Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans, possible hijack. Malware not detecting issues.


  • This topic is locked This topic is locked
11 replies to this topic

#1 ShiftySteve

ShiftySteve

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 29 February 2012 - 01:07 AM

Hi all!
Thanks in advance to those willing to assist me. About a month ago i had strong suspicions that a virtual machine/remote desktop was running so went ahead and re installed windows 7. Thought that would definitely solve my dilemma but it seemed not. I paid for numerous programs (Avast,PcSafeDoctor, Spyhunter 4)which only PcSafeDoctor found a trojan.win32/xxxx which would be renamed after each reboot. After seeking advice i decided to run the Advanced SystemCare 5 and to my horror i witnessed a ton of worms, trojans, misleaders and nasty vermin as it was scanning the first malware section only to pass the section healthy. :o I found it hard to capture all the names (20+) but here is what i could make out:

Trojan.Win32/Agent
Misleading.Application
Trojan.Win32/Vundo
PSW.OnLineGames
Trojan.Trace
Backdoor.Frauder
Trojan.Win32/BHO
Worm.Agent
Mal/Gen.Downloader
Trojan-spy

As requested the DDS log file:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ken Kaniff at 15:27:56 on 2012-02-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3062.1959 [GMT 10:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.igoogle.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [pcsafedoctor.exe] C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
mPolicies-system: DontDisplayLockedUserId = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{B994260D-AAA0-471B-A0CC-597862F99154} : DhcpNameServer = 10.0.0.138
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [pcsafedoctor.exe] C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-22 497496]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-25 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-2-25 131288]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-2-21 76288]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-2-21 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-18 652360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]
S2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-14 20992]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\system32\DRIVERS\yk62x64l.sys --> C:\Windows\system32\DRIVERS\yk62x64l.sys [?]
S3 SkVlanProtocol;Marvell VLAN Protocol;C:\Windows\system32\DRIVERS\yk62x64v.sys --> C:\Windows\system32\DRIVERS\yk62x64v.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-02-23 16:23:26 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-23 16:13:06 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-02-23 16:12:43 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-23 16:12:07 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-02-23 16:11:26 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-02-23 16:11:04 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-02-23 16:10:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-21 08:08:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-19 07:38:15 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-02-18 09:31:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-12 12:29:32 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2012-02-12 12:29:32 14848 ----a-w- C:\Windows\System32\slwga.dll
2012-02-12 12:29:32 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2012-02-12 12:29:31 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2012-02-12 12:29:31 1008640 ----a-w- C:\Windows\System32\user32.dll
2012-01-28 19:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 07:02:52 23896 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-10 05:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:29:38.06 ===============

As requested the ATTACH file:

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 03 March 2012 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 ShiftySteve

ShiftySteve
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 03 March 2012 - 09:56 AM

Attached File  MBR.zip   558bytes   0 downloadsHi Nasdaq! Thank you very kindly for replying so soon. ;D

Here is the TDDS Killer log (no reboot required):


00:28:42.0523 3760 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
00:28:42.0554 3760 ============================================================
00:28:42.0554 3760 Current date / time: 2012/03/04 00:28:42.0554
00:28:42.0554 3760 SystemInfo:
00:28:42.0554 3760
00:28:42.0554 3760 OS Version: 6.1.7601 ServicePack: 1.0
00:28:42.0554 3760 Product type: Workstation
00:28:42.0554 3760 ComputerName: SCROTUS
00:28:42.0554 3760 UserName: Ken Kaniff
00:28:42.0554 3760 Windows directory: C:\Windows
00:28:42.0554 3760 System windows directory: C:\Windows
00:28:42.0554 3760 Running under WOW64
00:28:42.0554 3760 Processor architecture: Intel x64
00:28:42.0554 3760 Number of processors: 2
00:28:42.0554 3760 Page size: 0x1000
00:28:42.0554 3760 Boot type: Normal boot
00:28:42.0554 3760 ============================================================
00:28:43.0787 3760 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:28:43.0802 3760 \Device\Harddisk0\DR0:
00:28:43.0802 3760 MBR used
00:28:43.0802 3760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x123D0968
00:28:43.0818 3760 Initialize success
00:28:43.0818 3760 ============================================================
00:29:30.0337 2068 ============================================================
00:29:30.0337 2068 Scan started
00:29:30.0337 2068 Mode: Manual;
00:29:30.0337 2068 ============================================================
00:29:31.0866 2068 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
00:29:31.0882 2068 1394ohci - ok
00:29:31.0913 2068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:29:31.0929 2068 ACPI - ok
00:29:31.0944 2068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:29:31.0944 2068 AcpiPmi - ok
00:29:32.0007 2068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:29:32.0007 2068 adp94xx - ok
00:29:32.0038 2068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:29:32.0053 2068 adpahci - ok
00:29:32.0069 2068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:29:32.0069 2068 adpu320 - ok
00:29:32.0131 2068 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:29:32.0147 2068 AFD - ok
00:29:32.0209 2068 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
00:29:32.0241 2068 AgereSoftModem - ok
00:29:32.0272 2068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:29:32.0272 2068 agp440 - ok
00:29:32.0303 2068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:29:32.0303 2068 aliide - ok
00:29:32.0334 2068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:29:32.0334 2068 amdide - ok
00:29:32.0350 2068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:29:32.0350 2068 AmdK8 - ok
00:29:32.0381 2068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:29:32.0397 2068 AmdPPM - ok
00:29:32.0428 2068 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:29:32.0428 2068 amdsata - ok
00:29:32.0459 2068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:29:32.0459 2068 amdsbs - ok
00:29:32.0490 2068 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:29:32.0506 2068 amdxata - ok
00:29:32.0537 2068 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:29:32.0537 2068 AppID - ok
00:29:32.0584 2068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:29:32.0584 2068 arc - ok
00:29:32.0599 2068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:29:32.0599 2068 arcsas - ok
00:29:32.0646 2068 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
00:29:32.0646 2068 aswFsBlk - ok
00:29:32.0677 2068 aswFW (baa236e2e146b864803c9b4a5aa65816) C:\Windows\system32\drivers\aswFW.sys
00:29:32.0693 2068 aswFW - ok
00:29:32.0755 2068 aswKbd (29ec2fb2d3a5d2177ef6ba600e0305ae) C:\Windows\system32\drivers\aswKbd.sys
00:29:32.0755 2068 aswKbd - ok
00:29:32.0802 2068 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
00:29:32.0802 2068 aswMonFlt - ok
00:29:32.0818 2068 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
00:29:32.0818 2068 aswNdis - ok
00:29:32.0849 2068 aswNdis2 (b33e66eb8b76a818aee08e4e6d9a11ea) C:\Windows\system32\drivers\aswNdis2.sys
00:29:32.0849 2068 aswNdis2 - ok
00:29:32.0896 2068 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
00:29:32.0896 2068 aswRdr - ok
00:29:32.0958 2068 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
00:29:32.0974 2068 aswSnx - ok
00:29:33.0021 2068 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
00:29:33.0036 2068 aswSP - ok
00:29:33.0067 2068 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
00:29:33.0067 2068 aswTdi - ok
00:29:33.0099 2068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:29:33.0099 2068 atapi - ok
00:29:33.0161 2068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:29:33.0161 2068 b06bdrv - ok
00:29:33.0177 2068 b57nd60a - ok
00:29:33.0223 2068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:29:33.0223 2068 Beep - ok
00:29:33.0270 2068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:29:33.0270 2068 blbdrive - ok
00:29:33.0317 2068 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:29:33.0317 2068 bowser - ok
00:29:33.0333 2068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:29:33.0333 2068 BrFiltLo - ok
00:29:33.0348 2068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:29:33.0348 2068 BrFiltUp - ok
00:29:33.0379 2068 Brserid - ok
00:29:33.0411 2068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:29:33.0411 2068 BrSerWdm - ok
00:29:33.0426 2068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:29:33.0426 2068 BrUsbMdm - ok
00:29:33.0442 2068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:29:33.0442 2068 BrUsbSer - ok
00:29:33.0457 2068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:29:33.0457 2068 BTHMODEM - ok
00:29:33.0489 2068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:29:33.0489 2068 cdfs - ok
00:29:33.0520 2068 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:29:33.0520 2068 cdrom - ok
00:29:33.0567 2068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:29:33.0567 2068 circlass - ok
00:29:33.0613 2068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:29:33.0629 2068 CLFS - ok
00:29:33.0660 2068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:29:33.0660 2068 CmBatt - ok
00:29:33.0691 2068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:29:33.0691 2068 cmdide - ok
00:29:33.0738 2068 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:29:33.0738 2068 CNG - ok
00:29:33.0769 2068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:29:33.0769 2068 Compbatt - ok
00:29:33.0785 2068 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:29:33.0801 2068 CompositeBus - ok
00:29:33.0832 2068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:29:33.0832 2068 crcdisk - ok
00:29:33.0894 2068 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:29:33.0910 2068 CSC - ok
00:29:33.0957 2068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:29:33.0957 2068 DfsC - ok
00:29:33.0988 2068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:29:33.0988 2068 discache - ok
00:29:34.0003 2068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:29:34.0019 2068 Disk - ok
00:29:34.0066 2068 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
00:29:34.0066 2068 dmvsc - ok
00:29:34.0113 2068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:29:34.0113 2068 drmkaud - ok
00:29:34.0175 2068 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:29:34.0191 2068 DXGKrnl - ok
00:29:34.0300 2068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:29:34.0347 2068 ebdrv - ok
00:29:34.0409 2068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:29:34.0409 2068 elxstor - ok
00:29:34.0440 2068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:29:34.0440 2068 ErrDev - ok
00:29:34.0518 2068 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
00:29:34.0518 2068 esgiguard - ok
00:29:34.0565 2068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:29:34.0581 2068 exfat - ok
00:29:34.0612 2068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:29:34.0612 2068 fastfat - ok
00:29:34.0643 2068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:29:34.0643 2068 fdc - ok
00:29:34.0690 2068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:29:34.0690 2068 FileInfo - ok
00:29:34.0705 2068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:29:34.0705 2068 Filetrace - ok
00:29:34.0737 2068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:29:34.0737 2068 flpydisk - ok
00:29:34.0768 2068 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:29:34.0768 2068 FltMgr - ok
00:29:34.0815 2068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:29:34.0815 2068 FsDepends - ok
00:29:34.0830 2068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:29:34.0830 2068 Fs_Rec - ok
00:29:34.0861 2068 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:29:34.0877 2068 fvevol - ok
00:29:34.0908 2068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:29:34.0908 2068 gagp30kx - ok
00:29:34.0939 2068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:29:34.0939 2068 hcw85cir - ok
00:29:34.0986 2068 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:29:34.0986 2068 HdAudAddService - ok
00:29:35.0017 2068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:29:35.0017 2068 HDAudBus - ok
00:29:35.0049 2068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:29:35.0049 2068 HidBatt - ok
00:29:35.0080 2068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:29:35.0080 2068 HidBth - ok
00:29:35.0095 2068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:29:35.0111 2068 HidIr - ok
00:29:35.0127 2068 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:29:35.0127 2068 HidUsb - ok
00:29:35.0189 2068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:29:35.0189 2068 HpSAMD - ok
00:29:35.0361 2068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:29:35.0376 2068 HTTP - ok
00:29:35.0392 2068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:29:35.0392 2068 hwpolicy - ok
00:29:35.0407 2068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:29:35.0407 2068 i8042prt - ok
00:29:35.0485 2068 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:29:35.0485 2068 iaStorV - ok
00:29:35.0719 2068 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:29:35.0797 2068 igfx - ok
00:29:35.0969 2068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:29:35.0969 2068 iirsp - ok
00:29:36.0000 2068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:29:36.0000 2068 intelide - ok
00:29:36.0031 2068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:29:36.0031 2068 intelppm - ok
00:29:36.0094 2068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:29:36.0094 2068 IPMIDRV - ok
00:29:36.0109 2068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:29:36.0109 2068 IPNAT - ok
00:29:36.0141 2068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:29:36.0156 2068 IRENUM - ok
00:29:36.0187 2068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:29:36.0187 2068 isapnp - ok
00:29:36.0219 2068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:29:36.0234 2068 iScsiPrt - ok
00:29:36.0265 2068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:29:36.0265 2068 kbdclass - ok
00:29:36.0297 2068 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:29:36.0297 2068 kbdhid - ok
00:29:36.0328 2068 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:29:36.0343 2068 KSecDD - ok
00:29:36.0359 2068 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:29:36.0359 2068 KSecPkg - ok
00:29:36.0390 2068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:29:36.0390 2068 ksthunk - ok
00:29:36.0421 2068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:29:36.0421 2068 lltdio - ok
00:29:36.0468 2068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:29:36.0484 2068 LSI_FC - ok
00:29:36.0499 2068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:29:36.0515 2068 LSI_SAS - ok
00:29:36.0531 2068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:29:36.0546 2068 LSI_SAS2 - ok
00:29:36.0562 2068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:29:36.0577 2068 LSI_SCSI - ok
00:29:36.0609 2068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:29:36.0609 2068 luafv - ok
00:29:36.0640 2068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:29:36.0640 2068 megasas - ok
00:29:36.0671 2068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:29:36.0687 2068 MegaSR - ok
00:29:36.0718 2068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:29:36.0718 2068 Modem - ok
00:29:36.0749 2068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:29:36.0749 2068 monitor - ok
00:29:36.0765 2068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:29:36.0765 2068 mouclass - ok
00:29:36.0796 2068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
00:29:36.0811 2068 mouhid - ok
00:29:36.0827 2068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:29:36.0827 2068 mountmgr - ok
00:29:36.0858 2068 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:29:36.0858 2068 mpio - ok
00:29:36.0889 2068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:29:36.0889 2068 mpsdrv - ok
00:29:36.0921 2068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:29:36.0936 2068 MRxDAV - ok
00:29:36.0967 2068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:29:36.0983 2068 mrxsmb - ok
00:29:37.0014 2068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:29:37.0030 2068 mrxsmb10 - ok
00:29:37.0061 2068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:29:37.0061 2068 mrxsmb20 - ok
00:29:37.0092 2068 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:29:37.0092 2068 msahci - ok
00:29:37.0108 2068 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:29:37.0108 2068 msdsm - ok
00:29:37.0155 2068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:29:37.0155 2068 Msfs - ok
00:29:37.0170 2068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:29:37.0186 2068 mshidkmdf - ok
00:29:37.0201 2068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:29:37.0201 2068 msisadrv - ok
00:29:37.0248 2068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:29:37.0248 2068 MSKSSRV - ok
00:29:37.0264 2068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:29:37.0264 2068 MSPCLOCK - ok
00:29:37.0279 2068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:29:37.0295 2068 MSPQM - ok
00:29:37.0326 2068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:29:37.0342 2068 MsRPC - ok
00:29:37.0357 2068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:29:37.0373 2068 mssmbios - ok
00:29:37.0389 2068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:29:37.0389 2068 MSTEE - ok
00:29:37.0404 2068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:29:37.0420 2068 MTConfig - ok
00:29:37.0451 2068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:29:37.0451 2068 Mup - ok
00:29:37.0482 2068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:29:37.0482 2068 NativeWifiP - ok
00:29:37.0545 2068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:29:37.0560 2068 NDIS - ok
00:29:37.0591 2068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:29:37.0607 2068 NdisCap - ok
00:29:37.0623 2068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:29:37.0623 2068 NdisTapi - ok
00:29:37.0654 2068 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:29:37.0654 2068 Ndisuio - ok
00:29:37.0685 2068 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:29:37.0685 2068 NdisWan - ok
00:29:37.0701 2068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:29:37.0701 2068 NDProxy - ok
00:29:37.0716 2068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:29:37.0732 2068 NetBIOS - ok
00:29:37.0763 2068 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:29:37.0763 2068 NetBT - ok
00:29:37.0997 2068 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:29:38.0091 2068 netw5v64 - ok
00:29:38.0247 2068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:29:38.0247 2068 nfrd960 - ok
00:29:38.0293 2068 npf (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
00:29:38.0309 2068 npf - ok
00:29:38.0325 2068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:29:38.0325 2068 Npfs - ok
00:29:38.0371 2068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:29:38.0371 2068 nsiproxy - ok
00:29:38.0481 2068 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:29:38.0527 2068 Ntfs - ok
00:29:38.0559 2068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:29:38.0559 2068 Null - ok
00:29:38.0605 2068 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:29:38.0605 2068 nvraid - ok
00:29:38.0637 2068 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:29:38.0652 2068 nvstor - ok
00:29:38.0683 2068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:29:38.0683 2068 nv_agp - ok
00:29:38.0730 2068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:29:38.0730 2068 ohci1394 - ok
00:29:38.0761 2068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:29:38.0761 2068 Parport - ok
00:29:38.0793 2068 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:29:38.0808 2068 partmgr - ok
00:29:38.0839 2068 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:29:38.0839 2068 pci - ok
00:29:38.0871 2068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:29:38.0871 2068 pciide - ok
00:29:38.0902 2068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:29:38.0902 2068 pcmcia - ok
00:29:38.0933 2068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:29:38.0933 2068 pcw - ok
00:29:38.0980 2068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:29:38.0995 2068 PEAUTH - ok
00:29:39.0089 2068 PptpMiniport - ok
00:29:39.0120 2068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:29:39.0120 2068 Processor - ok
00:29:39.0151 2068 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:29:39.0167 2068 Psched - ok
00:29:39.0229 2068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:29:39.0245 2068 ql2300 - ok
00:29:39.0292 2068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:29:39.0292 2068 ql40xx - ok
00:29:39.0323 2068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:29:39.0323 2068 QWAVEdrv - ok
00:29:39.0370 2068 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:29:39.0385 2068 rdbss - ok
00:29:39.0401 2068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:29:39.0401 2068 RDPCDD - ok
00:29:39.0432 2068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:29:39.0432 2068 RDPENCDD - ok
00:29:39.0463 2068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:29:39.0463 2068 RDPREFMP - ok
00:29:39.0495 2068 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:29:39.0495 2068 rdyboost - ok
00:29:39.0526 2068 RkHit - ok
00:29:39.0588 2068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:29:39.0588 2068 rspndr - ok
00:29:39.0619 2068 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:29:39.0635 2068 s3cap - ok
00:29:39.0713 2068 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:29:39.0713 2068 SASDIFSV - ok
00:29:39.0744 2068 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:29:39.0744 2068 SASKUTIL - ok
00:29:39.0760 2068 SaxNDIS - ok
00:29:39.0791 2068 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:29:39.0791 2068 sbp2port - ok
00:29:39.0822 2068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:29:39.0838 2068 scfilter - ok
00:29:39.0885 2068 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:29:39.0885 2068 sdbus - ok
00:29:39.0916 2068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:29:39.0916 2068 secdrv - ok
00:29:39.0963 2068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:29:39.0963 2068 Serenum - ok
00:29:39.0994 2068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:29:39.0994 2068 Serial - ok
00:29:40.0009 2068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:29:40.0009 2068 sermouse - ok
00:29:40.0072 2068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:29:40.0072 2068 sffdisk - ok
00:29:40.0087 2068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:29:40.0087 2068 sffp_mmc - ok
00:29:40.0119 2068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:29:40.0119 2068 sffp_sd - ok
00:29:40.0134 2068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:29:40.0134 2068 sfloppy - ok
00:29:40.0181 2068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:29:40.0181 2068 SiSRaid2 - ok
00:29:40.0197 2068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:29:40.0212 2068 SiSRaid4 - ok
00:29:40.0259 2068 SkLaggProtocol (b0191a627fd56d3df8a07891e4d55953) C:\Windows\system32\DRIVERS\yk62x64l.sys
00:29:40.0259 2068 SkLaggProtocol - ok
00:29:40.0290 2068 SkVlanProtocol (fbf71f6e89d3d9ab57dc81829f95c2f1) C:\Windows\system32\DRIVERS\yk62x64v.sys
00:29:40.0290 2068 SkVlanProtocol - ok
00:29:40.0337 2068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:29:40.0337 2068 Smb - ok
00:29:40.0384 2068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:29:40.0384 2068 spldr - ok
00:29:40.0462 2068 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:29:40.0462 2068 srv - ok
00:29:40.0509 2068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:29:40.0509 2068 srv2 - ok
00:29:40.0555 2068 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:29:40.0555 2068 srvnet - ok
00:29:40.0587 2068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:29:40.0587 2068 stexstor - ok
00:29:40.0649 2068 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:29:40.0649 2068 storflt - ok
00:29:40.0680 2068 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:29:40.0680 2068 storvsc - ok
00:29:40.0711 2068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:29:40.0711 2068 swenum - ok
00:29:40.0743 2068 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
00:29:40.0743 2068 Synth3dVsc - ok
00:29:40.0883 2068 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:29:40.0899 2068 Tcpip - ok
00:29:40.0961 2068 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:29:40.0992 2068 TCPIP6 - ok
00:29:41.0039 2068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:29:41.0039 2068 tcpipreg - ok
00:29:41.0070 2068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:29:41.0070 2068 TDPIPE - ok
00:29:41.0101 2068 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:29:41.0101 2068 TDTCP - ok
00:29:41.0133 2068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:29:41.0133 2068 tdx - ok
00:29:41.0164 2068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:29:41.0164 2068 TermDD - ok
00:29:41.0211 2068 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
00:29:41.0211 2068 terminpt - ok
00:29:41.0273 2068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:29:41.0273 2068 tssecsrv - ok
00:29:41.0304 2068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:29:41.0304 2068 TsUsbFlt - ok
00:29:41.0335 2068 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:29:41.0335 2068 TsUsbGD - ok
00:29:41.0367 2068 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
00:29:41.0367 2068 tsusbhub - ok
00:29:41.0398 2068 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:29:41.0398 2068 tunnel - ok
00:29:41.0429 2068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:29:41.0429 2068 uagp35 - ok
00:29:41.0476 2068 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:29:41.0476 2068 udfs - ok
00:29:41.0507 2068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:29:41.0523 2068 uliagpkx - ok
00:29:41.0538 2068 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:29:41.0538 2068 umbus - ok
00:29:41.0569 2068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:29:41.0569 2068 UmPass - ok
00:29:41.0632 2068 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:29:41.0632 2068 usbccgp - ok
00:29:41.0679 2068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:29:41.0679 2068 usbcir - ok
00:29:41.0710 2068 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:29:41.0710 2068 usbehci - ok
00:29:41.0757 2068 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:29:41.0772 2068 usbhub - ok
00:29:41.0803 2068 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:29:41.0819 2068 usbohci - ok
00:29:41.0835 2068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:29:41.0835 2068 usbprint - ok
00:29:41.0866 2068 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
00:29:41.0866 2068 USBSTOR - ok
00:29:41.0897 2068 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:29:41.0897 2068 usbuhci - ok
00:29:41.0944 2068 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:29:41.0959 2068 usbvideo - ok
00:29:41.0991 2068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:29:41.0991 2068 vdrvroot - ok
00:29:42.0022 2068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:29:42.0037 2068 vga - ok
00:29:42.0053 2068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:29:42.0053 2068 VgaSave - ok
00:29:42.0069 2068 VGPU - ok
00:29:42.0115 2068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:29:42.0115 2068 vhdmp - ok
00:29:42.0131 2068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:29:42.0147 2068 viaide - ok
00:29:42.0193 2068 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:29:42.0193 2068 vmbus - ok
00:29:42.0225 2068 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:29:42.0225 2068 VMBusHID - ok
00:29:42.0240 2068 vmwvusb - ok
00:29:42.0271 2068 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:29:42.0271 2068 volmgr - ok
00:29:42.0318 2068 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:29:42.0318 2068 volmgrx - ok
00:29:42.0349 2068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:29:42.0365 2068 volsnap - ok
00:29:42.0396 2068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:29:42.0396 2068 vsmraid - ok
00:29:42.0443 2068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:29:42.0443 2068 vwifibus - ok
00:29:42.0459 2068 WacomPen - ok
00:29:42.0490 2068 WANARP - ok
00:29:42.0505 2068 Wanarpv6 - ok
00:29:42.0615 2068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:29:42.0615 2068 Wd - ok
00:29:42.0661 2068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:29:42.0661 2068 Wdf01000 - ok
00:29:42.0724 2068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:29:42.0724 2068 WfpLwf - ok
00:29:42.0739 2068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:29:42.0755 2068 WIMMount - ok
00:29:42.0833 2068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:29:42.0833 2068 WmiAcpi - ok
00:29:42.0895 2068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:29:42.0895 2068 ws2ifsl - ok
00:29:42.0942 2068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:29:42.0942 2068 WudfPf - ok
00:29:42.0958 2068 WUDFRd - ok
00:29:43.0005 2068 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:29:43.0036 2068 \Device\Harddisk0\DR0 - ok
00:29:43.0051 2068 Boot (0x1200) (92b7b30f8e1a21229e24105aecdabdf0) \Device\Harddisk0\DR0\Partition0
00:29:43.0051 2068 \Device\Harddisk0\DR0\Partition0 - ok
00:29:43.0051 2068 ============================================================
00:29:43.0051 2068 Scan finished
00:29:43.0051 2068 ============================================================
00:29:43.0067 2024 Detected object count: 0
00:29:43.0067 2024 Actual detected object count: 0
00:30:25.0967 3824 Deinitialize success

---------------------------------------
---------------------------------------

Here is the Avast MBR log:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 00:39:19
-----------------------------
00:39:19.301 OS Version: Windows x64 6.1.7601 Service Pack 1
00:39:19.301 Number of processors: 2 586 0xF0D
00:39:19.301 ComputerName: SCROTUS UserName:
00:39:22.062 Initialize success
00:39:22.499 AVAST engine defs: 12030300
00:39:57.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
00:39:57.568 Disk 0 Vendor: SAMSUNG_HM160HI HH100-08 Size: 152627MB BusType: 11
00:39:57.599 Disk 0 MBR read successfully
00:39:57.599 Disk 0 MBR scan
00:39:57.615 Disk 0 Windows 7 default MBR code
00:39:57.615 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149409 MB offset 63
00:39:57.646 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 3216 MB offset 305990055
00:39:57.708 Disk 0 scanning C:\Windows\system32\drivers
00:40:08.207 Service scanning
00:40:24.260 Modules scanning
00:40:24.260 Disk 0 trace - called modules:
00:40:24.291 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:40:24.306 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800451a790]
00:40:24.306 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800338c060]
00:40:25.523 AVAST engine scan C:\Windows
00:40:27.957 AVAST engine scan C:\Windows\system32
00:42:53.271 AVAST engine scan C:\Windows\system32\drivers
00:43:02.303 AVAST engine scan C:\Users\Ken Kaniff
00:44:05.156 AVAST engine scan C:\ProgramData
00:44:16.513 Scan finished successfully
00:44:50.209 Disk 0 MBR has been saved successfully to "C:\Users\Ken Kaniff\Desktop\MBR.dat"
00:44:50.224 The log file has been saved successfully to "C:\Users\Ken Kaniff\Desktop\aswMBR.txt"

-------------------------------
-------------------------------

The MBR.DAT zip is attached as requested. Thanks again.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 03 March 2012 - 11:15 AM

The logs are clean. You should be good to run these tools.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 ShiftySteve

ShiftySteve
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 05 March 2012 - 12:12 AM

Ok, so i had problems completing the ComboFix run. It almost finished, rebooting and having deleted a few items but i received an error message stating that Pev.3XE had stopped working. Also a pop up box about a mac bridge driver being unable to be digitally signed. I had to dig around inside of the ComboFix folder to find the log so here is what its thoughts were:

ComboFix 12-03-04.02 - Ken Kaniff 05/03/2012 14:03:39.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3062.1868 [GMT 10:00]
Running from: C:\Users\Ken Kaniff\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\SysWow64\Packet.dll
C:\Windows\SysWow64\pthreadVC.dll
C:\Windows\SysWow64\wpcap.dll

C:\Windows\system32\drivers\asyncmac.sys was missing
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))


.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



As requested, the Security Check by Screen317:

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

I am still seeing all those trojan etc when i run an AdvancedSystem Care 5 scan and there are some new ones appearing too! ???

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 05 March 2012 - 10:22 AM

Please make sure that Avast is disable.

Run ComboFix again. If still having difficulties in get it to run to completion and not generating a log you will need to remove Avast completely.
You can keep Windows Defender while Avast is removed.

Keep me posted.

#7 ShiftySteve

ShiftySteve
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 06 March 2012 - 03:04 AM

well, i'm pretty sure i had turned off/ disabled all the av by going into services. Combofix gets right up to the generating log section then the "Pev.3XE has stopped working" message appears and reappears no matter which option i choose (close program or search online for a solution). As the program doesn't finish, i now have new error message when attempting to open certain folders/applications: "illelgal operation attempted on a registry key that has been marked for deletion". Great! :(

I will uninstall Avast completely and run a fresh Combofix and report back. Thanks for your patience. :)

#8 ShiftySteve

ShiftySteve
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 06 March 2012 - 05:03 AM

Finally as requested, ComboFix log:


ComboFix 12-03-04.02 - Ken Kaniff 06/03/2012 19:19:30.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3062.2113 [GMT 10:00]
Running from: c:\users\Ken Kaniff\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 09:26 . 2012-03-06 09:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 04:11 . 2009-07-14 00:10 23040 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2012-03-05 03:28 . 2012-03-05 03:28 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-04 01:20 . 2012-03-05 03:46 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-04 01:19 . 2012-03-04 01:19 -------- d-----w- c:\windows\PCHEALTH
2012-03-04 01:14 . 2012-03-05 03:51 -------- d-----w- c:\programdata\Microsoft Help
2012-03-04 01:07 . 2012-03-04 01:07 -------- d-----w- c:\programdata\Hewlett-Packard
2012-03-04 01:07 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-03 13:34 . 2011-12-10 05:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-03 13:34 . 2012-03-03 13:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-03 03:58 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C15F0FA7-A92F-430D-A6CD-B6E793298721}\mpengine.dll
2012-02-29 00:42 . 2012-02-29 00:42 -------- d-----w- c:\windows\SysWow64\x64
2012-02-29 00:42 . 2009-09-23 09:30 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe
2012-02-25 06:17 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-25 06:17 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-25 06:17 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-25 06:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-25 06:17 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-25 06:15 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-02-25 06:15 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-02-25 06:15 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-02-25 06:15 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-02-25 06:15 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-02-25 06:15 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-02-25 06:15 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-02-25 06:15 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-02-25 06:15 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-02-25 06:15 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-02-25 06:15 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-02-25 06:14 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-25 06:14 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-25 05:39 . 2012-02-23 16:11 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-23 11:38 . 2012-03-06 04:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-23 11:38 . 2012-02-23 11:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-22 13:45 . 2011-12-30 07:02 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-22 12:43 . 2012-02-22 12:43 -------- d-----w- c:\programdata\IObit
2012-02-22 12:41 . 2012-02-22 12:43 -------- d-----w- c:\program files (x86)\IObit
2012-02-21 13:07 . 2012-02-21 13:07 -------- d-----w- c:\programdata\ashampoo
2012-02-21 13:06 . 2012-02-27 13:15 -------- d-----w- c:\program files (x86)\Ashampoo
2012-02-21 12:38 . 2012-02-21 12:38 -------- d-----w- c:\program files\WinPcap
2012-02-21 12:28 . 2012-03-04 01:19 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-21 12:25 . 2012-02-21 12:25 -------- d-----w- c:\programdata\Freemake
2012-02-21 12:25 . 2012-02-21 12:37 -------- d-----w- c:\program files (x86)\Freemake
2012-02-21 08:09 . 2012-02-21 08:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-21 08:08 . 2012-02-21 08:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-21 08:08 . 2012-02-21 08:08 -------- d-----w- c:\program files (x86)\Java
2012-02-19 07:04 . 2003-02-20 21:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-19 06:19 . 2012-02-19 06:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-19 06:04 . 2010-05-14 09:13 998400 ----a-w- c:\windows\system32\ykx64ncu.dll
2012-02-19 04:56 . 2012-02-19 04:56 -------- d-----w- c:\program files (x86)\Conduit
2012-02-19 04:56 . 2012-02-19 04:56 -------- d-----w- c:\program files (x86)\uTorrent
2012-02-19 04:08 . 2012-02-19 04:08 -------- d-----w- C:\Temp
2012-02-19 03:04 . 2012-02-19 03:04 -------- d-----w- c:\program files\Enigma Software Group
2012-02-19 03:04 . 2012-02-19 03:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-18 15:29 . 2012-02-19 07:38 -------- d-----w- c:\program files (x86)\InCode Solutions
2012-02-18 15:21 . 2012-02-19 07:38 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-02-18 14:04 . 2012-03-06 07:19 -------- d-----w- c:\program files (x86)\PCSafeDoctor
2012-02-18 12:02 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-18 12:01 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-18 12:00 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-18 12:00 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-18 12:00 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-18 12:00 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-18 12:00 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-18 12:00 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-18 12:00 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-18 12:00 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-18 12:00 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-18 12:00 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-18 12:00 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-18 09:31 . 2012-02-18 09:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 09:31 . 2012-02-18 09:31 -------- d-----w- c:\windows\SysWow64\Macromed
2012-02-18 08:35 . 2007-01-19 08:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-02-18 08:12 . 2012-02-18 08:12 -------- d-----w- c:\programdata\Malwarebytes
2012-02-16 22:53 . 2012-02-16 22:53 -------- d-----w- c:\windows\system32\appmgmt
2012-02-15 11:37 . 2012-02-15 11:37 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-02-15 08:55 . 2012-02-19 06:00 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2012-02-15 03:26 . 2012-02-19 06:04 -------- d-----w- c:\program files (x86)\Marvell
2012-02-13 05:52 . 2012-02-18 09:02 -------- d-----w- c:\program files (x86)\Google
2012-02-12 12:54 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-12 12:54 . 2012-03-05 03:54 -------- d-sh--w- c:\windows\Installer
2012-02-12 12:53 . 2012-03-06 09:07 -------- d-----w- c:\programdata\AVAST Software
2012-02-12 12:53 . 2012-02-12 12:53 -------- d-----w- c:\program files\AVAST Software
2012-02-12 12:51 . 2012-02-12 12:51 -------- d-----w- c:\programdata\Common Files
2012-02-12 12:50 . 2012-02-12 12:51 -------- d-----w- c:\programdata\MFAData
2012-02-12 12:33 . 2012-03-06 07:23 -------- d-----w- c:\users\Ken Kaniff
2012-02-12 12:27 . 2012-02-17 05:44 -------- d-----w- C:\Recovery
2012-02-12 11:53 . 2012-03-06 07:23 -------- d-----w- C:\Boot
2012-02-11 22:30 . 2012-02-11 22:30 -------- d-----w- C:\DOCS
2012-02-11 11:15 . 2012-02-11 11:15 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 12:29 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-02-12 12:29 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-02-12 12:29 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-02-12 12:29 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-02-12 12:29 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2012-01-28 19:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-02-12 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-02-12 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"pcsafedoctor.exe"="c:\program files (x86)\PCSafeDoctor\pcsafedoctor.exe" [2012-01-18 2055680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"DontDisplayLockedUserId"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\saxndis.sys [x]
R3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk62x64l.sys [x]
R3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk62x64v.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S1 aswKbd;aswKbd; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-02-20 76288]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-02-20 8704]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 09:01]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 09:01]
.
2012-03-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eb6fcf16-8d50-410f-af6e-fd723c1e6a7f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.igoogle.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
HKLM-Run-combofix - c:\combofix\CF11506.3XE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.99\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2012-03-06 19:37:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 09:37
.
Pre-Run: 126,058,106,880 bytes free
Post-Run: 125,546,340,352 bytes free
.
- - End Of File - - 1CAF2F46E73C02CAAF34C8E1D4414083

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 06 March 2012 - 10:46 AM

As the program doesn't finish, i now have new error message when attempting to open certain folders/applications: "illelgal operation attempted on a registry key that has been marked for deletion". Great!


After a restart of the computer this error will stop.

Your log is clean.

Any pending issues with this computer?

#10 ShiftySteve

ShiftySteve
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 06 March 2012 - 10:06 PM

Excellent news! Everything seems to be running smoothly and no more redirects. Thank you very much for your time Nasdaq. :busy:

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 07 March 2012 - 10:53 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 13 March 2012 - 08:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users