Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bootkit infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 NeoGeek

NeoGeek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 26 February 2012 - 09:13 PM

Hi,

I believe my computer has acquired the bootkit infection. Either my PC has been infected with the virus or I have been on a lucky winning streak since the past two weeks. My computer has been telling me in a very annoying voice that 'Congratulations, you've won'. I've never won anything and however nice it is to hear that again and again (sometimes while I'm fast asleep), it's getting VERY annoying now. Considering it's my darn luck, I don't think I've won something and I have, indeed, been infected with a virus. I have searched all over and I can't seem to find a solution. My AVG is not detecting it and some of the malware software's I've tried didn't do any good either. Helpless and desperate, I summon your knight and shining armored knights to help me fight this minion of the dark lord. It plays with your heart, tell you you've won, and the lets you sit there for hours searching what frikking browser window the sound came from.


Thanks a million for all your help.


=========================================================================DDS LOGS=============================================================================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by NeoGeek at 1:28:51 on 2012-02-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4020.1022 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\windows\Explorer.EXE
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\BatteryMonitor\BatteryMonitor.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\windows\splwow64.exe
C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\boostspeed.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
X:\Program Files (x86)\Mendeley Desktop\MendeleyDesktop.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - X:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies

\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TosNC] %ProgramFiles(x86)%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 147.197.200.44 147.197.200.2
TCP: Interfaces\{27199CF4-C742-4D8E-BAE5-3B89630026A6} : DhcpNameServer = 10.203.65.70 10.203.65.68
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\054534C4D22424 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\058416A4A416 : NameServer = 203.99.163.240,116.71.240.198
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\058416A4A416 : DhcpNameServer = 192.168.0.2
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\35B4959393236313 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\4586F6D637F6E6030373831453 : NameServer = 203.99.163.240,116.71.240.198
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\4586F6D637F6E6030373831453 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\D457E6E6160224168696 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\D49627A716 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76399DF1-4681-4375-8627-A2F3CCC1E092} : DhcpNameServer = 147.197.200.44 147.197.200.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - X:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies

\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TosNC] %ProgramFiles(x86)%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NeoGeek\AppData\Roaming\Mozilla\Firefox\Profiles\9ou1z5ti.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B419530f7-f16d-4575-848c-c2ed47d918b1%7D&mid=c8bd7f5e65ce47d6b0eeb1a22f9815fc-

f7330a91e7f183c4469118bdf3de9b3b63af8462&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-13%2019%3A56%3A09&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\NeoGeek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\NeoGeek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\NeoGeek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\NeoGeek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-1-13 135608]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-25 2253120]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-12-7 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-13 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-6 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-23 822192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-23 136176]
S3 androidusb;ADB Interface Driver;C:\windows\system32\Drivers\androidusb.sys --> C:\windows\system32\Drivers\androidusb.sys [?]
S3 CH341SER_A64;CH341SER_A64;C:\windows\system32\Drivers\CH341S64.SYS --> C:\windows\system32\Drivers\CH341S64.SYS [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\windows\system32\DRIVERS\ewusbnet.sys --> C:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-23 136176]
S3 hwusbfake;Huawei DataCard USB Fake;C:\windows\system32\DRIVERS\ewusbfake.sys --> C:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\windows\system32\DRIVERS\ladfGSCamd64.sys [?]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\windows\system32\DRIVERS\ladfGSRamd64.sys [?]
S3 LbtyUsbDrv_amd64.sys;2.0.1 amd64 Polhemus Liberty USB 1.0 (LbtyUsbDrv_amd64.sys);C:\windows\system32\DRIVERS\LbtyUsbDrv_amd64.sys --> C:\windows\system32\DRIVERS\LbtyUsbDrv_amd64.sys [?]
S3 LbtyUsbLoader_amd64.sys;LbtyUsbLoader_amd64.sys;C:\windows\system32\DRIVERS\LbtyUsbLoader_amd64.sys --> C:\windows\system32\DRIVERS\LbtyUsbLoader_amd64.sys [?]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\windows\system32\drivers\LGBusEnum.sys --> C:\windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\windows\system32\drivers\LGVirHid.sys --> C:\windows\system32\drivers\LGVirHid.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;X:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\windows\system32\DRIVERS\RsFx0103.sys --> C:\windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-02-21 19:06:05 -------- d-----w- C:\Users\NeoGeek\AppData\Roaming\AVG
2012-02-21 18:38:08 98816 ----a-w- C:\windows\sed.exe
2012-02-21 18:38:08 518144 ----a-w- C:\windows\SWREG.exe
2012-02-21 18:38:08 256000 ----a-w- C:\windows\PEV.exe
2012-02-21 18:38:08 208896 ----a-w- C:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-02-18 16:02:11 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-12-05 11:09:18 237568 ----a-w- C:\windows\system\glut32.dll
.
============= FINISH: 1:30:08.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 27 February 2012 - 03:00 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 02 March 2012 - 12:08 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 NeoGeek

NeoGeek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 03 March 2012 - 02:19 PM

Hi,

Sorry for the late reply. After the 3rd try I finally managed to run this ComboFix program.
I love you for all your help :D


Here are the logs:




ComboFix 12-03-02.01 - NeoGeek 03/03/2012 19:03:59.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4020.1451 [GMT 0:00]
Running from: c:\users\NeoGeek\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 19:08 . 2012-03-03 19:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-03 19:08 . 2012-03-03 19:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-03 19:08 . 2012-03-03 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 00:51 . 2012-03-03 00:51 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-21 19:06 . 2012-02-21 19:06 -------- d-----w- c:\users\NeoGeek\AppData\Roaming\AVG
2012-02-18 16:02 . 2012-02-18 16:02 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 16:02 . 2010-08-23 08:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-05 11:09 . 2011-12-05 12:03 237568 ----a-w- c:\windows\system\glut32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-18 18:32 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-10-28 1242448]
"DAEMON Tools Lite"="x:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-18 939872]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
R3 ALSysIO;ALSysIO;c:\users\NeoGeek\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [x]
R3 LbtyUsbDrv_amd64.sys;2.0.1 amd64 Polhemus Liberty USB 1.0;c:\windows\system32\DRIVERS\LbtyUsbDrv_amd64.sys [x]
R3 LbtyUsbLoader_amd64.sys;LbtyUsbLoader_amd64.sys;c:\windows\system32\DRIVERS\LbtyUsbLoader_amd64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;x:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-12-07 135608]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-18 909152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-23 822192]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3049361314-1993294261-1454237137-1000Core.job
- c:\users\NeoGeek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 14:19]
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3049361314-1993294261-1454237137-1000UA.job
- c:\users\NeoGeek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 14:19]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:36]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:36]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049361314-1993294261-1454237137-1000Core.job
- c:\users\NeoGeek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 08:36]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049361314-1993294261-1454237137-1000UA.job
- c:\users\NeoGeek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 08:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 147.197.200.44 147.197.200.2
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\058416A4A416: NameServer = 203.99.163.240,116.71.240.198
TCP: Interfaces\{52710C06-4A2D-44D7-AACF-FDFB11F03CC3}\4586F6D637F6E6030373831453: NameServer = 203.99.163.240,116.71.240.198
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\NeoGeek\AppData\Roaming\Mozilla\Firefox\Profiles\9ou1z5ti.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B419530f7-f16d-4575-848c-c2ed47d918b1%7D&mid=c8bd7f5e65ce47d6b0eeb1a22f9815fc-f7330a91e7f183c4469118bdf3de9b3b63af8462&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-13%2019%3A56%3A09&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-TosNC - %ProgramFiles(x86)%\Toshiba\BulletinBoard\TosNcCore.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3049361314-1993294261-1454237137-1000_Classes\Wow6432Node\CLSID\{299c6e2c-9f44-4e67-8d8d-4948cedbd0bb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000008f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,c3,4d,9e,47,61,a7,8f,c3,57,67,98,cb,70,40,6a,f4,bb,00,2d,28,73,8d,\
.
[HKEY_USERS\S-1-5-21-3049361314-1993294261-1454237137-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):20,2a,00,f9,96,6a,6e,af,a2,fb,ca,dd,b4,7b,2f,c6,e6,78,af,c3,3d,
43,b9,9b,a8,d7,20,77,db,53,60,af,15,63,3c,96,dc,c4,bd,1b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DRIVERS\o2flash.exe
.
**************************************************************************
.
Completion time: 2012-03-03 19:15:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 19:15
.
Pre-Run: 189,140,705,280 bytes free
Post-Run: 188,805,234,688 bytes free
.
- - End Of File - - 7701C5852A1AE61E9383DD940B6C3B9F

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 03 March 2012 - 02:22 PM

reetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 NeoGeek

NeoGeek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 04 March 2012 - 09:29 AM

TDDSKiller [No threat detected]


04:29:00.0186 7292 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
04:29:00.0332 7292 ============================================================
04:29:00.0333 7292 Current date / time: 2012/03/04 04:29:00.0332
04:29:00.0333 7292 SystemInfo:
04:29:00.0333 7292
04:29:00.0333 7292 OS Version: 6.1.7600 ServicePack: 0.0
04:29:00.0333 7292 Product type: Workstation
04:29:00.0333 7292 ComputerName: QOSMIO
04:29:00.0333 7292 UserName: NeoGeek
04:29:00.0333 7292 Windows directory: C:\windows
04:29:00.0333 7292 System windows directory: C:\windows
04:29:00.0333 7292 Running under WOW64
04:29:00.0333 7292 Processor architecture: Intel x64
04:29:00.0333 7292 Number of processors: 4
04:29:00.0333 7292 Page size: 0x1000
04:29:00.0333 7292 Boot type: Normal boot
04:29:00.0333 7292 ============================================================
04:29:01.0294 7292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:29:01.0318 7292 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:29:01.0325 7292 \Device\Harddisk0\DR0:
04:29:01.0326 7292 MBR used
04:29:01.0326 7292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1F1D1800
04:29:01.0343 7292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F4C0800, BlocksNum 0x19814000
04:29:01.0343 7292 \Device\Harddisk1\DR1:
04:29:01.0345 7292 MBR used
04:29:01.0345 7292 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
04:29:01.0560 7292 Initialize success
04:29:01.0560 7292 ============================================================
04:29:10.0075 7212 ============================================================
04:29:10.0076 7212 Scan started
04:29:10.0076 7212 Mode: Manual;
04:29:10.0076 7212 ============================================================
04:29:13.0235 7212 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
04:29:13.0242 7212 1394ohci - ok
04:29:13.0264 7212 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
04:29:13.0272 7212 ACPI - ok
04:29:13.0292 7212 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
04:29:13.0295 7212 AcpiPmi - ok
04:29:13.0323 7212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
04:29:13.0333 7212 adp94xx - ok
04:29:13.0371 7212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
04:29:13.0378 7212 adpahci - ok
04:29:13.0404 7212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
04:29:13.0409 7212 adpu320 - ok
04:29:13.0478 7212 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
04:29:13.0494 7212 AFD - ok
04:29:13.0513 7212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
04:29:13.0515 7212 agp440 - ok
04:29:13.0551 7212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
04:29:13.0554 7212 aliide - ok
04:29:13.0643 7212 ALSysIO - ok
04:29:13.0665 7212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
04:29:13.0668 7212 amdide - ok
04:29:13.0687 7212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
04:29:13.0690 7212 AmdK8 - ok
04:29:13.0708 7212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
04:29:13.0710 7212 AmdPPM - ok
04:29:13.0729 7212 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
04:29:13.0733 7212 amdsata - ok
04:29:13.0757 7212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
04:29:13.0762 7212 amdsbs - ok
04:29:13.0783 7212 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
04:29:13.0786 7212 amdxata - ok
04:29:13.0826 7212 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\windows\system32\Drivers\androidusb.sys
04:29:13.0829 7212 androidusb - ok
04:29:13.0867 7212 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
04:29:13.0869 7212 AppID - ok
04:29:13.0909 7212 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
04:29:13.0912 7212 arc - ok
04:29:13.0929 7212 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
04:29:13.0932 7212 arcsas - ok
04:29:13.0968 7212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
04:29:13.0971 7212 AsyncMac - ok
04:29:13.0999 7212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
04:29:14.0001 7212 atapi - ok
04:29:14.0061 7212 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
04:29:14.0064 7212 AVGIDSDriver - ok
04:29:14.0122 7212 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
04:29:14.0139 7212 AVGIDSEH - ok
04:29:14.0172 7212 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
04:29:14.0190 7212 AVGIDSFilter - ok
04:29:14.0293 7212 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
04:29:14.0326 7212 Avgldx64 - ok
04:29:14.0412 7212 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
04:29:14.0425 7212 Avgmfx64 - ok
04:29:14.0496 7212 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
04:29:14.0522 7212 Avgrkx64 - ok
04:29:14.0596 7212 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
04:29:14.0614 7212 Avgtdia - ok
04:29:14.0761 7212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
04:29:14.0796 7212 b06bdrv - ok
04:29:14.0878 7212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
04:29:14.0883 7212 b57nd60a - ok
04:29:14.0949 7212 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
04:29:14.0975 7212 Beep - ok
04:29:15.0054 7212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
04:29:15.0070 7212 blbdrive - ok
04:29:15.0139 7212 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
04:29:15.0142 7212 bowser - ok
04:29:15.0376 7212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
04:29:15.0378 7212 BrFiltLo - ok
04:29:15.0418 7212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
04:29:15.0421 7212 BrFiltUp - ok
04:29:15.0485 7212 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
04:29:15.0489 7212 BridgeMP - ok
04:29:15.0525 7212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
04:29:15.0532 7212 Brserid - ok
04:29:15.0562 7212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
04:29:15.0565 7212 BrSerWdm - ok
04:29:15.0598 7212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
04:29:15.0600 7212 BrUsbMdm - ok
04:29:15.0633 7212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
04:29:15.0635 7212 BrUsbSer - ok
04:29:15.0687 7212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
04:29:15.0690 7212 BTHMODEM - ok
04:29:15.0733 7212 catchme - ok
04:29:15.0769 7212 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
04:29:15.0772 7212 cdfs - ok
04:29:15.0819 7212 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
04:29:15.0823 7212 cdrom - ok
04:29:15.0889 7212 CH341SER_A64 (37c29f723a1174b21e7cc6e66d7c2c37) C:\windows\system32\Drivers\CH341S64.SYS
04:29:15.0892 7212 CH341SER_A64 - ok
04:29:15.0936 7212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
04:29:15.0939 7212 circlass - ok
04:29:15.0978 7212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
04:29:15.0985 7212 CLFS - ok
04:29:16.0031 7212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
04:29:16.0034 7212 CmBatt - ok
04:29:16.0056 7212 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
04:29:16.0058 7212 cmdide - ok
04:29:16.0091 7212 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
04:29:16.0108 7212 CNG - ok
04:29:16.0169 7212 CnxtHdAudService (a7d943bcfb70f1f053c274b348267b55) C:\windows\system32\drivers\CHDRT64.sys
04:29:16.0187 7212 CnxtHdAudService - ok
04:29:16.0224 7212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
04:29:16.0226 7212 Compbatt - ok
04:29:16.0251 7212 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
04:29:16.0253 7212 CompositeBus - ok
04:29:16.0272 7212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
04:29:16.0274 7212 crcdisk - ok
04:29:16.0340 7212 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
04:29:16.0343 7212 DfsC - ok
04:29:16.0374 7212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
04:29:16.0376 7212 discache - ok
04:29:16.0402 7212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
04:29:16.0404 7212 Disk - ok
04:29:16.0439 7212 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
04:29:16.0441 7212 drmkaud - ok
04:29:16.0495 7212 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\windows\system32\DRIVERS\dtsoftbus01.sys
04:29:16.0501 7212 dtsoftbus01 - ok
04:29:16.0542 7212 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
04:29:16.0569 7212 DXGKrnl - ok
04:29:16.0675 7212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
04:29:16.0764 7212 ebdrv - ok
04:29:16.0843 7212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
04:29:16.0860 7212 elxstor - ok
04:29:16.0881 7212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
04:29:16.0883 7212 ErrDev - ok
04:29:16.0956 7212 ewusbnet (53913561a7089c9a4649ce4e42f6101b) C:\windows\system32\DRIVERS\ewusbnet.sys
04:29:16.0959 7212 ewusbnet - ok
04:29:16.0987 7212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
04:29:16.0991 7212 exfat - ok
04:29:17.0015 7212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
04:29:17.0020 7212 fastfat - ok
04:29:17.0042 7212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
04:29:17.0044 7212 fdc - ok
04:29:17.0070 7212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
04:29:17.0073 7212 FileInfo - ok
04:29:17.0092 7212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
04:29:17.0095 7212 Filetrace - ok
04:29:17.0133 7212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
04:29:17.0136 7212 flpydisk - ok
04:29:17.0157 7212 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
04:29:17.0163 7212 FltMgr - ok
04:29:17.0190 7212 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
04:29:17.0193 7212 FsDepends - ok
04:29:17.0210 7212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
04:29:17.0213 7212 Fs_Rec - ok
04:29:17.0266 7212 FTDIBUS (7b96746a52eded1d64c8a25cac16d29c) C:\windows\system32\drivers\ftdibus.sys
04:29:17.0269 7212 FTDIBUS - ok
04:29:17.0322 7212 FTSER2K (3011aee59035c2fe7cd74d4df4568731) C:\windows\system32\drivers\ftser2k.sys
04:29:17.0324 7212 FTSER2K - ok
04:29:17.0359 7212 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
04:29:17.0364 7212 fvevol - ok
04:29:17.0391 7212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
04:29:17.0394 7212 gagp30kx - ok
04:29:17.0458 7212 GGSAFERDriver - ok
04:29:17.0525 7212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
04:29:17.0528 7212 hcw85cir - ok
04:29:17.0574 7212 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
04:29:17.0582 7212 HdAudAddService - ok
04:29:17.0612 7212 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
04:29:17.0615 7212 HDAudBus - ok
04:29:17.0638 7212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
04:29:17.0641 7212 HidBatt - ok
04:29:17.0663 7212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
04:29:17.0667 7212 HidBth - ok
04:29:17.0692 7212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
04:29:17.0696 7212 HidIr - ok
04:29:17.0739 7212 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
04:29:17.0742 7212 HidUsb - ok
04:29:17.0785 7212 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
04:29:17.0788 7212 HpSAMD - ok
04:29:17.0823 7212 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
04:29:17.0845 7212 HTTP - ok
04:29:17.0897 7212 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\windows\system32\DRIVERS\ewusbmdm.sys
04:29:17.0900 7212 hwdatacard - ok
04:29:17.0935 7212 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
04:29:17.0937 7212 hwpolicy - ok
04:29:17.0971 7212 hwusbfake (e0c7255498640fc64b19aae17fd6f965) C:\windows\system32\DRIVERS\ewusbfake.sys
04:29:17.0974 7212 hwusbfake - ok
04:29:17.0997 7212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
04:29:18.0001 7212 i8042prt - ok
04:29:18.0039 7212 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
04:29:18.0044 7212 iaStor - ok
04:29:18.0084 7212 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
04:29:18.0093 7212 iaStorV - ok
04:29:18.0128 7212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
04:29:18.0130 7212 iirsp - ok
04:29:18.0211 7212 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
04:29:18.0216 7212 Impcd - ok
04:29:18.0240 7212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
04:29:18.0242 7212 intelide - ok
04:29:18.0273 7212 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
04:29:18.0276 7212 intelppm - ok
04:29:18.0312 7212 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
04:29:18.0316 7212 IpFilterDriver - ok
04:29:18.0340 7212 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
04:29:18.0343 7212 IPMIDRV - ok
04:29:18.0368 7212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
04:29:18.0372 7212 IPNAT - ok
04:29:18.0400 7212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
04:29:18.0402 7212 IRENUM - ok
04:29:18.0424 7212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
04:29:18.0427 7212 isapnp - ok
04:29:18.0462 7212 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
04:29:18.0467 7212 iScsiPrt - ok
04:29:18.0500 7212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
04:29:18.0502 7212 kbdclass - ok
04:29:18.0526 7212 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
04:29:18.0529 7212 kbdhid - ok
04:29:18.0560 7212 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
04:29:18.0563 7212 KSecDD - ok
04:29:18.0584 7212 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
04:29:18.0590 7212 KSecPkg - ok
04:29:18.0611 7212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
04:29:18.0613 7212 ksthunk - ok
04:29:18.0651 7212 L1C (ff60e112fc03f6d0eb74b3bfd7d6b7c9) C:\windows\system32\DRIVERS\L1C62x64.sys
04:29:18.0654 7212 L1C - ok
04:29:18.0703 7212 LADF_CaptureOnly (ce4347e2d90db2e5517b6f2bc720a862) C:\windows\system32\DRIVERS\ladfGSCamd64.sys
04:29:18.0711 7212 LADF_CaptureOnly - ok
04:29:18.0739 7212 LADF_RenderOnly (85a9d21d3ae2ea963e111cb150895877) C:\windows\system32\DRIVERS\ladfGSRamd64.sys
04:29:18.0747 7212 LADF_RenderOnly - ok
04:29:18.0797 7212 LbtyUsbDrv_amd64.sys (519d14b8dbb143e28a915447a32925ea) C:\windows\system32\DRIVERS\LbtyUsbDrv_amd64.sys
04:29:18.0800 7212 LbtyUsbDrv_amd64.sys - ok
04:29:18.0832 7212 LbtyUsbLoader_amd64.sys (e516da96c83f54d42c61eca5ebfa6abd) C:\windows\system32\DRIVERS\LbtyUsbLoader_amd64.sys
04:29:18.0835 7212 LbtyUsbLoader_amd64.sys - ok
04:29:18.0890 7212 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\windows\system32\drivers\LGBusEnum.sys
04:29:18.0892 7212 LGBusEnum - ok
04:29:18.0931 7212 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\windows\system32\drivers\LGVirHid.sys
04:29:18.0933 7212 LGVirHid - ok
04:29:18.0969 7212 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\windows\system32\DRIVERS\LHidFilt.Sys
04:29:18.0972 7212 LHidFilt - ok
04:29:19.0017 7212 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
04:29:19.0020 7212 lltdio - ok
04:29:19.0060 7212 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\windows\system32\DRIVERS\LMouFilt.Sys
04:29:19.0064 7212 LMouFilt - ok
04:29:19.0100 7212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
04:29:19.0104 7212 LSI_FC - ok
04:29:19.0125 7212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
04:29:19.0128 7212 LSI_SAS - ok
04:29:19.0151 7212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
04:29:19.0154 7212 LSI_SAS2 - ok
04:29:19.0180 7212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
04:29:19.0183 7212 LSI_SCSI - ok
04:29:19.0208 7212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
04:29:19.0211 7212 luafv - ok
04:29:19.0254 7212 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\windows\system32\Drivers\LUsbFilt.Sys
04:29:19.0257 7212 LUsbFilt - ok
04:29:19.0277 7212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
04:29:19.0279 7212 megasas - ok
04:29:19.0302 7212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
04:29:19.0308 7212 MegaSR - ok
04:29:19.0361 7212 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
04:29:19.0363 7212 Modem - ok
04:29:19.0396 7212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
04:29:19.0398 7212 monitor - ok
04:29:19.0435 7212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
04:29:19.0437 7212 mouclass - ok
04:29:19.0466 7212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
04:29:19.0469 7212 mouhid - ok
04:29:19.0502 7212 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
04:29:19.0504 7212 mountmgr - ok
04:29:19.0529 7212 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
04:29:19.0533 7212 mpio - ok
04:29:19.0551 7212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
04:29:19.0554 7212 mpsdrv - ok
04:29:19.0568 7212 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
04:29:19.0571 7212 MRxDAV - ok
04:29:19.0629 7212 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\windows\system32\DRIVERS\mrxsmb.sys
04:29:19.0634 7212 mrxsmb - ok
04:29:19.0678 7212 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\windows\system32\DRIVERS\mrxsmb10.sys
04:29:19.0684 7212 mrxsmb10 - ok
04:29:19.0716 7212 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\windows\system32\DRIVERS\mrxsmb20.sys
04:29:19.0719 7212 mrxsmb20 - ok
04:29:19.0748 7212 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
04:29:19.0750 7212 msahci - ok
04:29:19.0775 7212 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
04:29:19.0779 7212 msdsm - ok
04:29:19.0838 7212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
04:29:19.0840 7212 Msfs - ok
04:29:19.0870 7212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
04:29:19.0872 7212 mshidkmdf - ok
04:29:19.0907 7212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
04:29:19.0909 7212 msisadrv - ok
04:29:19.0955 7212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
04:29:19.0957 7212 MSKSSRV - ok
04:29:20.0005 7212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
04:29:20.0007 7212 MSPCLOCK - ok
04:29:20.0043 7212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
04:29:20.0045 7212 MSPQM - ok
04:29:20.0080 7212 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
04:29:20.0088 7212 MsRPC - ok
04:29:20.0118 7212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
04:29:20.0120 7212 mssmbios - ok
04:29:20.0165 7212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
04:29:20.0167 7212 MSTEE - ok
04:29:20.0213 7212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
04:29:20.0215 7212 MTConfig - ok
04:29:20.0244 7212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
04:29:20.0247 7212 Mup - ok
04:29:20.0313 7212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
04:29:20.0320 7212 NativeWifiP - ok
04:29:20.0386 7212 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
04:29:20.0421 7212 NDIS - ok
04:29:20.0455 7212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
04:29:20.0458 7212 NdisCap - ok
04:29:20.0495 7212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
04:29:20.0497 7212 NdisTapi - ok
04:29:20.0524 7212 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
04:29:20.0527 7212 Ndisuio - ok
04:29:20.0558 7212 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
04:29:20.0563 7212 NdisWan - ok
04:29:20.0590 7212 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
04:29:20.0593 7212 NDProxy - ok
04:29:20.0627 7212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
04:29:20.0630 7212 NetBIOS - ok
04:29:20.0663 7212 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
04:29:20.0669 7212 NetBT - ok
04:29:20.0734 7212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
04:29:20.0737 7212 nfrd960 - ok
04:29:20.0777 7212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
04:29:20.0779 7212 Npfs - ok
04:29:20.0815 7212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
04:29:20.0818 7212 nsiproxy - ok
04:29:20.0873 7212 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
04:29:20.0919 7212 Ntfs - ok
04:29:20.0958 7212 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
04:29:20.0960 7212 Null - ok
04:29:21.0024 7212 NVHDA (10204955027011e08a9dc27737a48a54) C:\windows\system32\drivers\nvhda64v.sys
04:29:21.0029 7212 NVHDA - ok
04:29:21.0260 7212 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\windows\system32\DRIVERS\nvlddmkm.sys
04:29:21.0485 7212 nvlddmkm - ok
04:29:21.0532 7212 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
04:29:21.0536 7212 nvraid - ok
04:29:21.0579 7212 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
04:29:21.0582 7212 nvstor - ok
04:29:21.0642 7212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
04:29:21.0645 7212 nv_agp - ok
04:29:21.0686 7212 O2MDGRDR (e66fe47f60c2e5b9bbf43552771ad569) C:\windows\system32\DRIVERS\o2mdgx64.sys
04:29:21.0689 7212 O2MDGRDR - ok
04:29:21.0705 7212 O2SDGRDR (fa1eed3a10992eba9a39172b50346434) C:\windows\system32\DRIVERS\o2sdgx64.sys
04:29:21.0708 7212 O2SDGRDR - ok
04:29:21.0731 7212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
04:29:21.0734 7212 ohci1394 - ok
04:29:21.0781 7212 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
04:29:21.0784 7212 Parport - ok
04:29:21.0802 7212 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
04:29:21.0804 7212 partmgr - ok
04:29:21.0838 7212 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
04:29:21.0842 7212 pci - ok
04:29:21.0868 7212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
04:29:21.0870 7212 pciide - ok
04:29:21.0893 7212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
04:29:21.0898 7212 pcmcia - ok
04:29:21.0922 7212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
04:29:21.0924 7212 pcw - ok
04:29:21.0955 7212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
04:29:21.0972 7212 PEAUTH - ok
04:29:22.0021 7212 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
04:29:22.0024 7212 PGEffect - ok
04:29:22.0079 7212 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
04:29:22.0082 7212 PptpMiniport - ok
04:29:22.0105 7212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
04:29:22.0108 7212 Processor - ok
04:29:22.0167 7212 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
04:29:22.0169 7212 Psched - ok
04:29:22.0216 7212 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
04:29:22.0218 7212 QIOMem - ok
04:29:22.0281 7212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
04:29:22.0323 7212 ql2300 - ok
04:29:22.0362 7212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
04:29:22.0365 7212 ql40xx - ok
04:29:22.0386 7212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
04:29:22.0388 7212 QWAVEdrv - ok
04:29:22.0404 7212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
04:29:22.0408 7212 RasAcd - ok
04:29:22.0437 7212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
04:29:22.0439 7212 RasAgileVpn - ok
04:29:22.0466 7212 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
04:29:22.0469 7212 Rasl2tp - ok
04:29:22.0507 7212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
04:29:22.0510 7212 RasPppoe - ok
04:29:22.0533 7212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
04:29:22.0535 7212 RasSstp - ok
04:29:22.0561 7212 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
04:29:22.0568 7212 rdbss - ok
04:29:22.0590 7212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
04:29:22.0593 7212 rdpbus - ok
04:29:22.0622 7212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
04:29:22.0624 7212 RDPCDD - ok
04:29:22.0647 7212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
04:29:22.0649 7212 RDPENCDD - ok
04:29:22.0700 7212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
04:29:22.0702 7212 RDPREFMP - ok
04:29:22.0729 7212 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
04:29:22.0734 7212 RDPWD - ok
04:29:22.0761 7212 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
04:29:22.0767 7212 rdyboost - ok
04:29:22.0828 7212 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\windows\system32\DRIVERS\RsFx0103.sys
04:29:22.0835 7212 RsFx0103 - ok
04:29:22.0863 7212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
04:29:22.0866 7212 rspndr - ok
04:29:22.0924 7212 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
04:29:22.0948 7212 rtl8192se - ok
04:29:22.0986 7212 s125bus (ae722fd346b75b776ca75f297347ee8a) C:\windows\system32\DRIVERS\s125bus.sys
04:29:22.0989 7212 s125bus - ok
04:29:23.0014 7212 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
04:29:23.0017 7212 sbp2port - ok
04:29:23.0038 7212 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
04:29:23.0040 7212 scfilter - ok
04:29:23.0077 7212 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
04:29:23.0080 7212 sdbus - ok
04:29:23.0115 7212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
04:29:23.0118 7212 secdrv - ok
04:29:23.0147 7212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
04:29:23.0149 7212 Serenum - ok
04:29:23.0169 7212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
04:29:23.0177 7212 Serial - ok
04:29:23.0218 7212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
04:29:23.0220 7212 sermouse - ok
04:29:23.0258 7212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
04:29:23.0261 7212 sffdisk - ok
04:29:23.0277 7212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
04:29:23.0279 7212 sffp_mmc - ok
04:29:23.0302 7212 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
04:29:23.0305 7212 sffp_sd - ok
04:29:23.0327 7212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
04:29:23.0329 7212 sfloppy - ok
04:29:23.0365 7212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
04:29:23.0368 7212 SiSRaid2 - ok
04:29:23.0389 7212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
04:29:23.0392 7212 SiSRaid4 - ok
04:29:23.0434 7212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
04:29:23.0437 7212 Smb - ok
04:29:23.0483 7212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
04:29:23.0485 7212 spldr - ok
04:29:23.0553 7212 srv (148d50904d2a0df29a19778715eb35bb) C:\windows\system32\DRIVERS\srv.sys
04:29:23.0561 7212 srv - ok
04:29:23.0584 7212 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\windows\system32\DRIVERS\srv2.sys
04:29:23.0592 7212 srv2 - ok
04:29:23.0617 7212 srvnet (cb69edeb069a49577592835659cd0e46) C:\windows\system32\DRIVERS\srvnet.sys
04:29:23.0621 7212 srvnet - ok
04:29:23.0701 7212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
04:29:23.0704 7212 stexstor - ok
04:29:23.0736 7212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
04:29:23.0739 7212 swenum - ok
04:29:23.0817 7212 SynTP (12a35e44d8647985fcdb8d298a590134) C:\windows\system32\DRIVERS\SynTP.sys
04:29:23.0823 7212 SynTP - ok
04:29:23.0954 7212 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
04:29:24.0008 7212 Tcpip - ok
04:29:24.0067 7212 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
04:29:24.0080 7212 TCPIP6 - ok
04:29:24.0114 7212 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
04:29:24.0117 7212 tcpipreg - ok
04:29:24.0145 7212 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
04:29:24.0148 7212 tdcmdpst - ok
04:29:24.0164 7212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
04:29:24.0167 7212 TDPIPE - ok
04:29:24.0187 7212 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
04:29:24.0189 7212 TDTCP - ok
04:29:24.0219 7212 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
04:29:24.0222 7212 tdx - ok
04:29:24.0245 7212 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
04:29:24.0248 7212 TermDD - ok
04:29:24.0296 7212 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
04:29:24.0299 7212 Thpdrv - ok
04:29:24.0326 7212 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
04:29:24.0328 7212 Thpevm - ok
04:29:24.0410 7212 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
04:29:24.0419 7212 tos_sps64 - ok
04:29:24.0467 7212 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
04:29:24.0470 7212 tssecsrv - ok
04:29:24.0502 7212 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
04:29:24.0505 7212 tunnel - ok
04:29:24.0535 7212 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
04:29:24.0538 7212 TVALZ - ok
04:29:24.0568 7212 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
04:29:24.0571 7212 TVALZFL - ok
04:29:24.0589 7212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
04:29:24.0592 7212 uagp35 - ok
04:29:24.0618 7212 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
04:29:24.0624 7212 udfs - ok
04:29:24.0670 7212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
04:29:24.0673 7212 uliagpkx - ok
04:29:24.0705 7212 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
04:29:24.0708 7212 umbus - ok
04:29:24.0732 7212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
04:29:24.0735 7212 UmPass - ok
04:29:24.0793 7212 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
04:29:24.0796 7212 USBAAPL64 - ok
04:29:24.0835 7212 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
04:29:24.0839 7212 usbaudio - ok
04:29:24.0879 7212 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
04:29:24.0883 7212 usbccgp - ok
04:29:24.0913 7212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
04:29:24.0916 7212 usbcir - ok
04:29:24.0947 7212 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys
04:29:24.0950 7212 usbehci - ok
04:29:25.0009 7212 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys
04:29:25.0017 7212 usbhub - ok
04:29:25.0037 7212 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
04:29:25.0040 7212 usbohci - ok
04:29:25.0077 7212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
04:29:25.0080 7212 usbprint - ok
04:29:25.0120 7212 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
04:29:25.0123 7212 USBSTOR - ok
04:29:25.0146 7212 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
04:29:25.0149 7212 usbuhci - ok
04:29:25.0183 7212 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
04:29:25.0188 7212 usbvideo - ok
04:29:25.0219 7212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
04:29:25.0222 7212 vdrvroot - ok
04:29:25.0251 7212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
04:29:25.0254 7212 vga - ok
04:29:25.0302 7212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
04:29:25.0304 7212 VgaSave - ok
04:29:25.0328 7212 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
04:29:25.0333 7212 vhdmp - ok
04:29:25.0353 7212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
04:29:25.0356 7212 viaide - ok
04:29:25.0376 7212 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
04:29:25.0378 7212 volmgr - ok
04:29:25.0400 7212 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
04:29:25.0407 7212 volmgrx - ok
04:29:25.0454 7212 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
04:29:25.0460 7212 volsnap - ok
04:29:25.0488 7212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
04:29:25.0504 7212 vsmraid - ok
04:29:25.0629 7212 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) X:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
04:29:25.0633 7212 VSPerfDrv100 - ok
04:29:25.0726 7212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
04:29:25.0728 7212 vwifibus - ok
04:29:25.0777 7212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
04:29:25.0780 7212 vwififlt - ok
04:29:25.0810 7212 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
04:29:25.0813 7212 vwifimp - ok
04:29:25.0862 7212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
04:29:25.0863 7212 WacomPen - ok
04:29:25.0909 7212 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
04:29:25.0912 7212 WANARP - ok
04:29:25.0925 7212 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
04:29:25.0926 7212 Wanarpv6 - ok
04:29:25.0983 7212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
04:29:25.0985 7212 Wd - ok
04:29:26.0024 7212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
04:29:26.0041 7212 Wdf01000 - ok
04:29:26.0113 7212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
04:29:26.0115 7212 WfpLwf - ok
04:29:26.0140 7212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
04:29:26.0142 7212 WIMMount - ok
04:29:26.0237 7212 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
04:29:26.0239 7212 WinUsb - ok
04:29:26.0277 7212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
04:29:26.0279 7212 WmiAcpi - ok
04:29:26.0328 7212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
04:29:26.0330 7212 ws2ifsl - ok
04:29:26.0360 7212 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
04:29:26.0363 7212 WudfPf - ok
04:29:26.0398 7212 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
04:29:26.0402 7212 WUDFRd - ok
04:29:26.0460 7212 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
04:29:26.0532 7212 \Device\Harddisk0\DR0 - ok
04:29:26.0545 7212 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
04:29:26.0553 7212 \Device\Harddisk1\DR1 - ok
04:29:26.0582 7212 Boot (0x1200) (d89fad4b397c6669787d5cde5e05d064) \Device\Harddisk0\DR0\Partition0
04:29:26.0584 7212 \Device\Harddisk0\DR0\Partition0 - ok
04:29:26.0612 7212 Boot (0x1200) (4ddbea4d1844b52a12e57de5879eb610) \Device\Harddisk0\DR0\Partition1
04:29:26.0615 7212 \Device\Harddisk0\DR0\Partition1 - ok
04:29:26.0622 7212 Boot (0x1200) (ac2b921041a23bdc8fde7d2badd604f5) \Device\Harddisk1\DR1\Partition0
04:29:26.0624 7212 \Device\Harddisk1\DR1\Partition0 - ok
04:29:26.0627 7212 ============================================================
04:29:26.0627 7212 Scan finished
04:29:26.0627 7212 ============================================================
04:29:26.0635 2812 Detected object count: 0
04:29:26.0636 2812 Actual detected object count: 0



ASWMbr SCAN LOG


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 04:31:27
-----------------------------
04:31:27.925 OS Version: Windows x64 6.1.7600
04:31:27.925 Number of processors: 4 586 0x2505
04:31:27.925 ComputerName: QOSMIO UserName:
04:31:29.820 Initialize success
04:32:56.241 AVAST engine defs: 12030301
04:35:56.407 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:35:56.410 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
04:35:56.420 Disk 0 MBR read successfully
04:35:56.424 Disk 0 MBR scan
04:35:56.431 Disk 0 Windows VISTA default MBR code
04:35:56.444 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
04:35:56.458 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 254883 MB offset 3074048
04:35:56.464 Disk 0 Partition - 00 0F Extended LBA 208937 MB offset 525074432
04:35:56.499 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11619 MB offset 952977408
04:35:56.530 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 208936 MB offset 525076480
04:35:56.568 Disk 0 scanning C:\windows\system32\drivers
04:36:07.282 Service scanning
04:36:29.927 Modules scanning
04:36:30.275 Disk 0 trace - called modules:
04:36:30.289 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
04:36:30.295 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006af2060]
04:36:30.301 3 CLASSPNP.SYS[fffff88001bd143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006af1060]
04:36:30.309 5 thpdrv.sys[fffff88001b19cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac4050]
04:36:32.878 AVAST engine scan C:\windows
04:36:35.502 AVAST engine scan C:\windows\system32
04:39:51.397 AVAST engine scan C:\windows\system32\drivers
04:40:04.193 AVAST engine scan C:\Users\NeoGeek
04:51:46.132 AVAST engine scan C:\ProgramData
04:54:44.006 Scan finished successfully
14:28:48.587 Disk 0 MBR has been saved successfully to "C:\Users\NeoGeek\Desktop\MBR.dat"
14:28:48.596 The log file has been saved successfully to "C:\Users\NeoGeek\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 04 March 2012 - 01:22 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 07 March 2012 - 11:41 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 09 March 2012 - 11:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 12 March 2012 - 11:29 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users