Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phoenix Exploit Kit (type 769) infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 Ralph {IA2}

Ralph {IA2}

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 16 February 2012 - 01:40 PM

First problem I noticed was my Google reader feed going to a 404 when all other pages loaded fine. Then Google started redirecting. AVG has picked up a few things, and MBAM has gotten rid of a Trojan, but none of these have solved the problem. Last night I started getting Blue Screens as well. Not the traditional BSOD that I'm used to, where "Fatal Exception _________ has occurred," but one where Windows has stopped working, and it needs to shut down to save data. Any advice, assistance, and help with this would be most appreciated. I followed the preparation guide, and am posting the DDS log. Per its instructions, given that I am running Win7 x64, I have not created a GMER log.

Thanks in advance for any help.

~Ralph

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Andrew at 3:30:59 on 2012-02-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2140 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
TCP: Interfaces\{78AF2444-5FC2-49EA-BE68-385DBBD666F2} : DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
TCP: Interfaces\{78AF2444-5FC2-49EA-BE68-385DBBD666F2}\14262656970294E6E6D27657563747 : DhcpNameServer = 68.238.96.12 68.238.112.12 192.168.33.1
TCP: Interfaces\{78AF2444-5FC2-49EA-BE68-385DBBD666F2}\33A4636505 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{78AF2444-5FC2-49EA-BE68-385DBBD666F2}\35861646970596E65637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{78AF2444-5FC2-49EA-BE68-385DBBD666F2}\B696474797E65647 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-13 514232]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-3-30 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2413056]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-1-10 722616]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-16 09:29:02 20480 ----a-w- C:\Windows\svchost.exe
2012-02-16 09:28:18 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-16 06:34:09 -------- d-----w- C:\ComboFix
2012-02-16 02:29:24 98816 ----a-w- C:\Windows\sed.exe
2012-02-16 02:29:24 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-16 02:29:24 256000 ----a-w- C:\Windows\PEV.exe
2012-02-16 02:29:24 208896 ----a-w- C:\Windows\MBR.exe
2012-02-16 02:18:50 -------- d-----w- C:\_OTL
2012-02-14 23:33:16 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-14 23:33:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-14 23:27:07 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-14 23:27:07 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-14 23:27:02 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 23:26:57 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-14 23:26:47 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 23:26:46 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 17:19:51 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-31 06:07:11 -------- d-----w- C:\Users\Andrew\AppData\Local\Iteral_Group_Ltd
2012-01-31 00:35:15 -------- d-----w- C:\Program Files (x86)\IDroo
2012-01-23 22:44:01 -------- d-----w- C:\Users\Andrew\AppData\Roaming\.minecraft
2012-01-23 18:03:01 -------- d-----w- C:\Users\Andrew\AppData\Local\Zachtronics Industries
2012-01-23 06:59:26 -------- d-----w- C:\Users\Andrew\AppData\Local\Graboid_Inc
2012-01-23 06:59:25 -------- d-----w- C:\Users\Andrew\AppData\Local\Graboid
2012-01-23 06:59:25 -------- d-----w- C:\ProgramData\Graboid Inc
2012-01-23 06:59:11 -------- d-----w- C:\Users\Andrew\AppData\Local\Geckofx
2012-01-23 06:53:46 -------- d-----w- C:\Program Files (x86)\Graboid
2012-01-20 02:32:24 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-01-19 22:45:30 -------- d-----w- C:\$AVG
2012-01-19 22:38:25 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
==================== Find3M ====================
.
2012-01-06 17:51:30 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-01-06 17:51:20 14848 ----a-w- C:\Windows\System32\smrgdf.exe
2012-01-06 17:29:08 2141832 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-01-06 17:29:06 2083464 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-01-02 07:04:18 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-01-02 07:04:18 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-01-02 07:04:18 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-01-02 07:04:18 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-30 17:50:11 1145448 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys
2011-11-30 17:46:02 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2011-11-30 17:46:02 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll
2011-11-30 17:46:02 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll
2011-11-30 17:46:02 1451056 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2011-11-30 17:46:02 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2011-11-30 17:46:00 411944 ----a-w- C:\Windows\System32\SynCOM.dll
2011-11-30 17:46:00 276264 ----a-w- C:\Windows\System32\SynCtrl.dll
2011-11-30 17:46:00 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2011-11-30 17:46:00 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2011-11-30 17:43:25 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-30 17:43:19 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-30 17:39:34 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2011-11-30 17:39:34 338536 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2011-11-29 21:25:11 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-11-28 19:50:34 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-11-28 19:50:34 425064 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-11-28 19:50:34 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-11-28 19:43:05 114704 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2011-11-28 19:43:03 79488 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
2011-11-28 19:43:03 53376 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-11-28 19:43:03 40064 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 3:34:06.71 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 19 February 2012 - 02:21 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 February 2012 - 11:31 AM

ComboFix 12-02-15.01 - Andrew 02/19/2012 1:37.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2208 [GMT -6:00]
Running from: c:\users\Andrew\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 08:45 . 2012-02-19 08:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 08:45 . 2012-02-19 08:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-19 04:21 . 2012-02-19 04:22 -------- d-----w- c:\users\Andrew\DVD Backups
2012-02-19 04:21 . 2012-02-19 06:52 -------- d-----w- c:\program files (x86)\FairUse Wizard 2
2012-02-17 18:09 . 2012-02-17 18:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-16 19:19 . 2012-02-16 19:20 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-02-16 19:19 . 2012-02-16 19:19 -------- d-----w- c:\windows\SysWow64\xlive
2012-02-16 02:18 . 2012-02-16 02:18 -------- d-----w- C:\_OTL
2012-02-14 23:33 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 23:33 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 23:27 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 23:27 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 23:27 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 23:26 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 23:26 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 23:26 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 17:19 . 2012-02-16 07:39 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-31 06:07 . 2012-01-31 06:07 -------- d-----w- c:\users\Andrew\AppData\Local\Iteral_Group_Ltd
2012-01-31 00:35 . 2012-01-31 00:35 -------- d-----w- c:\program files (x86)\IDroo
2012-01-23 22:44 . 2012-01-24 19:34 -------- d-----w- c:\users\Andrew\AppData\Roaming\.minecraft
2012-01-23 18:03 . 2012-01-23 18:03 -------- d-----w- c:\users\Andrew\AppData\Local\Zachtronics Industries
2012-01-23 07:13 . 2012-01-24 03:14 -------- d-----w- c:\users\Andrew\AppData\Roaming\vlc
2012-01-23 06:59 . 2012-01-23 07:10 -------- d-----w- c:\users\Andrew\AppData\Local\Graboid
2012-01-23 06:59 . 2012-01-23 06:59 -------- d-----w- c:\programdata\Graboid Inc
2012-01-23 06:59 . 2012-01-23 06:59 -------- d-----w- c:\users\Andrew\AppData\Local\Geckofx
2012-01-23 06:53 . 2012-01-23 07:15 -------- d-----w- c:\program files (x86)\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 02:32 . 2012-01-20 02:32 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-01-06 17:51 . 2011-09-29 01:18 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 17:51 . 2011-09-29 01:18 14848 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 17:29 . 2011-09-29 01:18 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2012-01-06 17:29 . 2011-09-29 01:18 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-01-02 07:04 . 2012-01-02 03:51 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-02 07:04 . 2012-01-02 03:51 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-02 07:04 . 2012-01-02 03:51 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-02 07:04 . 2012-01-02 03:51 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-10 21:24 . 2011-08-30 23:04 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 17:50 . 2011-06-02 08:09 1145448 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2011-11-30 17:46 . 2011-11-30 17:47 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2011-11-30 17:46 . 2011-11-30 17:47 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-11-30 17:46 . 2011-11-30 17:46 226600 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-11-30 17:46 . 2011-11-30 17:46 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-11-30 17:46 . 2011-11-30 17:46 1451056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-11-30 17:46 . 2011-11-30 17:46 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-11-30 17:46 . 2011-11-30 17:46 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2011-11-30 17:46 . 2011-11-30 17:46 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-11-30 17:46 . 2010-12-17 02:26 411944 ----a-w- c:\windows\system32\SynCOM.dll
2011-11-30 17:43 . 2011-11-30 17:43 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-30 17:43 . 2011-11-30 17:43 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-30 17:40 . 2011-11-30 17:42 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2011-11-30 17:40 . 2011-06-02 08:07 4780032 ----a-w- c:\windows\system32\stlang64.dll
2011-11-30 17:40 . 2011-06-02 08:07 1128448 ----a-w- c:\windows\sttray64.exe
2011-11-30 17:40 . 2011-11-30 17:42 431616 ----a-w- c:\windows\system32\stcplx64.dll
2011-11-30 17:40 . 2011-11-30 17:42 1965056 ----a-w- c:\windows\system32\stapo64.dll
2011-11-30 17:40 . 2011-11-30 17:42 654336 ------w- c:\windows\system32\stapi64.dll
2011-11-30 17:40 . 2011-06-02 08:07 224256 ----a-w- c:\windows\system32\staco64.dll
2011-11-30 17:40 . 2011-06-02 08:07 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2011-11-30 17:40 . 2011-06-02 08:07 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2011-11-30 17:40 . 2011-06-02 08:07 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2011-11-30 17:40 . 2011-06-02 08:07 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2011-11-30 17:40 . 2011-06-02 08:07 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2011-11-30 17:40 . 2011-06-02 08:07 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2011-11-30 17:39 . 2011-11-30 17:40 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2011-11-30 17:39 . 2011-06-02 08:06 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2011-11-29 21:25 . 2011-11-30 17:43 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-11-28 19:50 . 2011-11-28 19:51 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-11-28 19:50 . 2011-11-28 19:51 425064 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-11-28 19:50 . 2011-06-02 08:08 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-11-28 19:43 . 2011-11-28 19:43 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-11-28 19:43 . 2011-11-28 19:46 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-11-28 19:43 . 2011-11-28 19:43 79488 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2011-11-28 19:43 . 2011-11-28 19:43 40064 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2011-11-28 19:42 . 2011-11-28 19:43 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-28 19:42 . 2011-04-13 06:34 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-28 19:42 . 2011-04-13 06:09 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-28 19:42 . 2011-04-13 06:09 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-28 19:42 . 2011-04-13 06:05 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-28 19:42 . 2011-11-28 19:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-28 19:42 . 2011-04-13 06:24 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-28 19:42 . 2011-11-28 19:43 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-28 19:42 . 2011-11-28 19:43 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 18584064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-28 19:42 . 2011-11-28 19:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-28 19:42 . 2011-04-13 06:41 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-28 19:42 . 2011-04-13 06:17 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-28 19:42 . 2011-04-13 06:09 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-28 19:42 . 2011-04-13 06:09 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-28 19:42 . 2011-11-28 19:43 24600576 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-28 19:42 . 2011-11-28 19:43 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-28 19:42 . 2011-11-28 19:43 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-28 19:42 . 2011-11-28 19:43 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-28 19:42 . 2011-11-28 19:43 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-28 19:42 . 2011-11-28 19:43 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-28 19:42 . 2011-11-28 19:43 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-28 19:42 . 2011-11-28 19:43 10210304 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-28 19:42 . 2011-11-28 19:43 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-28 19:42 . 2011-11-28 19:43 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-28 19:42 . 2011-11-28 19:43 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-28 19:42 . 2011-11-28 19:43 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-28 19:42 . 2011-11-28 19:43 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-28 19:42 . 2011-11-28 19:43 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-28 19:42 . 2011-04-13 06:50 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-28 19:42 . 2011-04-13 06:43 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-28 19:42 . 2011-04-13 06:34 4960256 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-28 19:42 . 2011-11-28 19:43 9809920 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-28 19:42 . 2011-11-28 19:43 8390656 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-28 19:42 . 2011-11-28 19:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-28 19:42 . 2011-11-28 19:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-28 19:42 . 2011-11-28 19:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-28 19:42 . 2011-11-28 19:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-28 19:42 . 2011-11-28 19:43 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-28 19:42 . 2011-11-28 19:43 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-28 19:42 . 2011-11-28 19:43 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-28 19:42 . 2011-04-13 06:52 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_06.57.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 09:32 . 2012-02-16 23:57 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021620120217\index.dat
- 2012-02-12 08:51 . 2012-02-16 03:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-12 08:51 . 2012-02-17 00:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-02-17 18:14 49984 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-17 18:14 54032 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-30 23:10 . 2012-02-17 18:14 10444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2234773141-2221977096-2114738989-1001_UserData.bin
+ 2012-02-12 08:46 . 2012-02-16 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-12 08:46 . 2012-02-16 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-17 18:15 94536 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-16 03:38 . 2012-02-16 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-16 03:38 . 2012-02-16 06:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-16 03:38 . 2012-02-16 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-02-16 03:38 . 2012-02-16 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-16 03:38 . 2012-02-16 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-02-16 03:38 . 2012-02-16 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-02-12 08:46 . 2012-02-16 06:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-12 08:46 . 2012-02-16 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-12 08:46 . 2012-02-16 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-12 08:46 . 2012-02-16 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-02 03:10 . 2012-01-02 03:10 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-02-19 08:47 . 2012-02-19 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-16 06:56 . 2012-02-16 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-16 06:56 . 2012-02-16 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-19 08:47 . 2012-02-19 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-08 01:35 . 2009-08-08 01:35 134144 c:\windows\SysWOW64\xlive\sqmapi.dll
+ 2012-02-12 08:48 . 2012-02-17 00:39 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-12 08:48 . 2012-02-16 06:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-17 05:13 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-16 06:34 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-31 05:30 . 2012-02-19 01:59 299854 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-02-16 06:39 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-17 18:21 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-17 18:21 121426 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-16 06:39 121426 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-19 08:46 369568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-16 06:55 369568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-16 19:17 . 2012-02-16 19:17 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-07-14 04:54 . 2012-02-16 06:34 4407296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 05:13 4407296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2012-02-16 05:06 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-17 18:14 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-06-02 08:29 . 2012-02-16 06:31 1255504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-02 08:29 . 2012-02-19 08:46 1255504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-15 08:22 . 2012-02-16 23:52 5945628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-08-11 03:51 . 2009-08-11 03:51 5230080 c:\windows\Installer\4df8a3.msi
+ 2011-12-29 04:36 . 2011-12-29 04:36 2818048 c:\windows\Installer\4df897.msi
- 2012-01-02 03:10 . 2012-01-02 03:10 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-02-16 19:17 . 2012-02-16 19:17 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-02 03:10 . 2012-01-02 03:10 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-28 23:45 . 2011-09-28 23:45 13642888 c:\windows\SysWOW64\xlivefnt.dll
+ 2011-09-28 23:45 . 2011-09-28 23:45 15453832 c:\windows\SysWOW64\xlive.dll
+ 2009-07-14 04:54 . 2012-02-17 05:13 15482880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-16 06:34 15482880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-31 00:27 . 2012-02-16 06:31 35641820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2234773141-2221977096-2114738989-1001-12288.dat
+ 2011-08-31 00:27 . 2012-02-19 08:46 35641820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2234773141-2221977096-2114738989-1001-12288.dat
+ 2011-09-28 23:55 . 2011-09-28 23:55 21598208 c:\windows\Installer\622d15.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-13 3077528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-03-30 586808]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-03-30 319544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-01-06 606904]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-03-30 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2413056]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-01-06 722616]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234773141-2221977096-2114738989-1001Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 00:15]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234773141-2221977096-2114738989-1001UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 00:15]
.
2012-02-15 c:\windows\Tasks\HPCeeScheduleForAndrew.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-01-31 c:\windows\Tasks\HPCeeScheduleForRALPH-MOBILE$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-30 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-02-19 03:10:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-19 09:10
ComboFix2.txt 2012-02-16 07:22
.
Pre-Run: 316,995,645,440 bytes free
Post-Run: 317,070,708,736 bytes free
.
- - End Of File - - 2E7DD4BF85514EC9A7AC0BD16DF94FA5


I had run TDSSKiller while waiting for your reply. It found a pihar rootkit, which it then deleted. Doing so seemed to make the Google redirecting intermittent, rather than every time as it had been. Eliminating the rootkit did not restore Google reader function, but instead of going to a 404, it instead insisted that it could not connect to the server at www.google.com. Running ComboFix seems to have restored function of Google instant, as well as Google Reader. I have not done extensive browsing since it completed its scan, but so far things seem to be working normally.

#4 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 February 2012 - 11:32 AM

Also, no problems running ComboFix other than it taking a while.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 19 February 2012 - 01:50 PM

Greetings

I want you to run these next,

tdsskiller: <-- yes run it again.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 February 2012 - 03:44 PM

For reference, I am including the first TDSSKiller log in addition to the most recent. No problems running TDSSKiller or aswMBR.

12:08:14.0099 5200 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:08:14.0838 5200 ============================================================
12:08:14.0838 5200 Current date / time: 2012/02/17 12:08:14.0838
12:08:14.0838 5200 SystemInfo:
12:08:14.0838 5200
12:08:14.0838 5200 OS Version: 6.1.7601 ServicePack: 1.0
12:08:14.0838 5200 Product type: Workstation
12:08:14.0838 5200 ComputerName: RALPH-MOBILE
12:08:14.0838 5200 UserName: Andrew
12:08:14.0838 5200 Windows directory: C:\Windows
12:08:14.0839 5200 System windows directory: C:\Windows
12:08:14.0839 5200 Running under WOW64
12:08:14.0839 5200 Processor architecture: Intel x64
12:08:14.0839 5200 Number of processors: 2
12:08:14.0839 5200 Page size: 0x1000
12:08:14.0839 5200 Boot type: Normal boot
12:08:14.0839 5200 ============================================================
12:08:16.0732 5200 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:08:16.0747 5200 \Device\Harddisk0\DR0:
12:08:16.0747 5200 MBR used
12:08:16.0747 5200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:08:16.0747 5200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38715000
12:08:16.0747 5200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38779000, BlocksNum 0x1BD9000
12:08:16.0747 5200 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
12:08:17.0020 5200 Initialize success
12:08:17.0020 5200 ============================================================
12:08:34.0200 6604 ============================================================
12:08:34.0200 6604 Scan started
12:08:34.0200 6604 Mode: Manual;
12:08:34.0200 6604 ============================================================
12:08:38.0615 6604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:08:38.0660 6604 1394ohci - ok
12:08:38.0758 6604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:08:38.0768 6604 ACPI - ok
12:08:38.0805 6604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:08:38.0810 6604 AcpiPmi - ok
12:08:38.0945 6604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:08:38.0969 6604 adp94xx - ok
12:08:39.0035 6604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:08:39.0045 6604 adpahci - ok
12:08:39.0145 6604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:08:39.0151 6604 adpu320 - ok
12:08:39.0256 6604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:08:39.0279 6604 AFD - ok
12:08:39.0362 6604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:08:39.0366 6604 agp440 - ok
12:08:39.0422 6604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:08:39.0426 6604 aliide - ok
12:08:39.0576 6604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:08:39.0580 6604 amdide - ok
12:08:39.0614 6604 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
12:08:39.0618 6604 amdiox64 - ok
12:08:39.0655 6604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:08:39.0660 6604 AmdK8 - ok
12:08:39.0936 6604 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
12:08:40.0247 6604 amdkmdag - ok
12:08:40.0362 6604 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
12:08:40.0393 6604 amdkmdap - ok
12:08:40.0440 6604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:08:40.0445 6604 AmdPPM - ok
12:08:40.0480 6604 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:08:40.0525 6604 amdsata - ok
12:08:40.0568 6604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:08:40.0575 6604 amdsbs - ok
12:08:40.0602 6604 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:08:40.0606 6604 amdxata - ok
12:08:40.0636 6604 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys
12:08:40.0638 6604 amd_sata - ok
12:08:40.0776 6604 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys
12:08:40.0780 6604 amd_xata - ok
12:08:40.0815 6604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:08:40.0821 6604 AppID - ok
12:08:40.0936 6604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:08:40.0942 6604 arc - ok
12:08:40.0975 6604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:08:40.0981 6604 arcsas - ok
12:08:41.0122 6604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:08:41.0126 6604 AsyncMac - ok
12:08:41.0159 6604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:08:41.0164 6604 atapi - ok
12:08:41.0205 6604 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
12:08:41.0211 6604 AtiHDAudioService - ok
12:08:41.0258 6604 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:08:41.0262 6604 AVGIDSDriver - ok
12:08:41.0295 6604 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:08:41.0298 6604 AVGIDSEH - ok
12:08:41.0321 6604 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:08:41.0324 6604 AVGIDSFilter - ok
12:08:41.0352 6604 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
12:08:41.0358 6604 Avgldx64 - ok
12:08:41.0434 6604 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:08:41.0438 6604 Avgmfx64 - ok
12:08:41.0470 6604 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:08:41.0475 6604 Avgrkx64 - ok
12:08:41.0509 6604 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
12:08:41.0516 6604 Avgtdia - ok
12:08:41.0576 6604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:08:41.0592 6604 b06bdrv - ok
12:08:41.0677 6604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:08:41.0688 6604 b57nd60a - ok
12:08:41.0765 6604 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:08:41.0813 6604 BCM43XX - ok
12:08:41.0847 6604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:08:41.0850 6604 Beep - ok
12:08:41.0946 6604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:08:41.0951 6604 blbdrive - ok
12:08:41.0975 6604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:08:41.0980 6604 bowser - ok
12:08:42.0017 6604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:08:42.0019 6604 BrFiltLo - ok
12:08:42.0056 6604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:08:42.0059 6604 BrFiltUp - ok
12:08:42.0164 6604 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:08:42.0170 6604 BridgeMP - ok
12:08:42.0202 6604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:08:42.0209 6604 Brserid - ok
12:08:42.0234 6604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:08:42.0250 6604 BrSerWdm - ok
12:08:42.0269 6604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:08:42.0273 6604 BrUsbMdm - ok
12:08:42.0313 6604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:08:42.0317 6604 BrUsbSer - ok
12:08:42.0362 6604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:08:42.0366 6604 BTHMODEM - ok
12:08:42.0418 6604 catchme - ok
12:08:42.0509 6604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:08:42.0515 6604 cdfs - ok
12:08:42.0552 6604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:08:42.0559 6604 cdrom - ok
12:08:42.0587 6604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:08:42.0591 6604 circlass - ok
12:08:42.0634 6604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:08:42.0643 6604 CLFS - ok
12:08:42.0691 6604 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
12:08:42.0694 6604 clwvd - ok
12:08:42.0715 6604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:08:42.0718 6604 CmBatt - ok
12:08:42.0753 6604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:08:42.0757 6604 cmdide - ok
12:08:42.0806 6604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:08:42.0814 6604 CNG - ok
12:08:42.0839 6604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:08:42.0842 6604 Compbatt - ok
12:08:42.0874 6604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:08:42.0878 6604 CompositeBus - ok
12:08:42.0918 6604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:08:42.0922 6604 crcdisk - ok
12:08:42.0978 6604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:08:42.0982 6604 DfsC - ok
12:08:43.0010 6604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:08:43.0011 6604 discache - ok
12:08:43.0036 6604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:08:43.0039 6604 Disk - ok
12:08:43.0095 6604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:08:43.0098 6604 drmkaud - ok
12:08:43.0137 6604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:08:43.0171 6604 DXGKrnl - ok
12:08:43.0204 6604 EagleX64 - ok
12:08:43.0335 6604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:08:43.0428 6604 ebdrv - ok
12:08:43.0499 6604 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
12:08:43.0502 6604 ElRawDisk - ok
12:08:43.0545 6604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:08:43.0554 6604 elxstor - ok
12:08:43.0608 6604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:08:43.0612 6604 ErrDev - ok
12:08:43.0661 6604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:08:43.0667 6604 exfat - ok
12:08:43.0697 6604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:08:43.0702 6604 fastfat - ok
12:08:43.0743 6604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:08:43.0747 6604 fdc - ok
12:08:43.0762 6604 FileDisk - ok
12:08:43.0786 6604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:08:43.0790 6604 FileInfo - ok
12:08:43.0805 6604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:08:43.0808 6604 Filetrace - ok
12:08:43.0831 6604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:08:43.0835 6604 flpydisk - ok
12:08:43.0866 6604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:08:43.0872 6604 FltMgr - ok
12:08:43.0899 6604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:08:43.0903 6604 FsDepends - ok
12:08:43.0925 6604 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:08:43.0928 6604 Fs_Rec - ok
12:08:43.0954 6604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:08:43.0959 6604 fvevol - ok
12:08:43.0994 6604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:08:43.0998 6604 gagp30kx - ok
12:08:44.0041 6604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:08:44.0061 6604 hcw85cir - ok
12:08:44.0094 6604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:08:44.0102 6604 HdAudAddService - ok
12:08:44.0129 6604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:08:44.0134 6604 HDAudBus - ok
12:08:44.0161 6604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:08:44.0165 6604 HidBatt - ok
12:08:44.0185 6604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:08:44.0189 6604 HidBth - ok
12:08:44.0230 6604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:08:44.0233 6604 HidIr - ok
12:08:44.0264 6604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:08:44.0269 6604 HidUsb - ok
12:08:44.0384 6604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:08:44.0389 6604 HpSAMD - ok
12:08:44.0449 6604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:08:44.0484 6604 HTTP - ok
12:08:44.0506 6604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:08:44.0510 6604 hwpolicy - ok
12:08:44.0540 6604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:08:44.0545 6604 i8042prt - ok
12:08:44.0595 6604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:08:44.0606 6604 iaStorV - ok
12:08:44.0715 6604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:08:44.0718 6604 iirsp - ok
12:08:44.0777 6604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:08:44.0781 6604 intelide - ok
12:08:44.0802 6604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
12:08:44.0807 6604 intelppm - ok
12:08:44.0842 6604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:08:44.0846 6604 IpFilterDriver - ok
12:08:44.0957 6604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:08:44.0964 6604 IPMIDRV - ok
12:08:44.0993 6604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:08:44.0998 6604 IPNAT - ok
12:08:45.0019 6604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:08:45.0023 6604 IRENUM - ok
12:08:45.0052 6604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:08:45.0055 6604 isapnp - ok
12:08:45.0100 6604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:08:45.0107 6604 iScsiPrt - ok
12:08:45.0136 6604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:08:45.0140 6604 kbdclass - ok
12:08:45.0163 6604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:08:45.0166 6604 kbdhid - ok
12:08:45.0215 6604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:08:45.0219 6604 KSecDD - ok
12:08:45.0237 6604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:08:45.0241 6604 KSecPkg - ok
12:08:45.0261 6604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:08:45.0264 6604 ksthunk - ok
12:08:45.0327 6604 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:08:45.0332 6604 LHidFilt - ok
12:08:45.0350 6604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:08:45.0356 6604 lltdio - ok
12:08:45.0392 6604 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:08:45.0395 6604 LMouFilt - ok
12:08:45.0436 6604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:08:45.0440 6604 LSI_FC - ok
12:08:45.0468 6604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:08:45.0473 6604 LSI_SAS - ok
12:08:45.0484 6604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:08:45.0488 6604 LSI_SAS2 - ok
12:08:45.0511 6604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:08:45.0514 6604 LSI_SCSI - ok
12:08:45.0535 6604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:08:45.0541 6604 luafv - ok
12:08:45.0584 6604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:08:45.0587 6604 megasas - ok
12:08:45.0632 6604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:08:45.0639 6604 MegaSR - ok
12:08:45.0676 6604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:08:45.0681 6604 Modem - ok
12:08:45.0691 6604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:08:45.0693 6604 monitor - ok
12:08:45.0725 6604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:08:45.0728 6604 mouclass - ok
12:08:45.0748 6604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:08:45.0751 6604 mouhid - ok
12:08:45.0770 6604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:08:45.0773 6604 mountmgr - ok
12:08:45.0812 6604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:08:45.0816 6604 mpio - ok
12:08:45.0834 6604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:08:45.0839 6604 mpsdrv - ok
12:08:45.0877 6604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:08:45.0881 6604 MRxDAV - ok
12:08:45.0918 6604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:08:45.0932 6604 mrxsmb - ok
12:08:45.0971 6604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:08:45.0978 6604 mrxsmb10 - ok
12:08:45.0998 6604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:08:46.0003 6604 mrxsmb20 - ok
12:08:46.0034 6604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:08:46.0037 6604 msahci - ok
12:08:46.0061 6604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:08:46.0065 6604 msdsm - ok
12:08:46.0113 6604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:08:46.0116 6604 Msfs - ok
12:08:46.0131 6604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:08:46.0134 6604 mshidkmdf - ok
12:08:46.0160 6604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:08:46.0163 6604 msisadrv - ok
12:08:46.0187 6604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:08:46.0191 6604 MSKSSRV - ok
12:08:46.0201 6604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:08:46.0204 6604 MSPCLOCK - ok
12:08:46.0214 6604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:08:46.0216 6604 MSPQM - ok
12:08:46.0243 6604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:08:46.0249 6604 MsRPC - ok
12:08:46.0270 6604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:08:46.0273 6604 mssmbios - ok
12:08:46.0298 6604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:08:46.0309 6604 MSTEE - ok
12:08:46.0344 6604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:08:46.0347 6604 MTConfig - ok
12:08:46.0382 6604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:08:46.0386 6604 Mup - ok
12:08:46.0432 6604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:08:46.0439 6604 NativeWifiP - ok
12:08:46.0483 6604 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:08:46.0545 6604 NDIS - ok
12:08:46.0631 6604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:08:46.0636 6604 NdisCap - ok
12:08:46.0660 6604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:08:46.0664 6604 NdisTapi - ok
12:08:46.0690 6604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:08:46.0696 6604 Ndisuio - ok
12:08:46.0717 6604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:08:46.0724 6604 NdisWan - ok
12:08:46.0754 6604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:08:46.0759 6604 NDProxy - ok
12:08:46.0777 6604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:08:46.0780 6604 NetBIOS - ok
12:08:46.0802 6604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:08:46.0806 6604 NetBT - ok
12:08:46.0847 6604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:08:46.0851 6604 nfrd960 - ok
12:08:46.0876 6604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:08:46.0879 6604 Npfs - ok
12:08:46.0894 6604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:08:46.0896 6604 nsiproxy - ok
12:08:46.0965 6604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:08:47.0023 6604 Ntfs - ok
12:08:47.0055 6604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:08:47.0058 6604 Null - ok
12:08:47.0095 6604 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
12:08:47.0103 6604 NVENETFD - ok
12:08:47.0148 6604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:08:47.0153 6604 nvraid - ok
12:08:47.0175 6604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:08:47.0179 6604 nvstor - ok
12:08:47.0219 6604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:08:47.0224 6604 nv_agp - ok
12:08:47.0278 6604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:08:47.0283 6604 ohci1394 - ok
12:08:47.0412 6604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:08:47.0417 6604 Parport - ok
12:08:47.0454 6604 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:08:47.0459 6604 partmgr - ok
12:08:47.0501 6604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:08:47.0531 6604 pci - ok
12:08:47.0610 6604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:08:47.0614 6604 pciide - ok
12:08:47.0677 6604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:08:47.0687 6604 pcmcia - ok
12:08:47.0770 6604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:08:47.0776 6604 pcw - ok
12:08:47.0818 6604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:08:47.0846 6604 PEAUTH - ok
12:08:47.0909 6604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:08:47.0913 6604 PptpMiniport - ok
12:08:47.0937 6604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:08:47.0940 6604 Processor - ok
12:08:47.0965 6604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:08:47.0968 6604 Psched - ok
12:08:48.0032 6604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:08:48.0082 6604 ql2300 - ok
12:08:48.0124 6604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:08:48.0129 6604 ql40xx - ok
12:08:48.0170 6604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:08:48.0174 6604 QWAVEdrv - ok
12:08:48.0203 6604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:08:48.0206 6604 RasAcd - ok
12:08:48.0231 6604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:08:48.0235 6604 RasAgileVpn - ok
12:08:48.0263 6604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:08:48.0268 6604 Rasl2tp - ok
12:08:48.0294 6604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:08:48.0298 6604 RasPppoe - ok
12:08:48.0322 6604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:08:48.0334 6604 RasSstp - ok
12:08:48.0376 6604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:08:48.0384 6604 rdbss - ok
12:08:48.0469 6604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:08:48.0474 6604 rdpbus - ok
12:08:48.0503 6604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:08:48.0505 6604 RDPCDD - ok
12:08:48.0522 6604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:08:48.0524 6604 RDPENCDD - ok
12:08:48.0547 6604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:08:48.0550 6604 RDPREFMP - ok
12:08:48.0584 6604 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:08:48.0589 6604 RDPWD - ok
12:08:48.0614 6604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:08:48.0618 6604 rdyboost - ok
12:08:48.0680 6604 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
12:08:48.0687 6604 RSPCIESTOR - ok
12:08:48.0738 6604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:08:48.0742 6604 rspndr - ok
12:08:48.0786 6604 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:08:48.0794 6604 RTL8167 - ok
12:08:48.0842 6604 RTL8192Ce (f33e70e48a54a7a1bfbeeb4f3b273e4a) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
12:08:48.0876 6604 RTL8192Ce - ok
12:08:48.0969 6604 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:08:48.0971 6604 SASDIFSV - ok
12:08:49.0008 6604 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:08:49.0010 6604 SASKUTIL - ok
12:08:49.0093 6604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:08:49.0098 6604 sbp2port - ok
12:08:49.0156 6604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:08:49.0161 6604 scfilter - ok
12:08:49.0207 6604 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
12:08:49.0212 6604 sdbus - ok
12:08:49.0244 6604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:08:49.0247 6604 secdrv - ok
12:08:49.0281 6604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:08:49.0284 6604 Serenum - ok
12:08:49.0303 6604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:08:49.0306 6604 Serial - ok
12:08:49.0323 6604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:08:49.0326 6604 sermouse - ok
12:08:49.0375 6604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:08:49.0377 6604 sffdisk - ok
12:08:49.0403 6604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:08:49.0406 6604 sffp_mmc - ok
12:08:49.0417 6604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:08:49.0419 6604 sffp_sd - ok
12:08:49.0444 6604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:08:49.0447 6604 sfloppy - ok
12:08:49.0493 6604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:08:49.0496 6604 SiSRaid2 - ok
12:08:49.0531 6604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:08:49.0535 6604 SiSRaid4 - ok
12:08:49.0570 6604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:08:49.0574 6604 Smb - ok
12:08:49.0598 6604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:08:49.0601 6604 spldr - ok
12:08:49.0645 6604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:08:49.0658 6604 srv - ok
12:08:49.0685 6604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:08:49.0692 6604 srv2 - ok
12:08:49.0739 6604 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:08:49.0767 6604 SrvHsfHDA - ok
12:08:49.0840 6604 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:08:49.0879 6604 SrvHsfV92 - ok
12:08:49.0933 6604 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:08:49.0956 6604 SrvHsfWinac - ok
12:08:49.0989 6604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:08:49.0995 6604 srvnet - ok
12:08:50.0090 6604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:08:50.0094 6604 stexstor - ok
12:08:50.0155 6604 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
12:08:50.0179 6604 STHDA - ok
12:08:50.0235 6604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:08:50.0239 6604 swenum - ok
12:08:50.0328 6604 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
12:08:50.0375 6604 SynTP - ok
12:08:50.0509 6604 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:08:50.0573 6604 Tcpip - ok
12:08:50.0636 6604 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:08:50.0654 6604 TCPIP6 - ok
12:08:50.0706 6604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:08:50.0710 6604 tcpipreg - ok
12:08:50.0739 6604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:08:50.0742 6604 TDPIPE - ok
12:08:50.0753 6604 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:08:50.0755 6604 TDTCP - ok
12:08:50.0828 6604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:08:50.0835 6604 tdx - ok
12:08:50.0871 6604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:08:50.0875 6604 TermDD - ok
12:08:50.0932 6604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:50.0935 6604 tssecsrv - ok
12:08:50.0957 6604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:08:50.0969 6604 TsUsbFlt - ok
12:08:51.0001 6604 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:08:51.0003 6604 TsUsbGD - ok
12:08:51.0036 6604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:08:51.0040 6604 tunnel - ok
12:08:51.0075 6604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:08:51.0078 6604 uagp35 - ok
12:08:51.0114 6604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:08:51.0121 6604 udfs - ok
12:08:51.0183 6604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:08:51.0188 6604 uliagpkx - ok
12:08:51.0230 6604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:08:51.0234 6604 umbus - ok
12:08:51.0260 6604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:08:51.0263 6604 UmPass - ok
12:08:51.0300 6604 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:08:51.0304 6604 usbaudio - ok
12:08:51.0333 6604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:51.0337 6604 usbccgp - ok
12:08:51.0356 6604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:08:51.0360 6604 usbcir - ok
12:08:51.0396 6604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:08:51.0400 6604 usbehci - ok
12:08:51.0485 6604 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
12:08:51.0490 6604 usbfilter - ok
12:08:51.0527 6604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:08:51.0535 6604 usbhub - ok
12:08:51.0558 6604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:08:51.0563 6604 usbohci - ok
12:08:51.0607 6604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:08:51.0611 6604 usbprint - ok
12:08:51.0655 6604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:08:51.0660 6604 USBSTOR - ok
12:08:51.0680 6604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:08:51.0684 6604 usbuhci - ok
12:08:51.0723 6604 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:08:51.0729 6604 usbvideo - ok
12:08:51.0847 6604 VBoxDrv (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:08:51.0867 6604 VBoxDrv - ok
12:08:51.0975 6604 VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:08:51.0981 6604 VBoxNetAdp - ok
12:08:52.0015 6604 VBoxNetFlt (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
12:08:52.0020 6604 VBoxNetFlt - ok
12:08:52.0055 6604 VBoxUSBMon (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:08:52.0060 6604 VBoxUSBMon - ok
12:08:52.0093 6604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:08:52.0096 6604 vdrvroot - ok
12:08:52.0135 6604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:08:52.0138 6604 vga - ok
12:08:52.0168 6604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:08:52.0171 6604 VgaSave - ok
12:08:52.0194 6604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:08:52.0199 6604 vhdmp - ok
12:08:52.0214 6604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:08:52.0217 6604 viaide - ok
12:08:52.0244 6604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:08:52.0248 6604 volmgr - ok
12:08:52.0275 6604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:08:52.0281 6604 volmgrx - ok
12:08:52.0319 6604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:08:52.0325 6604 volsnap - ok
12:08:52.0354 6604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:08:52.0359 6604 vsmraid - ok
12:08:52.0420 6604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:08:52.0425 6604 vwifibus - ok
12:08:52.0446 6604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:08:52.0451 6604 vwififlt - ok
12:08:52.0486 6604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:08:52.0489 6604 WacomPen - ok
12:08:52.0508 6604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:08:52.0512 6604 WANARP - ok
12:08:52.0518 6604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:08:52.0520 6604 Wanarpv6 - ok
12:08:52.0584 6604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:08:52.0588 6604 Wd - ok
12:08:52.0631 6604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:08:52.0666 6604 Wdf01000 - ok
12:08:52.0715 6604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:08:52.0718 6604 WfpLwf - ok
12:08:52.0741 6604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:08:52.0744 6604 WIMMount - ok
12:08:52.0840 6604 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:08:52.0845 6604 WinUsb - ok
12:08:52.0902 6604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:08:52.0905 6604 WmiAcpi - ok
12:08:52.0949 6604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:08:52.0952 6604 ws2ifsl - ok
12:08:53.0007 6604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:08:53.0012 6604 WudfPf - ok
12:08:53.0033 6604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:08:53.0037 6604 WUDFRd - ok
12:08:53.0075 6604 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
12:08:53.0111 6604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:08:53.0111 6604 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:08:53.0151 6604 Boot (0x1200) (786086915b6cdad4bc9f10f748fd6252) \Device\Harddisk0\DR0\Partition0
12:08:53.0155 6604 \Device\Harddisk0\DR0\Partition0 - ok
12:08:53.0173 6604 Boot (0x1200) (c61e32c0b3f7ba1abefaadeb69a1844c) \Device\Harddisk0\DR0\Partition1
12:08:53.0176 6604 \Device\Harddisk0\DR0\Partition1 - ok
12:08:53.0217 6604 Boot (0x1200) (f295a53feb197b1b30c297800bb8032c) \Device\Harddisk0\DR0\Partition2
12:08:53.0219 6604 \Device\Harddisk0\DR0\Partition2 - ok
12:08:53.0241 6604 Boot (0x1200) (765c5d203c7a823e2eba238e226c5524) \Device\Harddisk0\DR0\Partition3
12:08:53.0243 6604 \Device\Harddisk0\DR0\Partition3 - ok
12:08:53.0244 6604 ============================================================
12:08:53.0244 6604 Scan finished
12:08:53.0244 6604 ============================================================
12:08:53.0271 5840 Detected object count: 1
12:08:53.0271 5840 Actual detected object count: 1
12:09:11.0859 5840 \Device\Harddisk0\DR0\# - copied to quarantine
12:09:11.0860 5840 \Device\Harddisk0\DR0 - copied to quarantine
12:09:11.0957 5840 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:09:11.0981 5840 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:09:11.0995 5840 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:09:12.0007 5840 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:09:12.0059 5840 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:09:12.0080 5840 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:09:12.0082 5840 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:09:12.0085 5840 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:09:12.0089 5840 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:09:12.0095 5840 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:09:12.0102 5840 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:09:12.0106 5840 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:09:12.0111 5840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:09:12.0112 5840 \Device\Harddisk0\DR0 - ok
12:09:15.0423 5840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:09:20.0989 8080 Deinitialize success




14:15:01.0928 1696 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
14:15:02.0312 1696 ============================================================
14:15:02.0312 1696 Current date / time: 2012/02/19 14:15:02.0312
14:15:02.0313 1696 SystemInfo:
14:15:02.0313 1696
14:15:02.0313 1696 OS Version: 6.1.7601 ServicePack: 1.0
14:15:02.0313 1696 Product type: Workstation
14:15:02.0313 1696 ComputerName: RALPH-MOBILE
14:15:02.0314 1696 UserName: Andrew
14:15:02.0314 1696 Windows directory: C:\Windows
14:15:02.0314 1696 System windows directory: C:\Windows
14:15:02.0314 1696 Running under WOW64
14:15:02.0314 1696 Processor architecture: Intel x64
14:15:02.0314 1696 Number of processors: 2
14:15:02.0314 1696 Page size: 0x1000
14:15:02.0314 1696 Boot type: Normal boot
14:15:02.0314 1696 ============================================================
14:15:02.0973 1696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:15:02.0979 1696 \Device\Harddisk0\DR0:
14:15:02.0979 1696 MBR used
14:15:02.0979 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:15:02.0979 1696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38715000
14:15:02.0979 1696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38779000, BlocksNum 0x1BD9000
14:15:02.0979 1696 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:15:03.0053 1696 Initialize success
14:15:03.0053 1696 ============================================================
14:15:14.0922 2672 ============================================================
14:15:14.0922 2672 Scan started
14:15:14.0922 2672 Mode: Manual;
14:15:14.0922 2672 ============================================================
14:15:15.0966 2672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:15:15.0971 2672 1394ohci - ok
14:15:16.0002 2672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:15:16.0007 2672 ACPI - ok
14:15:16.0046 2672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:15:16.0048 2672 AcpiPmi - ok
14:15:16.0108 2672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:15:16.0115 2672 adp94xx - ok
14:15:16.0201 2672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:15:16.0208 2672 adpahci - ok
14:15:16.0256 2672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:15:16.0260 2672 adpu320 - ok
14:15:16.0318 2672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:15:16.0326 2672 AFD - ok
14:15:16.0373 2672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:15:16.0377 2672 agp440 - ok
14:15:16.0418 2672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:15:16.0421 2672 aliide - ok
14:15:16.0460 2672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:15:16.0462 2672 amdide - ok
14:15:16.0508 2672 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
14:15:16.0510 2672 amdiox64 - ok
14:15:16.0549 2672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:15:16.0552 2672 AmdK8 - ok
14:15:16.0839 2672 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
14:15:17.0058 2672 amdkmdag - ok
14:15:17.0121 2672 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
14:15:17.0127 2672 amdkmdap - ok
14:15:17.0147 2672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:15:17.0150 2672 AmdPPM - ok
14:15:17.0177 2672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:15:17.0181 2672 amdsata - ok
14:15:17.0220 2672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:15:17.0225 2672 amdsbs - ok
14:15:17.0253 2672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:15:17.0254 2672 amdxata - ok
14:15:17.0287 2672 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys
14:15:17.0288 2672 amd_sata - ok
14:15:17.0306 2672 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys
14:15:17.0309 2672 amd_xata - ok
14:15:17.0335 2672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:15:17.0338 2672 AppID - ok
14:15:17.0392 2672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:15:17.0395 2672 arc - ok
14:15:17.0428 2672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:15:17.0431 2672 arcsas - ok
14:15:17.0558 2672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:17.0561 2672 AsyncMac - ok
14:15:17.0591 2672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:15:17.0608 2672 atapi - ok
14:15:17.0636 2672 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
14:15:17.0640 2672 AtiHDAudioService - ok
14:15:17.0678 2672 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:15:17.0686 2672 AVGIDSDriver - ok
14:15:17.0704 2672 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:15:17.0705 2672 AVGIDSEH - ok
14:15:17.0720 2672 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:15:17.0723 2672 AVGIDSFilter - ok
14:15:17.0763 2672 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
14:15:17.0768 2672 Avgldx64 - ok
14:15:17.0785 2672 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:15:17.0786 2672 Avgmfx64 - ok
14:15:17.0814 2672 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:15:17.0816 2672 Avgrkx64 - ok
14:15:17.0853 2672 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
14:15:17.0860 2672 Avgtdia - ok
14:15:17.0903 2672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:15:17.0910 2672 b06bdrv - ok
14:15:17.0953 2672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:15:17.0959 2672 b57nd60a - ok
14:15:18.0012 2672 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:15:18.0046 2672 BCM43XX - ok
14:15:18.0071 2672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:15:18.0073 2672 Beep - ok
14:15:18.0173 2672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:15:18.0176 2672 blbdrive - ok
14:15:18.0210 2672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:15:18.0213 2672 bowser - ok
14:15:18.0237 2672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:15:18.0243 2672 BrFiltLo - ok
14:15:18.0259 2672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:15:18.0265 2672 BrFiltUp - ok
14:15:18.0376 2672 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:15:18.0379 2672 BridgeMP - ok
14:15:18.0409 2672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:15:18.0414 2672 Brserid - ok
14:15:18.0430 2672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:18.0432 2672 BrSerWdm - ok
14:15:18.0446 2672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:18.0448 2672 BrUsbMdm - ok
14:15:18.0461 2672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:18.0463 2672 BrUsbSer - ok
14:15:18.0476 2672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:15:18.0479 2672 BTHMODEM - ok
14:15:18.0521 2672 catchme - ok
14:15:18.0547 2672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:15:18.0550 2672 cdfs - ok
14:15:18.0588 2672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:15:18.0594 2672 cdrom - ok
14:15:18.0620 2672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:15:18.0623 2672 circlass - ok
14:15:18.0657 2672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:15:18.0664 2672 CLFS - ok
14:15:18.0705 2672 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:15:18.0708 2672 clwvd - ok
14:15:18.0739 2672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:15:18.0744 2672 CmBatt - ok
14:15:18.0771 2672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:15:18.0774 2672 cmdide - ok
14:15:18.0831 2672 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:15:18.0840 2672 CNG - ok
14:15:18.0876 2672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:15:18.0877 2672 Compbatt - ok
14:15:18.0908 2672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:15:18.0911 2672 CompositeBus - ok
14:15:18.0939 2672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:15:18.0943 2672 crcdisk - ok
14:15:18.0993 2672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:15:18.0997 2672 DfsC - ok
14:15:19.0014 2672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:15:19.0015 2672 discache - ok
14:15:19.0029 2672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:15:19.0031 2672 Disk - ok
14:15:19.0067 2672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:15:19.0070 2672 drmkaud - ok
14:15:19.0106 2672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:15:19.0132 2672 DXGKrnl - ok
14:15:19.0210 2672 EagleX64 - ok
14:15:19.0319 2672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:15:19.0397 2672 ebdrv - ok
14:15:19.0448 2672 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
14:15:19.0450 2672 ElRawDisk - ok
14:15:19.0494 2672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:15:19.0501 2672 elxstor - ok
14:15:19.0561 2672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:15:19.0563 2672 ErrDev - ok
14:15:19.0623 2672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:15:19.0628 2672 exfat - ok
14:15:19.0667 2672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:15:19.0671 2672 fastfat - ok
14:15:19.0703 2672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:15:19.0706 2672 fdc - ok
14:15:19.0720 2672 FileDisk - ok
14:15:19.0768 2672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:15:19.0771 2672 FileInfo - ok
14:15:19.0787 2672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:15:19.0789 2672 Filetrace - ok
14:15:19.0812 2672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:15:19.0815 2672 flpydisk - ok
14:15:19.0836 2672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:15:19.0841 2672 FltMgr - ok
14:15:19.0881 2672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:15:19.0884 2672 FsDepends - ok
14:15:19.0898 2672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:15:19.0900 2672 Fs_Rec - ok
14:15:19.0925 2672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:15:19.0929 2672 fvevol - ok
14:15:19.0957 2672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:15:19.0960 2672 gagp30kx - ok
14:15:19.0996 2672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:15:19.0999 2672 hcw85cir - ok
14:15:20.0037 2672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:15:20.0044 2672 HdAudAddService - ok
14:15:20.0066 2672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:15:20.0069 2672 HDAudBus - ok
14:15:20.0090 2672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:15:20.0092 2672 HidBatt - ok
14:15:20.0110 2672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:15:20.0113 2672 HidBth - ok
14:15:20.0149 2672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:15:20.0158 2672 HidIr - ok
14:15:20.0190 2672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:15:20.0193 2672 HidUsb - ok
14:15:20.0258 2672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:15:20.0261 2672 HpSAMD - ok
14:15:20.0305 2672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:15:20.0319 2672 HTTP - ok
14:15:20.0345 2672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:15:20.0345 2672 hwpolicy - ok
14:15:20.0367 2672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:15:20.0371 2672 i8042prt - ok
14:15:20.0409 2672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:15:20.0416 2672 iaStorV - ok
14:15:20.0525 2672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:15:20.0528 2672 iirsp - ok
14:15:20.0580 2672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:15:20.0583 2672 intelide - ok
14:15:20.0603 2672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:15:20.0607 2672 intelppm - ok
14:15:20.0634 2672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:20.0637 2672 IpFilterDriver - ok
14:15:20.0754 2672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:15:20.0757 2672 IPMIDRV - ok
14:15:20.0791 2672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:15:20.0795 2672 IPNAT - ok
14:15:20.0836 2672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:15:20.0838 2672 IRENUM - ok
14:15:20.0875 2672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:15:20.0878 2672 isapnp - ok
14:15:20.0928 2672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:15:20.0933 2672 iScsiPrt - ok
14:15:20.0979 2672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:15:20.0982 2672 kbdclass - ok
14:15:21.0002 2672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:15:21.0004 2672 kbdhid - ok
14:15:21.0053 2672 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:15:21.0056 2672 KSecDD - ok
14:15:21.0086 2672 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:15:21.0090 2672 KSecPkg - ok
14:15:21.0121 2672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:15:21.0123 2672 ksthunk - ok
14:15:21.0198 2672 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:15:21.0201 2672 LHidFilt - ok
14:15:21.0222 2672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:15:21.0225 2672 lltdio - ok
14:15:21.0296 2672 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:15:21.0298 2672 LMouFilt - ok
14:15:21.0327 2672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:15:21.0330 2672 LSI_FC - ok
14:15:21.0359 2672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:15:21.0368 2672 LSI_SAS - ok
14:15:21.0389 2672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:15:21.0392 2672 LSI_SAS2 - ok
14:15:21.0416 2672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:15:21.0421 2672 LSI_SCSI - ok
14:15:21.0439 2672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:15:21.0443 2672 luafv - ok
14:15:21.0479 2672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:15:21.0481 2672 megasas - ok
14:15:21.0503 2672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:15:21.0509 2672 MegaSR - ok
14:15:21.0588 2672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:15:21.0592 2672 Modem - ok
14:15:21.0607 2672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:15:21.0608 2672 monitor - ok
14:15:21.0630 2672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:15:21.0632 2672 mouclass - ok
14:15:21.0652 2672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:15:21.0655 2672 mouhid - ok
14:15:21.0674 2672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:15:21.0677 2672 mountmgr - ok
14:15:21.0714 2672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:15:21.0718 2672 mpio - ok
14:15:21.0749 2672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:15:21.0752 2672 mpsdrv - ok
14:15:21.0797 2672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:15:21.0800 2672 MRxDAV - ok
14:15:21.0845 2672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:21.0848 2672 mrxsmb - ok
14:15:21.0875 2672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:21.0881 2672 mrxsmb10 - ok
14:15:21.0913 2672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:21.0920 2672 mrxsmb20 - ok
14:15:21.0950 2672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:15:21.0951 2672 msahci - ok
14:15:21.0972 2672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:15:21.0977 2672 msdsm - ok
14:15:22.0028 2672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:15:22.0029 2672 Msfs - ok
14:15:22.0058 2672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:15:22.0060 2672 mshidkmdf - ok
14:15:22.0089 2672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:15:22.0090 2672 msisadrv - ok
14:15:22.0113 2672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:15:22.0115 2672 MSKSSRV - ok
14:15:22.0130 2672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:22.0132 2672 MSPCLOCK - ok
14:15:22.0148 2672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:15:22.0150 2672 MSPQM - ok
14:15:22.0191 2672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:15:22.0197 2672 MsRPC - ok
14:15:22.0218 2672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:15:22.0219 2672 mssmbios - ok
14:15:22.0245 2672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:15:22.0248 2672 MSTEE - ok
14:15:22.0282 2672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:15:22.0284 2672 MTConfig - ok
14:15:22.0308 2672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:15:22.0312 2672 Mup - ok
14:15:22.0358 2672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:15:22.0364 2672 NativeWifiP - ok
14:15:22.0431 2672 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
14:15:22.0454 2672 NDIS - ok
14:15:22.0479 2672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:22.0482 2672 NdisCap - ok
14:15:22.0498 2672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:22.0500 2672 NdisTapi - ok
14:15:22.0512 2672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:22.0515 2672 Ndisuio - ok
14:15:22.0533 2672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:22.0536 2672 NdisWan - ok
14:15:22.0560 2672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:15:22.0563 2672 NDProxy - ok
14:15:22.0583 2672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:15:22.0584 2672 NetBIOS - ok
14:15:22.0607 2672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:15:22.0612 2672 NetBT - ok
14:15:22.0679 2672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:15:22.0683 2672 nfrd960 - ok
14:15:22.0703 2672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:15:22.0704 2672 Npfs - ok
14:15:22.0722 2672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:15:22.0723 2672 nsiproxy - ok
14:15:22.0781 2672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:15:22.0815 2672 Ntfs - ok
14:15:22.0839 2672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:15:22.0841 2672 Null - ok
14:15:22.0870 2672 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:15:22.0877 2672 NVENETFD - ok
14:15:22.0900 2672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:15:22.0903 2672 nvraid - ok
14:15:22.0927 2672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:15:22.0931 2672 nvstor - ok
14:15:22.0964 2672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:15:22.0968 2672 nv_agp - ok
14:15:22.0999 2672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:15:23.0002 2672 ohci1394 - ok
14:15:23.0069 2672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:15:23.0072 2672 Parport - ok
14:15:23.0105 2672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:15:23.0108 2672 partmgr - ok
14:15:23.0153 2672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:15:23.0156 2672 pci - ok
14:15:23.0204 2672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:15:23.0206 2672 pciide - ok
14:15:23.0234 2672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:15:23.0240 2672 pcmcia - ok
14:15:23.0303 2672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:15:23.0306 2672 pcw - ok
14:15:23.0344 2672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:15:23.0367 2672 PEAUTH - ok
14:15:23.0494 2672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:15:23.0499 2672 PptpMiniport - ok
14:15:23.0533 2672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:15:23.0539 2672 Processor - ok
14:15:23.0584 2672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:15:23.0589 2672 Psched - ok
14:15:23.0654 2672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:15:23.0694 2672 ql2300 - ok
14:15:23.0738 2672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:15:23.0742 2672 ql40xx - ok
14:15:23.0777 2672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:15:23.0780 2672 QWAVEdrv - ok
14:15:23.0801 2672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:15:23.0804 2672 RasAcd - ok
14:15:23.0827 2672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:23.0830 2672 RasAgileVpn - ok
14:15:23.0859 2672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:23.0863 2672 Rasl2tp - ok
14:15:23.0901 2672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:23.0904 2672 RasPppoe - ok
14:15:23.0918 2672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:15:23.0921 2672 RasSstp - ok
14:15:23.0971 2672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:15:23.0976 2672 rdbss - ok
14:15:24.0000 2672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:15:24.0002 2672 rdpbus - ok
14:15:24.0033 2672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:24.0034 2672 RDPCDD - ok
14:15:24.0052 2672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:15:24.0053 2672 RDPENCDD - ok
14:15:24.0078 2672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:15:24.0079 2672 RDPREFMP - ok
14:15:24.0122 2672 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:15:24.0126 2672 RDPWD - ok
14:15:24.0199 2672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:15:24.0202 2672 rdyboost - ok
14:15:24.0254 2672 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
14:15:24.0259 2672 RSPCIESTOR - ok
14:15:24.0279 2672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:15:24.0283 2672 rspndr - ok
14:15:24.0327 2672 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:15:24.0334 2672 RTL8167 - ok
14:15:24.0393 2672 RTL8192Ce (f33e70e48a54a7a1bfbeeb4f3b273e4a) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
14:15:24.0427 2672 RTL8192Ce - ok
14:15:24.0532 2672 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:15:24.0534 2672 SASDIFSV - ok
14:15:24.0596 2672 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:15:24.0599 2672 SASKUTIL - ok
14:15:24.0678 2672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:15:24.0681 2672 sbp2port - ok
14:15:24.0709 2672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:15:24.0712 2672 scfilter - ok
14:15:24.0741 2672 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
14:15:24.0746 2672 sdbus - ok
14:15:24.0775 2672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:15:24.0777 2672 secdrv - ok
14:15:24.0811 2672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:15:24.0813 2672 Serenum - ok
14:15:24.0834 2672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:15:24.0837 2672 Serial - ok
14:15:24.0854 2672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:15:24.0856 2672 sermouse - ok
14:15:24.0902 2672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:15:24.0904 2672 sffdisk - ok
14:15:24.0926 2672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:15:24.0928 2672 sffp_mmc - ok
14:15:24.0938 2672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:15:24.0940 2672 sffp_sd - ok
14:15:24.0964 2672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:15:24.0967 2672 sfloppy - ok
14:15:24.0997 2672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:15:25.0001 2672 SiSRaid2 - ok
14:15:25.0039 2672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:15:25.0042 2672 SiSRaid4 - ok
14:15:25.0068 2672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:15:25.0071 2672 Smb - ok
14:15:25.0106 2672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:15:25.0107 2672 spldr - ok
14:15:25.0154 2672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:15:25.0160 2672 srv - ok
14:15:25.0193 2672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:15:25.0200 2672 srv2 - ok
14:15:25.0258 2672 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:15:25.0265 2672 SrvHsfHDA - ok
14:15:25.0311 2672 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:15:25.0346 2672 SrvHsfV92 - ok
14:15:25.0409 2672 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:15:25.0430 2672 SrvHsfWinac - ok
14:15:25.0486 2672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:15:25.0489 2672 srvnet - ok
14:15:25.0588 2672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:15:25.0591 2672 stexstor - ok
14:15:25.0649 2672 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
14:15:25.0658 2672 STHDA - ok
14:15:25.0704 2672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:15:25.0707 2672 swenum - ok
14:15:25.0783 2672 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
14:15:25.0820 2672 SynTP - ok
14:15:25.0943 2672 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:15:25.0991 2672 Tcpip - ok
14:15:26.0053 2672 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:15:26.0067 2672 TCPIP6 - ok
14:15:26.0127 2672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:15:26.0129 2672 tcpipreg - ok
14:15:26.0147 2672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:15:26.0150 2672 TDPIPE - ok
14:15:26.0164 2672 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:15:26.0168 2672 TDTCP - ok
14:15:26.0215 2672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:15:26.0219 2672 tdx - ok
14:15:26.0246 2672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:15:26.0249 2672 TermDD - ok
14:15:26.0286 2672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:26.0289 2672 tssecsrv - ok
14:15:26.0309 2672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:15:26.0312 2672 TsUsbFlt - ok
14:15:26.0341 2672 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:15:26.0343 2672 TsUsbGD - ok
14:15:26.0368 2672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:15:26.0374 2672 tunnel - ok
14:15:26.0401 2672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:15:26.0404 2672 uagp35 - ok
14:15:26.0435 2672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:15:26.0441 2672 udfs - ok
14:15:26.0504 2672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:15:26.0507 2672 uliagpkx - ok
14:15:26.0573 2672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:15:26.0575 2672 umbus - ok
14:15:26.0590 2672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:15:26.0595 2672 UmPass - ok
14:15:26.0633 2672 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:15:26.0636 2672 usbaudio - ok
14:15:26.0665 2672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:26.0669 2672 usbccgp - ok
14:15:26.0692 2672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:15:26.0698 2672 usbcir - ok
14:15:26.0718 2672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:15:26.0722 2672 usbehci - ok
14:15:26.0761 2672 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
14:15:26.0767 2672 usbfilter - ok
14:15:26.0804 2672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:15:26.0810 2672 usbhub - ok
14:15:26.0836 2672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:15:26.0839 2672 usbohci - ok
14:15:26.0874 2672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:15:26.0876 2672 usbprint - ok
14:15:26.0899 2672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:26.0903 2672 USBSTOR - ok
14:15:26.0924 2672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:15:26.0926 2672 usbuhci - ok
14:15:26.0967 2672 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:15:26.0974 2672 usbvideo - ok
14:15:27.0078 2672 VBoxDrv (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
14:15:27.0084 2672 VBoxDrv - ok
14:15:27.0152 2672 VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
14:15:27.0156 2672 VBoxNetAdp - ok
14:15:27.0204 2672 VBoxNetFlt (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
14:15:27.0208 2672 VBoxNetFlt - ok
14:15:27.0267 2672 VBoxUSBMon (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
14:15:27.0270 2672 VBoxUSBMon - ok
14:15:27.0304 2672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:15:27.0306 2672 vdrvroot - ok
14:15:27.0346 2672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:27.0348 2672 vga - ok
14:15:27.0376 2672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:15:27.0379 2672 VgaSave - ok
14:15:27.0416 2672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:15:27.0426 2672 vhdmp - ok
14:15:27.0458 2672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:15:27.0461 2672 viaide - ok
14:15:27.0489 2672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:15:27.0493 2672 volmgr - ok
14:15:27.0530 2672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:15:27.0535 2672 volmgrx - ok
14:15:27.0575 2672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:15:27.0580 2672 volsnap - ok
14:15:27.0610 2672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:15:27.0614 2672 vsmraid - ok
14:15:27.0653 2672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:27.0656 2672 vwifibus - ok
14:15:27.0679 2672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:27.0682 2672 vwififlt - ok
14:15:27.0710 2672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:15:27.0713 2672 WacomPen - ok
14:15:27.0730 2672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:27.0733 2672 WANARP - ok
14:15:27.0738 2672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:27.0740 2672 Wanarpv6 - ok
14:15:27.0795 2672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:15:27.0799 2672 Wd - ok
14:15:27.0826 2672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:15:27.0849 2672 Wdf01000 - ok
14:15:27.0882 2672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:27.0888 2672 WfpLwf - ok
14:15:27.0909 2672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:15:27.0911 2672 WIMMount - ok
14:15:28.0018 2672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:15:28.0023 2672 WinUsb - ok
14:15:28.0058 2672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:15:28.0059 2672 WmiAcpi - ok
14:15:28.0105 2672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:15:28.0106 2672 ws2ifsl - ok
14:15:28.0196 2672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:15:28.0200 2672 WudfPf - ok
14:15:28.0222 2672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:28.0227 2672 WUDFRd - ok
14:15:28.0286 2672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:15:28.0396 2672 \Device\Harddisk0\DR0 - ok
14:15:28.0407 2672 Boot (0x1200) (786086915b6cdad4bc9f10f748fd6252) \Device\Harddisk0\DR0\Partition0
14:15:28.0410 2672 \Device\Harddisk0\DR0\Partition0 - ok
14:15:28.0417 2672 Boot (0x1200) (c61e32c0b3f7ba1abefaadeb69a1844c) \Device\Harddisk0\DR0\Partition1
14:15:28.0419 2672 \Device\Harddisk0\DR0\Partition1 - ok
14:15:28.0450 2672 Boot (0x1200) (f295a53feb197b1b30c297800bb8032c) \Device\Harddisk0\DR0\Partition2
14:15:28.0454 2672 \Device\Harddisk0\DR0\Partition2 - ok
14:15:28.0529 2672 Boot (0x1200) (765c5d203c7a823e2eba238e226c5524) \Device\Harddisk0\DR0\Partition3
14:15:28.0534 2672 \Device\Harddisk0\DR0\Partition3 - ok
14:15:28.0535 2672 ============================================================
14:15:28.0535 2672 Scan finished
14:15:28.0535 2672 ============================================================
14:15:28.0547 3736 Detected object count: 0
14:15:28.0547 3736 Actual detected object count: 0
14:15:35.0873 4564 Deinitialize success




aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-19 14:16:34
-----------------------------
14:16:34.164 OS Version: Windows x64 6.1.7601 Service Pack 1
14:16:34.165 Number of processors: 2 586 0x100
14:16:34.166 ComputerName: RALPH-MOBILE UserName: Andrew
14:16:35.704 Initialize success
14:20:29.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
14:20:29.501 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 11
14:20:29.518 Disk 0 MBR read successfully
14:20:29.520 Disk 0 MBR scan
14:20:29.523 Disk 0 Windows 7 default MBR code
14:20:29.528 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:20:29.538 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462378 MB offset 409600
14:20:29.574 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14258 MB offset 947359744
14:20:29.595 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:20:29.600 Service scanning
14:20:30.748 Modules scanning
14:20:30.753 Disk 0 trace - called modules:
14:20:30.825 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:20:30.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800420f060]
14:20:31.165 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800410b920]
14:20:31.170 5 amd_xata.sys[fffff8800109bb3f] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8004107240]
14:20:31.175 Scan finished successfully
14:20:57.347 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\Desktop\MBR.dat"
14:20:57.353 The log file has been saved successfully to "C:\Users\Andrew\Desktop\aswMBR log 20120219.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 19 February 2012 - 05:11 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 February 2012 - 09:29 PM

ComboFix 12-02-15.01 - Andrew 02/19/2012 18:34:28.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1929 [GMT -6:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrew\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 01:23 . 2012-02-20 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 01:23 . 2012-02-20 01:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-19 16:49 . 2012-02-19 16:52 -------- d-----w- C:\Tools
2012-02-19 04:21 . 2012-02-19 04:22 -------- d-----w- c:\users\Andrew\DVD Backups
2012-02-19 04:21 . 2012-02-19 06:52 -------- d-----w- c:\program files (x86)\FairUse Wizard 2
2012-02-17 18:09 . 2012-02-17 18:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-16 19:19 . 2012-02-16 19:20 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-02-16 19:19 . 2012-02-16 19:19 -------- d-----w- c:\windows\SysWow64\xlive
2012-02-16 02:18 . 2012-02-16 02:18 -------- d-----w- C:\_OTL
2012-02-14 23:33 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 23:33 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 23:27 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 23:27 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 23:27 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 23:26 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 23:26 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 23:26 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 17:19 . 2012-02-16 07:39 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-31 06:07 . 2012-01-31 06:07 -------- d-----w- c:\users\Andrew\AppData\Local\Iteral_Group_Ltd
2012-01-31 00:35 . 2012-01-31 00:35 -------- d-----w- c:\program files (x86)\IDroo
2012-01-23 22:44 . 2012-01-24 19:34 -------- d-----w- c:\users\Andrew\AppData\Roaming\.minecraft
2012-01-23 18:03 . 2012-01-23 18:03 -------- d-----w- c:\users\Andrew\AppData\Local\Zachtronics Industries
2012-01-23 07:13 . 2012-01-24 03:14 -------- d-----w- c:\users\Andrew\AppData\Roaming\vlc
2012-01-23 06:59 . 2012-01-23 06:59 -------- d-----w- c:\users\Andrew\AppData\Local\Geckofx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 02:32 . 2012-01-20 02:32 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-01-06 17:51 . 2011-09-29 01:18 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 17:51 . 2011-09-29 01:18 14848 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 17:29 . 2011-09-29 01:18 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2012-01-06 17:29 . 2011-09-29 01:18 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-01-02 07:04 . 2012-01-02 03:51 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-02 07:04 . 2012-01-02 03:51 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-02 07:04 . 2012-01-02 03:51 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-02 07:04 . 2012-01-02 03:51 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-10 21:24 . 2011-08-30 23:04 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 17:50 . 2011-06-02 08:09 1145448 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2011-11-30 17:46 . 2011-11-30 17:47 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2011-11-30 17:46 . 2011-11-30 17:47 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-11-30 17:46 . 2011-11-30 17:46 226600 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-11-30 17:46 . 2011-11-30 17:46 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-11-30 17:46 . 2011-11-30 17:46 1451056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-11-30 17:46 . 2011-11-30 17:46 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-11-30 17:46 . 2011-11-30 17:46 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2011-11-30 17:46 . 2011-11-30 17:46 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-11-30 17:46 . 2010-12-17 02:26 411944 ----a-w- c:\windows\system32\SynCOM.dll
2011-11-30 17:43 . 2011-11-30 17:43 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-30 17:43 . 2011-11-30 17:43 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-30 17:40 . 2011-11-30 17:42 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2011-11-30 17:40 . 2011-06-02 08:07 4780032 ----a-w- c:\windows\system32\stlang64.dll
2011-11-30 17:40 . 2011-06-02 08:07 1128448 ----a-w- c:\windows\sttray64.exe
2011-11-30 17:40 . 2011-11-30 17:42 431616 ----a-w- c:\windows\system32\stcplx64.dll
2011-11-30 17:40 . 2011-11-30 17:42 1965056 ----a-w- c:\windows\system32\stapo64.dll
2011-11-30 17:40 . 2011-11-30 17:42 654336 ------w- c:\windows\system32\stapi64.dll
2011-11-30 17:40 . 2011-06-02 08:07 224256 ----a-w- c:\windows\system32\staco64.dll
2011-11-30 17:40 . 2011-06-02 08:07 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2011-11-30 17:40 . 2011-06-02 08:07 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2011-11-30 17:40 . 2011-06-02 08:07 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2011-11-30 17:40 . 2011-06-02 08:07 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2011-11-30 17:40 . 2011-06-02 08:07 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2011-11-30 17:40 . 2011-06-02 08:07 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2011-11-30 17:39 . 2011-11-30 17:40 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2011-11-30 17:39 . 2011-06-02 08:06 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2011-11-29 21:25 . 2011-11-30 17:43 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-11-28 19:50 . 2011-11-28 19:51 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-11-28 19:50 . 2011-11-28 19:51 425064 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-11-28 19:50 . 2011-06-02 08:08 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-11-28 19:43 . 2011-11-28 19:43 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-11-28 19:43 . 2011-11-28 19:46 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-11-28 19:43 . 2011-11-28 19:43 79488 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2011-11-28 19:43 . 2011-11-28 19:43 40064 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2011-11-28 19:42 . 2011-11-28 19:43 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-28 19:42 . 2011-04-13 06:34 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-28 19:42 . 2011-04-13 06:09 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-28 19:42 . 2011-04-13 06:09 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-28 19:42 . 2011-04-13 06:05 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-28 19:42 . 2011-11-28 19:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-28 19:42 . 2011-04-13 06:24 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-28 19:42 . 2011-11-28 19:43 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-28 19:42 . 2011-11-28 19:43 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 18584064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-28 19:42 . 2011-11-28 19:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-28 19:42 . 2011-04-13 06:41 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-28 19:42 . 2011-04-13 06:17 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-28 19:42 . 2011-04-13 06:09 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-28 19:42 . 2011-04-13 06:09 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-28 19:42 . 2011-11-28 19:43 24600576 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-28 19:42 . 2011-11-28 19:43 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-28 19:42 . 2011-11-28 19:43 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-28 19:42 . 2011-11-28 19:43 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-28 19:42 . 2011-11-28 19:43 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-28 19:42 . 2011-11-28 19:43 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-28 19:42 . 2011-11-28 19:43 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-28 19:42 . 2011-11-28 19:43 10210304 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-28 19:42 . 2011-11-28 19:43 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-28 19:42 . 2011-11-28 19:43 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-28 19:42 . 2011-11-28 19:43 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-28 19:42 . 2011-11-28 19:43 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-28 19:42 . 2011-11-28 19:43 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-28 19:42 . 2011-11-28 19:43 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-28 19:42 . 2011-04-13 06:50 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-28 19:42 . 2011-04-13 06:43 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-28 19:42 . 2011-04-13 06:34 4960256 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-28 19:42 . 2011-11-28 19:43 9809920 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-28 19:42 . 2011-11-28 19:43 8390656 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-28 19:42 . 2011-11-28 19:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-28 19:42 . 2011-11-28 19:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-28 19:42 . 2011-11-28 19:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-28 19:42 . 2011-11-28 19:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-28 19:42 . 2011-11-28 19:43 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-28 19:42 . 2011-11-28 19:43 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-28 19:42 . 2011-11-28 19:43 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-28 19:42 . 2011-11-28 19:43 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-28 19:42 . 2011-04-13 06:52 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-19_08.48.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-19 08:49 54040 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-30 23:10 . 2012-02-19 08:49 10476 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2234773141-2221977096-2114738989-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-02-20 00:25 96856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-02-19 08:47 . 2012-02-19 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 01:24 . 2012-02-20 01:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-19 08:47 . 2012-02-19 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-20 01:24 . 2012-02-20 01:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-02-17 05:13 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-19 14:41 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-02-20 01:23 369568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-19 08:46 369568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-17 05:13 4407296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-19 14:41 4407296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-19 23:36 . 2012-02-19 23:36 2833408 c:\windows\Installer\32e6224.msi
+ 2009-07-14 04:54 . 2012-02-19 14:41 15482880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-17 05:13 15482880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-31 00:27 . 2012-02-19 08:46 35641820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2234773141-2221977096-2114738989-1001-12288.dat
+ 2011-08-31 00:27 . 2012-02-20 01:23 35641820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2234773141-2221977096-2114738989-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-13 3077528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-03-30 586808]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-03-30 319544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-01-06 606904]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-03-30 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2413056]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-01-06 722616]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234773141-2221977096-2114738989-1001Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 00:15]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234773141-2221977096-2114738989-1001UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 00:15]
.
2012-02-15 c:\windows\Tasks\HPCeeScheduleForAndrew.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-01-31 c:\windows\Tasks\HPCeeScheduleForRALPH-MOBILE$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-30 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-02-19 19:47:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 01:47
ComboFix2.txt 2012-02-19 09:10
ComboFix3.txt 2012-02-16 07:22
.
Pre-Run: 316,620,914,688 bytes free
Post-Run: 316,639,506,432 bytes free
.
- - End Of File - - 49F5A720D4FBCB777904D9CE009C4BCC



No problems running ComboFix, and no problems appear to still be present in terms of performance.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 19 February 2012 - 09:47 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 February 2012 - 10:10 PM

Here you go:

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AI War: Fleet Command
AMD System Monitor
AMD VISION Engine Control Center
Assassin's Creed Revelations
Atom Zombie Smasher
Audiosurf
Beat Hazard
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
BIT.TRIP BEAT
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Counter-Strike: Source
CrimeCraft GangWars
CyberLink YouCam
D3DX10
Day of Defeat: Source
DeepBurner v1.9.0.228
DEFCON
Defense Grid: The Awakening
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Dungeons of Dredmor
Energy Star Digital Logo
eReg
ESU for Microsoft Windows 7
Evernote v. 4.2.2
FairUse Wizard 2
Farm Frenzy
FATE - The Traitor Soul
Google Chrome
Google Talk Plugin
Hewlett-Packard ACLM.NET v1.1.2.0
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDroo 1.0.0.154
IDT Audio
iolo technologies' System Mechanic Professional
Jamestown
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 26
Junk Mail filter update
Killing Floor
League of Legends
Left 4 Dead 2
Magic Desktop
Magicka
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
OpenAL
OpenOffice.org 3.3
Pando Media Booster
PDFCreator
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Post Apocalyptic Mayhem
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
Rise of Immortals
RoxioNow Player
Rusty Hearts
Sanctum
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.5
Slingo Supreme
SpaceChem
Spiral Knights
Steam
Super Meat Boy
Team Fortress 2
Toki Tori
Trine
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Worms Reloaded
Zuma Deluxe

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 19 February 2012 - 10:54 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Bing Bar
Java™ 6 Update 22
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 20 February 2012 - 01:22 AM

MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: RALPH-MOBILE [administrator]

2/19/2012 11:47:25 PM
mbam-log-2012-02-19 (23-47-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197765
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:17:20 AM, on 2/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Andrew\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12502 bytes


No problems running either diagnostic. I have left uTorrent on my computer only because I keep a strict watch on everything that is downloaded through it, and only use it for work and downloading files from secure sources. If you still believe that it poses a risk, then I will delete it, but chances are I would need to re-install it at some point in the near future. Computer has not been giving me problems, very glad to have Google working again.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 20 February 2012 - 01:55 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 21 February 2012 - 12:27 PM

Here's the ESET log:

C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application
C:\Program Files (x86)\Steam\config\overlayhtmlcache\f_0002cc JS/Agent.NDY trojan
C:\Program Files (x86)\Steam\config\overlayhtmlcache\f_0002cf JS/Agent.NDY trojan
C:\TDSSKiller_Quarantine\17.02.2012_12.08.14\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\17.02.2012_12.08.14\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\17.02.2012_12.08.14\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\17.02.2012_12.08.14\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\17.02.2012_12.08.14\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\17.02.2012_12.08.14\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\17.02.2012_12.08.14\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Users\Andrew\Downloads\PDFCreator-1_2_3_setup.exe multiple threats

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 21 February 2012 - 04:39 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
    del /f /s /q "C:\Program Files (x86)\Steam\config\overlayhtmlcache\f_0002cc"
    del /f /s /q "C:\Program Files (x86)\Steam\config\overlayhtmlcache\f_0002cf"
    del /f /s /q "C:\Users\Andrew\Downloads\PDFCreator-1_2_3_setup.exe"
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users