((((((((((((((((((((((( SnapShot@2012-02-10_11.48.55 )))))))))))))))))))))))))))))))))))))))))

+ 2012-02-04 06:05:43 . 2012-02-11 01:46:42 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-04 06:05:43 . 2012-02-10 00:20:30 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-11 00:40:25 . 2012-02-11 01:35:03 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021020120211\index.dat
+ 2012-02-04 06:05:13 . 2012-02-11 01:46:42 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-04 06:05:13 . 2012-02-10 00:20:30 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09:11 . 2012-02-11 02:28:05 46642 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-02-11 04:03:03 83424 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-27 23:18:29 . 2012-02-11 02:28:04 13560 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-569467350-2139942415-1418797395-1000_UserData.bin
+ 2011-04-25 12:32:13 . 2012-02-11 02:25:04 49152 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-25 12:32:13 . 2012-02-10 00:42:13 49152 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-25 12:32:13 . 2012-02-10 00:42:13 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-25 12:32:13 . 2012-02-11 02:25:04 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54:19 . 2012-02-11 02:25:04 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54:19 . 2012-02-10 00:42:13 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46:26 . 2012-02-11 03:02:48 93056 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-04-28 01:07:41 . 2012-02-11 03:05:17 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-28 01:07:41 . 2012-02-10 11:11:19 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-28 01:07:41 . 2012-02-10 11:11:19 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-28 01:07:41 . 2012-02-11 03:05:17 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 17:55:28 . 2011-06-06 17:55:28 73624 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 17304 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55:32 . 2011-06-06 17:55:32 35736 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 88992 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55:32 . 2011-06-06 17:55:32 94608 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55:28 . 2011-06-06 17:55:28 64952 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 49064 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55:32 . 2011-06-06 17:55:32 17824 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 64928 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 63384 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2012-02-09 02:20:05 . 2012-02-10 11:47:49 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-11 02:25:03 . 2012-02-11 04:00:42 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-11 02:25:03 . 2012-02-11 04:00:42 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-09 02:20:05 . 2012-02-10 11:47:49 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54:17 . 2012-02-11 04:00:50 409600 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36:59 . 2012-02-10 00:45:54 771570 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-02-11 02:39:26 771570 C:\Windows\system32\perfh009.dat
- 2009-07-14 02:36:59 . 2012-02-10 00:45:54 166974 C:\Windows\system32\perfc009.dat
+ 2009-07-14 02:36:59 . 2012-02-11 02:39:26 166974 C:\Windows\system32\perfc009.dat
+ 2009-07-14 05:12:52 . 2012-02-11 02:25:04 262144 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12:52 . 2012-02-10 00:10:29 262144 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01:48 . 2012-02-11 02:23:01 521132 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01:48 . 2012-02-09 02:12:00 521132 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-06 17:55:28 . 2011-06-06 17:55:28 249232 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 394136 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 183696 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55:32 . 2011-06-06 17:55:32 104344 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55:32 . 2011-06-06 17:55:32 102808 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55:32 . 2011-06-06 17:55:32 755088 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55:28 . 2011-06-06 17:55:28 296344 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 205720 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2009-07-14 04:54:17 . 2012-02-11 04:00:50 6537216 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:17 . 2012-02-10 11:48:20 6537216 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45:55 . 2012-02-08 11:59:46 7087808 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45:55 . 2012-02-10 21:38:50 7087808 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-06 20:45:15 . 2011-06-06 20:45:15 2318848 C:\Windows\Installer\223edc6.msi
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 2215312 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55:32 . 2011-06-06 17:55:32 1189004 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 17:55:28 . 2011-06-06 17:55:28 6543768 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 1240992 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 1480600 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2009-07-14 04:54:17 . 2012-02-11 04:00:50 16187392 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54:17 . 2012-02-10 11:48:20 16187392 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-27 23:52:06 . 2012-02-11 02:23:02 14825655 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-569467350-2139942415-1418797395-1000-12288.dat
+ 2012-01-03 17:44:25 . 2012-01-03 17:44:25 15929344 C:\Windows\Installer\223edc7.msp
+ 2011-06-06 17:55:30 . 2011-06-06 17:55:30 24731544 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-10-29 23:04:48 1005712 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-10-29 23:04:48 1005712 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-10-29 23:04:48 1005712 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]
"AnyDVD"="C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 15:17:41 5389944]
"3xAV"="C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe" [2011-10-10 15:28:36 917096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-09-27 23:20:28 222504]
"UpdatePPShortCut"="C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 02:16:16 222504]
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 02:16:16 222504]
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 02:16:16 222504]
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 01:21:32 218408]
"StereoLinksInstall"="C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" [2010-04-28 20:21:00 521832]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 18:28:52 421888]
"MDS_Menu"="C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 18:40:48 218408]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 19:53:18 460872]
"M-Audio Taskbar Icon"="C:\Windows\system32\DeltaIITray.exe" [2009-07-27 17:44:58 236040]
"LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 22:35:22 165208]
"LGODDFU"="C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-24 02:07:30 557056]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 22:22:12 421736]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 14:12:12 976320]
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 17:47:00 103720]
"Carbonite Backup"="C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-10-29 23:04:48 1063056]
"BDRegion"="C:\Program Files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 08:30:52 75048]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 04:25:58 59240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-4-1 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/23 22:03:32;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-08-26 21:30:54 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 00:08:19 136176]
R2 XAMPP;XAMPP Service;N:\xampp\service.exe [2007-12-21 02:01:02 60928]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 16:14:30 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 00:08:19 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-06-12 15:15:00 31125880]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 17:37:14 517096]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 22:49:06 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976]
R4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 02:06:04 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 18:57:48 21880]
S2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-12-15 19:18:54 87368]
S2 FlowFinder3MonstersAE64;FlowFinder3MonstersAE64;C:\Program Files\GenArts\Monsters-AE64\bin\FlowFinder3MonstersAE64.exe [2010-06-03 22:33:28 751104]
S2 GJService;Game Jackal Server;C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe [2011-09-06 06:33:56 3547648]
S2 JawsServerAE64;JawsServerAE64;C:\Program Files (x86)\GenArts\Monsters-AE64\bin\JawsServerAE64.exe [2010-06-03 17:09:42 393216]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 22:45:16 197976]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 19:53:18 652360]
S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 21:00:14 214896]
S2 RLM-GenArts;RLM-GenArts;C:\Program Files (x86)\GenArts\rlm\rlm.exe [2010-06-03 15:13:04 1540096]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 20:31:10 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-28 20:21:00 240232]
S2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2009-10-21 16:25:24 262416]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [x]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys [x]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\Windows\system32\DRIVERS\MAudioDelta.sys [x]
S3 FFUsbAudio;Focusrite USB Audio Driver;C:\Windows\system32\DRIVERS\ffusbaudio.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys [x]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\system32\DRIVERS\lvsels64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MaplomL;MaplomL; [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-05-03 20:36:58 14440]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - RTCORE64
*Deregistered* - CLKMDRV10_9EC60124

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 17:43:02 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24:03 302592 ----a-w- C:\Windows\System32\cmd.exe

Contents of the 'Scheduled Tasks' folder

2012-02-11 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 00:08:20 . 2011-05-03 00:08:19]

2012-02-11 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 00:08:20 . 2011-05-03 00:08:19]

2012-02-10 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-569467350-2139942415-1418797395-1000Core.job
- C:\Users\rpbale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 12:53:32 . 2011-05-03 05:13:25]

2012-02-11 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-569467350-2139942415-1418797395-1000UA.job
- C:\Users\rpbale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 12:53:32 . 2011-05-03 05:13:25]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-10-29 22:57:56 1271440 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-10-29 22:57:56 1271440 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-10-29 22:57:56 1271440 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 23:28:14 1680976]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 12:46:38 499608]
"combofix"="C:\ComboFix\CF2789.3XE" [2010-11-21 03:23:55 345088]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ssrtln
acdpowerservice
nimcdfxk

#36 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 10:38 AM

I see that ComboFix deleted consrv.dll No wonder it didn't restart since the registry was still trying to load it. It was almost a perfect deletion.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\system32\consrv.dll

#37 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 11 February 2012 - 11:57 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#38 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 12:03 PM

12:01:12.0250 5088 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
12:01:12.0672 5088 ============================================================
12:01:12.0672 5088 Current date / time: 2012/02/11 12:01:12.0672
12:01:12.0672 5088 SystemInfo:
12:01:12.0672 5088
12:01:12.0672 5088 OS Version: 6.1.7601 ServicePack: 1.0
12:01:12.0672 5088 Product type: Workstation
12:01:12.0672 5088 ComputerName: RICK
12:01:12.0672 5088 UserName: rpbale
12:01:12.0672 5088 Windows directory: C:\Windows
12:01:12.0672 5088 System windows directory: C:\Windows
12:01:12.0672 5088 Running under WOW64
12:01:12.0672 5088 Processor architecture: Intel x64
12:01:12.0672 5088 Number of processors: 8
12:01:12.0672 5088 Page size: 0x1000
12:01:12.0672 5088 Boot type: Normal boot
12:01:12.0672 5088 ============================================================
12:01:13.0989 5088 Drive \Device\Harddisk0\DR0 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:01:14.0002 5088 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:01:14.0020 5088 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:01:14.0020 5088 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:01:14.0032 5088 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:01:14.0050 5088 Drive \Device\Harddisk6\DR6 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:01:14.0053 5088 \Device\Harddisk0\DR0:
12:01:14.0053 5088 MBR used
12:01:14.0053 5088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EF2A84
12:01:14.0053 5088 \Device\Harddisk1\DR1:
12:01:14.0053 5088 MBR used
12:01:14.0053 5088 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
12:01:14.0053 5088 \Device\Harddisk2\DR2:
12:01:14.0053 5088 MBR used
12:01:14.0053 5088 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:01:14.0053 5088 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x1D1C06C0, BlocksNum 0x1D1C4581
12:01:14.0053 5088 \Device\Harddisk3\DR3:
12:01:14.0053 5088 MBR used
12:01:14.0053 5088 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C5FC351
12:01:14.0053 5088 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x4C5FC390, BlocksNum 0x28109631
12:01:14.0053 5088 \Device\Harddisk4\DR4:
12:01:14.0053 5088 MBR used
12:01:14.0061 5088 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x74701AC1
12:01:14.0061 5088 \Device\Harddisk6\DR6:
12:01:14.0061 5088 MBR used
12:01:14.0061 5088 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEEF800
12:01:14.0245 5088 Initialize success
12:01:14.0245 5088 ============================================================
12:01:22.0514 4884 ============================================================
12:01:22.0514 4884 Scan started
12:01:22.0514 4884 Mode: Manual;
12:01:22.0514 4884 ============================================================
12:01:23.0569 4884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:01:23.0577 4884 1394ohci - ok
12:01:23.0643 4884 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
12:01:23.0644 4884 61883 - ok
12:01:23.0704 4884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:01:23.0720 4884 ACPI - ok
12:01:23.0748 4884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:01:23.0748 4884 AcpiPmi - ok
12:01:23.0791 4884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:01:23.0809 4884 adp94xx - ok
12:01:23.0851 4884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:01:23.0868 4884 adpahci - ok
12:01:23.0908 4884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:01:23.0916 4884 adpu320 - ok
12:01:24.0012 4884 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:01:24.0029 4884 AFD - ok
12:01:24.0063 4884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:01:24.0064 4884 agp440 - ok
12:01:24.0102 4884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:01:24.0102 4884 aliide - ok
12:01:24.0135 4884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:01:24.0136 4884 amdide - ok
12:01:24.0164 4884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:01:24.0165 4884 AmdK8 - ok
12:01:24.0202 4884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:01:24.0203 4884 AmdPPM - ok
12:01:24.0261 4884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:01:24.0262 4884 amdsata - ok
12:01:24.0315 4884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:01:24.0323 4884 amdsbs - ok
12:01:24.0362 4884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:01:24.0363 4884 amdxata - ok
12:01:24.0454 4884 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
12:01:24.0463 4884 AnyDVD - ok
12:01:24.0550 4884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:01:24.0551 4884 AppID - ok
12:01:24.0623 4884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:01:24.0624 4884 arc - ok
12:01:24.0660 4884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:01:24.0661 4884 arcsas - ok
12:01:24.0694 4884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:24.0695 4884 AsyncMac - ok
12:01:24.0720 4884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:01:24.0720 4884 atapi - ok
12:01:24.0794 4884 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
12:01:24.0795 4884 Avc - ok
12:01:24.0843 4884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:01:24.0861 4884 b06bdrv - ok
12:01:24.0956 4884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:01:24.0981 4884 b57nd60a - ok
12:01:25.0051 4884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:01:25.0052 4884 Beep - ok
12:01:25.0100 4884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:01:25.0101 4884 blbdrive - ok
12:01:25.0175 4884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:01:25.0176 4884 bowser - ok
12:01:25.0201 4884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:01:25.0201 4884 BrFiltLo - ok
12:01:25.0246 4884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:01:25.0247 4884 BrFiltUp - ok
12:01:25.0299 4884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:01:25.0300 4884 BridgeMP - ok
12:01:25.0341 4884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:01:25.0350 4884 Brserid - ok
12:01:25.0399 4884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:01:25.0400 4884 BrSerWdm - ok
12:01:25.0452 4884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:01:25.0452 4884 BrUsbMdm - ok
12:01:25.0487 4884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:01:25.0488 4884 BrUsbSer - ok
12:01:25.0535 4884 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:01:25.0536 4884 BthEnum - ok
12:01:25.0569 4884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:01:25.0570 4884 BTHMODEM - ok
12:01:25.0618 4884 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:01:25.0619 4884 BthPan - ok
12:01:25.0662 4884 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:01:25.0679 4884 BTHPORT - ok
12:01:25.0704 4884 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:01:25.0705 4884 BTHUSB - ok
12:01:25.0748 4884 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
12:01:25.0749 4884 btusbflt - ok
12:01:25.0820 4884 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
12:01:25.0821 4884 BVRPMPR5a64 - ok
12:01:25.0957 4884 catchme - ok
12:01:26.0005 4884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:01:26.0006 4884 cdfs - ok
12:01:26.0043 4884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:01:26.0060 4884 cdrom - ok
12:01:26.0093 4884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:01:26.0094 4884 circlass - ok
12:01:26.0179 4884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:01:26.0195 4884 CLFS - ok
12:01:26.0280 4884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:01:26.0280 4884 CmBatt - ok
12:01:26.0316 4884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:01:26.0316 4884 cmdide - ok
12:01:26.0372 4884 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:01:26.0389 4884 CNG - ok
12:01:26.0422 4884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:01:26.0422 4884 Compbatt - ok
12:01:26.0493 4884 CompFilter64 (41f879d9d141cdce729d87ba0e95f731) C:\Windows\system32\DRIVERS\lvbflt64.sys
12:01:26.0493 4884 CompFilter64 - ok
12:01:26.0527 4884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:01:26.0528 4884 CompositeBus - ok
12:01:26.0564 4884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:01:26.0565 4884 crcdisk - ok
12:01:26.0627 4884 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:01:26.0644 4884 CSC - ok
12:01:26.0694 4884 DELTAII (877c5f051024231f5774bf8184c78d4a) C:\Windows\system32\DRIVERS\MAudioDelta.sys
12:01:26.0711 4884 DELTAII - ok
12:01:26.0767 4884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:01:26.0768 4884 DfsC - ok
12:01:26.0794 4884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:01:26.0794 4884 discache - ok
12:01:26.0836 4884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:01:26.0837 4884 Disk - ok
12:01:26.0882 4884 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:01:26.0883 4884 dmvsc - ok
12:01:26.0947 4884 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:01:26.0955 4884 Dot4 - ok
12:01:27.0039 4884 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:01:27.0039 4884 Dot4Print - ok
12:01:27.0078 4884 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:01:27.0079 4884 dot4usb - ok
12:01:27.0111 4884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:01:27.0112 4884 drmkaud - ok
12:01:27.0171 4884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:01:27.0197 4884 DXGKrnl - ok
12:01:27.0287 4884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:01:27.0355 4884 ebdrv - ok
12:01:27.0419 4884 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:01:27.0435 4884 ElbyCDIO - ok
12:01:27.0693 4884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:01:27.0710 4884 elxstor - ok
12:01:27.0758 4884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:01:27.0758 4884 ErrDev - ok
12:01:27.0815 4884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:01:27.0823 4884 exfat - ok
12:01:27.0863 4884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:01:27.0871 4884 fastfat - ok
12:01:27.0905 4884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:01:27.0905 4884 fdc - ok
12:01:27.0973 4884 FFUsbAudio (55def2365507f246e9bc3c96ec8d78ba) C:\Windows\system32\DRIVERS\ffusbaudio.sys
12:01:27.0974 4884 FFUsbAudio - ok
12:01:28.0013 4884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:01:28.0014 4884 FileInfo - ok
12:01:28.0041 4884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:01:28.0041 4884 Filetrace - ok
12:01:28.0084 4884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:01:28.0085 4884 flpydisk - ok
12:01:28.0131 4884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:01:28.0139 4884 FltMgr - ok
12:01:28.0184 4884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:01:28.0185 4884 FsDepends - ok
12:01:28.0242 4884 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
12:01:28.0242 4884 fssfltr - ok
12:01:28.0282 4884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:01:28.0282 4884 Fs_Rec - ok
12:01:28.0362 4884 FTDIBUS (386c8e8af5e7530efc9ce32149e8c498) C:\Windows\system32\drivers\ftdibus.sys
12:01:28.0364 4884 FTDIBUS - ok
12:01:28.0420 4884 FTSER2K (e9e065aaa13bbdb69303d7fad2f6df68) C:\Windows\system32\drivers\ftser2k.sys
12:01:28.0421 4884 FTSER2K - ok
12:01:28.0485 4884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:01:28.0493 4884 fvevol - ok
12:01:28.0528 4884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:01:28.0529 4884 gagp30kx - ok
12:01:28.0600 4884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:01:28.0600 4884 GEARAspiWDM - ok
12:01:28.0662 4884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:01:28.0663 4884 hcw85cir - ok
12:01:28.0725 4884 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:01:28.0742 4884 HdAudAddService - ok
12:01:28.0768 4884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:01:28.0769 4884 HDAudBus - ok
12:01:28.0819 4884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:01:28.0819 4884 HidBatt - ok
12:01:28.0853 4884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:01:28.0855 4884 HidBth - ok
12:01:28.0894 4884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:01:28.0895 4884 HidIr - ok
12:01:28.0922 4884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:01:28.0923 4884 HidUsb - ok
12:01:28.0944 4884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:01:28.0945 4884 HpSAMD - ok
12:01:29.0003 4884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:01:29.0020 4884 HTTP - ok
12:01:29.0058 4884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:01:29.0058 4884 hwpolicy - ok
12:01:29.0092 4884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:01:29.0093 4884 i8042prt - ok
12:01:29.0146 4884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:01:29.0162 4884 iaStorV - ok
12:01:29.0203 4884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:01:29.0204 4884 iirsp - ok
12:01:29.0251 4884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:01:29.0252 4884 intelide - ok
12:01:29.0289 4884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:01:29.0290 4884 intelppm - ok
12:01:29.0322 4884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:01:29.0323 4884 IpFilterDriver - ok
12:01:29.0358 4884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:01:29.0359 4884 IPMIDRV - ok
12:01:29.0391 4884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:01:29.0393 4884 IPNAT - ok
12:01:29.0467 4884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:01:29.0467 4884 IRENUM - ok
12:01:29.0520 4884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:01:29.0520 4884 isapnp - ok
12:01:29.0561 4884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:01:29.0569 4884 iScsiPrt - ok
12:01:29.0617 4884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:01:29.0618 4884 kbdclass - ok
12:01:29.0642 4884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:01:29.0642 4884 kbdhid - ok
12:01:29.0706 4884 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:01:29.0707 4884 KSecDD - ok
12:01:29.0740 4884 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:01:29.0749 4884 KSecPkg - ok
12:01:29.0778 4884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:01:29.0779 4884 ksthunk - ok
12:01:29.0828 4884 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
12:01:29.0829 4884 LEqdUsb - ok
12:01:29.0873 4884 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
12:01:29.0874 4884 LHidEqd - ok
12:01:29.0914 4884 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:01:29.0915 4884 LHidFilt - ok
12:01:29.0973 4884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:01:29.0974 4884 lltdio - ok
12:01:30.0003 4884 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:01:30.0004 4884 LMouFilt - ok
12:01:30.0047 4884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:01:30.0048 4884 LSI_FC - ok
12:01:30.0092 4884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:01:30.0093 4884 LSI_SAS - ok
12:01:30.0132 4884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:01:30.0132 4884 LSI_SAS2 - ok
12:01:30.0177 4884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:01:30.0179 4884 LSI_SCSI - ok
12:01:30.0213 4884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:01:30.0214 4884 luafv - ok
12:01:30.0288 4884 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
12:01:30.0289 4884 LVPr2M64 - ok
12:01:30.0301 4884 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
12:01:30.0301 4884 LVPr2Mon - ok
12:01:30.0349 4884 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
12:01:30.0358 4884 LVRS64 - ok
12:01:30.0382 4884 lvsels64 (b0c0292b0c70e203cba44333c0e3d106) C:\Windows\system32\DRIVERS\lvsels64.sys
12:01:30.0383 4884 lvsels64 - ok
12:01:30.0540 4884 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:01:30.0699 4884 LVUVC64 - ok
12:01:30.0750 4884 Maplom (f2ae2c6b72f272ae696e22d6a9f1dafc) C:\Windows\system32\drivers\Maplom.sys
12:01:30.0751 4884 Maplom - ok
12:01:30.0781 4884 MaplomL (405460f392de8311c1fcc65da77ed4ab) C:\Windows\system32\drivers\MaplomL.sys
12:01:30.0782 4884 MaplomL - ok
12:01:30.0842 4884 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:01:30.0842 4884 MBAMProtector - ok
12:01:30.0923 4884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:01:30.0923 4884 megasas - ok
12:01:30.0984 4884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:01:30.0993 4884 MegaSR - ok
12:01:31.0046 4884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:01:31.0046 4884 Modem - ok
12:01:31.0106 4884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:01:31.0107 4884 monitor - ok
12:01:31.0154 4884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:01:31.0154 4884 mouclass - ok
12:01:31.0194 4884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:01:31.0195 4884 mouhid - ok
12:01:31.0220 4884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:01:31.0221 4884 mountmgr - ok
12:01:31.0241 4884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:01:31.0243 4884 mpio - ok
12:01:31.0285 4884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:01:31.0286 4884 mpsdrv - ok
12:01:31.0345 4884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:01:31.0354 4884 MRxDAV - ok
12:01:31.0401 4884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:01:31.0409 4884 mrxsmb - ok
12:01:31.0474 4884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:01:31.0482 4884 mrxsmb10 - ok
12:01:31.0532 4884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:01:31.0533 4884 mrxsmb20 - ok
12:01:31.0578 4884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:01:31.0579 4884 msahci - ok
12:01:31.0598 4884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:01:31.0600 4884 msdsm - ok
12:01:31.0676 4884 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
12:01:31.0677 4884 MSDV - ok
12:01:31.0699 4884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:01:31.0699 4884 Msfs - ok
12:01:31.0729 4884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:01:31.0730 4884 mshidkmdf - ok
12:01:31.0750 4884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:01:31.0750 4884 msisadrv - ok
12:01:31.0828 4884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:01:31.0829 4884 MSKSSRV - ok
12:01:31.0854 4884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:01:31.0855 4884 MSPCLOCK - ok
12:01:31.0878 4884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:01:31.0879 4884 MSPQM - ok
12:01:31.0910 4884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:01:31.0927 4884 MsRPC - ok
12:01:31.0974 4884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:01:31.0974 4884 mssmbios - ok
12:01:32.0031 4884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:01:32.0032 4884 MSTEE - ok
12:01:32.0069 4884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:01:32.0069 4884 MTConfig - ok
12:01:32.0128 4884 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
12:01:32.0129 4884 MTsensor - ok
12:01:32.0163 4884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:01:32.0164 4884 Mup - ok
12:01:32.0205 4884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:01:32.0221 4884 NativeWifiP - ok
12:01:32.0278 4884 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:01:32.0304 4884 NDIS - ok
12:01:32.0341 4884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:01:32.0342 4884 NdisCap - ok
12:01:32.0373 4884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:01:32.0374 4884 NdisTapi - ok
12:01:32.0402 4884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:01:32.0403 4884 Ndisuio - ok
12:01:32.0439 4884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:01:32.0447 4884 NdisWan - ok
12:01:32.0476 4884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:01:32.0477 4884 NDProxy - ok
12:01:32.0503 4884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:01:32.0503 4884 NetBIOS - ok
12:01:32.0558 4884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:01:32.0566 4884 NetBT - ok
12:01:32.0619 4884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:01:32.0620 4884 nfrd960 - ok
12:01:32.0685 4884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:01:32.0685 4884 Npfs - ok
12:01:32.0716 4884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:01:32.0717 4884 nsiproxy - ok
12:01:32.0790 4884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:01:32.0832 4884 Ntfs - ok
12:01:32.0893 4884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:01:32.0893 4884 Null - ok
12:01:33.0015 4884 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
12:01:33.0016 4884 NVHDA - ok
12:01:33.0313 4884 nvlddmkm (f9efa2f16c2e2ce32918957b45037e01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:01:33.0566 4884 nvlddmkm - ok
12:01:33.0616 4884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:01:33.0625 4884 nvraid - ok
12:01:33.0672 4884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:01:33.0680 4884 nvstor - ok
12:01:33.0733 4884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:01:33.0735 4884 nv_agp - ok
12:01:33.0770 4884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:01:33.0771 4884 ohci1394 - ok
12:01:33.0842 4884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:01:33.0844 4884 Parport - ok
12:01:33.0912 4884 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:01:33.0913 4884 partmgr - ok
12:01:33.0945 4884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:01:33.0954 4884 pci - ok
12:01:33.0982 4884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:01:33.0983 4884 pciide - ok
12:01:34.0004 4884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:01:34.0006 4884 pcmcia - ok
12:01:34.0030 4884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:01:34.0031 4884 pcw - ok
12:01:34.0075 4884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:01:34.0092 4884 PEAUTH - ok
12:01:34.0143 4884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:01:34.0145 4884 PptpMiniport - ok
12:01:34.0188 4884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:01:34.0189 4884 Processor - ok
12:01:34.0244 4884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:01:34.0252 4884 Psched - ok
12:01:34.0311 4884 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:01:34.0312 4884 PxHlpa64 - ok
12:01:34.0385 4884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:01:34.0428 4884 ql2300 - ok
12:01:34.0482 4884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:01:34.0484 4884 ql40xx - ok
12:01:34.0517 4884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:01:34.0517 4884 QWAVEdrv - ok
12:01:34.0552 4884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:01:34.0553 4884 RasAcd - ok
12:01:34.0611 4884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:01:34.0612 4884 RasAgileVpn - ok
12:01:34.0639 4884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:01:34.0641 4884 Rasl2tp - ok
12:01:34.0675 4884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:01:34.0677 4884 RasPppoe - ok
12:01:34.0723 4884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:01:34.0724 4884 RasSstp - ok
12:01:34.0771 4884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:01:34.0788 4884 rdbss - ok
12:01:34.0812 4884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:01:34.0813 4884 rdpbus - ok
12:01:34.0840 4884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:01:34.0840 4884 RDPCDD - ok
12:01:34.0901 4884 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:01:34.0918 4884 RDPDR - ok
12:01:34.0941 4884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:01:34.0942 4884 RDPENCDD - ok
12:01:34.0986 4884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:01:34.0986 4884 RDPREFMP - ok
12:01:35.0056 4884 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:01:35.0057 4884 RdpVideoMiniport - ok
12:01:35.0091 4884 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:01:35.0100 4884 RDPWD - ok
12:01:35.0134 4884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:01:35.0143 4884 rdyboost - ok
12:01:35.0213 4884 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:01:35.0222 4884 RFCOMM - ok
12:01:35.0331 4884 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
12:01:35.0339 4884 RsFx0105 - ok
12:01:35.0367 4884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:01:35.0369 4884 rspndr - ok
12:01:35.0423 4884 RTCore64 (2d91d45cd09dfc3f8e89da1c261fd1ac) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
12:01:35.0423 4884 RTCore64 - ok
12:01:35.0497 4884 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:01:35.0514 4884 RTL8167 - ok
12:01:35.0556 4884 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:01:35.0557 4884 s3cap - ok
12:01:35.0623 4884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:01:35.0624 4884 sbp2port - ok
12:01:35.0657 4884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:01:35.0658 4884 scfilter - ok
12:01:35.0726 4884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:01:35.0727 4884 secdrv - ok
12:01:35.0777 4884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:01:35.0778 4884 Serenum - ok
12:01:35.0821 4884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:01:35.0823 4884 Serial - ok
12:01:35.0860 4884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:01:35.0861 4884 sermouse - ok
12:01:35.0903 4884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:01:35.0904 4884 sffdisk - ok
12:01:35.0938 4884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:01:35.0939 4884 sffp_mmc - ok
12:01:35.0959 4884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:01:35.0960 4884 sffp_sd - ok
12:01:35.0992 4884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:01:35.0993 4884 sfloppy - ok
12:01:36.0052 4884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:01:36.0053 4884 SiSRaid2 - ok
12:01:36.0093 4884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:01:36.0094 4884 SiSRaid4 - ok
12:01:36.0131 4884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:01:36.0132 4884 Smb - ok
12:01:36.0174 4884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:01:36.0175 4884 spldr - ok
12:01:36.0263 4884 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
12:01:36.0264 4884 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
12:01:36.0264 4884 sptd ( LockedFile.Multi.Generic ) - warning
12:01:36.0265 4884 sptd - detected LockedFile.Multi.Generic (1)
12:01:36.0358 4884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:01:36.0375 4884 srv - ok
12:01:36.0446 4884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:01:36.0463 4884 srv2 - ok
12:01:36.0511 4884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:01:36.0520 4884 srvnet - ok
12:01:36.0605 4884 sscdbus (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
12:01:36.0613 4884 sscdbus - ok
12:01:36.0670 4884 sscdmdfl (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
12:01:36.0670 4884 sscdmdfl - ok
12:01:36.0787 4884 sscdmdm (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
12:01:36.0804 4884 sscdmdm - ok
12:01:36.0862 4884 sscdserd (208731a751357dd71c5a0345c77afd0a) C:\Windows\system32\DRIVERS\sscdserd.sys
12:01:36.0871 4884 sscdserd - ok
12:01:36.0935 4884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:01:36.0936 4884 stexstor - ok
12:01:37.0136 4884 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:01:37.0137 4884 storflt - ok
12:01:37.0167 4884 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:01:37.0168 4884 storvsc - ok
12:01:37.0204 4884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:01:37.0205 4884 swenum - ok
12:01:37.0275 4884 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
12:01:37.0276 4884 Synth3dVsc - ok
12:01:37.0390 4884 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:01:37.0462 4884 Tcpip - ok
12:01:37.0548 4884 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:01:37.0555 4884 TCPIP6 - ok
12:01:37.0623 4884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:01:37.0624 4884 tcpipreg - ok
12:01:37.0656 4884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:01:37.0657 4884 TDPIPE - ok
12:01:37.0721 4884 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:01:37.0722 4884 TDTCP - ok
12:01:37.0774 4884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:01:37.0775 4884 tdx - ok
12:01:37.0810 4884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:01:37.0811 4884 TermDD - ok
12:01:37.0866 4884 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
12:01:37.0867 4884 terminpt - ok
12:01:37.0926 4884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:01:37.0926 4884 tssecsrv - ok
12:01:37.0964 4884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:01:37.0965 4884 TsUsbFlt - ok
12:01:38.0006 4884 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:01:38.0007 4884 TsUsbGD - ok
12:01:38.0058 4884 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
12:01:38.0060 4884 tsusbhub - ok
12:01:38.0124 4884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:01:38.0126 4884 tunnel - ok
12:01:38.0171 4884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:01:38.0172 4884 uagp35 - ok
12:01:38.0213 4884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:01:38.0221 4884 udfs - ok
12:01:38.0260 4884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:01:38.0262 4884 uliagpkx - ok
12:01:38.0290 4884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:01:38.0291 4884 umbus - ok
12:01:38.0340 4884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:01:38.0340 4884 UmPass - ok
12:01:38.0405 4884 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:01:38.0406 4884 USBAAPL64 - ok
12:01:38.0449 4884 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:01:38.0450 4884 usbaudio - ok
12:01:38.0493 4884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:01:38.0495 4884 usbccgp - ok
12:01:38.0523 4884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:01:38.0525 4884 usbcir - ok
12:01:38.0587 4884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:01:38.0588 4884 usbehci - ok
12:01:38.0636 4884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:01:38.0653 4884 usbhub - ok
12:01:38.0693 4884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:01:38.0694 4884 usbohci - ok
12:01:38.0738 4884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:01:38.0738 4884 usbprint - ok
12:01:38.0789 4884 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:01:38.0790 4884 usbscan - ok
12:01:38.0854 4884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:01:38.0856 4884 USBSTOR - ok
12:01:38.0898 4884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:01:38.0899 4884 usbuhci - ok
12:01:38.0995 4884 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:01:39.0029 4884 usbvideo - ok
12:01:39.0221 4884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:01:39.0222 4884 vdrvroot - ok
12:01:39.0302 4884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:01:39.0303 4884 vga - ok
12:01:39.0383 4884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:01:39.0384 4884 VgaSave - ok
12:01:39.0401 4884 VGPU - ok
12:01:39.0439 4884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:01:39.0448 4884 vhdmp - ok
12:01:39.0495 4884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:01:39.0496 4884 viaide - ok
12:01:39.0543 4884 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:01:39.0552 4884 vmbus - ok
12:01:39.0594 4884 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:01:39.0595 4884 VMBusHID - ok
12:01:39.0623 4884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:01:39.0624 4884 volmgr - ok
12:01:39.0678 4884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:01:39.0695 4884 volmgrx - ok
12:01:39.0731 4884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:01:39.0740 4884 volsnap - ok
12:01:39.0768 4884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:01:39.0771 4884 vsmraid - ok
12:01:39.0922 4884 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
12:01:39.0923 4884 VSPerfDrv100 - ok
12:01:39.0991 4884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:01:39.0992 4884 vwifibus - ok
12:01:40.0027 4884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:01:40.0028 4884 WacomPen - ok
12:01:40.0058 4884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:01:40.0059 4884 WANARP - ok
12:01:40.0077 4884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:01:40.0078 4884 Wanarpv6 - ok
12:01:40.0134 4884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:01:40.0135 4884 Wd - ok
12:01:40.0188 4884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:01:40.0205 4884 Wdf01000 - ok
12:01:40.0277 4884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:01:40.0278 4884 WfpLwf - ok
12:01:40.0305 4884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:01:40.0306 4884 WIMMount - ok
12:01:40.0374 4884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:01:40.0375 4884 WinUsb - ok
12:01:40.0437 4884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:01:40.0437 4884 WmiAcpi - ok
12:01:40.0470 4884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:01:40.0470 4884 ws2ifsl - ok
12:01:40.0532 4884 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
12:01:40.0533 4884 WsAudio_DeviceS(1) - ok
12:01:40.0554 4884 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
12:01:40.0555 4884 WsAudio_DeviceS(2) - ok
12:01:40.0586 4884 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
12:01:40.0587 4884 WsAudio_DeviceS(3) - ok
12:01:40.0605 4884 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
12:01:40.0605 4884 WsAudio_DeviceS(4) - ok
12:01:40.0639 4884 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
12:01:40.0639 4884 WsAudio_DeviceS(5) - ok
12:01:40.0672 4884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:01:40.0674 4884 WudfPf - ok
12:01:40.0704 4884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:40.0712 4884 WUDFRd - ok
12:01:40.0732 4884 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:01:40.0834 4884 \Device\Harddisk0\DR0 - ok
12:01:40.0854 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:01:40.0894 4884 \Device\Harddisk1\DR1 - ok
12:01:40.0918 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
12:01:40.0967 4884 \Device\Harddisk2\DR2 - ok
12:01:40.0969 4884 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3
12:01:40.0990 4884 \Device\Harddisk3\DR3 - ok
12:01:41.0005 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4
12:01:41.0031 4884 \Device\Harddisk4\DR4 - ok
12:01:41.0034 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk6\DR6
12:01:41.0037 4884 \Device\Harddisk6\DR6 - ok
12:01:41.0050 4884 Boot (0x1200) (94fff336c04270196c1d922c46eeaec5) \Device\Harddisk0\DR0\Partition0
12:01:41.0050 4884 \Device\Harddisk0\DR0\Partition0 - ok
12:01:41.0097 4884 Boot (0x1200) (9bccdb1d0d2e460e5f54d06c9ac76dfe) \Device\Harddisk1\DR1\Partition0
12:01:41.0098 4884 \Device\Harddisk1\DR1\Partition0 - ok
12:01:41.0166 4884 Boot (0x1200) (bf295be738630bafe8db7b0abc754b26) \Device\Harddisk2\DR2\Partition0
12:01:41.0167 4884 \Device\Harddisk2\DR2\Partition0 - ok
12:01:41.0192 4884 Boot (0x1200) (4ab35d471f7dec2117e8c55feea72033) \Device\Harddisk2\DR2\Partition1
12:01:41.0193 4884 \Device\Harddisk2\DR2\Partition1 - ok
12:01:41.0194 4884 Boot (0x1200) (194caec921b5df84a41edbcaaefd6079) \Device\Harddisk3\DR3\Partition0
12:01:41.0195 4884 \Device\Harddisk3\DR3\Partition0 - ok
12:01:41.0197 4884 Boot (0x1200) (21575ce6ab009a429742fecdefec8491) \Device\Harddisk3\DR3\Partition1
12:01:41.0197 4884 \Device\Harddisk3\DR3\Partition1 - ok
12:01:41.0199 4884 Boot (0x1200) (98faaf06f092a64fe3c29f1a0eeabb2b) \Device\Harddisk4\DR4\Partition0
12:01:41.0200 4884 \Device\Harddisk4\DR4\Partition0 - ok
12:01:41.0202 4884 Boot (0x1200) (8a6908f12ffe04fd546699f5228f90d6) \Device\Harddisk6\DR6\Partition0
12:01:41.0204 4884 \Device\Harddisk6\DR6\Partition0 - ok
12:01:41.0204 4884 ============================================================
12:01:41.0204 4884 Scan finished
12:01:41.0204 4884 ============================================================
12:01:41.0209 3920 Detected object count: 1
12:01:41.0209 3920 Actual detected object count: 1
12:01:49.0796 3920 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:01:49.0796 3920 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


Running aswMBR next

#39 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 11 February 2012 - 12:11 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#40 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 12:13 PM

MBR is finding several infected files. It's still scanning. I'm going to have to go to an appointment right after I paste MBR's log. Does it take long to finish scanning?

#41 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 12:23 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 12:02:57
-----------------------------
12:02:57.776 OS Version: Windows x64 6.1.7601 Service Pack 1
12:02:57.776 Number of processors: 8 586 0x1A05
12:02:57.776 ComputerName: RICK UserName:
12:02:58.399 Initialize success
12:04:14.384 AVAST engine defs: 12021100
12:04:19.914 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:04:19.915 Disk 0 Vendor: Maxtor_6L300R0 BAJ41G20 Size: 286188MB BusType: 3
12:04:19.916 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
12:04:19.918 Disk 1 Vendor: Maxtor_6H500F0 HA431DD0 Size: 476940MB BusType: 3
12:04:19.920 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-8
12:04:19.921 Disk 2 Vendor: Maxtor_6H500F0 HA431DD0 Size: 476940MB BusType: 3
12:04:19.923 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
12:04:19.926 Disk 3 Vendor: ST31000333AS SD35 Size: 953869MB BusType: 3
12:04:19.928 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP3T1L0-6
12:04:19.930 Disk 4 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
12:04:19.954 Disk 2 MBR read successfully
12:04:19.957 Disk 2 MBR scan
12:04:19.961 Disk 2 Windows 7 default MBR code
12:04:19.973 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
12:04:20.046 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 238472 MB offset 488376000
12:04:20.050 Service scanning
12:04:21.434 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:04:21.972 Modules scanning
12:04:21.975 Disk 2 trace - called modules:
12:04:22.069 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800624f2c0]<<sprb.sys ataport.SYS pciide.sys
12:04:22.073 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa80066da060]
12:04:22.076 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80063cf670]
12:04:22.080 5 ACPI.sys[fffff880010687a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-8[0xfffffa800642d060]
12:04:22.083 \Driver\atapi[0xfffffa80063a4cb0] -> IRP_MJ_CREATE -> 0xfffffa800624f2c0
12:04:24.308 AVAST engine scan C:\Windows
12:04:26.979 AVAST engine scan C:\Windows\system32
12:04:35.130 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:05:38.406 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:05:40.291 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:07:11.949 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
12:07:11.975 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
12:07:12.318 AVAST engine scan C:\Windows\system32\drivers
12:07:20.769 AVAST engine scan C:\Users\rpbale
12:19:21.847 AVAST engine scan C:\ProgramData
12:22:26.860 Scan finished successfully
12:22:39.929 Disk 2 MBR has been saved successfully to "C:\Users\rpbale\Desktop\MBR.dat"
12:22:39.932 The log file has been saved successfully to "C:\Users\rpbale\Desktop\aswMBR.txt"

#42 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 12:27 PM

I cancelled the appointment. I want to stay on this since you're available.

#43 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 11 February 2012 - 12:30 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#44 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:06:03 PM

Posted 11 February 2012 - 12:32 PM

Does it matter to your process if Malwarebytes is running in the background during all this? It's throwing all kinds of block messages up blocking out rapids pings on the ports.

#45 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 11 February 2012 - 12:35 PM

it is ok


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users