Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan:DOS/Alureon.E


  • This topic is locked This topic is locked
27 replies to this topic

#1 timodawson

timodawson

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 17 February 2012 - 08:58 PM

Brother in-laws computer.

Gateway NV78
Windows 7 Home Premium x64

Microsoft Security Essentials keeps reporting Trojan:DOS/Alureon.E but I cannot remove it. Did an alt+F10 at startup and have done a recovery keeping files and a fresh recovery without keeping files and neither of these options have fixed the problem. Once I install Security Essentials again, it just keeps finding the trojan. Malwarebytes doesn't seem to find anything. Been dealing with this for over a week and am getting frustrated.

When I was setting up GMER, a lot of the boxes were greyed out and not selectable. The only ones that were (Services, Registry, Files) were checked. GMER did not find any issues and no log was generated.

Please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by David at 17:32:53 on 2012-02-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2661 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Users\David\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273602124555l0374z185a48i2v235
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\u67qen1q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-28 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-18 01:32:25 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-18 01:32:05 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E4A32AD-C8DC-44C3-82FC-DD072E8E2B0B}\mpengine.dll
2012-02-18 01:22:05 -------- d-----w- C:\Users\David\AppData\Local\Mozilla
2012-02-18 01:21:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-16 05:29:59 -------- d-----w- C:\ComboFix
2012-02-16 05:00:43 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4C8AF50-16D4-4BBB-81D4-1E84FCCA6CA6}\gapaengine.dll
2012-02-16 04:59:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-16 04:59:13 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-16 04:47:11 98816 ----a-w- C:\Windows\sed.exe
2012-02-16 04:47:11 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-16 04:47:11 256000 ----a-w- C:\Windows\PEV.exe
2012-02-16 04:47:11 208896 ----a-w- C:\Windows\MBR.exe
2012-02-16 03:50:17 -------- d-----w- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2012-02-16 03:50:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-16 03:50:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-16 03:48:22 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-16 03:48:21 -------- d-----w- C:\Windows\System32\Wat
2012-02-16 03:47:55 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes
2012-02-16 03:47:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-16 03:47:39 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-16 03:47:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-16 03:44:31 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2012-02-16 03:44:30 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-16 03:44:30 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-16 03:44:30 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-16 03:44:30 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-15 06:13:52 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-15 06:13:52 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-15 06:03:27 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-02-15 06:03:27 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-02-15 05:53:47 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-02-15 05:53:47 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-02-15 05:53:47 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-02-15 05:53:47 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-15 05:53:47 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-02-15 05:53:47 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-02-15 05:53:47 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-02-15 05:53:47 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-02-15 05:53:47 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-02-15 05:53:47 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-02-15 05:49:53 -------- d-----w- C:\Users\David\AppData\Local\Microsoft Help
2012-02-15 05:39:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-02-15 05:39:05 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-02-15 05:38:27 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-02-15 05:38:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-02-15 05:38:18 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-02-15 05:38:15 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2012-02-15 05:38:03 148992 ----a-w- C:\Windows\System32\t2embed.dll
2012-02-15 05:38:03 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2012-02-15 05:35:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-02-15 05:34:29 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-02-15 05:34:28 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-02-15 05:34:28 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-15 05:24:50 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-15 05:24:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-15 05:05:35 -------- d--h--w- C:\Windows\msdownld.tmp
2012-02-15 05:03:22 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-02-15 04:50:19 -------- d-----w- C:\Users\David\AppData\Local\Power2Go
2012-02-15 04:38:35 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-15 04:38:35 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-15 04:38:35 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-15 04:38:34 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-15 04:38:34 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-02-15 04:37:44 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA3E6936-BF68-4DA9-902F-C175BE2175DA}\mpengine.dll
2012-02-15 04:37:43 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 04:36:41 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
2012-02-15 04:36:41 1053232 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2012-02-15 04:33:46 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-02-15 04:32:41 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-02-15 04:32:41 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-02-15 04:32:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-02-15 04:31:39 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-02-15 04:31:15 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-02-15 04:29:24 -------- d-----w- C:\Program Files\Synaptics
2012-02-15 04:29:13 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5ea349641cceb9a\DSETUP.dll
2012-02-15 04:29:13 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5ea349641cceb9a\DXSETUP.exe
2012-02-15 04:29:13 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5ea349641cceb9a\dsetup32.dll
2012-02-15 04:28:34 -------- d-----w- C:\Users\David\AppData\Local\Google
2012-02-15 04:28:17 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2FA9.tmp
2012-02-15 04:28:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-02-15 04:27:36 -------- d-----w- C:\Program Files (x86)\Video Web Camera
2012-02-15 04:26:37 -------- d-----w- C:\Users\David\AppData\Local\Packard Bell
2012-02-15 04:25:25 -------- d-----w- C:\Users\David\AppData\Local\VirtualStore
2012-02-15 04:24:30 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-15 04:24:30 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-15 04:24:30 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-02-15 04:24:30 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-02-15 04:23:07 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2012-02-15 04:14:39 -------- d-----w- C:\Windows\SysWow64\x64
2012-02-15 04:14:39 -------- d-----w- C:\Windows\SysWow64\Lang
2012-02-15 04:14:38 948760 ----a-w- C:\Windows\SysWow64\igxpun.exe
.
==================== Find3M ====================
.
2012-02-15 05:03:22 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-15 04:36:22 505392 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-02-15 04:17:35 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
.
============= FINISH: 17:33:24.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 17 February 2012 - 09:04 PM

I saw someone else had a problem with GMER and it was suggested they run aswMBR and pos the results, so here those are just in case:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 18:02:27
-----------------------------
18:02:27.436 OS Version: Windows x64 6.1.7600
18:02:27.436 Number of processors: 2 586 0x170A
18:02:27.436 ComputerName: DAVID-PC UserName: David
18:02:29.027 Initialize success
18:02:44.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:02:44.087 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
18:02:44.087 Disk 0 MBR read successfully
18:02:44.087 Disk 0 MBR scan
18:02:44.087 Disk 0 Windows 7 default MBR code
18:02:44.087 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
18:02:44.102 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
18:02:44.102 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700
18:02:44.133 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 0 MB offset 976771120
18:02:44.133 Service scanning
18:02:44.773 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:02:45.678 Modules scanning
18:02:45.678 Disk 0 trace - called modules:
18:02:45.693 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:02:45.709 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c22060]
18:02:45.725 3 CLASSPNP.SYS[fffff880015a943f] -> nt!IofCallDriver -> [0xfffffa80047721e0]
18:02:45.725 5 ACPI.sys[fffff88000f00781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047c9060]
18:02:45.740 Scan finished successfully
18:03:02.261 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
18:03:02.261 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 20 February 2012 - 12:27 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 08:36 PM

Hi Gringo, Thank you for helping. Just to give you a little more background. When I received this laptop from my brother in law, it would not boot into Windows. This is why I did the recoveries prior to discovering the trojan. I ran Combofix after turning of security essentials real time protection and closing all programs. When combofix rebooted the computer, security essentials reported a threat, still Alureon.E. Also, when I try to clean the trojan using Security Essentials, it says it cannot apply the actions and reports an error of 0x80501001.

Here is the combofix log:

ComboFix 12-02-19.02 - David 02/20/2012 17:16:44.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2466 [GMT -8:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 01:28 . 2012-02-21 01:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41DCA061-CB58-42CE-A5A3-9EBEE1CABDC9}\offreg.dll
2012-02-21 01:21 . 2012-02-21 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 02:02 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41DCA061-CB58-42CE-A5A3-9EBEE1CABDC9}\mpengine.dll
2012-02-18 01:32 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-16 05:00 . 2012-02-16 05:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4C8AF50-16D4-4BBB-81D4-1E84FCCA6CA6}\gapaengine.dll
2012-02-16 04:59 . 2012-02-16 04:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-16 04:59 . 2012-02-16 04:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-16 03:50 . 2012-02-16 03:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-16 03:50 . 2012-02-16 03:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-16 03:48 . 2012-02-16 03:48 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-16 03:48 . 2012-02-16 03:48 -------- d-----w- c:\windows\system32\Wat
2012-02-16 03:47 . 2012-02-16 03:47 -------- d-----w- c:\programdata\Malwarebytes
2012-02-16 03:47 . 2012-02-16 03:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-16 03:47 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 03:44 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-02-16 03:44 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2012-02-16 03:44 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-16 03:44 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-16 03:44 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-15 06:13 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-15 06:13 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-15 06:03 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-15 06:03 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-02-15 05:53 . 2009-11-25 20:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-15 05:53 . 2009-11-25 20:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-15 05:53 . 2009-11-25 20:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-15 05:53 . 2009-11-25 20:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-15 05:53 . 2009-11-25 20:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-15 05:53 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-15 05:53 . 2009-11-25 20:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-15 05:53 . 2009-11-25 20:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-15 05:53 . 2009-11-25 20:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-15 05:53 . 2009-11-25 20:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-15 05:39 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-15 05:39 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-15 05:38 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-15 05:38 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-15 05:38 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-02-15 05:38 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-15 05:38 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2012-02-15 05:38 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2012-02-15 05:35 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-02-15 05:34 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-15 05:34 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-15 05:34 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-15 05:24 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-15 05:24 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-15 05:05 . 2012-02-15 05:05 -------- d--h--w- c:\windows\msdownld.tmp
2012-02-15 05:03 . 2012-02-15 05:03 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-15 04:38 . 2001-09-05 12:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-15 04:38 . 2001-09-05 12:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-15 04:38 . 2001-09-05 12:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-15 04:38 . 2007-03-14 04:54 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-02-15 04:38 . 2001-09-05 12:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-15 04:37 . 2012-01-17 12:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA3E6936-BF68-4DA9-902F-C175BE2175DA}\mpengine.dll
2012-02-15 04:37 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 04:37 . 2012-02-15 04:37 -------- d-----w- c:\programdata\CyberLink
2012-02-15 04:36 . 2012-02-15 04:36 1066544 ----a-w- c:\windows\SysWow64\MFC71.dll
2012-02-15 04:36 . 2012-02-15 04:36 1053232 ----a-w- c:\windows\SysWow64\MFC71u.dll
2012-02-15 04:33 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-15 04:32 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-02-15 04:32 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-02-15 04:32 . 2012-02-15 04:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-15 04:31 . 2012-02-15 04:31 -------- d-----w- c:\program files (x86)\Microsoft
2012-02-15 04:31 . 2012-02-15 04:31 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-02-15 04:30 . 2012-02-15 04:33 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-15 04:29 . 2012-02-15 04:29 -------- d-----w- c:\program files\Synaptics
2012-02-15 04:28 . 2012-02-15 04:28 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-02-15 04:27 . 2012-02-15 04:27 -------- d-----w- c:\program files (x86)\Video Web Camera
2012-02-15 04:24 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-02-15 04:24 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-02-15 04:24 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-02-15 04:24 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-15 04:23 . 2012-02-15 04:23 -------- d-----w- c:\programdata\OEM_E471269A730D
2012-02-15 04:22 . 2012-02-18 01:31 -------- d-----w- c:\users\David
2012-02-15 04:22 . 2012-02-15 04:22 -------- d-----w- C:\Recovery
2012-02-15 04:14 . 2012-02-15 04:14 -------- d-----w- c:\windows\SysWow64\x64
2012-02-15 04:14 . 2012-02-15 04:14 -------- d-----w- c:\windows\SysWow64\Lang
2012-02-15 04:14 . 2010-08-26 03:45 948760 ----a-w- c:\windows\SysWow64\igxpun.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 04:36 . 2009-08-28 11:06 505392 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-02-15 04:17 . 2009-08-28 10:45 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_04.52.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 03:46 . 2011-03-11 05:37 74240 c:\windows\SysWOW64\fsutil.exe
+ 2012-02-16 03:35 . 2012-02-21 01:10 88874 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-08-28 11:12 . 2012-02-16 05:36 21116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-18 01:23 27934 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-16 03:46 . 2011-03-11 06:15 96768 c:\windows\system32\fsutil.exe
- 2009-07-14 05:30 . 2012-02-15 13:47 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-02-18 01:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-16 03:46 . 2011-03-11 04:31 91136 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS
+ 2012-02-16 03:46 . 2011-03-25 03:22 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbuhci.sys
+ 2012-02-16 03:46 . 2011-03-25 03:22 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbohci.sys
+ 2012-02-16 03:46 . 2011-03-25 03:22 52224 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbehci.sys
+ 2012-02-16 03:46 . 2011-03-25 03:23 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbccgp.sys
+ 2012-02-16 03:46 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthenum.sys
+ 2012-02-16 03:46 . 2011-03-11 06:22 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys
+ 2012-02-16 03:46 . 2011-03-25 03:22 30720 c:\windows\system32\drivers\usbuhci.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 30720 c:\windows\system32\drivers\usbuhci.sys
+ 2012-02-16 03:46 . 2011-03-11 04:31 91136 c:\windows\system32\drivers\USBSTOR.SYS
- 2009-07-14 00:06 . 2009-07-14 00:06 25600 c:\windows\system32\drivers\usbohci.sys
+ 2012-02-16 03:46 . 2011-03-25 03:22 25600 c:\windows\system32\drivers\usbohci.sys
+ 2012-02-16 03:46 . 2011-03-25 03:22 52224 c:\windows\system32\drivers\usbehci.sys
+ 2012-02-16 03:46 . 2011-03-25 03:23 98816 c:\windows\system32\drivers\usbccgp.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 98816 c:\windows\system32\drivers\usbccgp.sys
+ 2011-04-27 23:25 . 2011-04-27 23:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 21:18 . 2011-04-18 21:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2012-02-16 03:46 . 2011-03-11 06:22 27008 c:\windows\system32\drivers\amdxata.sys
+ 2009-07-14 04:46 . 2012-02-18 02:35 12368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-15 04:51 . 2012-02-18 01:23 4054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969061268-4065861229-2331425474-1000_UserData.bin
+ 2012-02-16 03:46 . 2011-03-25 03:22 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbd.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 7936 c:\windows\system32\drivers\usbd.sys
+ 2012-02-16 03:46 . 2011-03-25 03:22 7936 c:\windows\system32\drivers\usbd.sys
+ 2012-02-21 01:10 . 2012-02-21 01:27 5568 c:\windows\SoftwareDistribution\EventCache\{B34B3A4D-4AC9-4605-B804-2177A4FC8429}.bin
- 2012-02-16 04:52 . 2012-02-16 04:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 01:27 . 2012-02-21 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-16 04:52 . 2012-02-16 04:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-21 01:27 . 2012-02-21 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-15 13:41 . 2012-02-18 15:08 154506 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-02-16 04:59 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-16 04:59 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-02-15 13:47 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-18 01:19 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-18 01:19 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-02-15 13:47 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-02-16 03:46 . 2011-03-25 03:23 324608 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbport.sys
+ 2012-02-16 03:46 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbhub.sys
+ 2012-02-16 03:46 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbhub.sys
+ 2012-02-16 03:46 . 2011-03-11 06:23 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
+ 2012-02-16 03:46 . 2011-03-11 06:23 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
+ 2012-02-16 03:46 . 2011-03-11 06:23 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
+ 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\fsquirt.exe
+ 2012-02-16 03:46 . 2011-04-28 03:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthport.sys
+ 2012-02-16 03:46 . 2011-03-11 06:22 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys
+ 2009-07-14 05:31 . 2012-02-18 01:19 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2012-02-15 13:47 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2012-02-16 03:46 . 2011-03-25 03:23 324608 c:\windows\system32\drivers\usbport.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 324608 c:\windows\system32\drivers\usbport.sys
+ 2012-02-16 03:46 . 2011-03-25 03:23 343040 c:\windows\system32\drivers\usbhub.sys
- 2009-07-14 00:07 . 2009-07-14 00:07 343040 c:\windows\system32\drivers\usbhub.sys
+ 2012-02-16 03:46 . 2011-03-11 06:23 187264 c:\windows\system32\drivers\storport.sys
+ 2012-02-16 03:46 . 2011-03-11 06:23 166272 c:\windows\system32\drivers\nvstor.sys
+ 2012-02-16 03:46 . 2011-03-11 06:23 148352 c:\windows\system32\drivers\nvraid.sys
+ 2011-04-18 21:18 . 2011-04-18 21:18 189440 c:\windows\system32\drivers\MpFilter.sys
+ 2012-02-16 03:46 . 2011-03-11 06:23 410496 c:\windows\system32\drivers\iaStorV.sys
+ 2012-02-16 03:46 . 2011-03-11 06:22 107904 c:\windows\system32\drivers\amdsata.sys
+ 2009-07-14 05:01 . 2012-02-21 01:27 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-16 04:51 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-16 05:34 . 2012-02-21 01:27 916476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-969061268-4065861229-2331425474-1000-8192.dat
+ 2012-02-16 03:46 . 2011-03-11 05:39 1686016 c:\windows\SysWOW64\esent.dll
+ 2012-02-16 03:46 . 2011-03-11 06:18 2566144 c:\windows\system32\esent.dll
+ 2012-02-16 03:46 . 2011-03-11 06:23 1657216 c:\windows\system32\drivers\ntfs.sys
- 2009-07-14 04:45 . 2012-02-16 04:01 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-18 01:23 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-20 01:23 . 2011-05-20 01:23 2708992 c:\windows\Installer\69ed7.msi
+ 2011-06-15 22:51 . 2011-06-15 22:51 1911808 c:\windows\Installer\69ed1.msi
- 2009-07-14 02:34 . 2012-02-16 04:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-21 01:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-07-15 630784]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273602124555l0374z185a48i2v235
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\u67qen1q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20 17:31:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 01:31
ComboFix2.txt 2012-02-16 04:55
.
Pre-Run: 448,917,680,128 bytes free
Post-Run: 448,953,790,464 bytes free
.
- - End Of File - - 408E786A34D7F746421C16715DC2DA33

Edited by timodawson, 20 February 2012 - 08:40 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 20 February 2012 - 09:22 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 09:31 PM

No infected or suspicious files from TDS Skiller. Working on aswMBR now. Here is the first log:

18:27:50.0475 1012 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:27:51.0208 1012 ============================================================
18:27:51.0208 1012 Current date / time: 2012/02/20 18:27:51.0208
18:27:51.0208 1012 SystemInfo:
18:27:51.0208 1012
18:27:51.0208 1012 OS Version: 6.1.7600 ServicePack: 0.0
18:27:51.0208 1012 Product type: Workstation
18:27:51.0208 1012 ComputerName: DAVID-PC
18:27:51.0208 1012 UserName: David
18:27:51.0208 1012 Windows directory: C:\Windows
18:27:51.0208 1012 System windows directory: C:\Windows
18:27:51.0208 1012 Running under WOW64
18:27:51.0208 1012 Processor architecture: Intel x64
18:27:51.0208 1012 Number of processors: 2
18:27:51.0208 1012 Page size: 0x1000
18:27:51.0208 1012 Boot type: Normal boot
18:27:51.0208 1012 ============================================================
18:27:52.0238 1012 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:52.0253 1012 \Device\Harddisk0\DR0:
18:27:52.0253 1012 MBR used
18:27:52.0253 1012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
18:27:52.0253 1012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904
18:27:52.0269 1012 Initialize success
18:27:52.0269 1012 ============================================================
18:27:56.0356 2436 ============================================================
18:27:56.0356 2436 Scan started
18:27:56.0356 2436 Mode: Manual;
18:27:56.0356 2436 ============================================================
18:27:57.0245 2436 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:27:57.0245 2436 1394ohci - ok
18:27:57.0276 2436 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:27:57.0292 2436 ACPI - ok
18:27:57.0370 2436 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:27:57.0370 2436 AcpiPmi - ok
18:27:57.0417 2436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:27:57.0417 2436 adp94xx - ok
18:27:57.0526 2436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:27:57.0542 2436 adpahci - ok
18:27:57.0573 2436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:27:57.0573 2436 adpu320 - ok
18:27:57.0682 2436 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:27:57.0682 2436 AFD - ok
18:27:57.0744 2436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:27:57.0744 2436 agp440 - ok
18:27:57.0807 2436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:27:57.0807 2436 aliide - ok
18:27:57.0838 2436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:27:57.0838 2436 amdide - ok
18:27:57.0869 2436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:27:57.0885 2436 AmdK8 - ok
18:27:57.0885 2436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:27:57.0885 2436 AmdPPM - ok
18:27:57.0963 2436 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:27:57.0963 2436 amdsata - ok
18:27:58.0025 2436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:27:58.0041 2436 amdsbs - ok
18:27:58.0103 2436 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:27:58.0103 2436 amdxata - ok
18:27:58.0150 2436 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:27:58.0150 2436 AppID - ok
18:27:58.0228 2436 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:27:58.0228 2436 arc - ok
18:27:58.0259 2436 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:27:58.0259 2436 arcsas - ok
18:27:58.0290 2436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:58.0290 2436 AsyncMac - ok
18:27:58.0322 2436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:27:58.0322 2436 atapi - ok
18:27:58.0509 2436 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
18:27:58.0634 2436 atikmdag - ok
18:27:58.0774 2436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:27:58.0790 2436 b06bdrv - ok
18:27:58.0883 2436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:27:58.0883 2436 b57nd60a - ok
18:27:58.0930 2436 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:27:58.0930 2436 Beep - ok
18:27:59.0039 2436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:27:59.0039 2436 blbdrive - ok
18:27:59.0086 2436 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:27:59.0086 2436 bowser - ok
18:27:59.0164 2436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:27:59.0164 2436 BrFiltLo - ok
18:27:59.0180 2436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:27:59.0180 2436 BrFiltUp - ok
18:27:59.0289 2436 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:27:59.0304 2436 BridgeMP - ok
18:27:59.0320 2436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:27:59.0336 2436 Brserid - ok
18:27:59.0336 2436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:27:59.0336 2436 BrSerWdm - ok
18:27:59.0523 2436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:27:59.0538 2436 BrUsbMdm - ok
18:27:59.0663 2436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:27:59.0663 2436 BrUsbSer - ok
18:27:59.0679 2436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:27:59.0679 2436 BTHMODEM - ok
18:27:59.0726 2436 catchme - ok
18:27:59.0819 2436 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
18:27:59.0835 2436 CAXHWAZL - ok
18:27:59.0866 2436 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:27:59.0866 2436 cdfs - ok
18:27:59.0960 2436 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:27:59.0960 2436 cdrom - ok
18:27:59.0991 2436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:27:59.0991 2436 circlass - ok
18:28:00.0069 2436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:28:00.0069 2436 CLFS - ok
18:28:00.0131 2436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:00.0131 2436 CmBatt - ok
18:28:00.0178 2436 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:28:00.0178 2436 cmdide - ok
18:28:00.0225 2436 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:28:00.0225 2436 CNG - ok
18:28:00.0287 2436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:28:00.0287 2436 Compbatt - ok
18:28:00.0318 2436 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:28:00.0334 2436 CompositeBus - ok
18:28:00.0396 2436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:00.0396 2436 crcdisk - ok
18:28:00.0474 2436 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:28:00.0474 2436 DfsC - ok
18:28:00.0537 2436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:28:00.0537 2436 discache - ok
18:28:00.0568 2436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:28:00.0568 2436 Disk - ok
18:28:00.0646 2436 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
18:28:00.0646 2436 DKbFltr - ok
18:28:00.0740 2436 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:28:00.0740 2436 drmkaud - ok
18:28:00.0802 2436 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:28:00.0818 2436 DXGKrnl - ok
18:28:00.0974 2436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:28:01.0067 2436 ebdrv - ok
18:28:01.0176 2436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:28:01.0176 2436 elxstor - ok
18:28:01.0270 2436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:28:01.0270 2436 ErrDev - ok
18:28:01.0332 2436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:28:01.0332 2436 exfat - ok
18:28:01.0364 2436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:28:01.0364 2436 fastfat - ok
18:28:01.0426 2436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:28:01.0426 2436 fdc - ok
18:28:01.0488 2436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:28:01.0488 2436 FileInfo - ok
18:28:01.0488 2436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:28:01.0504 2436 Filetrace - ok
18:28:01.0504 2436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:01.0504 2436 flpydisk - ok
18:28:01.0520 2436 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:28:01.0535 2436 FltMgr - ok
18:28:01.0566 2436 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:28:01.0566 2436 FsDepends - ok
18:28:01.0582 2436 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:28:01.0598 2436 Fs_Rec - ok
18:28:01.0660 2436 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:28:01.0660 2436 fvevol - ok
18:28:01.0707 2436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:01.0707 2436 gagp30kx - ok
18:28:01.0754 2436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:28:01.0754 2436 hcw85cir - ok
18:28:01.0800 2436 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:28:01.0800 2436 HdAudAddService - ok
18:28:01.0863 2436 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:28:01.0863 2436 HDAudBus - ok
18:28:01.0894 2436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:01.0894 2436 HidBatt - ok
18:28:01.0910 2436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:28:01.0910 2436 HidBth - ok
18:28:01.0941 2436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:28:01.0941 2436 HidIr - ok
18:28:02.0003 2436 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:28:02.0003 2436 HidUsb - ok
18:28:02.0050 2436 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:28:02.0050 2436 HpSAMD - ok
18:28:02.0128 2436 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
18:28:02.0144 2436 HSF_DPV - ok
18:28:02.0253 2436 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:28:02.0268 2436 HTTP - ok
18:28:02.0331 2436 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:28:02.0331 2436 hwpolicy - ok
18:28:02.0393 2436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:28:02.0393 2436 i8042prt - ok
18:28:02.0518 2436 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:28:02.0518 2436 iaStorV - ok
18:28:02.0799 2436 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:28:03.0064 2436 igfx - ok
18:28:03.0142 2436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:28:03.0142 2436 iirsp - ok
18:28:03.0236 2436 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
18:28:03.0267 2436 IntcAzAudAddService - ok
18:28:03.0345 2436 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
18:28:03.0345 2436 IntcHdmiAddService - ok
18:28:03.0376 2436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:28:03.0376 2436 intelide - ok
18:28:03.0438 2436 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:28:03.0438 2436 intelppm - ok
18:28:03.0485 2436 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:03.0485 2436 IpFilterDriver - ok
18:28:03.0501 2436 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:28:03.0501 2436 IPMIDRV - ok
18:28:03.0516 2436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:28:03.0516 2436 IPNAT - ok
18:28:03.0579 2436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:28:03.0579 2436 IRENUM - ok
18:28:03.0626 2436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:28:03.0626 2436 isapnp - ok
18:28:03.0641 2436 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:28:03.0641 2436 iScsiPrt - ok
18:28:03.0704 2436 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:28:03.0719 2436 k57nd60a - ok
18:28:03.0782 2436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:28:03.0782 2436 kbdclass - ok
18:28:03.0828 2436 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:28:03.0828 2436 kbdhid - ok
18:28:03.0860 2436 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:28:03.0875 2436 KSecDD - ok
18:28:03.0922 2436 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:28:03.0922 2436 KSecPkg - ok
18:28:04.0016 2436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:28:04.0016 2436 ksthunk - ok
18:28:04.0109 2436 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:28:04.0109 2436 lltdio - ok
18:28:04.0156 2436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:28:04.0156 2436 LSI_FC - ok
18:28:04.0172 2436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:28:04.0172 2436 LSI_SAS - ok
18:28:04.0203 2436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:28:04.0203 2436 LSI_SAS2 - ok
18:28:04.0203 2436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:28:04.0218 2436 LSI_SCSI - ok
18:28:04.0265 2436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:28:04.0265 2436 luafv - ok
18:28:04.0343 2436 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:28:04.0343 2436 MBAMProtector - ok
18:28:04.0406 2436 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:28:04.0406 2436 mdmxsdk - ok
18:28:04.0468 2436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:28:04.0468 2436 megasas - ok
18:28:04.0484 2436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:28:04.0484 2436 MegaSR - ok
18:28:04.0546 2436 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:28:04.0546 2436 Modem - ok
18:28:04.0577 2436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:28:04.0577 2436 monitor - ok
18:28:04.0608 2436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:28:04.0608 2436 mouclass - ok
18:28:04.0702 2436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:28:04.0702 2436 mouhid - ok
18:28:04.0733 2436 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:28:04.0733 2436 mountmgr - ok
18:28:04.0811 2436 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:28:04.0811 2436 MpFilter - ok
18:28:04.0874 2436 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:28:04.0874 2436 mpio - ok
18:28:04.0920 2436 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:28:04.0920 2436 MpNWMon - ok
18:28:04.0936 2436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:28:04.0936 2436 mpsdrv - ok
18:28:04.0998 2436 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:28:04.0998 2436 MRxDAV - ok
18:28:05.0045 2436 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:05.0045 2436 mrxsmb - ok
18:28:05.0108 2436 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:05.0123 2436 mrxsmb10 - ok
18:28:05.0154 2436 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:05.0154 2436 mrxsmb20 - ok
18:28:05.0201 2436 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:28:05.0201 2436 msahci - ok
18:28:05.0217 2436 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:28:05.0217 2436 msdsm - ok
18:28:05.0264 2436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:28:05.0264 2436 Msfs - ok
18:28:05.0295 2436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:28:05.0295 2436 mshidkmdf - ok
18:28:05.0326 2436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:28:05.0326 2436 msisadrv - ok
18:28:05.0388 2436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:28:05.0388 2436 MSKSSRV - ok
18:28:05.0435 2436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:05.0435 2436 MSPCLOCK - ok
18:28:05.0451 2436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:28:05.0451 2436 MSPQM - ok
18:28:05.0482 2436 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:28:05.0482 2436 MsRPC - ok
18:28:05.0498 2436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:28:05.0498 2436 mssmbios - ok
18:28:05.0576 2436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:28:05.0576 2436 MSTEE - ok
18:28:05.0607 2436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:28:05.0607 2436 MTConfig - ok
18:28:05.0638 2436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:28:05.0638 2436 Mup - ok
18:28:05.0716 2436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:28:05.0716 2436 NativeWifiP - ok
18:28:05.0794 2436 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:28:05.0794 2436 NDIS - ok
18:28:05.0888 2436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:05.0888 2436 NdisCap - ok
18:28:05.0903 2436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:05.0903 2436 NdisTapi - ok
18:28:05.0934 2436 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:05.0934 2436 Ndisuio - ok
18:28:05.0966 2436 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:05.0966 2436 NdisWan - ok
18:28:06.0044 2436 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:28:06.0044 2436 NDProxy - ok
18:28:06.0075 2436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:28:06.0075 2436 NetBIOS - ok
18:28:06.0090 2436 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:28:06.0090 2436 NetBT - ok
18:28:06.0309 2436 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:28:06.0512 2436 NETw5s64 - ok
18:28:06.0730 2436 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
18:28:06.0870 2436 netw5v64 - ok
18:28:06.0948 2436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:28:06.0948 2436 nfrd960 - ok
18:28:07.0011 2436 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:28:07.0011 2436 NisDrv - ok
18:28:07.0104 2436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:28:07.0104 2436 Npfs - ok
18:28:07.0120 2436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:28:07.0120 2436 nsiproxy - ok
18:28:07.0214 2436 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:28:07.0245 2436 Ntfs - ok
18:28:07.0307 2436 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
18:28:07.0307 2436 NTIDrvr - ok
18:28:07.0323 2436 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:28:07.0323 2436 Null - ok
18:28:07.0354 2436 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:28:07.0370 2436 nvraid - ok
18:28:07.0448 2436 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:28:07.0448 2436 nvstor - ok
18:28:07.0479 2436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:28:07.0494 2436 nv_agp - ok
18:28:07.0494 2436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:28:07.0510 2436 ohci1394 - ok
18:28:07.0572 2436 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:28:07.0572 2436 Parport - ok
18:28:07.0588 2436 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:28:07.0588 2436 partmgr - ok
18:28:07.0604 2436 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:28:07.0619 2436 pci - ok
18:28:07.0635 2436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:28:07.0635 2436 pciide - ok
18:28:07.0650 2436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:28:07.0666 2436 pcmcia - ok
18:28:07.0666 2436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:28:07.0666 2436 pcw - ok
18:28:07.0697 2436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:28:07.0697 2436 PEAUTH - ok
18:28:07.0822 2436 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:28:07.0838 2436 PptpMiniport - ok
18:28:07.0853 2436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:28:07.0853 2436 Processor - ok
18:28:07.0962 2436 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:28:07.0962 2436 Psched - ok
18:28:08.0009 2436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:28:08.0040 2436 ql2300 - ok
18:28:08.0118 2436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:28:08.0118 2436 ql40xx - ok
18:28:08.0150 2436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:28:08.0150 2436 QWAVEdrv - ok
18:28:08.0165 2436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:28:08.0165 2436 RasAcd - ok
18:28:08.0212 2436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:08.0212 2436 RasAgileVpn - ok
18:28:08.0259 2436 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:08.0259 2436 Rasl2tp - ok
18:28:08.0306 2436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:08.0306 2436 RasPppoe - ok
18:28:08.0321 2436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:28:08.0321 2436 RasSstp - ok
18:28:08.0352 2436 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:28:08.0352 2436 rdbss - ok
18:28:08.0384 2436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:28:08.0384 2436 rdpbus - ok
18:28:08.0430 2436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:08.0430 2436 RDPCDD - ok
18:28:08.0477 2436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:28:08.0477 2436 RDPENCDD - ok
18:28:08.0508 2436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:28:08.0508 2436 RDPREFMP - ok
18:28:08.0524 2436 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:28:08.0540 2436 RDPWD - ok
18:28:08.0586 2436 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:28:08.0586 2436 rdyboost - ok
18:28:08.0649 2436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:28:08.0649 2436 rspndr - ok
18:28:08.0711 2436 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\System32\Drivers\RtsUStor.sys
18:28:08.0727 2436 RSUSBSTOR - ok
18:28:08.0789 2436 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
18:28:08.0789 2436 RTHDMIAzAudService - ok
18:28:08.0867 2436 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:28:08.0867 2436 SASDIFSV - ok
18:28:08.0883 2436 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:28:08.0883 2436 SASKUTIL - ok
18:28:08.0961 2436 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:28:08.0961 2436 sbp2port - ok
18:28:08.0992 2436 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:28:08.0992 2436 scfilter - ok
18:28:09.0054 2436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:28:09.0054 2436 secdrv - ok
18:28:09.0086 2436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:28:09.0086 2436 Serenum - ok
18:28:09.0148 2436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:28:09.0148 2436 Serial - ok
18:28:09.0164 2436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:28:09.0164 2436 sermouse - ok
18:28:09.0195 2436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:28:09.0195 2436 sffdisk - ok
18:28:09.0195 2436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:28:09.0195 2436 sffp_mmc - ok
18:28:09.0210 2436 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:28:09.0210 2436 sffp_sd - ok
18:28:09.0210 2436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:28:09.0226 2436 sfloppy - ok
18:28:09.0273 2436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:28:09.0273 2436 SiSRaid2 - ok
18:28:09.0288 2436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:28:09.0288 2436 SiSRaid4 - ok
18:28:09.0304 2436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:28:09.0304 2436 Smb - ok
18:28:09.0366 2436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:28:09.0366 2436 spldr - ok
18:28:09.0398 2436 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:28:09.0413 2436 srv - ok
18:28:09.0491 2436 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:28:09.0491 2436 srv2 - ok
18:28:09.0522 2436 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:28:09.0522 2436 SrvHsfHDA - ok
18:28:09.0647 2436 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:28:09.0663 2436 SrvHsfV92 - ok
18:28:09.0772 2436 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:28:09.0788 2436 SrvHsfWinac - ok
18:28:09.0850 2436 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:28:09.0866 2436 srvnet - ok
18:28:09.0912 2436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:28:09.0912 2436 stexstor - ok
18:28:10.0006 2436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:28:10.0006 2436 swenum - ok
18:28:10.0053 2436 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
18:28:10.0053 2436 SynTP - ok
18:28:10.0209 2436 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:28:10.0224 2436 Tcpip - ok
18:28:10.0334 2436 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:28:10.0365 2436 TCPIP6 - ok
18:28:10.0443 2436 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:28:10.0443 2436 tcpipreg - ok
18:28:10.0458 2436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:28:10.0458 2436 TDPIPE - ok
18:28:10.0474 2436 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:28:10.0474 2436 TDTCP - ok
18:28:10.0505 2436 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:28:10.0505 2436 tdx - ok
18:28:10.0568 2436 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:28:10.0568 2436 TermDD - ok
18:28:10.0614 2436 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:10.0614 2436 tssecsrv - ok
18:28:10.0661 2436 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:28:10.0661 2436 tunnel - ok
18:28:10.0739 2436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:28:10.0739 2436 uagp35 - ok
18:28:10.0755 2436 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
18:28:10.0755 2436 UBHelper - ok
18:28:10.0770 2436 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:28:10.0786 2436 udfs - ok
18:28:10.0802 2436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:28:10.0802 2436 uliagpkx - ok
18:28:10.0848 2436 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:28:10.0848 2436 umbus - ok
18:28:10.0880 2436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:28:10.0880 2436 UmPass - ok
18:28:10.0926 2436 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:28:10.0926 2436 usbccgp - ok
18:28:10.0989 2436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:28:10.0989 2436 usbcir - ok
18:28:11.0067 2436 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:28:11.0082 2436 usbehci - ok
18:28:11.0114 2436 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:28:11.0114 2436 usbhub - ok
18:28:11.0176 2436 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:28:11.0176 2436 usbohci - ok
18:28:11.0223 2436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:28:11.0223 2436 usbprint - ok
18:28:11.0254 2436 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
18:28:11.0254 2436 USBSTOR - ok
18:28:11.0301 2436 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:28:11.0301 2436 usbuhci - ok
18:28:11.0379 2436 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:28:11.0379 2436 usbvideo - ok
18:28:11.0504 2436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:28:11.0504 2436 vdrvroot - ok
18:28:11.0519 2436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:28:11.0519 2436 vga - ok
18:28:11.0535 2436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:28:11.0535 2436 VgaSave - ok
18:28:11.0550 2436 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:28:11.0550 2436 vhdmp - ok
18:28:11.0566 2436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:28:11.0566 2436 viaide - ok
18:28:11.0582 2436 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:28:11.0582 2436 volmgr - ok
18:28:11.0597 2436 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:28:11.0597 2436 volmgrx - ok
18:28:11.0675 2436 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:28:11.0675 2436 volsnap - ok
18:28:11.0706 2436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:28:11.0706 2436 vsmraid - ok
18:28:11.0722 2436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:28:11.0722 2436 vwifibus - ok
18:28:11.0738 2436 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:28:11.0738 2436 vwififlt - ok
18:28:11.0769 2436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:28:11.0769 2436 WacomPen - ok
18:28:11.0847 2436 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:28:11.0847 2436 WANARP - ok
18:28:11.0862 2436 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:28:11.0862 2436 Wanarpv6 - ok
18:28:11.0894 2436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:28:11.0894 2436 Wd - ok
18:28:11.0909 2436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:28:11.0925 2436 Wdf01000 - ok
18:28:12.0034 2436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:28:12.0034 2436 WfpLwf - ok
18:28:12.0050 2436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:28:12.0050 2436 WIMMount - ok
18:28:12.0096 2436 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
18:28:12.0112 2436 winachsf - ok
18:28:12.0206 2436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:28:12.0221 2436 WmiAcpi - ok
18:28:12.0237 2436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:28:12.0237 2436 ws2ifsl - ok
18:28:12.0284 2436 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:28:12.0284 2436 WudfPf - ok
18:28:12.0315 2436 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
18:28:12.0315 2436 XAudio - ok
18:28:12.0346 2436 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:28:12.0408 2436 \Device\Harddisk0\DR0 - ok
18:28:12.0408 2436 Boot (0x1200) (b0d55a20c3e34406baafec91b3a44127) \Device\Harddisk0\DR0\Partition0
18:28:12.0408 2436 \Device\Harddisk0\DR0\Partition0 - ok
18:28:12.0424 2436 Boot (0x1200) (6eea16efabcf19b8453fd0c926948bf2) \Device\Harddisk0\DR0\Partition1
18:28:12.0424 2436 \Device\Harddisk0\DR0\Partition1 - ok
18:28:12.0424 2436 ============================================================
18:28:12.0424 2436 Scan finished
18:28:12.0424 2436 ============================================================
18:28:12.0440 3464 Detected object count: 0
18:28:12.0440 3464 Actual detected object count: 0

#7 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 09:36 PM

Here is the aswMBR log:

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 18:33:17
-----------------------------
18:33:17.330 OS Version: Windows x64 6.1.7600
18:33:17.330 Number of processors: 2 586 0x170A
18:33:17.330 ComputerName: DAVID-PC UserName: David
18:33:18.999 Initialize success
18:34:55.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:34:55.225 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
18:34:55.256 Disk 0 MBR read successfully
18:34:55.256 Disk 0 MBR scan
18:34:55.272 Disk 0 Windows 7 default MBR code
18:34:55.272 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
18:34:55.288 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
18:34:55.288 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700
18:34:55.319 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 0 MB offset 976771120
18:34:55.334 Service scanning
18:35:02.074 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:35:08.423 Service TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe **HIDDEN**
18:35:11.449 Modules scanning
18:35:11.449 Disk 0 trace - called modules:
18:35:11.980 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:35:11.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1f400]
18:35:11.995 3 CLASSPNP.SYS[fffff880018d943f] -> nt!IofCallDriver -> [0xfffffa80047c5520]
18:35:11.995 5 ACPI.sys[fffff88000f19781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004712680]
18:35:12.011 Scan finished successfully
18:35:51.619 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
18:35:51.635 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 20 February 2012 - 09:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 09:58 PM

Created the script and dropped on combofix. it seemed to run without any issues and re-booted the PC. When Windows restarted Security Essentials found a potential threat again. Same as before. Here is the latest log:

ComboFix 12-02-19.02 - David 02/20/2012 18:48:25.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2808 [GMT -8:00]
Running from: c:\users\David\Desktop\ComboFix.exe
Command switches used :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 02:52 . 2012-02-21 02:52 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8744ADF5-03D2-4DD9-94C3-2A9B5DD56720}\offreg.dll
2012-02-21 02:51 . 2012-02-21 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 01:40 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8744ADF5-03D2-4DD9-94C3-2A9B5DD56720}\mpengine.dll
2012-02-18 01:32 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-16 05:00 . 2012-02-16 05:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4C8AF50-16D4-4BBB-81D4-1E84FCCA6CA6}\gapaengine.dll
2012-02-16 04:59 . 2012-02-16 04:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-16 04:59 . 2012-02-16 04:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-16 03:50 . 2012-02-16 03:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-16 03:50 . 2012-02-16 03:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-16 03:48 . 2012-02-16 03:48 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-16 03:48 . 2012-02-16 03:48 -------- d-----w- c:\windows\system32\Wat
2012-02-16 03:47 . 2012-02-16 03:47 -------- d-----w- c:\programdata\Malwarebytes
2012-02-16 03:47 . 2012-02-16 03:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-16 03:47 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 03:44 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-02-16 03:44 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2012-02-16 03:44 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-16 03:44 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-16 03:44 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-15 06:13 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-15 06:13 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-15 06:03 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-15 06:03 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-02-15 05:53 . 2009-11-25 20:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-15 05:53 . 2009-11-25 20:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-15 05:53 . 2009-11-25 20:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-15 05:53 . 2009-11-25 20:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-15 05:53 . 2009-11-25 20:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-15 05:53 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-15 05:53 . 2009-11-25 20:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-15 05:53 . 2009-11-25 20:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-15 05:53 . 2009-11-25 20:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-15 05:53 . 2009-11-25 20:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-15 05:39 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-15 05:39 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-15 05:38 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-15 05:38 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-15 05:38 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-02-15 05:38 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-15 05:38 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2012-02-15 05:38 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2012-02-15 05:35 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-02-15 05:34 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-15 05:34 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-15 05:34 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-15 05:24 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-15 05:24 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-15 05:05 . 2012-02-15 05:05 -------- d--h--w- c:\windows\msdownld.tmp
2012-02-15 05:03 . 2012-02-15 05:03 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-15 04:38 . 2001-09-05 12:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-15 04:38 . 2001-09-05 12:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-15 04:38 . 2001-09-05 12:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-15 04:38 . 2007-03-14 04:54 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-02-15 04:38 . 2001-09-05 12:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-15 04:37 . 2012-01-17 12:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA3E6936-BF68-4DA9-902F-C175BE2175DA}\mpengine.dll
2012-02-15 04:37 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 04:37 . 2012-02-15 04:37 -------- d-----w- c:\programdata\CyberLink
2012-02-15 04:36 . 2012-02-15 04:36 1066544 ----a-w- c:\windows\SysWow64\MFC71.dll
2012-02-15 04:36 . 2012-02-15 04:36 1053232 ----a-w- c:\windows\SysWow64\MFC71u.dll
2012-02-15 04:33 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-15 04:32 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-02-15 04:32 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-02-15 04:32 . 2012-02-15 04:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-15 04:31 . 2012-02-15 04:31 -------- d-----w- c:\program files (x86)\Microsoft
2012-02-15 04:31 . 2012-02-15 04:31 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-02-15 04:30 . 2012-02-15 04:33 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-15 04:29 . 2012-02-15 04:29 -------- d-----w- c:\program files\Synaptics
2012-02-15 04:28 . 2012-02-15 04:28 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-02-15 04:27 . 2012-02-15 04:27 -------- d-----w- c:\program files (x86)\Video Web Camera
2012-02-15 04:24 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-02-15 04:24 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-02-15 04:24 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-02-15 04:24 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-15 04:23 . 2012-02-15 04:23 -------- d-----w- c:\programdata\OEM_E471269A730D
2012-02-15 04:22 . 2012-02-18 01:31 -------- d-----w- c:\users\David
2012-02-15 04:22 . 2012-02-15 04:22 -------- d-----w- C:\Recovery
2012-02-15 04:14 . 2012-02-15 04:14 -------- d-----w- c:\windows\SysWow64\x64
2012-02-15 04:14 . 2012-02-15 04:14 -------- d-----w- c:\windows\SysWow64\Lang
2012-02-15 04:14 . 2010-08-26 03:45 948760 ----a-w- c:\windows\SysWow64\igxpun.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 04:36 . 2009-08-28 11:06 505392 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-02-15 04:17 . 2009-08-28 10:45 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-21_01.28.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-21 01:29 28054 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-21 01:10 . 2012-02-21 02:51 11312 c:\windows\SoftwareDistribution\EventCache\{B34B3A4D-4AC9-4605-B804-2177A4FC8429}.bin
+ 2009-07-14 04:46 . 2012-02-21 01:38 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-16 04:07 . 2012-02-21 02:51 3446 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-15 04:51 . 2012-02-21 01:29 4094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969061268-4065861229-2331425474-1000_UserData.bin
+ 2012-02-21 02:52 . 2012-02-21 02:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-21 01:27 . 2012-02-21 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 02:52 . 2012-02-21 02:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-21 01:27 . 2012-02-21 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-15 13:41 . 2012-02-21 02:25 166560 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-02-21 01:27 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-21 02:51 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-16 05:34 . 2012-02-21 02:51 916476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-969061268-4065861229-2331425474-1000-8192.dat
- 2012-02-16 05:34 . 2012-02-21 01:27 916476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-969061268-4065861229-2331425474-1000-8192.dat
- 2009-07-14 02:34 . 2012-02-21 01:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-21 02:35 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-07-15 630784]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273602124555l0374z185a48i2v235
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\u67qen1q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20 18:56:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 02:56
ComboFix2.txt 2012-02-21 01:31
ComboFix3.txt 2012-02-16 04:55
.
Pre-Run: 449,137,512,448 bytes free
Post-Run: 448,732,528,640 bytes free
.
- - End Of File - - 534CA160DC777F9E2D614A32FF3B8FEB

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 20 February 2012 - 10:17 PM

Hello

When Windows restarted Security Essentials found a potential threat again
does it give you a location?

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1 MUI [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 10:22 PM

All I could find in Security Essentials that looked like a location is the following:

Items:
boot:\Device\HarddiskVolume4\
boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17)


I'm working on all the other things you sent now.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 20 February 2012 - 10:38 PM

Hello

do this for now

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 11:05 PM

did you still want me to do the MBAM and HJT stuff or just skip to the bootable USB?

#14 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 11:37 PM

Latest MBAM:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

Protection: Disabled

2/20/2012 8:14:45 PM
mbam-log-2012-02-20 (20-14-45).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281235
Time elapsed: 20 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 timodawson

timodawson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 February 2012 - 11:39 PM

HJT Log. Working on your screenshots now...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:06 PM, on 2/20/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\reg.exe
C:\Windows\SysWOW64\reg.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273602124555l0374z185a48i2v235
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7231 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users