Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix & DDS Logs


  • This topic is locked This topic is locked
25 replies to this topic

#1 poboyweb

poboyweb

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 14 February 2012 - 01:18 PM

This is a continuing post from http://www.bleepingcomputer.com/forums/topic442611.html

"Well,perhaps it removed more than that. Having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you have.

Let me know if that went well"

As requested below is my DDS Log and ComboFixLog - I ran ComboFix a second time after virus removal, I believe this is the 2nd Log, the first one was written over I think :( However, I did write down the file name that Combofix replaced in the 1st scan - it was windows\system32\userinit.exe


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Shawn at 10:56:19 on 2012-02-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.885 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9E81CEEF-986F-4479-B9D5-8E5598ECA211} : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - c:\progra~1\g7ps\versac~1\messen~1\VCMCON~1.OCX
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shawn\appdata\roaming\mozilla\firefox\profiles\6spxi091.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-1 64512]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-20 269448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-5-25 100864]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
.
=============== Created Last 30 ================
.
2012-02-14 17:20:28 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-14 06:59:37 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2012-02-14 06:59:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-14 05:46:46 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-13 19:06:30 -------- d-----w- c:\users\shawn\appdata\local\temp
2012-02-13 19:05:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-13 02:40:49 -------- d-----w- c:\program files\CCleaner
2012-02-12 23:42:39 -------- d-----w- c:\windows\pss
2012-02-12 22:32:54 5468 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-25 22:10:53 -------- d-----w- c:\program files\Fast Scan to PDF
.
==================== Find3M ====================
.
2012-02-13 02:14:02 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-25 22:39:25 59 ----a-w- c:\windows\wpd99.drv
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
2011-11-18 03:16:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-17 06:48:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-09-02 20:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 10:56:49.41 ===============


ComboFix 12-02-12.01 - Shawn 02/13/2012 11:55:35.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1231 [GMT -7:00]
Running from: c:\users\Shawn\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 19:02 . 2012-02-13 19:02 -------- d-----w- c:\users\Shawn\AppData\Local\temp
2012-02-13 19:02 . 2012-02-13 19:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-02-13 19:02 . 2012-02-13 19:02 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-02-13 19:02 . 2012-02-13 19:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-13 19:02 . 2012-02-13 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 02:40 . 2012-02-13 02:40 -------- d-----w- c:\program files\CCleaner
2012-02-12 22:32 . 2012-02-13 18:53 5464 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-25 22:10 . 2012-01-25 22:10 -------- d-----w- c:\program files\Fast Scan to PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 02:14 . 2011-06-16 16:41 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-15 12:03 . 2011-12-15 12:03 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 22:24 . 2011-02-07 20:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 03:16 . 2011-07-20 23:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-02 20:03 . 2011-11-24 01:37 730192 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2012-01-12 00:18 . 2011-11-11 19:57 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 17:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 05:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 21:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-05-21 01:50 204908 ------w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-20 10:06 6144000 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-539178292-2617497778-2168755256-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - c:\progra~1\G7PS\VERSAC~1\MESSEN~1\VCMCON~1.OCX
FF - ProfilePath - c:\users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\6spxi091.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-13 12:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-13 12:06:24
ComboFix-quarantined-files.txt 2012-02-13 19:06
ComboFix2.txt 2012-02-13 18:45
.
Pre-Run: 70,208,552,960 bytes free
Post-Run: 70,168,727,552 bytes free
.
- - End Of File - - BB76FCAA09F0D32B200901FB2696D5BE

Attached Files


Edited by poboyweb, 14 February 2012 - 01:42 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:31 AM

Posted 18 February 2012 - 02:46 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 poboyweb

poboyweb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 18 February 2012 - 02:13 PM

To confirm - You want me to run ComboFix again? (this will be the third time)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:31 AM

Posted 18 February 2012 - 04:10 PM

Hello


yes I want to see a new one and if it asks to update then allow it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 poboyweb

poboyweb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 19 February 2012 - 05:09 PM

No problems running ComboFix - Works fine, except for the networking issue.

ComboFix 12-02-19.02 - Shawn 02/19/2012 14:54:00.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1105 [GMT -7:00]
Running from: c:\users\Shawn\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 22:00 . 2012-02-19 22:00 -------- d-----w- c:\users\Shawn\AppData\Local\temp
2012-02-19 22:00 . 2012-02-19 22:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-02-19 22:00 . 2012-02-19 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 19:47 . 2012-02-19 19:47 -------- d-----w- c:\users\Shawn\AppData\Roaming\Red Kawa
2012-02-19 19:00 . 2012-02-19 19:00 -------- d-----w- c:\users\Shawn\AppData\Local\Geckofx
2012-02-19 18:59 . 2012-02-19 18:59 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-19 18:59 . 2012-02-19 18:59 -------- d-----w- c:\program files\Red Kawa
2012-02-14 19:44 . 2012-02-14 19:44 -------- d-----w- c:\program files\Fiddler2
2012-02-14 19:38 . 2012-02-14 19:38 -------- d-----w- c:\users\LogMeInRemoteUser
2012-02-14 19:31 . 2012-02-14 19:31 -------- d-----w- c:\users\Shawn\AppData\Local\LogMeIn
2012-02-14 19:31 . 2012-02-01 04:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-14 19:31 . 2012-02-01 04:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-14 19:31 . 2012-02-01 04:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-14 19:31 . 2011-09-16 21:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-02-14 19:31 . 2012-02-01 04:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-14 19:31 . 2012-02-19 18:48 -------- d-----w- c:\programdata\LogMeIn
2012-02-14 19:30 . 2012-02-14 19:38 -------- d-----w- c:\program files\LogMeIn
2012-02-14 17:20 . 2012-02-14 17:20 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-14 07:10 . 2012-02-14 07:10 -------- d-----w- c:\programdata\WindowsSearch
2012-02-14 06:59 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-14 06:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-14 05:47 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-02-14 05:47 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-02-14 05:47 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-02-14 05:47 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-02-14 05:47 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-02-14 05:47 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-02-13 02:40 . 2012-02-13 02:40 -------- d-----w- c:\program files\CCleaner
2012-02-12 22:32 . 2012-02-19 18:53 5468 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-25 22:10 . 2012-01-25 22:10 -------- d-----w- c:\program files\Fast Scan to PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 18:50 . 2011-07-20 23:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 02:14 . 2011-06-16 16:41 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-15 12:03 . 2011-12-15 12:03 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 22:24 . 2011-02-07 20:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-02 20:03 . 2011-11-24 01:37 730192 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2012-01-12 00:18 . 2011-11-11 19:57 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
.
c:\users\Shawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 21:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-20 10:06 6144000 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-539178292-2617497778-2168755256-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - c:\progra~1\G7PS\VERSAC~1\MESSEN~1\VCMCON~1.OCX
FF - ProfilePath - c:\users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\6spxi091.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 15:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-19 15:06:47
ComboFix-quarantined-files.txt 2012-02-19 22:06
.
Pre-Run: 79,813,341,184 bytes free
Post-Run: 79,838,601,216 bytes free
.
- - End Of File - - C9667B6542F5F0C465C8E1D117198542

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:31 AM

Posted 19 February 2012 - 05:29 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 poboyweb

poboyweb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 19 February 2012 - 06:15 PM

Farbar Service Scanner Version: 14-02-2012
Ran by Shawn (administrator) on 19-02-2012 at 16:14:16
Running from "C:\Users\Shawn\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:31 AM

Posted 19 February 2012 - 06:29 PM

Greetings

That looks very good - after i finish you may need to go to the networking forum to see what is going on with you

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo




Code:
Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 poboyweb

poboyweb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 19 February 2012 - 11:31 PM

16:32:48.0882 3164 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
16:32:49.0633 3164 ============================================================
16:32:49.0634 3164 Current date / time: 2012/02/19 16:32:49.0633
16:32:49.0634 3164 SystemInfo:
16:32:49.0634 3164
16:32:49.0634 3164 OS Version: 6.0.6002 ServicePack: 2.0
16:32:49.0634 3164 Product type: Workstation
16:32:49.0634 3164 ComputerName: SHAWNSDESKTOP
16:32:49.0634 3164 UserName: Shawn
16:32:49.0634 3164 Windows directory: C:\Windows
16:32:49.0634 3164 System windows directory: C:\Windows
16:32:49.0634 3164 Processor architecture: Intel x86
16:32:49.0634 3164 Number of processors: 1
16:32:49.0634 3164 Page size: 0x1000
16:32:49.0634 3164 Boot type: Normal boot
16:32:49.0634 3164 ============================================================
16:32:50.0547 3164 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:32:50.0578 3164 Drive \Device\Harddisk2\DR2 - Size: 0x3AF200000 (14.74 Gb), SectorSize: 0x200, Cylinders: 0x783, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:32:50.0593 3164 \Device\Harddisk0\DR0:
16:32:50.0598 3164 MBR used
16:32:50.0598 3164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x11B63800
16:32:50.0598 3164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x138B3000, BlocksNum 0x11B7B000
16:32:50.0598 3164 \Device\Harddisk2\DR2:
16:32:50.0600 3164 MBR used
16:32:50.0600 3164 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1D77000
16:32:50.0711 3164 Initialize success
16:32:50.0711 3164 ============================================================
16:33:00.0064 3752 ============================================================
16:33:00.0064 3752 Scan started
16:33:00.0064 3752 Mode: Manual;
16:33:00.0064 3752 ============================================================
16:33:01.0140 3752 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:33:01.0145 3752 ACPI - ok
16:33:01.0191 3752 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:33:01.0198 3752 adp94xx - ok
16:33:01.0234 3752 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:33:01.0240 3752 adpahci - ok
16:33:01.0264 3752 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:33:01.0267 3752 adpu160m - ok
16:33:01.0299 3752 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:33:01.0302 3752 adpu320 - ok
16:33:01.0388 3752 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:33:01.0390 3752 AFD - ok
16:33:01.0493 3752 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
16:33:01.0525 3752 AgereSoftModem - ok
16:33:01.0578 3752 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:33:01.0581 3752 agp440 - ok
16:33:01.0633 3752 ahcix86s (844a6734e8bb3530fb1444ed698087bd) C:\Windows\system32\drivers\ahcix86s.sys
16:33:01.0637 3752 ahcix86s - ok
16:33:01.0677 3752 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:33:01.0680 3752 aic78xx - ok
16:33:01.0711 3752 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:33:01.0713 3752 aliide - ok
16:33:01.0745 3752 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:33:01.0747 3752 amdagp - ok
16:33:01.0775 3752 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:33:01.0777 3752 amdide - ok
16:33:01.0802 3752 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:33:01.0805 3752 AmdK7 - ok
16:33:01.0835 3752 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
16:33:01.0836 3752 AmdK8 - ok
16:33:01.0898 3752 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:33:01.0901 3752 arc - ok
16:33:01.0957 3752 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:33:01.0960 3752 arcsas - ok
16:33:02.0011 3752 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:33:02.0015 3752 AsyncMac - ok
16:33:02.0073 3752 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:33:02.0074 3752 atapi - ok
16:33:02.0257 3752 atikmdag (3f785fe4b890ebc17e1f4df684da060d) C:\Windows\system32\DRIVERS\atikmdag.sys
16:33:02.0323 3752 atikmdag - ok
16:33:02.0414 3752 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:33:02.0418 3752 AtiPcie - ok
16:33:02.0649 3752 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:33:02.0651 3752 Beep - ok
16:33:02.0793 3752 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:33:02.0804 3752 blbdrive - ok
16:33:02.0888 3752 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:33:02.0892 3752 bowser - ok
16:33:02.0951 3752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:33:02.0967 3752 BrFiltLo - ok
16:33:03.0028 3752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:33:03.0029 3752 BrFiltUp - ok
16:33:03.0112 3752 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:33:03.0114 3752 Brserid - ok
16:33:03.0164 3752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:33:03.0166 3752 BrSerWdm - ok
16:33:03.0205 3752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:33:03.0246 3752 BrUsbMdm - ok
16:33:03.0291 3752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:33:03.0293 3752 BrUsbSer - ok
16:33:03.0333 3752 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:33:03.0336 3752 BTHMODEM - ok
16:33:03.0492 3752 catchme - ok
16:33:03.0613 3752 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:33:03.0637 3752 cdfs - ok
16:33:03.0881 3752 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:33:03.0897 3752 cdrom - ok
16:33:04.0061 3752 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:33:04.0080 3752 circlass - ok
16:33:04.0280 3752 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:33:04.0287 3752 CLFS - ok
16:33:04.0478 3752 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:33:04.0496 3752 cmdide - ok
16:33:04.0571 3752 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
16:33:04.0573 3752 Compbatt - ok
16:33:04.0604 3752 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:33:04.0605 3752 crcdisk - ok
16:33:04.0633 3752 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:33:04.0636 3752 Crusoe - ok
16:33:04.0694 3752 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:33:04.0696 3752 DfsC - ok
16:33:04.0818 3752 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:33:04.0819 3752 disk - ok
16:33:04.0873 3752 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:33:04.0876 3752 Dot4 - ok
16:33:04.0919 3752 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:33:04.0920 3752 Dot4Print - ok
16:33:04.0955 3752 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:33:04.0957 3752 dot4usb - ok
16:33:04.0998 3752 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:33:05.0000 3752 drmkaud - ok
16:33:05.0046 3752 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:33:05.0063 3752 DXGKrnl - ok
16:33:05.0103 3752 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:33:05.0106 3752 E1G60 - ok
16:33:05.0212 3752 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:33:05.0215 3752 Ecache - ok
16:33:05.0297 3752 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:33:05.0323 3752 elxstor - ok
16:33:05.0401 3752 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:33:05.0403 3752 ErrDev - ok
16:33:05.0538 3752 ewusbnet (6150c602fc0aad1177e1adc4bad0aafd) C:\Windows\system32\DRIVERS\ewusbnet.sys
16:33:05.0555 3752 ewusbnet - ok
16:33:05.0676 3752 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:33:05.0680 3752 exfat - ok
16:33:05.0721 3752 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:33:05.0724 3752 fastfat - ok
16:33:05.0742 3752 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:33:05.0744 3752 fdc - ok
16:33:05.0780 3752 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:33:05.0782 3752 FileInfo - ok
16:33:05.0809 3752 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:33:05.0811 3752 Filetrace - ok
16:33:05.0830 3752 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:33:05.0833 3752 flpydisk - ok
16:33:05.0875 3752 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:33:05.0879 3752 FltMgr - ok
16:33:05.0923 3752 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:33:05.0924 3752 Fs_Rec - ok
16:33:05.0954 3752 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:33:05.0956 3752 gagp30kx - ok
16:33:06.0018 3752 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:33:06.0023 3752 HdAudAddService - ok
16:33:06.0066 3752 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:33:06.0074 3752 HDAudBus - ok
16:33:06.0103 3752 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:33:06.0105 3752 HidBth - ok
16:33:06.0132 3752 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:33:06.0134 3752 HidIr - ok
16:33:06.0200 3752 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:33:06.0201 3752 HidUsb - ok
16:33:06.0235 3752 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:33:06.0236 3752 HpCISSs - ok
16:33:06.0301 3752 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:33:06.0310 3752 HTTP - ok
16:33:06.0431 3752 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:33:06.0434 3752 hwdatacard - ok
16:33:06.0484 3752 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:33:06.0489 3752 i2omp - ok
16:33:06.0528 3752 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:33:06.0529 3752 i8042prt - ok
16:33:06.0562 3752 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:33:06.0567 3752 iaStorV - ok
16:33:06.0596 3752 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:33:06.0598 3752 iirsp - ok
16:33:06.0681 3752 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
16:33:06.0717 3752 IntcAzAudAddService - ok
16:33:06.0806 3752 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:33:06.0808 3752 intelide - ok
16:33:06.0835 3752 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:33:06.0837 3752 intelppm - ok
16:33:06.0941 3752 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:33:06.0943 3752 IpFilterDriver - ok
16:33:06.0993 3752 IpInIp - ok
16:33:07.0030 3752 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:33:07.0032 3752 IPMIDRV - ok
16:33:07.0063 3752 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:33:07.0066 3752 IPNAT - ok
16:33:07.0097 3752 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:33:07.0100 3752 IRENUM - ok
16:33:07.0126 3752 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:33:07.0128 3752 isapnp - ok
16:33:07.0165 3752 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:33:07.0168 3752 iScsiPrt - ok
16:33:07.0206 3752 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:33:07.0218 3752 iteatapi - ok
16:33:07.0249 3752 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:33:07.0251 3752 iteraid - ok
16:33:07.0284 3752 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:33:07.0286 3752 kbdclass - ok
16:33:07.0354 3752 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:33:07.0356 3752 kbdhid - ok
16:33:07.0450 3752 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:33:07.0458 3752 KSecDD - ok
16:33:07.0596 3752 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:33:07.0597 3752 Lavasoft Kernexplorer - ok
16:33:07.0691 3752 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
16:33:07.0694 3752 Lbd - ok
16:33:07.0726 3752 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:33:07.0728 3752 lltdio - ok
16:33:07.0855 3752 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
16:33:07.0857 3752 LMIInfo - ok
16:33:07.0958 3752 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
16:33:07.0961 3752 lmimirr - ok
16:33:08.0021 3752 LMIRfsClientNP - ok
16:33:08.0072 3752 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:33:08.0073 3752 LMIRfsDriver - ok
16:33:08.0118 3752 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:33:08.0121 3752 LSI_FC - ok
16:33:08.0174 3752 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:33:08.0177 3752 LSI_SAS - ok
16:33:08.0269 3752 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:33:08.0272 3752 LSI_SCSI - ok
16:33:08.0311 3752 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:33:08.0313 3752 luafv - ok
16:33:08.0363 3752 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:33:08.0365 3752 megasas - ok
16:33:08.0422 3752 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:33:08.0429 3752 MegaSR - ok
16:33:08.0479 3752 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:33:08.0480 3752 Modem - ok
16:33:08.0547 3752 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:33:08.0549 3752 monitor - ok
16:33:08.0600 3752 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:33:08.0602 3752 mouclass - ok
16:33:08.0644 3752 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:33:08.0645 3752 mouhid - ok
16:33:08.0692 3752 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:33:08.0698 3752 MountMgr - ok
16:33:08.0787 3752 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:33:08.0790 3752 mpio - ok
16:33:08.0823 3752 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:33:08.0824 3752 mpsdrv - ok
16:33:08.0999 3752 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:33:09.0008 3752 Mraid35x - ok
16:33:09.0119 3752 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:33:09.0122 3752 MRxDAV - ok
16:33:09.0188 3752 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:33:09.0191 3752 mrxsmb - ok
16:33:09.0235 3752 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:33:09.0239 3752 mrxsmb10 - ok
16:33:09.0274 3752 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:33:09.0277 3752 mrxsmb20 - ok
16:33:09.0317 3752 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:33:09.0319 3752 msahci - ok
16:33:09.0483 3752 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:33:09.0525 3752 msdsm - ok
16:33:09.0603 3752 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:33:09.0605 3752 Msfs - ok
16:33:09.0650 3752 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:33:09.0652 3752 msisadrv - ok
16:33:09.0756 3752 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:33:09.0758 3752 MSKSSRV - ok
16:33:09.0786 3752 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:33:09.0788 3752 MSPCLOCK - ok
16:33:09.0813 3752 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:33:09.0815 3752 MSPQM - ok
16:33:09.0852 3752 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:33:09.0856 3752 MsRPC - ok
16:33:09.0884 3752 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:33:09.0885 3752 mssmbios - ok
16:33:09.0926 3752 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:33:09.0930 3752 MSTEE - ok
16:33:09.0958 3752 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:33:09.0960 3752 Mup - ok
16:33:10.0018 3752 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:33:10.0021 3752 NativeWifiP - ok
16:33:10.0058 3752 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:33:10.0067 3752 NDIS - ok
16:33:10.0093 3752 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:33:10.0095 3752 NdisTapi - ok
16:33:10.0126 3752 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:33:10.0127 3752 Ndisuio - ok
16:33:10.0165 3752 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:33:10.0169 3752 NdisWan - ok
16:33:10.0195 3752 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:33:10.0197 3752 NDProxy - ok
16:33:10.0294 3752 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:33:10.0296 3752 NetBIOS - ok
16:33:10.0354 3752 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:33:10.0359 3752 netbt - ok
16:33:10.0441 3752 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:33:10.0443 3752 nfrd960 - ok
16:33:10.0519 3752 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:33:10.0520 3752 Npfs - ok
16:33:10.0553 3752 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:33:10.0553 3752 nsiproxy - ok
16:33:10.0712 3752 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:33:10.0746 3752 Ntfs - ok
16:33:10.0907 3752 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:33:10.0909 3752 NTIDrvr - ok
16:33:10.0972 3752 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:33:10.0974 3752 ntrigdigi - ok
16:33:11.0007 3752 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:33:11.0009 3752 Null - ok
16:33:11.0046 3752 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:33:11.0049 3752 nvraid - ok
16:33:11.0083 3752 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:33:11.0085 3752 nvstor - ok
16:33:11.0114 3752 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:33:11.0117 3752 nv_agp - ok
16:33:11.0132 3752 NwlnkFlt - ok
16:33:11.0148 3752 NwlnkFwd - ok
16:33:11.0260 3752 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:33:11.0261 3752 ohci1394 - ok
16:33:11.0318 3752 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:33:11.0320 3752 Parport - ok
16:33:11.0356 3752 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:33:11.0358 3752 partmgr - ok
16:33:11.0386 3752 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:33:11.0388 3752 Parvdm - ok
16:33:11.0426 3752 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:33:11.0431 3752 pci - ok
16:33:11.0463 3752 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:33:11.0466 3752 pciide - ok
16:33:11.0509 3752 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:33:11.0534 3752 pcmcia - ok
16:33:11.0589 3752 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:33:11.0605 3752 PEAUTH - ok
16:33:11.0751 3752 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:33:11.0754 3752 PptpMiniport - ok
16:33:11.0792 3752 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:33:11.0794 3752 Processor - ok
16:33:11.0848 3752 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:33:11.0850 3752 PSched - ok
16:33:11.0905 3752 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:33:11.0930 3752 ql2300 - ok
16:33:12.0002 3752 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:33:12.0006 3752 ql40xx - ok
16:33:12.0042 3752 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:33:12.0043 3752 QWAVEdrv - ok
16:33:12.0071 3752 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:33:12.0072 3752 RasAcd - ok
16:33:12.0100 3752 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:33:12.0102 3752 Rasl2tp - ok
16:33:12.0146 3752 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:33:12.0148 3752 RasPppoe - ok
16:33:12.0200 3752 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:33:12.0204 3752 RasSstp - ok
16:33:12.0246 3752 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:33:12.0255 3752 rdbss - ok
16:33:12.0292 3752 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:33:12.0295 3752 RDPCDD - ok
16:33:12.0342 3752 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:33:12.0347 3752 rdpdr - ok
16:33:12.0385 3752 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:33:12.0397 3752 RDPENCDD - ok
16:33:12.0539 3752 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:33:12.0543 3752 RDPWD - ok
16:33:12.0659 3752 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:33:12.0664 3752 rspndr - ok
16:33:12.0697 3752 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:33:12.0699 3752 sbp2port - ok
16:33:12.0753 3752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:33:12.0755 3752 secdrv - ok
16:33:12.0805 3752 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:33:12.0808 3752 Serenum - ok
16:33:12.0852 3752 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:33:12.0855 3752 Serial - ok
16:33:12.0881 3752 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:33:12.0884 3752 sermouse - ok
16:33:12.0937 3752 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:33:12.0939 3752 sffdisk - ok
16:33:12.0962 3752 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:33:12.0964 3752 sffp_mmc - ok
16:33:12.0984 3752 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:33:12.0986 3752 sffp_sd - ok
16:33:13.0016 3752 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:33:13.0018 3752 sfloppy - ok
16:33:13.0056 3752 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:33:13.0058 3752 sisagp - ok
16:33:13.0084 3752 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:33:13.0086 3752 SiSRaid2 - ok
16:33:13.0115 3752 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:33:13.0118 3752 SiSRaid4 - ok
16:33:13.0166 3752 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:33:13.0169 3752 Smb - ok
16:33:13.0210 3752 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:33:13.0213 3752 spldr - ok
16:33:13.0261 3752 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:33:13.0267 3752 srv - ok
16:33:13.0307 3752 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:33:13.0310 3752 srv2 - ok
16:33:13.0330 3752 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:33:13.0334 3752 srvnet - ok
16:33:13.0376 3752 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:33:13.0377 3752 swenum - ok
16:33:13.0418 3752 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:33:13.0420 3752 Symc8xx - ok
16:33:13.0448 3752 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:33:13.0450 3752 Sym_hi - ok
16:33:13.0478 3752 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:33:13.0484 3752 Sym_u3 - ok
16:33:13.0571 3752 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:33:13.0576 3752 Tcpip - ok
16:33:13.0664 3752 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:33:13.0670 3752 Tcpip6 - ok
16:33:13.0849 3752 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:33:13.0852 3752 tcpipreg - ok
16:33:13.0885 3752 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:33:13.0886 3752 TDPIPE - ok
16:33:13.0931 3752 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:33:13.0933 3752 TDTCP - ok
16:33:13.0973 3752 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:33:13.0974 3752 tdx - ok
16:33:14.0011 3752 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:33:14.0013 3752 TermDD - ok
16:33:14.0076 3752 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:33:14.0078 3752 tssecsrv - ok
16:33:14.0114 3752 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:33:14.0117 3752 tunmp - ok
16:33:14.0159 3752 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:33:14.0161 3752 tunnel - ok
16:33:14.0188 3752 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:33:14.0190 3752 uagp35 - ok
16:33:14.0223 3752 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
16:33:14.0225 3752 UBHelper - ok
16:33:14.0261 3752 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:33:14.0267 3752 udfs - ok
16:33:14.0310 3752 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:33:14.0313 3752 uliagpkx - ok
16:33:14.0344 3752 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:33:14.0349 3752 uliahci - ok
16:33:14.0384 3752 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:33:14.0387 3752 UlSata - ok
16:33:14.0417 3752 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:33:14.0420 3752 ulsata2 - ok
16:33:14.0448 3752 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:33:14.0450 3752 umbus - ok
16:33:14.0478 3752 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
16:33:14.0481 3752 UMPass - ok
16:33:14.0528 3752 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:33:14.0532 3752 usbccgp - ok
16:33:14.0562 3752 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:33:14.0578 3752 usbcir - ok
16:33:14.0639 3752 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:33:14.0656 3752 usbehci - ok
16:33:14.0733 3752 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:33:14.0737 3752 usbhub - ok
16:33:14.0854 3752 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
16:33:14.0856 3752 usbohci - ok
16:33:14.0888 3752 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:33:14.0890 3752 usbprint - ok
16:33:14.0922 3752 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:33:14.0924 3752 usbscan - ok
16:33:14.0950 3752 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:33:14.0954 3752 USBSTOR - ok
16:33:14.0989 3752 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:33:14.0992 3752 usbuhci - ok
16:33:15.0057 3752 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:33:15.0062 3752 vga - ok
16:33:15.0082 3752 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:33:15.0083 3752 VgaSave - ok
16:33:15.0111 3752 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:33:15.0114 3752 viaagp - ok
16:33:15.0147 3752 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:33:15.0149 3752 ViaC7 - ok
16:33:15.0176 3752 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:33:15.0218 3752 viaide - ok
16:33:15.0269 3752 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:33:15.0273 3752 volmgr - ok
16:33:15.0310 3752 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:33:15.0315 3752 volmgrx - ok
16:33:15.0362 3752 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:33:15.0368 3752 volsnap - ok
16:33:15.0398 3752 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:33:15.0401 3752 vsmraid - ok
16:33:15.0512 3752 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:33:15.0517 3752 WacomPen - ok
16:33:15.0583 3752 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:15.0589 3752 Wanarp - ok
16:33:15.0635 3752 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:15.0636 3752 Wanarpv6 - ok
16:33:15.0708 3752 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:33:15.0711 3752 Wd - ok
16:33:15.0748 3752 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:33:15.0757 3752 Wdf01000 - ok
16:33:15.0876 3752 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:33:15.0876 3752 WmiAcpi - ok
16:33:15.0999 3752 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:33:16.0041 3752 WpdUsb - ok
16:33:16.0124 3752 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:33:16.0128 3752 ws2ifsl - ok
16:33:16.0227 3752 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:33:16.0231 3752 WUDFRd - ok
16:33:16.0500 3752 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
16:33:16.0524 3752 yukonwlh - ok
16:33:16.0561 3752 MBR (0x1B8) (ef9cdc51b437d322d54016b68f003416) \Device\Harddisk0\DR0
16:33:19.0491 3752 \Device\Harddisk0\DR0 - ok
16:33:19.0501 3752 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
16:33:19.0508 3752 \Device\Harddisk2\DR2 - ok
16:33:19.0552 3752 Boot (0x1200) (a5d8190df57f91c838dc888724efffb8) \Device\Harddisk0\DR0\Partition0
16:33:19.0619 3752 \Device\Harddisk0\DR0\Partition0 - ok
16:33:19.0651 3752 Boot (0x1200) (6039e4b6f98c7bdee848364a61ebe481) \Device\Harddisk0\DR0\Partition1
16:33:19.0654 3752 \Device\Harddisk0\DR0\Partition1 - ok
16:33:19.0665 3752 Boot (0x1200) (94d78ed004970358309401ff984850bf) \Device\Harddisk2\DR2\Partition0
16:33:19.0667 3752 \Device\Harddisk2\DR2\Partition0 - ok
16:33:19.0670 3752 ============================================================
16:33:19.0670 3752 Scan finished
16:33:19.0670 3752 ============================================================
16:33:19.0688 2876 Detected object count: 0
16:33:19.0688 2876 Actual detected object count: 0


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 16:34:05
-----------------------------
16:34:05.845 OS Version: Windows 6.0.6002 Service Pack 2
16:34:05.845 Number of processors: 1 586 0x7F02
16:34:05.845 ComputerName: SHAWNSDESKTOP UserName: Shawn
16:34:32.083 Initialize success
16:36:14.471 AVAST engine defs: 12021901
16:36:57.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:36:57.474 Disk 0 Vendor: ST3320813AS SD23 Size: 305245MB BusType: 3
16:36:57.495 Disk 0 MBR read successfully
16:36:57.498 Disk 0 MBR scan
16:36:57.502 Disk 0 unknown MBR code
16:36:57.506 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
16:36:57.528 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145095 MB offset 30734336
16:36:57.552 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145142 MB offset 327888896
16:36:57.558 Disk 0 scanning sectors +625139712
16:36:57.652 Disk 0 scanning C:\Windows\system32\drivers
16:37:10.412 Service scanning
16:37:36.031 Modules scanning
16:37:45.292 Disk 0 trace - called modules:
16:37:45.652 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:37:45.658 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850e4030]
16:37:45.663 3 CLASSPNP.SYS[833a18b3] -> nt!IofCallDriver -> [0x850b5898]
16:37:45.670 5 acpi.sys[806116bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850a1030]
16:37:46.410 AVAST engine scan C:\
17:02:44.926 File: C:\Users\Shawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2aa8dac6-181676fa **INFECTED** Win32:Downloader-NAY [Trj]
21:25:40.610 Scan finished successfully
21:27:56.541 Disk 0 MBR has been saved successfully to "C:\Users\Shawn\Desktop\MBR.dat"
21:27:56.548 The log file has been saved successfully to "C:\Users\Shawn\Desktop\aswMBR.txt"


How do I remove the infected file?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:31 AM

Posted 19 February 2012 - 11:40 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 poboyweb

poboyweb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 19 February 2012 - 11:46 PM

You do realize we already did that a bit ago, right? Just did it again.

Farbar Service Scanner Version: 14-02-2012
Ran by Shawn (administrator) on 19-02-2012 at 21:44:23
Running from "C:\Users\Shawn\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

How do I remove the infected file that aswMBR found?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:31 AM

Posted 19 February 2012 - 11:53 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
C:\Users\Shawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 poboyweb

poboyweb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 20 February 2012 - 12:29 AM

ComboFix 12-02-19.02 - Shawn 02/19/2012 22:11:44.6.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1022 [GMT -7:00]
Running from: c:\users\Shawn\Desktop\ComboFix.exe
Command switches used :: c:\users\Shawn\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 05:18 . 2012-02-20 05:21 -------- d-----w- c:\users\Shawn\AppData\Local\temp
2012-02-20 05:18 . 2012-02-20 05:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-02-20 05:18 . 2012-02-20 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 19:47 . 2012-02-19 19:47 -------- d-----w- c:\users\Shawn\AppData\Roaming\Red Kawa
2012-02-19 19:00 . 2012-02-19 19:00 -------- d-----w- c:\users\Shawn\AppData\Local\Geckofx
2012-02-19 18:59 . 2012-02-19 18:59 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-19 18:59 . 2012-02-19 18:59 -------- d-----w- c:\program files\Red Kawa
2012-02-14 19:44 . 2012-02-14 19:44 -------- d-----w- c:\program files\Fiddler2
2012-02-14 19:38 . 2012-02-14 19:38 -------- d-----w- c:\users\LogMeInRemoteUser
2012-02-14 19:31 . 2012-02-14 19:31 -------- d-----w- c:\users\Shawn\AppData\Local\LogMeIn
2012-02-14 19:31 . 2012-02-01 04:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-14 19:31 . 2012-02-01 04:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-14 19:31 . 2012-02-01 04:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-14 19:31 . 2011-09-16 21:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-02-14 19:31 . 2012-02-01 04:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-14 19:30 . 2012-02-14 19:38 -------- d-----w- c:\program files\LogMeIn
2012-02-14 06:59 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-14 06:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-14 05:47 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-02-14 05:47 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-02-14 05:47 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-02-14 05:47 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-02-14 05:47 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-02-14 05:47 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-02-13 02:40 . 2012-02-13 02:40 -------- d-----w- c:\program files\CCleaner
2012-02-12 22:32 . 2012-02-19 22:58 5468 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-25 22:10 . 2012-01-25 22:10 -------- d-----w- c:\program files\Fast Scan to PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 18:50 . 2011-07-20 23:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 02:14 . 2011-06-16 16:41 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-15 12:03 . 2011-12-15 12:03 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 22:24 . 2011-02-07 20:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-02 20:03 . 2011-11-24 01:37 730192 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2012-01-12 00:18 . 2011-11-11 19:57 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
.
c:\users\Shawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 03:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 21:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-20 10:06 6144000 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-539178292-2617497778-2168755256-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - c:\progra~1\G7PS\VERSAC~1\MESSEN~1\VCMCON~1.OCX
FF - ProfilePath - c:\users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\6spxi091.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 22:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1308)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-19 22:26:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 05:26
ComboFix2.txt 2012-02-19 22:06
.
Pre-Run: 86,008,459,264 bytes free
Post-Run: 85,738,700,800 bytes free
.
- - End Of File - - EDEFADABDC04939C2EA7F2DBE376F1F9

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:31 AM

Posted 20 February 2012 - 12:37 AM

rerun aswMBR and see if it still shows up now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 poboyweb

poboyweb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 23 February 2012 - 02:23 AM

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 16:34:05
-----------------------------
16:34:05.845 OS Version: Windows 6.0.6002 Service Pack 2
16:34:05.845 Number of processors: 1 586 0x7F02
16:34:05.845 ComputerName: SHAWNSDESKTOP UserName: Shawn
16:34:32.083 Initialize success
16:36:14.471 AVAST engine defs: 12021901
16:36:57.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:36:57.474 Disk 0 Vendor: ST3320813AS SD23 Size: 305245MB BusType: 3
16:36:57.495 Disk 0 MBR read successfully
16:36:57.498 Disk 0 MBR scan
16:36:57.502 Disk 0 unknown MBR code
16:36:57.506 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
16:36:57.528 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145095 MB offset 30734336
16:36:57.552 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145142 MB offset 327888896
16:36:57.558 Disk 0 scanning sectors +625139712
16:36:57.652 Disk 0 scanning C:\Windows\system32\drivers
16:37:10.412 Service scanning
16:37:36.031 Modules scanning
16:37:45.292 Disk 0 trace - called modules:
16:37:45.652 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:37:45.658 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850e4030]
16:37:45.663 3 CLASSPNP.SYS[833a18b3] -> nt!IofCallDriver -> [0x850b5898]
16:37:45.670 5 acpi.sys[806116bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850a1030]
16:37:46.410 AVAST engine scan C:\
17:02:44.926 File: C:\Users\Shawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2aa8dac6-181676fa **INFECTED** Win32:Downloader-NAY [Trj]
21:25:40.610 Scan finished successfully
21:27:56.541 Disk 0 MBR has been saved successfully to "C:\Users\Shawn\Desktop\MBR.dat"
21:27:56.548 The log file has been saved successfully to "C:\Users\Shawn\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-21 19:29:58
-----------------------------
19:29:58.804 OS Version: Windows 6.0.6002 Service Pack 2
19:29:58.804 Number of processors: 1 586 0x7F02
19:29:58.805 ComputerName: SHAWNSDESKTOP UserName: Shawn
19:30:02.456 Initialize success
19:31:30.444 AVAST engine defs: 12022101
00:43:48.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:43:48.017 Disk 0 Vendor: ST3320813AS SD23 Size: 305245MB BusType: 3
00:43:48.049 Disk 0 MBR read successfully
00:43:48.052 Disk 0 MBR scan
00:43:48.056 Disk 0 unknown MBR code
00:43:48.066 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
00:43:48.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145095 MB offset 30734336
00:43:48.135 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145142 MB offset 327888896
00:43:48.144 Disk 0 scanning sectors +625139712
00:43:48.209 Disk 0 scanning C:\Windows\system32\drivers
00:43:59.847 Service scanning
00:44:28.343 Modules scanning
00:44:35.615 Disk 0 trace - called modules:
00:44:36.002 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys tcpip.sys NETIO.SYS
00:44:36.007 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850e52c0]
00:44:36.012 3 CLASSPNP.SYS[833a28b3] -> nt!IofCallDriver -> [0x850b6890]
00:44:36.020 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850a2030]
00:44:36.921 AVAST engine scan C:\Windows
00:44:40.686 AVAST engine scan C:\Windows\system32
00:49:13.954 AVAST engine scan C:\Windows\system32\drivers
00:49:29.642 AVAST engine scan C:\Users\Shawn
01:19:32.572 AVAST engine scan C:\ProgramData
01:21:34.342 Scan finished successfully
15:27:40.171 Disk 0 MBR has been saved successfully to "C:\Users\Shawn\Desktop\MBR.dat"
15:27:40.202 The log file has been saved successfully to "C:\Users\Shawn\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users