Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezing randomly


  • This topic is locked This topic is locked
13 replies to this topic

#1 ptad

ptad

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 02 March 2012 - 03:25 PM

Link to topic from Am I Infected?
http://www.bleepingcomputer.com/forums/topic443984.html

I'm currently prepping for finals week so it really hurt me this morning to find that my laptop is freezing within a maximum of ten minutes of booting up after a malwarebytes scan which found one threat. After cleaning, my laptop has been nearly unusable. Sometimes it freezes after entering my password to log in and other times freezes anywhere from 5-10 minutes of use. When it freezes I can do absolutely nothing no CTRL ALT DELETE, and I am forced to use a manual shut down with the power button. Sometimes I can't past the Welcome Screen, sometimes it freezes when I make it to the desktop, or sometimes it just freezes randomly during browsing the web or working with Microsoft Office applications which leads me to believe that I still may have not gotten rid of the bug. Any help would be extremely helpful since I have no idea how to analyze combofix and hijack logs.

Thanks for any help and logs are provided!

-------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Pat at 14:56:50 on 2012-03-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2042.1134 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\pat\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{51C92992-E126-43C7-B8E5-D0E5C9212DD0} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{51C92992-E126-43C7-B8E5-D0E5C9212DD0}\C696E6B6379737F547164737 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{51C92992-E126-43C7-B8E5-D0E5C9212DD0}\F637577657563747 : DhcpNameServer = 128.146.1.7 128.146.48.7
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pat\appdata\roaming\mozilla\firefox\profiles\0h2hwxou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.7is7.com/otto/countdown.html
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\pat\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\pat\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\users\pat\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\pat\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-1 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-25 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-25 337112]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-5 163328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-25 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-25 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-24 44768]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-5 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-5 264192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-5 86032]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-10-14 227896]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2009-6-13 221912]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-5-10 6758912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-6-1 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-16 1153368]
S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-1 40776]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2010-6-1 49152]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
.
=============== Created Last 30 ================
.
2012-03-02 19:11:29 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{df2bd4ea-4ca7-4fe2-8ba9-a865fe324830}\mpengine.dll
2012-03-02 04:41:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-28 05:40:17 -------- d-----w- c:\users\pat\appdata\local\ATI
2012-02-28 05:39:40 -------- d-----w- c:\program files\AMD APP
2012-02-28 05:39:36 -------- d-----w- c:\program files\common files\ATI Technologies
2012-02-28 05:31:49 -------- d-----w- C:\AMD
2012-02-24 21:33:05 -------- d-----w- c:\users\pat\appdata\local\ElevatedDiagnostics
2012-02-24 19:53:50 -------- d-----w- c:\windows\pss
2012-02-24 16:55:05 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-15 15:56:46 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:56:43 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-12 18:10:55 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6138d5f8-0ae2-4934-9545-3dc84d415372}\gapaengine.dll
.
==================== Find3M ====================
.
2012-03-02 19:44:47 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-24 18:08:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-19 22:13:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 18:00:59 290304 ----a-w- C:\subinacl.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 03:44:22 9067008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:17:50 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- c:\windows\system32\aticfx32.dll
2011-12-06 03:12:52 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12:16 404992 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11:44 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10:30 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-12-06 03:10:12 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-12-06 03:09:54 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-12-06 03:06:38 6159872 ----a-w- c:\windows\system32\atidxx32.dll
2011-12-06 03:04:00 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-12-06 03:03:52 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-12-06 03:03:04 14499328 ----a-w- c:\windows\system32\amdocl.dll
2011-12-06 03:02:16 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-06 02:56:40 19125760 ----a-w- c:\windows\system32\atioglxx.dll
2011-12-06 02:39:24 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-12-06 02:34:24 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-12-06 02:34:14 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-12-06 02:33:36 5919232 ----a-w- c:\windows\system32\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- c:\windows\system32\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- c:\windows\system32\atiumdva.dll
2011-12-06 02:18:42 51200 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:12:50 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12:34 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12:22 33280 ----a-w- c:\windows\system32\atigktxx.dll
2011-12-06 02:11:50 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11:16 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2011-12-06 02:11:02 29696 ----a-w- c:\windows\system32\atiu9pag.dll
2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-05 19:47:16 86032 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
.
============= FINISH: 14:58:05.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 03 March 2012 - 03:49 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 March 2012 - 03:53 PM

Thanks for the quick response! I ran combofix and while in Windows it stated multiple times it found a RootKit.ZeroAccess. It then restarted and went through the 50 stages. After that it started deleting at least 15 files and then saying that files were infected and restoring them. The problem is after that it restarted Windows but it did not provide me a log when I got onto Windows like it was supposed to. Anyway it saved it somewhere without telling me?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 03 March 2012 - 05:14 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 March 2012 - 05:36 PM

I'm having trouble getting it to run in Safe Mode. I reached Safe Mode with no problems just as you described. When I click Combofix it does the installation of files then warns me that avast is on. Even though avast is not on the bottom right I opened it and it said Real-time protection is off. Still, Combofix say that it is on, but I click OK twice to ignore the warnings. After that nothing happens. On normal boot it installed files and then opened the DOS prompt.

Thanks for any suggestions you may have.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 03 March 2012 - 09:19 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 March 2012 - 09:59 PM

No problems, logs as requested.

21:46:55.0888 4120 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:46:56.0234 4120 ============================================================
21:46:56.0234 4120 Current date / time: 2012/03/03 21:46:56.0234
21:46:56.0234 4120 SystemInfo:
21:46:56.0234 4120
21:46:56.0234 4120 OS Version: 6.1.7601 ServicePack: 1.0
21:46:56.0234 4120 Product type: Workstation
21:46:56.0234 4120 ComputerName: PAT-PC
21:46:56.0234 4120 UserName: Pat
21:46:56.0234 4120 Windows directory: C:\Windows
21:46:56.0234 4120 System windows directory: C:\Windows
21:46:56.0234 4120 Processor architecture: Intel x86
21:46:56.0234 4120 Number of processors: 2
21:46:56.0234 4120 Page size: 0x1000
21:46:56.0234 4120 Boot type: Normal boot
21:46:56.0234 4120 ============================================================
21:46:57.0375 4120 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:46:57.0379 4120 \Device\Harddisk0\DR0:
21:46:57.0380 4120 MBR used
21:46:57.0380 4120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1CFBE9BE
21:46:57.0380 4120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1CFC28BE, BlocksNum 0x201CC3
21:46:57.0461 4120 Initialize success
21:46:57.0461 4120 ============================================================
21:47:00.0139 3104 ============================================================
21:47:00.0139 3104 Scan started
21:47:00.0139 3104 Mode: Manual;
21:47:00.0139 3104 ============================================================
21:47:01.0089 3104 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:47:01.0090 3104 1394ohci - ok
21:47:01.0137 3104 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:47:01.0138 3104 Accelerometer - ok
21:47:01.0199 3104 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:47:01.0201 3104 ACPI - ok
21:47:01.0238 3104 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:47:01.0239 3104 AcpiPmi - ok
21:47:01.0285 3104 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
21:47:01.0287 3104 ADIHdAudAddService - ok
21:47:01.0325 3104 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:47:01.0327 3104 adp94xx - ok
21:47:01.0352 3104 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:47:01.0354 3104 adpahci - ok
21:47:01.0378 3104 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:47:01.0379 3104 adpu320 - ok
21:47:01.0451 3104 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
21:47:01.0453 3104 AFD - ok
21:47:01.0523 3104 AgereSoftModem (c6fa08a8cca9001f3197525b07331715) C:\Windows\system32\DRIVERS\AGRSM.sys
21:47:01.0530 3104 AgereSoftModem - ok
21:47:01.0564 3104 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:47:01.0565 3104 agp440 - ok
21:47:01.0604 3104 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:47:01.0605 3104 aic78xx - ok
21:47:01.0639 3104 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:47:01.0639 3104 aliide - ok
21:47:01.0690 3104 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:47:01.0691 3104 amdagp - ok
21:47:01.0711 3104 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:47:01.0712 3104 amdide - ok
21:47:01.0742 3104 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:47:01.0743 3104 AmdK8 - ok
21:47:01.0972 3104 amdkmdag (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
21:47:02.0021 3104 amdkmdag - ok
21:47:02.0085 3104 amdkmdap (5e1c65524ff1713711ce27879d813384) C:\Windows\system32\DRIVERS\atikmpag.sys
21:47:02.0087 3104 amdkmdap - ok
21:47:02.0113 3104 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:47:02.0114 3104 AmdPPM - ok
21:47:02.0163 3104 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:47:02.0164 3104 amdsata - ok
21:47:02.0188 3104 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:47:02.0189 3104 amdsbs - ok
21:47:02.0211 3104 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:47:02.0212 3104 amdxata - ok
21:47:02.0258 3104 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:47:02.0259 3104 AppID - ok
21:47:02.0305 3104 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:47:02.0306 3104 arc - ok
21:47:02.0324 3104 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:47:02.0325 3104 arcsas - ok
21:47:02.0358 3104 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\Windows\system32\drivers\aswFsBlk.sys
21:47:02.0358 3104 aswFsBlk - ok
21:47:02.0422 3104 aswMonFlt (0787b434e9098840966c23bb1c77df49) C:\Windows\system32\drivers\aswMonFlt.sys
21:47:02.0423 3104 aswMonFlt - ok
21:47:02.0468 3104 aswRdr (03a901b0ba42aac44d7669c7c71dbbc0) C:\Windows\System32\Drivers\aswrdr2.sys
21:47:02.0469 3104 aswRdr - ok
21:47:02.0510 3104 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\Windows\system32\drivers\aswSnx.sys
21:47:02.0514 3104 aswSnx - ok
21:47:02.0553 3104 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\Windows\system32\drivers\aswSP.sys
21:47:02.0555 3104 aswSP - ok
21:47:02.0594 3104 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\Windows\system32\drivers\aswTdi.sys
21:47:02.0595 3104 aswTdi - ok
21:47:02.0630 3104 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:02.0631 3104 AsyncMac - ok
21:47:02.0653 3104 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:47:02.0654 3104 atapi - ok
21:47:02.0725 3104 AtiHDAudioService (4d201d8b576be4473405b2a86a2d28b3) C:\Windows\system32\drivers\AtihdW73.sys
21:47:02.0726 3104 AtiHDAudioService - ok
21:47:02.0780 3104 AtiHdmiService (36a49b49e982450ac117eda6ab35bdf5) C:\Windows\system32\drivers\AtiHdmi.sys
21:47:02.0781 3104 AtiHdmiService - ok
21:47:02.0980 3104 atikmdag (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
21:47:03.0032 3104 atikmdag - ok
21:47:03.0084 3104 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
21:47:03.0087 3104 ATSwpWDF - ok
21:47:03.0154 3104 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:47:03.0157 3104 b06bdrv - ok
21:47:03.0190 3104 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:47:03.0191 3104 b57nd60x - ok
21:47:03.0214 3104 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:47:03.0215 3104 Beep - ok
21:47:03.0279 3104 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:47:03.0280 3104 blbdrive - ok
21:47:03.0350 3104 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:47:03.0351 3104 bowser - ok
21:47:03.0375 3104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:47:03.0376 3104 BrFiltLo - ok
21:47:03.0398 3104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:47:03.0398 3104 BrFiltUp - ok
21:47:03.0460 3104 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:47:03.0462 3104 BridgeMP - ok
21:47:03.0492 3104 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:47:03.0494 3104 Brserid - ok
21:47:03.0511 3104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:03.0512 3104 BrSerWdm - ok
21:47:03.0534 3104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:03.0534 3104 BrUsbMdm - ok
21:47:03.0546 3104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:03.0547 3104 BrUsbSer - ok
21:47:03.0606 3104 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
21:47:03.0607 3104 BthEnum - ok
21:47:03.0629 3104 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:47:03.0630 3104 BTHMODEM - ok
21:47:03.0662 3104 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:47:03.0663 3104 BthPan - ok
21:47:03.0697 3104 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:47:03.0700 3104 BTHPORT - ok
21:47:03.0725 3104 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:47:03.0726 3104 BTHUSB - ok
21:47:03.0757 3104 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
21:47:03.0758 3104 btusbflt - ok
21:47:03.0819 3104 catchme - ok
21:47:03.0863 3104 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:47:03.0864 3104 cdfs - ok
21:47:03.0923 3104 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:47:03.0924 3104 cdrom - ok
21:47:03.0952 3104 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:47:03.0952 3104 circlass - ok
21:47:03.0984 3104 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:47:03.0986 3104 CLFS - ok
21:47:04.0017 3104 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:04.0018 3104 CmBatt - ok
21:47:04.0059 3104 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:47:04.0060 3104 cmdide - ok
21:47:04.0105 3104 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:47:04.0108 3104 CNG - ok
21:47:04.0150 3104 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:47:04.0151 3104 Compbatt - ok
21:47:04.0208 3104 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:47:04.0209 3104 CompositeBus - ok
21:47:04.0244 3104 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:47:04.0244 3104 crcdisk - ok
21:47:04.0326 3104 dc3d (4d926450ab184bf42aec1401d264acdc) C:\Windows\system32\DRIVERS\dc3d.sys
21:47:04.0326 3104 dc3d - ok
21:47:04.0366 3104 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:47:04.0367 3104 DfsC - ok
21:47:04.0387 3104 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:47:04.0388 3104 discache - ok
21:47:04.0419 3104 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:47:04.0421 3104 Disk - ok
21:47:04.0462 3104 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:47:04.0463 3104 Dot4 - ok
21:47:04.0517 3104 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
21:47:04.0517 3104 Dot4Print - ok
21:47:04.0549 3104 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:47:04.0550 3104 dot4usb - ok
21:47:04.0585 3104 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:47:04.0586 3104 drmkaud - ok
21:47:04.0632 3104 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:47:04.0637 3104 DXGKrnl - ok
21:47:04.0679 3104 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
21:47:04.0680 3104 e1yexpress - ok
21:47:04.0776 3104 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:47:04.0794 3104 ebdrv - ok
21:47:04.0828 3104 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:47:04.0831 3104 elxstor - ok
21:47:04.0869 3104 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:47:04.0870 3104 ErrDev - ok
21:47:04.0895 3104 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:47:04.0896 3104 exfat - ok
21:47:04.0922 3104 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:47:04.0923 3104 fastfat - ok
21:47:04.0945 3104 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:47:04.0946 3104 fdc - ok
21:47:05.0024 3104 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:47:05.0025 3104 FileInfo - ok
21:47:05.0141 3104 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:47:05.0142 3104 Filetrace - ok
21:47:05.0155 3104 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:05.0156 3104 flpydisk - ok
21:47:05.0180 3104 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:47:05.0182 3104 FltMgr - ok
21:47:05.0204 3104 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:47:05.0205 3104 FsDepends - ok
21:47:05.0216 3104 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:47:05.0217 3104 Fs_Rec - ok
21:47:05.0262 3104 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:47:05.0263 3104 fvevol - ok
21:47:05.0288 3104 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:47:05.0289 3104 gagp30kx - ok
21:47:05.0329 3104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:47:05.0330 3104 GEARAspiWDM - ok
21:47:05.0370 3104 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
21:47:05.0372 3104 giveio - ok
21:47:05.0407 3104 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
21:47:05.0408 3104 HBtnKey - ok
21:47:05.0434 3104 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:47:05.0434 3104 hcw85cir - ok
21:47:05.0494 3104 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:47:05.0496 3104 HdAudAddService - ok
21:47:05.0544 3104 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:47:05.0546 3104 HDAudBus - ok
21:47:05.0567 3104 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:47:05.0568 3104 HidBatt - ok
21:47:05.0587 3104 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:47:05.0589 3104 HidBth - ok
21:47:05.0609 3104 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:47:05.0610 3104 HidIr - ok
21:47:05.0654 3104 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:47:05.0655 3104 HidUsb - ok
21:47:05.0730 3104 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:47:05.0731 3104 hpdskflt - ok
21:47:05.0792 3104 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:47:05.0793 3104 HpqKbFiltr - ok
21:47:05.0831 3104 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:47:05.0832 3104 HpSAMD - ok
21:47:05.0896 3104 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:47:05.0899 3104 HTTP - ok
21:47:05.0934 3104 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:47:05.0935 3104 hwpolicy - ok
21:47:05.0975 3104 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:47:05.0976 3104 i8042prt - ok
21:47:06.0019 3104 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:47:06.0021 3104 iaStorV - ok
21:47:06.0072 3104 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:47:06.0073 3104 iirsp - ok
21:47:06.0119 3104 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:47:06.0120 3104 intelide - ok
21:47:06.0152 3104 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:47:06.0153 3104 intelppm - ok
21:47:06.0176 3104 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:06.0177 3104 IpFilterDriver - ok
21:47:06.0222 3104 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:47:06.0223 3104 IPMIDRV - ok
21:47:06.0242 3104 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:47:06.0243 3104 IPNAT - ok
21:47:06.0292 3104 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:47:06.0293 3104 IRENUM - ok
21:47:06.0329 3104 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:47:06.0330 3104 isapnp - ok
21:47:06.0373 3104 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:47:06.0375 3104 iScsiPrt - ok
21:47:06.0405 3104 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:06.0406 3104 kbdclass - ok
21:47:06.0458 3104 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:47:06.0459 3104 kbdhid - ok
21:47:06.0506 3104 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:47:06.0507 3104 KSecDD - ok
21:47:06.0555 3104 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:47:06.0557 3104 KSecPkg - ok
21:47:06.0585 3104 Lbd - ok
21:47:06.0627 3104 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:47:06.0628 3104 lltdio - ok
21:47:06.0661 3104 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:47:06.0662 3104 LSI_FC - ok
21:47:06.0681 3104 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:47:06.0682 3104 LSI_SAS - ok
21:47:06.0709 3104 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:47:06.0710 3104 LSI_SAS2 - ok
21:47:06.0722 3104 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:47:06.0724 3104 LSI_SCSI - ok
21:47:06.0760 3104 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:47:06.0761 3104 luafv - ok
21:47:06.0818 3104 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
21:47:06.0819 3104 MBAMSwissArmy - ok
21:47:06.0860 3104 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
21:47:06.0861 3104 mcdbus - ok
21:47:06.0897 3104 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:47:06.0898 3104 megasas - ok
21:47:06.0930 3104 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:47:06.0932 3104 MegaSR - ok
21:47:06.0956 3104 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:47:06.0957 3104 Modem - ok
21:47:06.0989 3104 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:47:06.0990 3104 monitor - ok
21:47:07.0038 3104 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:47:07.0039 3104 mouclass - ok
21:47:07.0066 3104 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:47:07.0067 3104 mouhid - ok
21:47:07.0107 3104 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:47:07.0108 3104 mountmgr - ok
21:47:07.0157 3104 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:47:07.0158 3104 MpFilter - ok
21:47:07.0200 3104 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:47:07.0202 3104 mpio - ok
21:47:07.0251 3104 MpKsl139e7b1f - ok
21:47:07.0260 3104 MpKsl15414997 - ok
21:47:07.0284 3104 MpKsl168dedc2 - ok
21:47:07.0296 3104 MpKsl3293ee02 - ok
21:47:07.0309 3104 MpKsl34882c3e - ok
21:47:07.0317 3104 MpKsl3bc88933 - ok
21:47:07.0325 3104 MpKsl3d854585 - ok
21:47:07.0364 3104 MpKsl43d1f055 - ok
21:47:07.0380 3104 MpKsl49d2ed14 - ok
21:47:07.0388 3104 MpKsl4fc51bc1 - ok
21:47:07.0396 3104 MpKsl551a7224 - ok
21:47:07.0412 3104 MpKsl57868932 - ok
21:47:07.0421 3104 MpKsl654ce7e9 - ok
21:47:07.0428 3104 MpKsl7762d3a5 - ok
21:47:07.0435 3104 MpKsl7b3b5cc3 - ok
21:47:07.0442 3104 MpKsl7c1f51f7 - ok
21:47:07.0451 3104 MpKsl7e2fc4b8 - ok
21:47:07.0466 3104 MpKsl8160810c - ok
21:47:07.0473 3104 MpKsl8479611b - ok
21:47:07.0487 3104 MpKsl89ed592f - ok
21:47:07.0497 3104 MpKsl8af40470 - ok
21:47:07.0506 3104 MpKsl8eeadc2a - ok
21:47:07.0514 3104 MpKsl90867ab8 - ok
21:47:07.0522 3104 MpKsl97d308b6 - ok
21:47:07.0530 3104 MpKsl9b066ffc - ok
21:47:07.0537 3104 MpKsla8525c20 - ok
21:47:07.0545 3104 MpKslb337f1d4 - ok
21:47:07.0554 3104 MpKslb7edc61f - ok
21:47:07.0569 3104 MpKslbc75321f - ok
21:47:07.0582 3104 MpKslcb136786 - ok
21:47:07.0588 3104 MpKsld156f713 - ok
21:47:07.0595 3104 MpKsle69e41fb - ok
21:47:07.0603 3104 MpKslea6c12c0 - ok
21:47:07.0688 3104 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:47:07.0689 3104 MpNWMon - ok
21:47:07.0719 3104 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:47:07.0720 3104 mpsdrv - ok
21:47:07.0767 3104 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:47:07.0769 3104 MRxDAV - ok
21:47:07.0824 3104 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:07.0825 3104 mrxsmb - ok
21:47:07.0863 3104 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:07.0865 3104 mrxsmb10 - ok
21:47:07.0884 3104 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:07.0885 3104 mrxsmb20 - ok
21:47:07.0928 3104 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:47:07.0929 3104 msahci - ok
21:47:07.0972 3104 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:47:07.0974 3104 msdsm - ok
21:47:08.0020 3104 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:47:08.0021 3104 Msfs - ok
21:47:08.0033 3104 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:47:08.0034 3104 mshidkmdf - ok
21:47:08.0073 3104 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:47:08.0074 3104 msisadrv - ok
21:47:08.0109 3104 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:47:08.0110 3104 MSKSSRV - ok
21:47:08.0141 3104 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:08.0142 3104 MSPCLOCK - ok
21:47:08.0160 3104 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:47:08.0161 3104 MSPQM - ok
21:47:08.0187 3104 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:47:08.0189 3104 MsRPC - ok
21:47:08.0233 3104 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:47:08.0234 3104 mssmbios - ok
21:47:08.0274 3104 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:47:08.0275 3104 MSTEE - ok
21:47:08.0293 3104 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:47:08.0293 3104 MTConfig - ok
21:47:08.0313 3104 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:47:08.0314 3104 Mup - ok
21:47:08.0349 3104 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:47:08.0351 3104 NativeWifiP - ok
21:47:08.0411 3104 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:47:08.0416 3104 NDIS - ok
21:47:08.0440 3104 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:47:08.0441 3104 NdisCap - ok
21:47:08.0475 3104 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:08.0476 3104 NdisTapi - ok
21:47:08.0512 3104 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:08.0513 3104 Ndisuio - ok
21:47:08.0551 3104 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:08.0552 3104 NdisWan - ok
21:47:08.0589 3104 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:47:08.0590 3104 NDProxy - ok
21:47:08.0640 3104 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:47:08.0641 3104 NetBIOS - ok
21:47:08.0662 3104 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:47:08.0664 3104 NetBT - ok
21:47:08.0847 3104 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:47:08.0884 3104 NETw5s32 - ok
21:47:08.0982 3104 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:47:09.0005 3104 netw5v32 - ok
21:47:09.0046 3104 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:47:09.0047 3104 nfrd960 - ok
21:47:09.0098 3104 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:47:09.0099 3104 NisDrv - ok
21:47:09.0151 3104 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:47:09.0152 3104 Npfs - ok
21:47:09.0172 3104 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:47:09.0173 3104 nsiproxy - ok
21:47:09.0246 3104 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:47:09.0254 3104 Ntfs - ok
21:47:09.0273 3104 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:47:09.0274 3104 Null - ok
21:47:09.0314 3104 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:47:09.0315 3104 nvraid - ok
21:47:09.0336 3104 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:47:09.0338 3104 nvstor - ok
21:47:09.0373 3104 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:47:09.0374 3104 nv_agp - ok
21:47:09.0420 3104 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:47:09.0421 3104 ohci1394 - ok
21:47:09.0470 3104 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:47:09.0471 3104 Parport - ok
21:47:09.0512 3104 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:47:09.0513 3104 partmgr - ok
21:47:09.0532 3104 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:47:09.0533 3104 Parvdm - ok
21:47:09.0591 3104 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
21:47:09.0592 3104 pavboot - ok
21:47:09.0632 3104 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:47:09.0633 3104 pci - ok
21:47:09.0670 3104 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:47:09.0671 3104 pciide - ok
21:47:09.0702 3104 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:47:09.0704 3104 pcmcia - ok
21:47:09.0722 3104 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:47:09.0723 3104 pcw - ok
21:47:09.0749 3104 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:47:09.0752 3104 PEAUTH - ok
21:47:09.0820 3104 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:47:09.0821 3104 PptpMiniport - ok
21:47:09.0847 3104 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:47:09.0848 3104 Processor - ok
21:47:09.0876 3104 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:47:09.0877 3104 Psched - ok
21:47:09.0924 3104 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:47:09.0932 3104 ql2300 - ok
21:47:09.0949 3104 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:47:09.0951 3104 ql40xx - ok
21:47:09.0977 3104 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:47:09.0978 3104 QWAVEdrv - ok
21:47:10.0018 3104 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:47:10.0019 3104 RasAcd - ok
21:47:10.0062 3104 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:47:10.0063 3104 RasAgileVpn - ok
21:47:10.0084 3104 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:10.0085 3104 Rasl2tp - ok
21:47:10.0117 3104 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:10.0118 3104 RasPppoe - ok
21:47:10.0146 3104 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:47:10.0148 3104 RasSstp - ok
21:47:10.0190 3104 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:47:10.0192 3104 rdbss - ok
21:47:10.0211 3104 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:47:10.0212 3104 rdpbus - ok
21:47:10.0247 3104 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:10.0247 3104 RDPCDD - ok
21:47:10.0289 3104 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:47:10.0291 3104 RDPDR - ok
21:47:10.0339 3104 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:47:10.0340 3104 RDPENCDD - ok
21:47:10.0363 3104 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:47:10.0364 3104 RDPREFMP - ok
21:47:10.0401 3104 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:47:10.0403 3104 RDPWD - ok
21:47:10.0442 3104 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:47:10.0444 3104 rdyboost - ok
21:47:10.0495 3104 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:47:10.0497 3104 RFCOMM - ok
21:47:10.0542 3104 RICOH SmartCard Reader (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
21:47:10.0544 3104 RICOH SmartCard Reader - ok
21:47:10.0572 3104 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:47:10.0573 3104 rimmptsk - ok
21:47:10.0593 3104 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:47:10.0594 3104 rimsptsk - ok
21:47:10.0607 3104 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
21:47:10.0608 3104 rismc32 - ok
21:47:10.0632 3104 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:47:10.0633 3104 rismxdp - ok
21:47:10.0695 3104 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:47:10.0696 3104 rspndr - ok
21:47:10.0739 3104 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:47:10.0740 3104 s3cap - ok
21:47:10.0803 3104 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:47:10.0803 3104 SASDIFSV - ok
21:47:10.0825 3104 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:47:10.0826 3104 SASKUTIL - ok
21:47:10.0852 3104 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:47:10.0853 3104 sbp2port - ok
21:47:10.0897 3104 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:47:10.0898 3104 scfilter - ok
21:47:10.0955 3104 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:47:10.0956 3104 sdbus - ok
21:47:10.0998 3104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:47:10.0999 3104 secdrv - ok
21:47:11.0032 3104 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:47:11.0033 3104 Serenum - ok
21:47:11.0052 3104 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:47:11.0053 3104 Serial - ok
21:47:11.0088 3104 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:47:11.0089 3104 sermouse - ok
21:47:11.0147 3104 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:47:11.0148 3104 sffdisk - ok
21:47:11.0161 3104 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:47:11.0162 3104 sffp_mmc - ok
21:47:11.0181 3104 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:47:11.0182 3104 sffp_sd - ok
21:47:11.0200 3104 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:47:11.0201 3104 sfloppy - ok
21:47:11.0245 3104 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:47:11.0246 3104 sisagp - ok
21:47:11.0276 3104 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:47:11.0278 3104 SiSRaid2 - ok
21:47:11.0302 3104 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:47:11.0304 3104 SiSRaid4 - ok
21:47:11.0341 3104 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:47:11.0342 3104 Smb - ok
21:47:11.0412 3104 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
21:47:11.0416 3104 speedfan - ok
21:47:11.0431 3104 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:47:11.0432 3104 spldr - ok
21:47:11.0485 3104 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:47:11.0487 3104 srv - ok
21:47:11.0511 3104 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:47:11.0513 3104 srv2 - ok
21:47:11.0532 3104 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:47:11.0534 3104 srvnet - ok
21:47:11.0576 3104 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:47:11.0577 3104 stexstor - ok
21:47:11.0618 3104 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:47:11.0619 3104 storflt - ok
21:47:11.0658 3104 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:47:11.0659 3104 storvsc - ok
21:47:11.0693 3104 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:47:11.0694 3104 swenum - ok
21:47:11.0750 3104 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
21:47:11.0758 3104 SynTP - ok
21:47:11.0825 3104 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:47:11.0833 3104 Tcpip - ok
21:47:11.0875 3104 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:47:11.0883 3104 TCPIP6 - ok
21:47:11.0925 3104 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:47:11.0927 3104 tcpipreg - ok
21:47:11.0965 3104 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:47:11.0966 3104 TDPIPE - ok
21:47:11.0985 3104 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:47:11.0986 3104 TDTCP - ok
21:47:12.0030 3104 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:47:12.0031 3104 tdx - ok
21:47:12.0076 3104 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:47:12.0077 3104 TermDD - ok
21:47:12.0131 3104 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
21:47:12.0132 3104 TPM - ok
21:47:12.0173 3104 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:12.0174 3104 tssecsrv - ok
21:47:12.0237 3104 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:47:12.0239 3104 TsUsbFlt - ok
21:47:12.0300 3104 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:47:12.0302 3104 tunnel - ok
21:47:12.0340 3104 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:47:12.0341 3104 uagp35 - ok
21:47:12.0388 3104 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:47:12.0391 3104 udfs - ok
21:47:12.0437 3104 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:47:12.0439 3104 uliagpkx - ok
21:47:12.0485 3104 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:47:12.0486 3104 umbus - ok
21:47:12.0512 3104 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:47:12.0513 3104 UmPass - ok
21:47:12.0560 3104 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:47:12.0561 3104 USBAAPL - ok
21:47:12.0595 3104 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:12.0596 3104 usbccgp - ok
21:47:12.0639 3104 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:47:12.0640 3104 usbcir - ok
21:47:12.0676 3104 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:47:12.0677 3104 usbehci - ok
21:47:12.0733 3104 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:47:12.0736 3104 usbhub - ok
21:47:12.0760 3104 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:47:12.0761 3104 usbohci - ok
21:47:12.0790 3104 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:47:12.0791 3104 usbprint - ok
21:47:12.0821 3104 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:47:12.0823 3104 usbscan - ok
21:47:12.0862 3104 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:12.0863 3104 USBSTOR - ok
21:47:12.0885 3104 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:47:12.0887 3104 usbuhci - ok
21:47:12.0935 3104 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
21:47:12.0936 3104 usb_rndisx - ok
21:47:12.0972 3104 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:47:12.0973 3104 vdrvroot - ok
21:47:12.0998 3104 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:12.0999 3104 vga - ok
21:47:13.0023 3104 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:47:13.0024 3104 VgaSave - ok
21:47:13.0064 3104 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:47:13.0066 3104 vhdmp - ok
21:47:13.0093 3104 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:47:13.0094 3104 viaagp - ok
21:47:13.0112 3104 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:47:13.0114 3104 ViaC7 - ok
21:47:13.0134 3104 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:47:13.0136 3104 viaide - ok
21:47:13.0180 3104 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:47:13.0182 3104 vmbus - ok
21:47:13.0202 3104 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:47:13.0203 3104 VMBusHID - ok
21:47:13.0221 3104 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:47:13.0222 3104 volmgr - ok
21:47:13.0259 3104 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:47:13.0261 3104 volmgrx - ok
21:47:13.0303 3104 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:47:13.0305 3104 volsnap - ok
21:47:13.0341 3104 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:47:13.0343 3104 vsmraid - ok
21:47:13.0370 3104 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:47:13.0371 3104 vwifibus - ok
21:47:13.0393 3104 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:47:13.0395 3104 vwififlt - ok
21:47:13.0417 3104 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:47:13.0418 3104 WacomPen - ok
21:47:13.0485 3104 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:13.0487 3104 WANARP - ok
21:47:13.0491 3104 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:13.0492 3104 Wanarpv6 - ok
21:47:13.0532 3104 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:47:13.0534 3104 Wd - ok
21:47:13.0563 3104 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:47:13.0566 3104 Wdf01000 - ok
21:47:13.0611 3104 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:13.0612 3104 WfpLwf - ok
21:47:13.0625 3104 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:47:13.0626 3104 WIMMount - ok
21:47:13.0725 3104 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:47:13.0726 3104 WinUsb - ok
21:47:13.0759 3104 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:47:13.0760 3104 WmiAcpi - ok
21:47:13.0802 3104 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:47:13.0804 3104 ws2ifsl - ok
21:47:13.0853 3104 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:47:13.0854 3104 WudfPf - ok
21:47:13.0881 3104 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:13.0882 3104 WUDFRd - ok
21:47:13.0930 3104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:47:13.0959 3104 \Device\Harddisk0\DR0 - ok
21:47:13.0962 3104 Boot (0x1200) (cc3a29fc8ba0a97e23f49d393c991059) \Device\Harddisk0\DR0\Partition0
21:47:13.0963 3104 \Device\Harddisk0\DR0\Partition0 - ok
21:47:13.0973 3104 Boot (0x1200) (63ceea93f3d071425cc64e3c3b53c0f3) \Device\Harddisk0\DR0\Partition1
21:47:13.0974 3104 \Device\Harddisk0\DR0\Partition1 - ok
21:47:13.0974 3104 ============================================================
21:47:13.0974 3104 Scan finished
21:47:13.0974 3104 ============================================================
21:47:14.0030 2812 Detected object count: 0
21:47:14.0030 2812 Actual detected object count: 0




-----------
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 21:47:54
-----------------------------
21:47:54.258 OS Version: Windows 6.1.7601 Service Pack 1
21:47:54.259 Number of processors: 2 586 0x170A
21:47:54.260 ComputerName: PAT-PC UserName: Pat
21:48:11.296 Initialize success
21:48:11.713 AVAST engine defs: 12030301
21:48:19.182 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:48:19.185 Disk 0 Vendor: ST9250421AS HP15 Size: 238475MB BusType: 11
21:48:19.250 Disk 0 MBR read successfully
21:48:19.254 Disk 0 MBR scan
21:48:19.267 Disk 0 Windows 7 default MBR code
21:48:19.271 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 237437 MB offset 63
21:48:19.313 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 486287550
21:48:19.321 Disk 0 scanning sectors +488392065
21:48:19.384 Disk 0 scanning C:\Windows\system32\drivers
21:48:33.064 Service scanning
21:48:42.665 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:48:53.491 Modules scanning
21:49:02.506 Disk 0 trace - called modules:
21:49:02.526 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
21:49:02.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d05030]
21:49:02.542 3 CLASSPNP.SYS[8944a59e] -> nt!IofCallDriver -> [0x85d044a8]
21:49:02.549 5 hpdskflt.sys[891cdf92] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c14908]
21:49:09.478 AVAST engine scan C:\Windows
21:49:18.342 AVAST engine scan C:\Windows\system32
21:51:32.480 AVAST engine scan C:\Windows\system32\drivers
21:51:44.095 AVAST engine scan C:\Users\Pat
21:57:22.760 AVAST engine scan C:\ProgramData
21:58:35.365 Scan finished successfully
21:58:56.379 Disk 0 MBR has been saved successfully to "C:\Users\Pat\Desktop\MBR.dat"
21:58:56.386 The log file has been saved successfully to "C:\Users\Pat\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 03 March 2012 - 10:05 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 March 2012 - 10:38 PM

No problem with OTL.

OTL logfile created on: 3/3/2012 10:30:45 PM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Pat\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.22% Memory free
3.99 Gb Paging File | 2.32 Gb Available in Paging File | 58.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.87 Gb Total Space | 150.24 Gb Free Space | 64.79% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 0.98 Gb Free Space | 97.60% Space Free | Partition Type: FAT32
Drive H: | 778.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PAT-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (XMLProvS) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKslea6c12c0) -- File not found
DRV - (MpKsle69e41fb) -- File not found
DRV - (MpKsld156f713) -- File not found
DRV - (MpKslcb136786) -- File not found
DRV - (MpKslbc75321f) -- File not found
DRV - (MpKslb7edc61f) -- File not found
DRV - (MpKslb337f1d4) -- File not found
DRV - (MpKsla8525c20) -- File not found
DRV - (MpKsl9b066ffc) -- File not found
DRV - (MpKsl97d308b6) -- File not found
DRV - (MpKsl90867ab8) -- File not found
DRV - (MpKsl8eeadc2a) -- File not found
DRV - (MpKsl8af40470) -- File not found
DRV - (MpKsl89ed592f) -- File not found
DRV - (MpKsl8479611b) -- File not found
DRV - (MpKsl8160810c) -- File not found
DRV - (MpKsl7e2fc4b8) -- File not found
DRV - (MpKsl7c1f51f7) -- File not found
DRV - (MpKsl7b3b5cc3) -- File not found
DRV - (MpKsl7762d3a5) -- File not found
DRV - (MpKsl654ce7e9) -- File not found
DRV - (MpKsl57868932) -- File not found
DRV - (MpKsl551a7224) -- File not found
DRV - (MpKsl4fc51bc1) -- File not found
DRV - (MpKsl49d2ed14) -- File not found
DRV - (MpKsl43d1f055) -- File not found
DRV - (MpKsl3d854585) -- File not found
DRV - (MpKsl3bc88933) -- File not found
DRV - (MpKsl34882c3e) -- File not found
DRV - (MpKsl3293ee02) -- File not found
DRV - (MpKsl168dedc2) -- File not found
DRV - (MpKsl15414997) -- File not found
DRV - (MpKsl139e7b1f) -- File not found
DRV - (Lbd) -- File not found
DRV - (catchme) -- File not found
DRV - (aswMBR) -- File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\Drivers\aswrdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (NETw5s32) Intel® -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (RICOH SmartCard Reader) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2151597958-2523263111-3118920348-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2151597958-2523263111-3118920348-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 7D 4B 38 58 E7 CC 01 [binary data]
IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2151597958-2523263111-3118920348-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.7is7.com/otto/countdown.html"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pat\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/22 15:50:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/24 11:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 23:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 22:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/29 13:54:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/22 15:50:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Pat\AppData\Roaming\Move Networks [2011/12/25 23:46:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 23:09:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 22:57:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/29 13:54:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/20 19:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Extensions
[2010/03/20 19:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/25 23:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\0h2hwxou.default\extensions
[2011/12/25 23:43:42 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\0h2hwxou.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/02/19 17:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/25 23:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/02/19 17:14:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/24 11:55:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/17 23:09:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/19 17:13:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/01 20:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/01 20:30:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/03 15:43:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2151597958-2523263111-3118920348-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2151597958-2523263111-3118920348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C92992-E126-43C7-B8E5-D0E5C9212DD0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/08/04 10:54:31 | 000,000,000 | ---D | M] - H:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2007/08/04 10:54:31 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/08/04 09:09:54 | 000,659,456 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2007/08/04 11:00:52 | 000,000,152 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 22:30:03 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2012/03/03 21:42:34 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Pat\Desktop\aswMBR.exe
[2012/03/03 12:26:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/03 12:26:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/03 12:25:32 | 004,424,615 | R--- | C] (Swearware) -- C:\Users\Pat\Desktop\ComboFix.exe
[2012/03/02 14:54:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Pat\Desktop\dds.scr
[2012/03/02 09:40:38 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pat\Desktop\3553ldld.com.exe
[2012/03/01 23:41:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/28 00:40:17 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\ATI
[2012/02/28 00:40:17 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\ATI
[2012/02/28 00:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/02/28 00:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/02/28 00:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/02/28 00:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center
[2012/02/28 00:31:49 | 000,000,000 | ---D | C] -- C:\AMD
[2012/02/24 16:33:05 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\ElevatedDiagnostics
[2012/02/24 14:53:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/24 11:55:05 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/19 17:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/19 17:14:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/19 17:14:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/19 17:14:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/16 10:23:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 10:23:14 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 10:23:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 10:23:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 10:23:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 10:23:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 10:56:43 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 22:30:07 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2012/03/03 22:20:50 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/03/03 21:58:56 | 000,000,512 | ---- | M] () -- C:\Users\Pat\Desktop\MBR.dat
[2012/03/03 21:55:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151597958-2523263111-3118920348-1000UA.job
[2012/03/03 21:44:02 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pat\Desktop\3553ldld.com.exe
[2012/03/03 21:42:49 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Pat\Desktop\aswMBR.exe
[2012/03/03 19:20:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 17:52:10 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 17:52:10 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 17:44:26 | 1606,103,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 16:21:04 | 000,001,024 | ---- | M] () -- C:\Users\Pat\AppData\Local\PUTTY.RND
[2012/03/03 15:43:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/03 12:25:34 | 004,424,615 | R--- | M] (Swearware) -- C:\Users\Pat\Desktop\ComboFix.exe
[2012/03/03 01:55:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151597958-2523263111-3118920348-1000Core.job
[2012/03/02 15:00:24 | 000,302,592 | ---- | M] () -- C:\Users\Pat\Desktop\gmer.exe
[2012/03/02 15:00:13 | 000,000,516 | ---- | M] () -- C:\Users\Pat\Desktop\gmer.lnk
[2012/03/02 14:55:56 | 000,000,000 | ---- | M] () -- C:\Users\Pat\defogger_reenable
[2012/03/02 14:54:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Pat\Desktop\dds.scr
[2012/03/02 14:53:54 | 000,050,477 | ---- | M] () -- C:\Users\Pat\Desktop\Defogger.exe
[2012/03/01 23:44:08 | 000,626,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/01 23:44:08 | 000,107,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/01 23:41:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/01 23:28:31 | 000,003,528 | ---- | M] () -- C:\bootsqm.dat
[2012/02/24 22:23:29 | 416,821,486 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/24 13:08:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/24 12:04:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 11:55:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/23 11:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 11:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 11:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 11:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/19 17:13:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/19 17:13:54 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/19 17:13:54 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/19 17:13:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/17 19:30:53 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/09 19:01:40 | 000,000,557 | ---- | M] () -- C:\Users\Pat\Desktop\CSE 314 (2).lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/03 21:58:56 | 000,000,512 | ---- | C] () -- C:\Users\Pat\Desktop\MBR.dat
[2012/03/03 12:27:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/02 14:59:52 | 000,000,516 | ---- | C] () -- C:\Users\Pat\Desktop\gmer.lnk
[2012/03/02 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Pat\defogger_reenable
[2012/03/02 14:53:51 | 000,050,477 | ---- | C] () -- C:\Users\Pat\Desktop\Defogger.exe
[2012/03/01 23:28:31 | 000,003,528 | ---- | C] () -- C:\bootsqm.dat
[2012/02/24 22:23:29 | 416,821,486 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 19:01:40 | 000,000,557 | ---- | C] () -- C:\Users\Pat\Desktop\CSE 314 (2).lnk
[2012/01/24 10:34:01 | 000,187,816 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/13 15:49:10 | 000,001,024 | ---- | C] () -- C:\Users\Pat\AppData\Local\PUTTY.RND
[2012/01/11 10:44:03 | 000,029,496 | -HS- | C] () -- C:\Users\Pat\AppData\Local\wbk2mw4grlbnf83r85uun33
[2012/01/11 10:44:03 | 000,029,496 | -HS- | C] () -- C:\ProgramData\wbk2mw4grlbnf83r85uun33
[2011/12/25 20:21:47 | 000,000,320 | ---- | C] () -- C:\ProgramData\~SLL18thveqnWkG
[2011/12/25 20:21:47 | 000,000,224 | ---- | C] () -- C:\ProgramData\~SLL18thveqnWkGr
[2011/12/25 20:21:37 | 000,000,344 | ---- | C] () -- C:\ProgramData\SLL18thveqnWkG
[2011/12/25 15:56:18 | 000,008,980 | -HS- | C] () -- C:\Users\Pat\AppData\Local\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/25 15:56:18 | 000,008,980 | -HS- | C] () -- C:\ProgramData\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/24 22:40:56 | 000,012,802 | -HS- | C] () -- C:\Users\Pat\AppData\Local\vpewgheb7k7i
[2011/12/24 22:40:56 | 000,012,802 | -HS- | C] () -- C:\ProgramData\vpewgheb7k7i
[2011/12/24 15:51:56 | 000,021,488 | -HS- | C] () -- C:\Users\Pat\AppData\Local\230276g6x323v423g161f3avq0c1
[2011/12/24 15:51:56 | 000,021,488 | -HS- | C] () -- C:\ProgramData\230276g6x323v423g161f3avq0c1
[2011/12/21 13:30:16 | 000,024,068 | -HS- | C] () -- C:\Users\Pat\AppData\Local\yesvxn3d7poh3shx8ydb3q070q2y
[2011/12/21 13:30:16 | 000,024,068 | -HS- | C] () -- C:\ProgramData\yesvxn3d7poh3shx8ydb3q070q2y
[2011/12/18 15:48:07 | 000,023,610 | -HS- | C] () -- C:\Users\Pat\AppData\Local\n1cq10c7ro3iik
[2011/12/18 15:48:07 | 000,023,610 | -HS- | C] () -- C:\ProgramData\n1cq10c7ro3iik
[2011/12/14 19:28:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/14 19:28:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/14 19:28:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/14 19:28:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/14 15:59:16 | 000,000,090 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/14 12:26:21 | 000,103,365 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/12/14 12:26:21 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/12/13 23:54:30 | 000,012,080 | -HS- | C] () -- C:\ProgramData\244702q1e762f462k646s6osk4k4
[2011/12/13 23:54:29 | 000,012,080 | -HS- | C] () -- C:\Users\Pat\AppData\Local\244702q1e762f462k646s6osk4k4
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/12/05 21:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/12/05 21:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/12/03 01:05:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\17u8eMP.com.b
[2011/12/03 01:02:11 | 000,000,112 | ---- | C] () -- C:\ProgramData\F514PiV8s.dat
[2011/12/03 00:50:17 | 000,011,322 | -HS- | C] () -- C:\Users\Pat\AppData\Local\4c04k71d1u1g234778hj423i00j2k67o84kqa
[2011/12/03 00:50:17 | 000,011,322 | -HS- | C] () -- C:\ProgramData\4c04k71d1u1g234778hj423i00j2k67o84kqa
[2011/11/14 14:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/06/22 22:16:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/02 18:14:42 | 000,001,849 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\GhostObjGAFix.xml
[2011/04/19 15:33:53 | 000,040,023 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\UserTile.png
[2010/09/22 15:42:10 | 000,171,867 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/09/22 15:42:10 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2010/08/17 19:45:09 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/17 19:45:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/20 14:05:04 | 000,000,017 | ---- | C] () -- C:\Users\Pat\AppData\Local\resmon.resmoncfg
[2010/04/17 01:36:05 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/22 12:05:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/20 21:50:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 03 March 2012 - 10:44 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    [2012/01/11 10:44:03 | 000,029,496 | -HS- | C] () -- C:\Users\Pat\AppData\Local\wbk2mw4grlbnf83r85uun33
    [2012/01/11 10:44:03 | 000,029,496 | -HS- | C] () -- C:\ProgramData\wbk2mw4grlbnf83r85uun33
    [2011/12/25 20:21:47 | 000,000,320 | ---- | C] () -- C:\ProgramData\~SLL18thveqnWkG
    [2011/12/25 20:21:47 | 000,000,224 | ---- | C] () -- C:\ProgramData\~SLL18thveqnWkGr
    [2011/12/25 20:21:37 | 000,000,344 | ---- | C] () -- C:\ProgramData\SLL18thveqnWkG
    [2011/12/25 15:56:18 | 000,008,980 | -HS- | C] () -- C:\Users\Pat\AppData\Local\ab68emea3ri1207sl0757hp6tg0im4c5
    [2011/12/25 15:56:18 | 000,008,980 | -HS- | C] () -- C:\ProgramData\ab68emea3ri1207sl0757hp6tg0im4c5
    [2011/12/24 22:40:56 | 000,012,802 | -HS- | C] () -- C:\Users\Pat\AppData\Local\vpewgheb7k7i
    [2011/12/24 22:40:56 | 000,012,802 | -HS- | C] () -- C:\ProgramData\vpewgheb7k7i
    [2011/12/24 15:51:56 | 000,021,488 | -HS- | C] () -- C:\Users\Pat\AppData\Local\230276g6x323v423g161f3avq0c1
    [2011/12/24 15:51:56 | 000,021,488 | -HS- | C] () -- C:\ProgramData\230276g6x323v423g161f3avq0c1
    [2011/12/21 13:30:16 | 000,024,068 | -HS- | C] () -- C:\Users\Pat\AppData\Local\yesvxn3d7poh3shx8ydb3q070q2y
    [2011/12/21 13:30:16 | 000,024,068 | -HS- | C] () -- C:\ProgramData\yesvxn3d7poh3shx8ydb3q070q2y
    [2011/12/18 15:48:07 | 000,023,610 | -HS- | C] () -- C:\Users\Pat\AppData\Local\n1cq10c7ro3iik
    [2011/12/18 15:48:07 | 000,023,610 | -HS- | C] () -- C:\ProgramData\n1cq10c7ro3iik
    [2011/12/13 23:54:30 | 000,012,080 | -HS- | C] () -- C:\ProgramData\244702q1e762f462k646s6osk4k4
    [2011/12/13 23:54:29 | 000,012,080 | -HS- | C] () -- C:\Users\Pat\AppData\Local\244702q1e762f462k646s6osk4k4
    [2011/12/03 01:05:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\17u8eMP.com.b
    [2011/12/03 01:02:11 | 000,000,112 | ---- | C] () -- C:\ProgramData\F514PiV8s.dat
    [2011/12/03 00:50:17 | 000,011,322 | -HS- | C] () -- C:\Users\Pat\AppData\Local\4c04k71d1u1g234778hj423i00j2k67o84kqa
    [2011/12/03 00:50:17 | 000,011,322 | -HS- | C] () -- C:\ProgramData\4c04k71d1u1g234778hj423i00j2k67o84kqa
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 March 2012 - 10:58 PM

Same thing happened as ComboFix. They log appeared when the desktop was loading then when the desktop fully loaded it disappeared. Is there any way to recover it?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 08 March 2012 - 02:38 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 12 March 2012 - 12:11 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 14 March 2012 - 11:23 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users