Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira detecting hidden virus but not solving


  • This topic is locked This topic is locked
36 replies to this topic

#1 tizerist

tizerist

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 23 April 2012 - 09:24 AM

Hi all, I've got a problem and would appreciate any help before it gets worse.

Avira free is saying:

"Hidden objects were found.
One or more hidden objects that indicate a hidden virus or unwanted program were found.
An alysis of your computer with the Avira rescue CD uin necessary for exact identification and repair."

So I've made and ran the rescue CD from startup. It goes into the repair menu, but the rescue CD program at this point will not update. I let it do it's thing anyway, and ran a full Avira scan afterwards. It has not removed the problem. Every time I attempt a scan it gives that message again.

So I have decided to stop here and enlist help. There's no GMER log as I am on windows 64-bit. Any help appreciated, thanks.

Attached Files


Edited by tizerist, 23 April 2012 - 09:25 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 26 April 2012 - 03:02 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tizerist

tizerist
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 April 2012 - 10:28 AM

Hi thanks Gringo.
The computer is running normally despite the warnings.

Security Check

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira Free Antivirus
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````

Combofix
ComboFix 12-04-28.01 - tizerist 28/04/2012 14:46:07.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2766 [GMT 1:00]
Running from: C:\Users\tizerist\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\tizerist\AppData\Roaming\Mozilla\Firefox\Profiles\71108xo6.default\weave\toFetch
C:\Windows\SysWow64\bdaplgin.ax
C:\Windows\SysWow64\cero.rs
C:\Windows\SysWow64\csrr.rs
C:\Windows\SysWow64\esrb.rs
C:\Windows\SysWow64\g711codc.ax
C:\Windows\SysWow64\grb.rs
C:\Windows\SysWow64\iac25_32.ax
C:\Windows\SysWow64\ir41_32.ax
C:\Windows\SysWow64\ivfsrc.ax
C:\Windows\SysWow64\ksproxy.ax
C:\Windows\SysWow64\kstvtune.ax
C:\Windows\SysWow64\Kswdmcap.ax
C:\Windows\SysWow64\ksxbar.ax
C:\Windows\SysWow64\Mpeg2Data.ax
C:\Windows\SysWow64\mpg2splt.ax
C:\Windows\SysWow64\MSDvbNP.ax
C:\Windows\SysWow64\MSNP.ax
C:\Windows\SysWow64\oflc.rs
C:\Windows\SysWow64\pegi-fi.rs
C:\Windows\SysWow64\pegi-pt.rs
C:\Windows\SysWow64\pegi.rs
C:\Windows\SysWow64\pegibbfc.rs
C:\Windows\SysWow64\psisrndr.ax
C:\Windows\SysWow64\SET41D0.tmp
C:\Windows\SysWow64\SET4375.tmp
C:\Windows\SysWow64\usk.rs
C:\Windows\SysWow64\VBICodec.ax
C:\Windows\SysWow64\vbisurf.ax
C:\Windows\SysWow64\vidcap.ax
C:\Windows\SysWow64\WEB.rs
C:\Windows\SysWow64\WSTPager.ax
D:\install.exe


((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))


2012-04-28 14:04:35 . 2012-04-28 14:04:35 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-28 13:45:45 . 2012-04-28 13:45:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F1D2144-8FBA-4271-828B-A1EB96CA524B}\offreg.dll
2012-04-27 20:19:40 . 2012-04-13 08:46:11 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F1D2144-8FBA-4271-828B-A1EB96CA524B}\mpengine.dll
2012-04-26 21:58:16 . 2012-04-26 21:58:16 -------- d-----w- C:\Users\tizerist\AppData\Local\Research In Motion
2012-04-26 21:58:15 . 2012-04-26 21:58:52 -------- d-----w- C:\Users\tizerist\AppData\Roaming\Research In Motion
2012-04-26 21:57:29 . 2011-07-20 13:58:22 44032 ----a-w- C:\Windows\system32\drivers\RimSerial_AMD64.sys
2012-04-26 21:57:07 . 2012-04-26 21:57:07 -------- d-----w- C:\ProgramData\Research In Motion
2012-04-26 21:56:51 . 2012-04-26 21:57:05 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-04-26 21:56:51 . 2012-04-26 21:56:51 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-04-26 21:51:25 . 2012-04-26 22:19:28 -------- d-----w- C:\Users\tizerist\AppData\Roaming\Mobipocket
2012-04-26 21:51:13 . 2012-04-26 21:51:13 -------- d-----w- C:\Program Files (x86)\Mobipocket.com
2012-04-25 18:15:01 . 2012-04-25 18:15:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 18:15:01 . 2012-04-25 18:15:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-21 20:43:54 . 2012-04-21 20:43:54 -------- d-----w- C:\Users\tizerist\AppData\Local\Adobe
2012-04-21 20:34:42 . 2012-04-21 20:46:08 -------- d-----w- C:\Program Files (x86)\SpeedBit Video Accelerator
2012-04-21 20:34:42 . 2012-04-21 20:34:42 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2012-04-21 19:05:14 . 2012-04-21 19:05:19 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2012-04-14 22:19:51 . 2010-03-18 19:31:20 10240 ----a-w- C:\Windows\system32\CTDCRES.DLL
2012-04-14 22:08:48 . 2000-06-26 06:43:40 254224 ----a-w- C:\Windows\SysWow64\drmclien.dll
2012-04-14 18:04:16 . 2012-04-14 18:04:16 -------- d-----w- C:\Windows\system32\appmgmt
2012-04-14 18:03:02 . 2012-04-14 18:03:02 -------- d-----w- C:\Users\tizerist\AppData\Local\SRS Labs
2012-04-14 18:02:39 . 2012-04-14 18:02:39 -------- d-----w- C:\ProgramData\SRS Labs
2012-04-14 18:01:57 . 2009-12-15 13:41:32 346992 ----a-w- C:\Windows\system32\drivers\SRS_SSCFilter_amd64.sys
2012-04-14 16:45:08 . 2001-05-28 12:47:36 12288 ----a-w- C:\Windows\SysWow64\AHQCpURes.dll
2012-04-14 16:45:07 . 2001-05-28 12:47:00 32768 ----a-w- C:\Windows\SysWow64\AudioHQU.cpl
2012-04-14 16:22:08 . 2012-04-14 16:22:08 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 23:19:28 . 1999-10-11 01:00:00 41984 ------w- C:\Windows\Ctregrun.exe
2012-04-13 23:18:24 . 2012-04-13 23:20:41 -------- d-----w- C:\Users\tizerist\AppData\Roaming\Creative
2012-04-13 15:22:04 . 1996-05-23 02:24:00 24976 ------w- C:\Windows\CTRES.DLL
2012-04-13 15:22:04 . 1994-12-05 03:11:00 53552 ------w- C:\Windows\CTCCW.DLL
2012-04-13 15:22:03 . 1998-10-20 08:05:42 54784 ------w- C:\Windows\SysWow64\INETWH32.DLL
2012-04-13 15:22:03 . 1998-06-05 02:00:00 84992 ------w- C:\Windows\SysWow64\SFCVRT32.DLL
2012-04-13 15:22:03 . 1995-08-30 02:02:00 82432 ------w- C:\Windows\SysWow64\CTWFLT32.DLL
2012-04-13 15:22:03 . 1995-07-13 02:01:00 26768 ------w- C:\Windows\SysWow64\CTL3D.DLL
2012-04-13 15:22:03 . 1995-01-13 06:10:00 149504 ------w- C:\Windows\SysWow64\MFCANS32.DLL
2012-04-13 15:22:03 . 1995-01-13 06:10:00 108032 ------w- C:\Windows\SysWow64\MFCUIA32.DLL
2012-04-13 15:13:55 . 2002-11-05 03:06:04 49152 ----a-w- C:\Windows\CTDCRES.DLL
2012-04-13 15:13:55 . 2002-11-05 02:49:08 20480 ----a-w- C:\Windows\INRES.DLL
2012-04-13 15:04:27 . 2002-07-25 16:48:34 7062 ------w- C:\Windows\SysWow64\PFMODBS.VXD
2012-04-13 15:04:27 . 2001-09-05 03:18:34 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-13 15:04:26 . 2001-09-05 03:18:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-13 15:04:26 . 2001-09-05 03:14:42 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-13 15:04:26 . 2001-09-05 03:13:42 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-12 13:35:50 . 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-12 13:35:50 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 13:35:50 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 13:34:40 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 13:34:40 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 13:34:40 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 13:34:39 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-12 13:34:39 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-12 13:34:39 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 13:34:39 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 19:52:44 . 2010-02-04 09:01:14 78680 ----a-w- C:\Windows\system32\XAPOFX1_4.dll
2012-04-10 19:52:44 . 2010-02-04 09:01:14 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2012-04-10 19:52:44 . 2010-02-04 09:01:14 530776 ----a-w- C:\Windows\system32\XAudio2_6.dll
2012-04-10 19:52:44 . 2010-02-04 09:01:14 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2012-04-10 19:52:44 . 2010-02-04 09:01:14 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2012-04-10 19:52:44 . 2010-02-04 09:01:14 176984 ----a-w- C:\Windows\system32\xactengine3_6.dll
2012-04-10 19:52:43 . 2010-02-04 09:01:14 24920 ----a-w- C:\Windows\system32\X3DAudio1_7.dll
2012-04-10 19:52:43 . 2010-02-04 09:01:14 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2012-04-06 11:26:00 . 2012-04-06 11:26:04 -------- d-----w- C:\Program Files (x86)\ConvertHelper
2012-04-06 11:24:52 . 2012-04-06 11:24:56 -------- d-----w- C:\Users\tizerist\dwhelper
2012-04-04 15:52:26 . 2012-04-27 21:03:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 05:53:56 . 2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 15:41:21 . 2012-04-02 15:41:21 -------- d-----w- C:\Program Files\iPod
2012-04-02 15:41:20 . 2012-04-02 15:41:41 -------- d-----w- C:\Program Files\iTunes
2012-04-02 15:41:20 . 2012-04-02 15:41:41 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-02 15:39:45 . 2012-04-02 15:39:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-02 15:39:45 . 2012-04-02 15:39:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-02 15:39:45 . 2012-04-02 15:39:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-02 15:39:45 . 2012-04-02 15:39:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-02 15:39:45 . 2012-04-02 15:39:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-02 15:39:45 . 2012-04-02 15:39:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-02 15:39:45 . 2012-04-02 15:39:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-02 15:39:35 . 2012-04-02 15:39:44 -------- d-----w- C:\Program Files (x86)\QuickTime
2012-04-01 09:14:58 . 2012-04-01 09:14:58 -------- d-----w- C:\ProgramData\IObit
2012-04-01 09:14:58 . 2012-04-01 09:14:58 -------- d-----w- C:\Program Files (x86)\IObit
2012-03-31 23:35:59 . 2012-03-31 23:35:59 -------- d-----w- C:\Users\tizerist\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 23:35:42 . 2012-03-31 23:35:59 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-31 23:35:42 . 2012-03-31 23:35:42 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-27 21:03:43 . 2012-03-19 22:46:00 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 22:22:39 . 2012-03-19 22:04:55 466520 ----a-w- C:\Windows\system32\wrap_oal.dll
2012-04-14 22:22:39 . 2012-03-19 22:04:55 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-04-14 22:22:39 . 2012-03-19 22:04:55 123480 ----a-w- C:\Windows\system32\OpenAL32.dll
2012-04-14 22:22:39 . 2012-03-19 22:04:55 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-04-04 14:56:40 . 2012-03-20 18:25:11 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-03-20 17:02:57 . 2012-03-20 17:02:57 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-03-20 17:02:57 . 2012-03-20 17:02:57 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-03-20 17:02:57 . 2012-03-20 17:02:57 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2012-03-20 17:02:57 . 2012-03-20 17:02:57 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 367104 ----a-w- C:\Windows\SysWow64\html.iec
2012-03-20 17:02:57 . 2012-03-20 17:02:57 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2012-03-20 17:02:57 . 2012-03-20 17:02:57 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2012-03-20 17:02:57 . 2012-03-20 17:02:57 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-03-20 17:02:57 . 2012-03-20 17:02:57 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2012-03-20 17:02:57 . 2012-03-20 17:02:57 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2012-03-20 17:02:57 . 2012-03-20 17:02:57 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-03-20 17:02:56 . 2012-03-20 17:02:56 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-03-20 17:02:56 . 2012-03-20 17:02:56 85504 ----a-w- C:\Windows\system32\iesetup.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 76800 ----a-w- C:\Windows\system32\tdc.ocx
2012-03-20 17:02:56 . 2012-03-20 17:02:56 603648 ----a-w- C:\Windows\system32\vbscript.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 49664 ----a-w- C:\Windows\system32\imgutil.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 448512 ----a-w- C:\Windows\system32\html.iec
2012-03-20 17:02:56 . 2012-03-20 17:02:56 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 222208 ----a-w- C:\Windows\system32\msls31.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-03-20 17:02:56 . 2012-03-20 17:02:56 165888 ----a-w- C:\Windows\system32\iexpress.exe
2012-03-20 17:02:56 . 2012-03-20 17:02:56 160256 ----a-w- C:\Windows\system32\wextract.exe
2012-03-20 17:02:56 . 2012-03-20 17:02:56 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 12288 ----a-w- C:\Windows\system32\mshta.exe
2012-03-20 17:02:56 . 2012-03-20 17:02:56 114176 ----a-w- C:\Windows\system32\admparse.dll
2012-03-20 17:02:56 . 2012-03-20 17:02:56 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2012-03-19 22:51:17 . 2012-03-19 22:51:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-19 22:43:24 . 2012-03-19 22:43:24 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-03-19 20:57:49 . 2010-11-21 03:24:21 14848 ----a-w- C:\Windows\system32\slwga.dll
2012-03-19 20:57:49 . 2010-11-21 03:24:08 419840 ----a-w- C:\Windows\system32\systemcpl.dll
2012-03-19 20:57:49 . 2010-11-21 03:23:48 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2012-03-19 20:57:48 . 2010-11-21 03:24:20 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2012-03-19 20:57:48 . 2010-11-21 03:24:09 1008640 ----a-w- C:\Windows\system32\user32.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 9717568 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 962368 ----a-w- C:\Windows\system32\nvumdshimx.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 812352 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 8008000 ----a-w- C:\Windows\system32\nvcuda.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 7713088 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 68928 ----a-w- C:\Windows\system32\OpenCL.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 5892928 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 364352 ----a-w- C:\Windows\system32\nvdecodemft.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 2872640 ----a-w- C:\Windows\system32\nvcuvenc.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 2672448 ----a-w- C:\Windows\system32\nvcuvid.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 260416 ----a-w- C:\Windows\system32\nvinitx.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 25543488 ----a-w- C:\Windows\system32\nvoglv64.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 2517312 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 2437440 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 215360 ----a-w- C:\Windows\SysWow64\nvinit.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 19444544 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 17642816 ----a-w- C:\Windows\system32\nvd3dumx.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 1737536 ----a-w- C:\Windows\system32\nvdispco64.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 15009600 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 1466176 ----a-w- C:\Windows\system32\nvgenco64.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:09 13626688 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2012-03-01 00:02:00 . 2012-03-19 22:48:08 2660160 ----a-w- C:\Windows\system32\nvapi64.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:08 25222976 ----a-w- C:\Windows\system32\nvcompiler.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:08 2301248 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-03-01 00:02:00 . 2012-03-19 22:48:08 17543488 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-02-29 21:00:22 . 2012-03-19 22:03:29 3089728 ----a-w- C:\Windows\system32\nvsvc64.dll
2012-02-29 21:00:09 . 2012-03-19 22:03:29 6074176 ----a-w- C:\Windows\system32\nvcpl.dll
2012-02-29 20:59:47 . 2012-03-19 22:03:29 889664 ----a-w- C:\Windows\system32\nvvsvc.exe
2012-02-29 20:59:47 . 2012-03-19 22:03:29 63296 ----a-w- C:\Windows\system32\nvshext.dll
2012-02-29 20:59:47 . 2012-03-19 22:03:29 2561856 ----a-w- C:\Windows\system32\nvsvcr.dll
2012-02-29 20:59:47 . 2012-03-19 22:03:29 118080 ----a-w- C:\Windows\system32\nvmctray.dll
2012-02-29 20:59:29 . 2012-03-19 22:49:02 2515790 ----a-w- C:\Windows\system32\nvcoproc.bin
2012-02-29 13:26:56 . 2012-02-29 13:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-29 03:19:36 . 2012-02-29 03:19:36 268552 ----a-w- C:\Windows\system32\PDBoot.exe
2012-02-28 11:25:54 . 2012-02-28 11:25:54 81424 ----a-w- C:\Windows\system32\drivers\PDFsFilter.sys
2012-02-23 09:18:36 . 2010-11-21 03:27:21 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:27 . 2012-03-19 21:49:31 1112064 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-02-17 06:38:26 . 2012-03-19 21:49:31 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 05:34:22 . 2012-03-19 21:49:31 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 . 2012-03-19 21:49:31 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:57:32 . 2012-03-19 21:49:31 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-10 06:36:07 . 2012-03-19 23:15:36 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-19 23:15:36 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 . 2012-03-19 23:15:52 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-01-31 08:57:31 . 2012-03-19 22:05:18 132320 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2012-01-31 08:57:30 . 2012-03-19 22:05:18 97312 ----a-w- C:\Windows\system32\drivers\avgntflt.sys


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-03-19 20:57:48 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll

[-] 2012-03-19 20:57:48 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\SysWOW64\user32.dll
[7] 2010-11-21 03:24:20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 08:33:02 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-05 17:12:22 73360]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 08:56:50 258512]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 14:02:04 254696]
"SBDrvDet"="C:\Program Files (x86)\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 17:06:52 45056]
"CTXFIREG"="CTxfiReg.exe" [2007-04-09 11:29:30 43520]
"CTSysVol"="C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 08:18:24 49152]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 18:04:04 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 18:17:48 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 11:32:32 19968]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 05:53:50 843712]
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 16:47:26 90448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 13:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 14:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 17:39:29 136176]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe [2012-04-21 20:44:38 300656]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 21:03:43 253088]
R3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS [x]
R3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 17:39:29 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [x]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 05:53:50 63928]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 08:57:06 86224]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-02-29 18:07:36 33672]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-02-29 18:07:58 827520]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 00:02:00 2348352]
S2 PDFSFilter;PDFSFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys [x]
S2 prio_svc;Prio Service;C:\Program Files\Prio\prio_svc.exe [2011-10-07 20:18:38 11184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 13:26:46 382272]
S3 ctgame;Game Port;C:\Windows\system32\DRIVERS\ctgame.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]


Contents of the 'Scheduled Tasks' folder

2012-04-28 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:52:26 . 2012-04-27 21:03:43]

2012-04-28 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 17:39:32 . 2012-03-20 17:39:29]

2012-04-28 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 17:39:32 . 2012-03-20 17:39:29]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2012-02-29 18:07:54 1126528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - C:\Users\tizerist\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: C:\PROGRA~2\SPEEDB~1\sblsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - C:\Users\tizerist\AppData\Roaming\Mozilla\Firefox\Profiles\71108xo6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/sport/football/teams/chelsea

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-SRS Audio Sandbox - C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
HKLM-Run-AsioReg - CTASIO.DLL

Edited by tizerist, 28 April 2012 - 10:51 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 28 April 2012 - 10:51 AM

just give it more time


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tizerist

tizerist
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 April 2012 - 11:41 AM

Done :)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 28 April 2012 - 12:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tizerist

tizerist
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 April 2012 - 02:02 PM

The tdskiller log will let me highlight the text, but when I right-click no options come up to allow me to copy and paste.

Edited by tizerist, 28 April 2012 - 02:03 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 28 April 2012 - 02:10 PM

highlight it and then press Ctrl+V then come here and select paste
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tizerist

tizerist
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 April 2012 - 02:15 PM

Nope, that didn't work either. However I found a txt doc in my C drive

19:58:22.0618 3908 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:58:24.0627 3908 ============================================================
19:58:24.0627 3908 Current date / time: 2012/04/28 19:58:24.0627
19:58:24.0627 3908 SystemInfo:
19:58:24.0627 3908
19:58:24.0627 3908 OS Version: 6.1.7601 ServicePack: 1.0
19:58:24.0627 3908 Product type: Workstation
19:58:24.0627 3908 ComputerName: TIZERIST-PC
19:58:24.0628 3908 UserName: tizerist
19:58:24.0628 3908 Windows directory: C:\Windows
19:58:24.0628 3908 System windows directory: C:\Windows
19:58:24.0628 3908 Running under WOW64
19:58:24.0628 3908 Processor architecture: Intel x64
19:58:24.0628 3908 Number of processors: 2
19:58:24.0628 3908 Page size: 0x1000
19:58:24.0628 3908 Boot type: Normal boot
19:58:24.0628 3908 ============================================================
19:58:25.0590 3908 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:58:25.0644 3908 Drive \Device\Harddisk1\DR1 - Size: 0x747217DC00 (465.78 Gb), SectorSize: 0x200, Cylinders: 0xEC968, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
19:58:25.0650 3908 ============================================================
19:58:25.0650 3908 \Device\Harddisk0\DR0:
19:58:25.0650 3908 MBR partitions:
19:58:25.0650 3908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11773701
19:58:25.0650 3908 \Device\Harddisk1\DR1:
19:58:25.0655 3908 MBR partitions:
19:58:25.0655 3908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A390551
19:58:25.0655 3908 ============================================================
19:58:25.0683 3908 C: <-> \Device\Harddisk0\DR0\Partition0
19:58:25.0715 3908 D: <-> \Device\Harddisk1\DR1\Partition0
19:58:25.0715 3908 ============================================================
19:58:25.0715 3908 Initialize success
19:58:25.0715 3908 ============================================================
19:58:29.0778 2672 ============================================================
19:58:29.0778 2672 Scan started
19:58:29.0778 2672 Mode: Manual;
19:58:29.0778 2672 ============================================================
19:58:30.0459 2672 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:58:30.0479 2672 !SASCORE - ok
19:58:30.0572 2672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
19:58:30.0590 2672 1394ohci - ok
19:58:30.0621 2672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:58:30.0662 2672 ACPI - ok
19:58:30.0672 2672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:58:30.0676 2672 AcpiPmi - ok
19:58:30.0734 2672 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:58:30.0755 2672 AdobeARMservice - ok
19:58:30.0843 2672 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:58:30.0845 2672 AdobeFlashPlayerUpdateSvc - ok
19:58:30.0886 2672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:58:30.0910 2672 adp94xx - ok
19:58:30.0944 2672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:58:30.0960 2672 adpahci - ok
19:58:30.0976 2672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:58:30.0983 2672 adpu320 - ok
19:58:31.0000 2672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:58:31.0006 2672 AeLookupSvc - ok
19:58:31.0054 2672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:58:31.0102 2672 AFD - ok
19:58:31.0143 2672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:58:31.0148 2672 agp440 - ok
19:58:31.0167 2672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:58:31.0173 2672 ALG - ok
19:58:31.0194 2672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:58:31.0197 2672 aliide - ok
19:58:31.0204 2672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:58:31.0216 2672 amdide - ok
19:58:31.0232 2672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:58:31.0238 2672 AmdK8 - ok
19:58:31.0256 2672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:58:31.0261 2672 AmdPPM - ok
19:58:31.0288 2672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:58:31.0294 2672 amdsata - ok
19:58:31.0304 2672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:58:31.0311 2672 amdsbs - ok
19:58:31.0325 2672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:58:31.0340 2672 amdxata - ok
19:58:31.0401 2672 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:58:31.0420 2672 AntiVirSchedulerService - ok
19:58:31.0448 2672 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:58:31.0463 2672 AntiVirService - ok
19:58:31.0485 2672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:58:31.0490 2672 AppID - ok
19:58:31.0503 2672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:58:31.0508 2672 AppIDSvc - ok
19:58:31.0522 2672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:58:31.0529 2672 Appinfo - ok
19:58:31.0567 2672 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:58:31.0584 2672 Apple Mobile Device - ok
19:58:31.0798 2672 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:58:31.0808 2672 AppMgmt - ok
19:58:31.0832 2672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:58:31.0838 2672 arc - ok
19:58:31.0849 2672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:58:31.0855 2672 arcsas - ok
19:58:31.0914 2672 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:58:31.0919 2672 aspnet_state - ok
19:58:31.0933 2672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:58:31.0937 2672 AsyncMac - ok
19:58:31.0955 2672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:58:31.0959 2672 atapi - ok
19:58:32.0003 2672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:58:32.0023 2672 AudioEndpointBuilder - ok
19:58:32.0030 2672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:58:32.0035 2672 AudioSrv - ok
19:58:32.0046 2672 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:58:32.0053 2672 avgntflt - ok
19:58:32.0070 2672 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
19:58:32.0077 2672 avipbb - ok
19:58:32.0082 2672 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:58:32.0087 2672 avkmgr - ok
19:58:32.0110 2672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:58:32.0130 2672 AxInstSV - ok
19:58:32.0172 2672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:58:32.0183 2672 b06bdrv - ok
19:58:32.0201 2672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:58:32.0209 2672 b57nd60a - ok
19:58:32.0228 2672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:58:32.0234 2672 BDESVC - ok
19:58:32.0245 2672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:58:32.0259 2672 Beep - ok
19:58:32.0316 2672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:58:32.0335 2672 BFE - ok
19:58:32.0385 2672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:58:32.0408 2672 BITS - ok
19:58:32.0430 2672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:58:32.0435 2672 blbdrive - ok
19:58:32.0491 2672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:58:32.0509 2672 Bonjour Service - ok
19:58:32.0526 2672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:58:32.0532 2672 bowser - ok
19:58:32.0544 2672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:58:32.0548 2672 BrFiltLo - ok
19:58:32.0552 2672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:58:32.0556 2672 BrFiltUp - ok
19:58:32.0570 2672 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:58:32.0576 2672 BridgeMP - ok
19:58:32.0588 2672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:58:32.0605 2672 Browser - ok
19:58:32.0629 2672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:58:32.0638 2672 Brserid - ok
19:58:32.0649 2672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:58:32.0654 2672 BrSerWdm - ok
19:58:32.0663 2672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:58:32.0666 2672 BrUsbMdm - ok
19:58:32.0670 2672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:58:32.0674 2672 BrUsbSer - ok
19:58:32.0685 2672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:58:32.0690 2672 BTHMODEM - ok
19:58:32.0710 2672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:58:32.0716 2672 bthserv - ok
19:58:32.0734 2672 catchme - ok
19:58:32.0755 2672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:58:32.0760 2672 cdfs - ok
19:58:32.0774 2672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:58:32.0783 2672 cdrom - ok
19:58:32.0800 2672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:58:32.0806 2672 CertPropSvc - ok
19:58:32.0815 2672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:58:32.0821 2672 circlass - ok
19:58:32.0840 2672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:58:32.0845 2672 CLFS - ok
19:58:32.0880 2672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:32.0903 2672 clr_optimization_v2.0.50727_32 - ok
19:58:32.0926 2672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:58:32.0932 2672 clr_optimization_v2.0.50727_64 - ok
19:58:32.0966 2672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:58:32.0984 2672 clr_optimization_v4.0.30319_32 - ok
19:58:33.0002 2672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:58:33.0010 2672 clr_optimization_v4.0.30319_64 - ok
19:58:33.0020 2672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:58:33.0036 2672 CmBatt - ok
19:58:33.0051 2672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:58:33.0055 2672 cmdide - ok
19:58:33.0092 2672 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:58:33.0108 2672 CNG - ok
19:58:33.0143 2672 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS
19:58:33.0150 2672 COMMONFX - ok
19:58:33.0179 2672 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
19:58:33.0185 2672 COMMONFX.DLL - ok
19:58:33.0192 2672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:58:33.0196 2672 Compbatt - ok
19:58:33.0213 2672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:58:33.0219 2672 CompositeBus - ok
19:58:33.0230 2672 COMSysApp - ok
19:58:33.0243 2672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:58:33.0247 2672 crcdisk - ok
19:58:33.0269 2672 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:58:33.0275 2672 CryptSvc - ok
19:58:33.0325 2672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:58:33.0354 2672 CSC - ok
19:58:33.0400 2672 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:58:33.0414 2672 CscService - ok
19:58:33.0435 2672 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
19:58:33.0445 2672 CT20XUT.DLL - ok
19:58:33.0496 2672 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys
19:58:33.0513 2672 ctac32k - ok
19:58:33.0553 2672 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys
19:58:33.0574 2672 ctaud2k - ok
19:58:33.0615 2672 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS
19:58:33.0635 2672 CTAUDFX - ok
19:58:33.0669 2672 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
19:58:33.0700 2672 CTAUDFX.DLL - ok
19:58:33.0717 2672 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
19:58:33.0724 2672 CTEAPSFX.DLL - ok
19:58:33.0744 2672 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
19:58:33.0754 2672 CTEDSPFX.DLL - ok
19:58:33.0774 2672 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
19:58:33.0783 2672 CTEDSPIO.DLL - ok
19:58:33.0805 2672 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
19:58:33.0814 2672 CTEDSPSY.DLL - ok
19:58:33.0840 2672 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS
19:58:33.0846 2672 CTERFXFX - ok
19:58:33.0862 2672 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
19:58:33.0869 2672 CTERFXFX.DLL - ok
19:58:33.0944 2672 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
19:58:34.0021 2672 CTEXFIFX.DLL - ok
19:58:34.0085 2672 ctgame (51882deb6e27bd59717cde2038271930) C:\Windows\system32\DRIVERS\ctgame.sys
19:58:34.0089 2672 ctgame - ok
19:58:34.0106 2672 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
19:58:34.0113 2672 CTHWIUT.DLL - ok
19:58:34.0126 2672 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys
19:58:34.0130 2672 ctprxy2k - ok
19:58:34.0187 2672 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS
19:58:34.0207 2672 CTSBLFX - ok
19:58:34.0251 2672 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
19:58:34.0271 2672 CTSBLFX.DLL - ok
19:58:34.0289 2672 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys
19:58:34.0297 2672 ctsfm2k - ok
19:58:34.0341 2672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:58:34.0352 2672 DcomLaunch - ok
19:58:34.0383 2672 DefragFS (6ebce114dd13e4d9cbfd520d4f4bbda4) C:\Windows\system32\drivers\DefragFS.sys
19:58:34.0390 2672 DefragFS - ok
19:58:34.0416 2672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:58:34.0426 2672 defragsvc - ok
19:58:34.0446 2672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:58:34.0452 2672 DfsC - ok
19:58:34.0473 2672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:58:34.0483 2672 Dhcp - ok
19:58:34.0495 2672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:58:34.0497 2672 discache - ok
19:58:34.0521 2672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:58:34.0527 2672 Disk - ok
19:58:34.0547 2672 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
19:58:34.0552 2672 dmvsc - ok
19:58:34.0575 2672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:58:34.0583 2672 Dnscache - ok
19:58:34.0602 2672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:58:34.0611 2672 dot3svc - ok
19:58:34.0625 2672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:58:34.0632 2672 DPS - ok
19:58:34.0660 2672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:58:34.0663 2672 drmkaud - ok
19:58:34.0694 2672 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:58:34.0711 2672 dtsoftbus01 - ok
19:58:34.0760 2672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:58:34.0785 2672 DXGKrnl - ok
19:58:34.0806 2672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:58:34.0812 2672 EapHost - ok
19:58:34.0928 2672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:58:34.0999 2672 ebdrv - ok
19:58:35.0061 2672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:58:35.0065 2672 EFS - ok
19:58:35.0116 2672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:58:35.0136 2672 ehRecvr - ok
19:58:35.0149 2672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:58:35.0156 2672 ehSched - ok
19:58:35.0216 2672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:58:35.0245 2672 elxstor - ok
19:58:35.0266 2672 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys
19:58:35.0273 2672 emupia - ok
19:58:35.0283 2672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:58:35.0287 2672 ErrDev - ok
19:58:35.0320 2672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:58:35.0332 2672 EventSystem - ok
19:58:35.0347 2672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:58:35.0354 2672 exfat - ok
19:58:35.0370 2672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:58:35.0390 2672 fastfat - ok
19:58:35.0442 2672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:58:35.0465 2672 Fax - ok
19:58:35.0479 2672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:58:35.0483 2672 fdc - ok
19:58:35.0491 2672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:58:35.0508 2672 fdPHost - ok
19:58:35.0523 2672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:58:35.0528 2672 FDResPub - ok
19:58:35.0538 2672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:58:35.0543 2672 FileInfo - ok
19:58:35.0553 2672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:58:35.0557 2672 Filetrace - ok
19:58:35.0565 2672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:58:35.0568 2672 flpydisk - ok
19:58:35.0590 2672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:58:35.0600 2672 FltMgr - ok
19:58:35.0650 2672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:58:35.0674 2672 FontCache - ok
19:58:35.0704 2672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:58:35.0722 2672 FontCache3.0.0.0 - ok
19:58:35.0747 2672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:58:35.0752 2672 FsDepends - ok
19:58:35.0768 2672 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:58:35.0772 2672 Fs_Rec - ok
19:58:35.0790 2672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:58:35.0793 2672 fvevol - ok
19:58:35.0805 2672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:58:35.0811 2672 gagp30kx - ok
19:58:35.0822 2672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:58:35.0827 2672 GEARAspiWDM - ok
19:58:35.0863 2672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:58:35.0878 2672 gpsvc - ok
19:58:35.0918 2672 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:35.0919 2672 gupdate - ok
19:58:35.0922 2672 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:35.0924 2672 gupdatem - ok
19:58:35.0987 2672 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys
19:58:36.0048 2672 ha10kx2k - ok
19:58:36.0115 2672 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys
19:58:36.0158 2672 hap16v2k - ok
19:58:36.0184 2672 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys
19:58:36.0193 2672 hap17v2k - ok
19:58:36.0215 2672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:58:36.0223 2672 hcw85cir - ok
19:58:36.0264 2672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:58:36.0275 2672 HdAudAddService - ok
19:58:36.0296 2672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:36.0303 2672 HDAudBus - ok
19:58:36.0311 2672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:58:36.0315 2672 HidBatt - ok
19:58:36.0325 2672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:58:36.0331 2672 HidBth - ok
19:58:36.0341 2672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:58:36.0346 2672 HidIr - ok
19:58:36.0362 2672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:58:36.0368 2672 hidserv - ok
19:58:36.0384 2672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:58:36.0388 2672 HidUsb - ok
19:58:36.0409 2672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:58:36.0416 2672 hkmsvc - ok
19:58:36.0434 2672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:58:36.0445 2672 HomeGroupListener - ok
19:58:36.0465 2672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:58:36.0474 2672 HomeGroupProvider - ok
19:58:36.0491 2672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:58:36.0496 2672 HpSAMD - ok
19:58:36.0545 2672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:58:36.0561 2672 HTTP - ok
19:58:36.0572 2672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:58:36.0573 2672 hwpolicy - ok
19:58:36.0598 2672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:58:36.0608 2672 i8042prt - ok
19:58:36.0637 2672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:58:36.0648 2672 iaStorV - ok
19:58:36.0722 2672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:58:36.0753 2672 idsvc - ok
19:58:36.0768 2672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:58:36.0773 2672 iirsp - ok
19:58:36.0824 2672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:58:36.0845 2672 IKEEXT - ok
19:58:36.0854 2672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:58:36.0858 2672 intelide - ok
19:58:36.0881 2672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:58:36.0887 2672 intelppm - ok
19:58:36.0904 2672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:58:36.0912 2672 IPBusEnum - ok
19:58:36.0927 2672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:36.0933 2672 IpFilterDriver - ok
19:58:36.0964 2672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:58:36.0980 2672 iphlpsvc - ok
19:58:36.0991 2672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:58:36.0998 2672 IPMIDRV - ok
19:58:37.0011 2672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:58:37.0017 2672 IPNAT - ok
19:58:37.0092 2672 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:58:37.0112 2672 iPod Service - ok
19:58:37.0134 2672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:58:37.0137 2672 IRENUM - ok
19:58:37.0146 2672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:58:37.0158 2672 isapnp - ok
19:58:37.0181 2672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:58:37.0191 2672 iScsiPrt - ok
19:58:37.0223 2672 ISWKL (a4e3d5a24009afc86a94d7aa531f3792) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:58:37.0228 2672 ISWKL - ok
19:58:37.0276 2672 IswSvc (4e4281d5875911f3106aa0cd875b3bbc) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
19:58:37.0300 2672 IswSvc - ok
19:58:37.0320 2672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:58:37.0325 2672 kbdclass - ok
19:58:37.0339 2672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:58:37.0343 2672 kbdhid - ok
19:58:37.0358 2672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:37.0359 2672 KeyIso - ok
19:58:37.0371 2672 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:58:37.0378 2672 KSecDD - ok
19:58:37.0391 2672 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:58:37.0398 2672 KSecPkg - ok
19:58:37.0410 2672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:58:37.0414 2672 ksthunk - ok
19:58:37.0440 2672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:58:37.0452 2672 KtmRm - ok
19:58:37.0472 2672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:58:37.0480 2672 LanmanServer - ok
19:58:37.0498 2672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:58:37.0505 2672 LanmanWorkstation - ok
19:58:37.0526 2672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:58:37.0531 2672 lltdio - ok
19:58:37.0560 2672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:58:37.0570 2672 lltdsvc - ok
19:58:37.0582 2672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:58:37.0587 2672 lmhosts - ok
19:58:37.0604 2672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:58:37.0611 2672 LSI_FC - ok
19:58:37.0624 2672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:58:37.0631 2672 LSI_SAS - ok
19:58:37.0636 2672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:58:37.0641 2672 LSI_SAS2 - ok
19:58:37.0649 2672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:58:37.0667 2672 LSI_SCSI - ok
19:58:37.0682 2672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:58:37.0689 2672 luafv - ok
19:58:37.0707 2672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:58:37.0714 2672 Mcx2Svc - ok
19:58:37.0718 2672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:58:37.0723 2672 megasas - ok
19:58:37.0749 2672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:58:37.0762 2672 MegaSR - ok
19:58:37.0775 2672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:58:37.0781 2672 MMCSS - ok
19:58:37.0794 2672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:58:37.0798 2672 Modem - ok
19:58:37.0819 2672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:58:37.0824 2672 monitor - ok
19:58:37.0835 2672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:58:37.0840 2672 mouclass - ok
19:58:37.0856 2672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
19:58:37.0860 2672 mouhid - ok
19:58:37.0866 2672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:58:37.0869 2672 mountmgr - ok
19:58:37.0884 2672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:58:37.0892 2672 mpio - ok
19:58:37.0903 2672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:58:37.0908 2672 mpsdrv - ok
19:58:37.0956 2672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:58:37.0973 2672 MpsSvc - ok
19:58:37.0987 2672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:58:37.0994 2672 MRxDAV - ok
19:58:38.0018 2672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:38.0025 2672 mrxsmb - ok
19:58:38.0044 2672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:38.0057 2672 mrxsmb10 - ok
19:58:38.0070 2672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:38.0076 2672 mrxsmb20 - ok
19:58:38.0081 2672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:58:38.0097 2672 msahci - ok
19:58:38.0117 2672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:58:38.0124 2672 msdsm - ok
19:58:38.0141 2672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:58:38.0149 2672 MSDTC - ok
19:58:38.0159 2672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:58:38.0176 2672 Msfs - ok
19:58:38.0191 2672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:58:38.0194 2672 mshidkmdf - ok
19:58:38.0202 2672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:58:38.0206 2672 msisadrv - ok
19:58:38.0229 2672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:58:38.0236 2672 MSiSCSI - ok
19:58:38.0241 2672 msiserver - ok
19:58:38.0261 2672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:38.0265 2672 MSKSSRV - ok
19:58:38.0268 2672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:38.0272 2672 MSPCLOCK - ok
19:58:38.0276 2672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:58:38.0279 2672 MSPQM - ok
19:58:38.0303 2672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:58:38.0313 2672 MsRPC - ok
19:58:38.0327 2672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:38.0332 2672 mssmbios - ok
19:58:38.0344 2672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:58:38.0347 2672 MSTEE - ok
19:58:38.0361 2672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:58:38.0365 2672 MTConfig - ok
19:58:38.0395 2672 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
19:58:38.0398 2672 MTsensor - ok
19:58:38.0411 2672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:58:38.0417 2672 Mup - ok
19:58:38.0457 2672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:58:38.0469 2672 napagent - ok
19:58:38.0490 2672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:38.0499 2672 NativeWifiP - ok
19:58:38.0549 2672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:58:38.0566 2672 NDIS - ok
19:58:38.0584 2672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:38.0588 2672 NdisCap - ok
19:58:38.0606 2672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:38.0610 2672 NdisTapi - ok
19:58:38.0622 2672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:38.0627 2672 Ndisuio - ok
19:58:38.0642 2672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:38.0658 2672 NdisWan - ok
19:58:38.0663 2672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:58:38.0668 2672 NDProxy - ok
19:58:38.0691 2672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:58:38.0696 2672 NetBIOS - ok
19:58:38.0733 2672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:58:38.0748 2672 NetBT - ok
19:58:38.0797 2672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:38.0799 2672 Netlogon - ok
19:58:38.0925 2672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:58:38.0939 2672 Netman - ok
19:58:38.0991 2672 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:39.0014 2672 NetMsmqActivator - ok
19:58:39.0017 2672 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:39.0019 2672 NetPipeActivator - ok
19:58:39.0053 2672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:58:39.0068 2672 netprofm - ok
19:58:39.0072 2672 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:39.0073 2672 NetTcpActivator - ok
19:58:39.0076 2672 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:39.0078 2672 NetTcpPortSharing - ok
19:58:39.0103 2672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:58:39.0108 2672 nfrd960 - ok
19:58:39.0131 2672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:58:39.0140 2672 NlaSvc - ok
19:58:39.0150 2672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:58:39.0154 2672 Npfs - ok
19:58:39.0176 2672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:58:39.0180 2672 nsi - ok
19:58:39.0192 2672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:58:39.0193 2672 nsiproxy - ok
19:58:39.0289 2672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:58:39.0329 2672 Ntfs - ok
19:58:39.0382 2672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:58:39.0384 2672 Null - ok
19:58:39.0420 2672 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:58:39.0430 2672 NVENETFD - ok
19:58:39.0462 2672 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
19:58:39.0470 2672 NVHDA - ok
19:58:39.0884 2672 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:58:40.0167 2672 nvlddmkm - ok
19:58:40.0213 2672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:58:40.0219 2672 nvraid - ok
19:58:40.0228 2672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:58:40.0230 2672 nvstor - ok
19:58:40.0283 2672 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
19:58:40.0300 2672 nvsvc - ok
19:58:40.0418 2672 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:58:40.0494 2672 nvUpdatusService - ok
19:58:40.0536 2672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:58:40.0544 2672 nv_agp - ok
19:58:40.0559 2672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:58:40.0564 2672 ohci1394 - ok
19:58:40.0590 2672 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys
19:58:40.0598 2672 ossrv - ok
19:58:40.0624 2672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:58:40.0634 2672 p2pimsvc - ok
19:58:40.0661 2672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:58:40.0680 2672 p2psvc - ok
19:58:40.0694 2672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:58:40.0700 2672 Parport - ok
19:58:40.0707 2672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:58:40.0713 2672 partmgr - ok
19:58:40.0726 2672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:58:40.0734 2672 PcaSvc - ok
19:58:40.0757 2672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:58:40.0771 2672 pci - ok
19:58:40.0775 2672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:58:40.0780 2672 pciide - ok
19:58:40.0797 2672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:58:40.0806 2672 pcmcia - ok
19:58:40.0811 2672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:58:40.0816 2672 pcw - ok
19:58:40.0910 2672 PDAgent (359ab5198077235475a203e15e1c6fc8) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
19:58:40.0960 2672 PDAgent - ok
19:58:41.0071 2672 PDEngine (48e432c8cfc70b2ead9a09593a2d5b14) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
19:58:41.0142 2672 PDEngine - ok
19:58:41.0177 2672 PDFSFilter (2ef8a0b4f7fd501fa74e828b0ad1d9d1) C:\Windows\system32\DRIVERS\PDFsFilter.sys
19:58:41.0184 2672 PDFSFilter - ok
19:58:41.0225 2672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:58:41.0252 2672 PEAUTH - ok
19:58:41.0315 2672 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:58:41.0354 2672 PeerDistSvc - ok
19:58:41.0412 2672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:58:41.0427 2672 PerfHost - ok
19:58:41.0516 2672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:58:41.0554 2672 pla - ok
19:58:41.0593 2672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:58:41.0604 2672 PlugPlay - ok
19:58:41.0611 2672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:58:41.0617 2672 PNRPAutoReg - ok
19:58:41.0637 2672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:58:41.0641 2672 PNRPsvc - ok
19:58:41.0683 2672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:58:41.0700 2672 PolicyAgent - ok
19:58:41.0726 2672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:58:41.0734 2672 Power - ok
19:58:41.0773 2672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:41.0780 2672 PptpMiniport - ok
19:58:41.0841 2672 prio_svc (1761d6b21bc526f877b208fb9469ad61) C:\Program Files\Prio\prio_svc.exe
19:58:41.0844 2672 prio_svc - ok
19:58:41.0983 2672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:58:41.0988 2672 Processor - ok
19:58:42.0010 2672 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:58:42.0018 2672 ProfSvc - ok
19:58:42.0036 2672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:42.0038 2672 ProtectedStorage - ok
19:58:42.0068 2672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:58:42.0070 2672 Psched - ok
19:58:42.0131 2672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:58:42.0167 2672 ql2300 - ok
19:58:42.0223 2672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:58:42.0230 2672 ql40xx - ok
19:58:42.0249 2672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:58:42.0259 2672 QWAVE - ok
19:58:42.0270 2672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:58:42.0288 2672 QWAVEdrv - ok
19:58:42.0309 2672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:42.0315 2672 RasAcd - ok
19:58:42.0337 2672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:42.0342 2672 RasAgileVpn - ok
19:58:42.0354 2672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:58:42.0362 2672 RasAuto - ok
19:58:42.0377 2672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:42.0383 2672 Rasl2tp - ok
19:58:42.0400 2672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:58:42.0411 2672 RasMan - ok
19:58:42.0423 2672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:42.0430 2672 RasPppoe - ok
19:58:42.0436 2672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:42.0441 2672 RasSstp - ok
19:58:42.0458 2672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:42.0469 2672 rdbss - ok
19:58:42.0477 2672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:58:42.0482 2672 rdpbus - ok
19:58:42.0490 2672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:42.0491 2672 RDPCDD - ok
19:58:42.0513 2672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:58:42.0530 2672 RDPDR - ok
19:58:42.0550 2672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:58:42.0551 2672 RDPENCDD - ok
19:58:42.0562 2672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:58:42.0564 2672 RDPREFMP - ok
19:58:42.0580 2672 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:58:42.0584 2672 RdpVideoMiniport - ok
19:58:42.0606 2672 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:58:42.0613 2672 RDPWD - ok
19:58:42.0632 2672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:58:42.0640 2672 rdyboost - ok
19:58:42.0656 2672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:58:42.0662 2672 RemoteAccess - ok
19:58:42.0678 2672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:58:42.0687 2672 RemoteRegistry - ok
19:58:42.0711 2672 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:58:42.0716 2672 RimUsb - ok
19:58:42.0738 2672 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:58:42.0744 2672 RimVSerPort - ok
19:58:42.0758 2672 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:58:42.0761 2672 ROOTMODEM - ok
19:58:42.0782 2672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:58:42.0789 2672 RpcEptMapper - ok
19:58:42.0804 2672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:58:42.0808 2672 RpcLocator - ok
19:58:42.0839 2672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:58:42.0844 2672 RpcSs - ok
19:58:42.0854 2672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:42.0859 2672 rspndr - ok
19:58:42.0876 2672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:58:42.0879 2672 s3cap - ok
19:58:42.0894 2672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:42.0895 2672 SamSs - ok
19:58:42.0941 2672 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:58:42.0944 2672 SASDIFSV - ok
19:58:42.0961 2672 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:58:42.0964 2672 SASKUTIL - ok
19:58:42.0980 2672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:58:42.0986 2672 sbp2port - ok
19:58:43.0000 2672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:58:43.0008 2672 SCardSvr - ok
19:58:43.0019 2672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:58:43.0024 2672 scfilter - ok
19:58:43.0081 2672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:58:43.0106 2672 Schedule - ok
19:58:43.0128 2672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:58:43.0129 2672 SCPolicySvc - ok
19:58:43.0146 2672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:58:43.0156 2672 SDRSVC - ok
19:58:43.0179 2672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:58:43.0183 2672 secdrv - ok
19:58:43.0196 2672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:58:43.0202 2672 seclogon - ok
19:58:43.0217 2672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:58:43.0223 2672 SENS - ok
19:58:43.0233 2672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:58:43.0239 2672 SensrSvc - ok
19:58:43.0253 2672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:58:43.0257 2672 Serenum - ok
19:58:43.0272 2672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:58:43.0278 2672 Serial - ok
19:58:43.0295 2672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:58:43.0299 2672 sermouse - ok
19:58:43.0318 2672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:58:43.0325 2672 SessionEnv - ok
19:58:43.0333 2672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:58:43.0337 2672 sffdisk - ok
19:58:43.0342 2672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:43.0346 2672 sffp_mmc - ok
19:58:43.0350 2672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:58:43.0355 2672 sffp_sd - ok
19:58:43.0363 2672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:58:43.0366 2672 sfloppy - ok
19:58:43.0397 2672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:58:43.0408 2672 SharedAccess - ok
19:58:43.0427 2672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:58:43.0437 2672 ShellHWDetection - ok
19:58:43.0465 2672 Si3531 (1b731ae02fc0c1ccdc4b7d32fcc95660) C:\Windows\system32\DRIVERS\Si3531.sys
19:58:43.0493 2672 Si3531 - ok
19:58:43.0503 2672 SiFilter (8574809375c8147cc9b6a62822018fd6) C:\Windows\system32\DRIVERS\SiWinAcc.sys
19:58:43.0508 2672 SiFilter - ok
19:58:43.0521 2672 SiRemFil (e7b586131c8c417691e303c511c3563b) C:\Windows\system32\DRIVERS\SiRemFil.sys
19:58:43.0524 2672 SiRemFil - ok
19:58:43.0543 2672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:58:43.0549 2672 SiSRaid2 - ok
19:58:43.0555 2672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:58:43.0561 2672 SiSRaid4 - ok
19:58:43.0573 2672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:58:43.0579 2672 Smb - ok
19:58:43.0595 2672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:58:43.0601 2672 SNMPTRAP - ok
19:58:43.0610 2672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:58:43.0615 2672 spldr - ok
19:58:43.0650 2672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:58:43.0672 2672 Spooler - ok
19:58:43.0837 2672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:58:43.0912 2672 sppsvc - ok
19:58:43.0969 2672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:58:43.0975 2672 sppuinotify - ok
19:58:44.0014 2672 SRS_SSCFilter (83be26217fd07b3613d151d24aaa9beb) C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
19:58:44.0026 2672 SRS_SSCFilter - ok
19:58:44.0066 2672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:58:44.0082 2672 srv - ok
19:58:44.0105 2672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:58:44.0117 2672 srv2 - ok
19:58:44.0134 2672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:44.0141 2672 srvnet - ok
19:58:44.0164 2672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:58:44.0180 2672 SSDPSRV - ok
19:58:44.0197 2672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:58:44.0204 2672 SstpSvc - ok
19:58:44.0269 2672 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:58:44.0292 2672 Stereo Service - ok
19:58:44.0311 2672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:58:44.0315 2672 stexstor - ok
19:58:44.0357 2672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:58:44.0373 2672 stisvc - ok
19:58:44.0386 2672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:58:44.0391 2672 storflt - ok
19:58:44.0401 2672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:58:44.0406 2672 storvsc - ok
19:58:44.0417 2672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:58:44.0421 2672 swenum - ok
19:58:44.0454 2672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:58:44.0472 2672 swprv - ok
19:58:44.0484 2672 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
19:58:44.0490 2672 Synth3dVsc - ok
19:58:44.0558 2672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:58:44.0592 2672 SysMain - ok
19:58:44.0638 2672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:58:44.0645 2672 TabletInputService - ok
19:58:44.0665 2672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:58:44.0676 2672 TapiSrv - ok
19:58:44.0690 2672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:58:44.0696 2672 TBS - ok
19:58:44.0784 2672 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:58:44.0858 2672 Tcpip - ok
19:58:44.0934 2672 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:44.0945 2672 TCPIP6 - ok
19:58:44.0976 2672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:58:44.0981 2672 tcpipreg - ok
19:58:44.0992 2672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:58:44.0996 2672 TDPIPE - ok
19:58:45.0012 2672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:58:45.0016 2672 TDTCP - ok
19:58:45.0035 2672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:58:45.0040 2672 tdx - ok
19:58:45.0051 2672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:58:45.0057 2672 TermDD - ok
19:58:45.0074 2672 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
19:58:45.0079 2672 terminpt - ok
19:58:45.0122 2672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:58:45.0144 2672 TermService - ok
19:58:45.0155 2672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:58:45.0160 2672 Themes - ok
19:58:45.0182 2672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:58:45.0184 2672 THREADORDER - ok
19:58:45.0232 2672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:58:45.0239 2672 TrkWks - ok
19:58:45.0274 2672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:58:45.0275 2672 TrustedInstaller - ok
19:58:45.0295 2672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:45.0299 2672 tssecsrv - ok
19:58:45.0320 2672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:58:45.0325 2672 TsUsbFlt - ok
19:58:45.0341 2672 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:58:45.0346 2672 TsUsbGD - ok
19:58:45.0362 2672 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
19:58:45.0368 2672 tsusbhub - ok
19:58:45.0390 2672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:45.0397 2672 tunnel - ok
19:58:45.0408 2672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:58:45.0413 2672 uagp35 - ok
19:58:45.0441 2672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:58:45.0450 2672 udfs - ok
19:58:45.0467 2672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:58:45.0474 2672 UI0Detect - ok
19:58:45.0487 2672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:58:45.0493 2672 uliagpkx - ok
19:58:45.0504 2672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:58:45.0510 2672 umbus - ok
19:58:45.0518 2672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:58:45.0522 2672 UmPass - ok
19:58:45.0542 2672 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:58:45.0553 2672 UmRdpService - ok
19:58:45.0574 2672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:58:45.0585 2672 upnphost - ok
19:58:45.0608 2672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:45.0614 2672 usbccgp - ok
19:58:45.0635 2672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:58:45.0643 2672 usbcir - ok
19:58:45.0654 2672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:45.0659 2672 usbehci - ok
19:58:45.0674 2672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:45.0685 2672 usbhub - ok
19:58:45.0692 2672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:58:45.0696 2672 usbohci - ok
19:58:45.0709 2672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:58:45.0712 2672 usbprint - ok
19:58:45.0726 2672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:45.0732 2672 USBSTOR - ok
19:58:45.0744 2672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:58:45.0748 2672 usbuhci - ok
19:58:45.0759 2672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:58:45.0765 2672 UxSms - ok
19:58:45.0778 2672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:45.0780 2672 VaultSvc - ok
19:58:45.0790 2672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:58:45.0794 2672 vdrvroot - ok
19:58:45.0830 2672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:58:45.0847 2672 vds - ok
19:58:45.0859 2672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:45.0863 2672 vga - ok
19:58:45.0872 2672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:58:45.0876 2672 VgaSave - ok
19:58:45.0880 2672 VGPU - ok
19:58:45.0898 2672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:58:45.0907 2672 vhdmp - ok
19:58:45.0921 2672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:58:45.0925 2672 viaide - ok
19:58:45.0965 2672 VideoAcceleratorService - ok
19:58:45.0976 2672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:58:45.0985 2672 vmbus - ok
19:58:45.0999 2672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:58:46.0015 2672 VMBusHID - ok
19:58:46.0024 2672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:58:46.0031 2672 volmgr - ok
19:58:46.0060 2672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:58:46.0066 2672 volmgrx - ok
19:58:46.0079 2672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:58:46.0089 2672 volsnap - ok
19:58:46.0127 2672 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
19:58:46.0143 2672 Vsdatant - ok
19:58:46.0164 2672 vsmon - ok
19:58:46.0186 2672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:58:46.0193 2672 vsmraid - ok
19:58:46.0262 2672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:58:46.0309 2672 VSS - ok
19:58:46.0365 2672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:58:46.0369 2672 vwifibus - ok
19:58:46.0391 2672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:58:46.0404 2672 W32Time - ok
19:58:46.0416 2672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:58:46.0429 2672 WacomPen - ok
19:58:46.0449 2672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:46.0455 2672 WANARP - ok
19:58:46.0463 2672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:46.0464 2672 Wanarpv6 - ok
19:58:46.0532 2672 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:58:46.0590 2672 WatAdminSvc - ok
19:58:46.0653 2672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:58:46.0695 2672 wbengine - ok
19:58:46.0725 2672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:58:46.0747 2672 WbioSrvc - ok
19:58:46.0772 2672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:58:46.0784 2672 wcncsvc - ok
19:58:46.0795 2672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:58:46.0803 2672 WcsPlugInService - ok
19:58:46.0813 2672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:58:46.0817 2672 Wd - ok
19:58:46.0858 2672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:58:46.0879 2672 Wdf01000 - ok
19:58:46.0886 2672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:58:46.0893 2672 WdiServiceHost - ok
19:58:46.0897 2672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:58:46.0900 2672 WdiSystemHost - ok
19:58:46.0916 2672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:58:46.0927 2672 WebClient - ok
19:58:46.0945 2672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:58:46.0955 2672 Wecsvc - ok
19:58:46.0969 2672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:58:46.0975 2672 wercplsupport - ok
19:58:47.0022 2672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:58:47.0028 2672 WerSvc - ok
19:58:47.0058 2672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:47.0061 2672 WfpLwf - ok
19:58:47.0075 2672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:58:47.0079 2672 WIMMount - ok
19:58:47.0095 2672 WinDefend - ok
19:58:47.0104 2672 WinHttpAutoProxySvc - ok
19:58:47.0141 2672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:58:47.0150 2672 Winmgmt - ok
19:58:47.0235 2672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:58:47.0303 2672 WinRM - ok
19:58:47.0379 2672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:58:47.0384 2672 WinUsb - ok
19:58:47.0431 2672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:58:47.0453 2672 Wlansvc - ok
19:58:47.0467 2672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:58:47.0470 2672 WmiAcpi - ok
19:58:47.0489 2672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:58:47.0497 2672 wmiApSrv - ok
19:58:47.0517 2672 WMPNetworkSvc - ok
19:58:47.0527 2672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:58:47.0533 2672 WPCSvc - ok
19:58:47.0541 2672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:58:47.0550 2672 WPDBusEnum - ok
19:58:47.0563 2672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:47.0566 2672 ws2ifsl - ok
19:58:47.0581 2672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:58:47.0588 2672 wscsvc - ok
19:58:47.0592 2672 WSearch - ok
19:58:47.0680 2672 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:58:47.0728 2672 wuauserv - ok
19:58:47.0758 2672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:58:47.0764 2672 WudfPf - ok
19:58:47.0785 2672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:47.0792 2672 WUDFRd - ok
19:58:47.0805 2672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:58:47.0812 2672 wudfsvc - ok
19:58:47.0826 2672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:58:47.0836 2672 WwanSvc - ok
19:58:47.0853 2672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:58:47.0868 2672 \Device\Harddisk0\DR0 - ok
19:58:47.0871 2672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:58:47.0874 2672 \Device\Harddisk1\DR1 - ok
19:58:47.0877 2672 Boot (0x1200) (ad33fb32c9b4507e60d54ead3cac3b1a) \Device\Harddisk0\DR0\Partition0
19:58:47.0878 2672 \Device\Harddisk0\DR0\Partition0 - ok
19:58:47.0881 2672 Boot (0x1200) (95c49c88e0a135485788c316d33fc18e) \Device\Harddisk1\DR1\Partition0
19:58:47.0882 2672 \Device\Harddisk1\DR1\Partition0 - ok
19:58:47.0882 2672 ============================================================
19:58:47.0882 2672 Scan finished
19:58:47.0882 2672 ============================================================
19:58:49.0863 6056 Detected object count: 0
19:58:49.0863 6056 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 20:03:37
-----------------------------
20:03:37.438 OS Version: Windows x64 6.1.7601 Service Pack 1
20:03:37.438 Number of processors: 2 586 0xF06
20:03:37.439 ComputerName: TIZERIST-PC UserName: tizerist
20:03:37.763 Initialize success
20:05:00.509 AVAST engine defs: 12042801
20:05:31.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000077
20:05:31.944 Disk 0 Vendor: WDC_WD15 20.0 Size: 143089MB BusType: 3
20:05:31.946 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000079
20:05:31.947 Disk 1 Vendor: ST315005 CC34 Size: 476961MB BusType: 3
20:05:31.951 Disk 0 MBR read successfully
20:05:31.953 Disk 0 MBR scan
20:05:31.963 Disk 0 Windows 7 default MBR code
20:05:31.965 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143078 MB offset 63
20:05:31.982 Disk 0 scanning C:\Windows\system32\drivers
20:05:39.431 Service scanning
20:05:54.767 Modules scanning
20:05:54.772 Disk 0 trace - called modules:
20:05:54.783 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
20:05:54.787 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004528360]
20:05:54.790 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80043acb20]
20:05:54.795 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\00000077[0xfffffa80039cc7e0]
20:05:55.326 AVAST engine scan C:\Windows
20:05:59.356 AVAST engine scan C:\Windows\system32
20:09:09.946 AVAST engine scan C:\Windows\system32\drivers
20:09:19.301 AVAST engine scan C:\Users\tizerist
20:10:46.221 AVAST engine scan C:\ProgramData
20:11:00.289 Scan finished successfully
20:11:30.722 Disk 0 MBR has been saved successfully to "C:\Users\tizerist\Desktop\MBR.dat"
20:11:30.727 The log file has been saved successfully to "C:\Users\tizerist\Desktop\aswMBR.txt"

Edited by tizerist, 28 April 2012 - 02:21 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 28 April 2012 - 03:11 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tizerist

tizerist
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 29 April 2012 - 04:44 AM

ComboFix 12-04-28.01 - tizerist 29/04/2012 1:12.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2923 [GMT 1:00]
Running from: c:\users\tizerist\Downloads\ComboFix.exe
Command switches used :: c:\users\tizerist\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 00:23 . 2012-04-29 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 20:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F1D2144-8FBA-4271-828B-A1EB96CA524B}\mpengine.dll
2012-04-26 21:58 . 2012-04-26 21:58 -------- d-----w- c:\users\tizerist\AppData\Local\Research In Motion
2012-04-26 21:58 . 2012-04-26 21:58 -------- d-----w- c:\users\tizerist\AppData\Roaming\Research In Motion
2012-04-26 21:57 . 2011-07-20 13:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-04-26 21:57 . 2012-04-26 21:57 -------- d-----w- c:\programdata\Research In Motion
2012-04-26 21:56 . 2012-04-26 21:57 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-04-26 21:56 . 2012-04-26 21:56 -------- d-----w- c:\program files (x86)\Research In Motion
2012-04-26 21:51 . 2012-04-26 22:19 -------- d-----w- c:\users\tizerist\AppData\Roaming\Mobipocket
2012-04-26 21:51 . 2012-04-26 21:51 -------- d-----w- c:\program files (x86)\Mobipocket.com
2012-04-25 18:15 . 2012-04-25 18:15 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 18:15 . 2012-04-25 18:15 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-21 20:43 . 2012-04-21 20:43 -------- d-----w- c:\users\tizerist\AppData\Local\Adobe
2012-04-21 20:34 . 2012-04-21 20:46 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2012-04-21 20:34 . 2012-04-21 20:34 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2012-04-21 19:05 . 2012-04-21 19:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-14 22:19 . 2010-03-18 19:31 10240 ----a-w- c:\windows\system32\CTDCRES.DLL
2012-04-14 22:08 . 2000-06-26 06:43 254224 ----a-w- c:\windows\SysWow64\drmclien.dll
2012-04-14 18:04 . 2012-04-14 18:04 -------- d-----w- c:\windows\system32\appmgmt
2012-04-14 18:03 . 2012-04-14 18:03 -------- d-----w- c:\users\tizerist\AppData\Local\SRS Labs
2012-04-14 18:02 . 2012-04-14 18:02 -------- d-----w- c:\programdata\SRS Labs
2012-04-14 18:01 . 2009-12-15 13:41 346992 ----a-w- c:\windows\system32\drivers\SRS_SSCFilter_amd64.sys
2012-04-14 16:45 . 2001-05-28 12:47 12288 ----a-w- c:\windows\SysWow64\AHQCpURes.dll
2012-04-14 16:45 . 2001-05-28 12:47 32768 ----a-w- c:\windows\SysWow64\AudioHQU.cpl
2012-04-14 16:22 . 2012-04-14 16:22 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 23:19 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe
2012-04-13 23:18 . 2012-04-13 23:20 -------- d-----w- c:\users\tizerist\AppData\Roaming\Creative
2012-04-13 15:22 . 1996-05-23 02:24 24976 ------w- c:\windows\CTRES.DLL
2012-04-13 15:22 . 1994-12-05 03:11 53552 ------w- c:\windows\CTCCW.DLL
2012-04-13 15:22 . 1998-10-20 08:05 54784 ------w- c:\windows\SysWow64\INETWH32.DLL
2012-04-13 15:22 . 1998-06-05 02:00 84992 ------w- c:\windows\SysWow64\SFCVRT32.DLL
2012-04-13 15:22 . 1995-08-30 02:02 82432 ------w- c:\windows\SysWow64\CTWFLT32.DLL
2012-04-13 15:22 . 1995-07-13 02:01 26768 ------w- c:\windows\SysWow64\CTL3D.DLL
2012-04-13 15:22 . 1995-01-13 06:10 149504 ------w- c:\windows\SysWow64\MFCANS32.DLL
2012-04-13 15:22 . 1995-01-13 06:10 108032 ------w- c:\windows\SysWow64\MFCUIA32.DLL
2012-04-13 15:13 . 2002-11-05 03:06 49152 ----a-w- c:\windows\CTDCRES.DLL
2012-04-13 15:13 . 2002-11-05 02:49 20480 ----a-w- c:\windows\INRES.DLL
2012-04-13 15:04 . 2002-07-25 16:48 7062 ------w- c:\windows\SysWow64\PFMODBS.VXD
2012-04-13 15:04 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-13 15:04 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-13 15:04 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-13 15:04 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-12 13:35 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 13:35 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 13:35 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 13:34 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 13:34 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 13:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 13:34 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 13:34 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 13:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 13:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 19:52 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-04-10 19:52 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-04-10 19:52 . 2010-02-04 09:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-04-10 19:52 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-04-10 19:52 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-04-10 19:52 . 2010-02-04 09:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-04-10 19:52 . 2010-02-04 09:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-04-10 19:52 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-04-06 11:26 . 2012-04-06 11:26 -------- d-----w- c:\program files (x86)\ConvertHelper
2012-04-06 11:24 . 2012-04-06 11:24 -------- d-----w- c:\users\tizerist\dwhelper
2012-04-04 15:52 . 2012-04-27 21:03 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 15:41 . 2012-04-02 15:41 -------- d-----w- c:\program files\iPod
2012-04-02 15:41 . 2012-04-02 15:41 -------- d-----w- c:\program files\iTunes
2012-04-02 15:41 . 2012-04-02 15:41 -------- d-----w- c:\program files (x86)\iTunes
2012-04-02 15:39 . 2012-04-02 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-02 15:39 . 2012-04-02 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-02 15:39 . 2012-04-02 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-02 15:39 . 2012-04-02 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-02 15:39 . 2012-04-02 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-02 15:39 . 2012-04-02 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-02 15:39 . 2012-04-02 15:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-02 15:39 . 2012-04-02 15:39 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-01 09:14 . 2012-04-01 09:14 -------- d-----w- c:\programdata\IObit
2012-04-01 09:14 . 2012-04-01 09:14 -------- d-----w- c:\program files (x86)\IObit
2012-03-31 23:35 . 2012-03-31 23:35 -------- d-----w- c:\users\tizerist\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 23:35 . 2012-03-31 23:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 23:35 . 2012-03-31 23:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 21:03 . 2012-03-19 22:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 22:22 . 2012-03-19 22:04 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-14 22:22 . 2012-03-19 22:04 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-14 22:22 . 2012-03-19 22:04 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-14 22:22 . 2012-03-19 22:04 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-04 14:56 . 2012-03-20 18:25 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 17:02 . 2012-03-20 17:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-20 17:02 . 2012-03-20 17:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-20 17:02 . 2012-03-20 17:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-20 17:02 . 2012-03-20 17:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-20 17:02 . 2012-03-20 17:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-20 17:02 . 2012-03-20 17:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-20 17:02 . 2012-03-20 17:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-20 17:02 . 2012-03-20 17:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-20 17:02 . 2012-03-20 17:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-20 17:02 . 2012-03-20 17:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-20 17:02 . 2012-03-20 17:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-20 17:02 . 2012-03-20 17:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-20 17:02 . 2012-03-20 17:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-20 17:02 . 2012-03-20 17:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-20 17:02 . 2012-03-20 17:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-20 17:02 . 2012-03-20 17:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-20 17:02 . 2012-03-20 17:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-20 17:02 . 2012-03-20 17:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-20 17:02 . 2012-03-20 17:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-20 17:02 . 2012-03-20 17:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-20 17:02 . 2012-03-20 17:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-20 17:02 . 2012-03-20 17:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-20 17:02 . 2012-03-20 17:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-20 17:02 . 2012-03-20 17:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-20 17:02 . 2012-03-20 17:02 448512 ----a-w- c:\windows\system32\html.iec
2012-03-20 17:02 . 2012-03-20 17:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-20 17:02 . 2012-03-20 17:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-20 17:02 . 2012-03-20 17:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-20 17:02 . 2012-03-20 17:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-20 17:02 . 2012-03-20 17:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-20 17:02 . 2012-03-20 17:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-20 17:02 . 2012-03-20 17:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-20 17:02 . 2012-03-20 17:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-20 17:02 . 2012-03-20 17:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-19 22:51 . 2012-03-19 22:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-19 22:43 . 2012-03-19 22:43 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-19 20:57 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-03-19 20:57 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-03-19 20:57 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-03-19 20:57 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-03-19 20:57 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2012-03-01 00:02 . 2012-03-19 22:48 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-03-19 22:48 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-03-19 22:48 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-03-19 22:48 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-03-19 22:48 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-03-19 22:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-03-19 22:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-03-19 22:48 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-03-19 22:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-19 22:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-19 22:48 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-19 22:48 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-03-19 22:48 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-03-19 22:48 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-03-19 22:48 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-03-19 22:48 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-19 22:48 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-03-19 22:48 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-03-19 22:48 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2012-03-19 22:48 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-03-19 22:48 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2012-03-19 22:48 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2012-03-19 22:48 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-01 00:02 . 2012-03-19 22:48 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2012-03-19 22:48 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-03-19 22:48 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-03-19 22:48 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-29 21:00 . 2012-03-19 22:03 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2012-03-19 22:03 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2012-03-19 22:03 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2012-03-19 22:03 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2012-03-19 22:03 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2012-03-19 22:03 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2012-03-19 22:49 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-29 13:26 . 2012-02-29 13:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-29 03:19 . 2012-02-29 03:19 268552 ----a-w- c:\windows\system32\PDBoot.exe
2012-02-28 11:25 . 2012-02-28 11:25 81424 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2012-02-23 09:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-19 21:49 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-19 21:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-19 21:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-19 21:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-19 21:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-19 23:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-19 23:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-19 23:15 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 08:57 . 2012-03-19 22:05 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-31 08:57 . 2012-03-19 22:05 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-03-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-03-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-04-28_14.06.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-28 21:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-28 13:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-28 13:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-28 21:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-28 13:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-28 21:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-28 21:51 44628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-28 21:51 55810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-19 21:00 . 2012-04-28 21:51 10784 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1562124809-1445484738-1484310325-1001_UserData.bin
- 2012-03-19 21:00 . 2012-04-28 13:34 10784 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1562124809-1445484738-1484310325-1001_UserData.bin
- 2012-04-28 13:32 . 2012-04-28 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-28 21:49 . 2012-04-28 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-28 21:49 . 2012-04-28 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-28 13:32 . 2012-04-28 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-28 13:36 664320 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-28 21:55 664320 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-28 21:55 125056 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-28 13:36 125056 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-28 02:46 229880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-28 21:48 229880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-19 22:52 . 2012-04-28 21:48 14292216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1562124809-1445484738-1484310325-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 135168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-05 73360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SBDrvDet"="c:\program files (x86)\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"CTXFIREG"="CTxfiReg.exe" [2007-04-09 43520]
"CTSysVol"="c:\program files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2012-04-21 300656]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 253088]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-02-29 33672]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-02-29 827520]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [x]
S2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [2011-10-07 11184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:03]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 17:39]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 17:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-02-29 1126528]
"AsioReg"="CTASIO.DLL" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\tizerist\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\progra~2\SPEEDB~1\sblsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\tizerist\AppData\Roaming\Mozilla\Firefox\Profiles\71108xo6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/sport/football/teams/chelsea
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-29 02:49:10
ComboFix-quarantined-files.txt 2012-04-29 01:48
ComboFix2.txt 2012-04-28 15:54
.
Pre-Run: 59,421,585,408 bytes free
Post-Run: 59,480,444,928 bytes free
.
- - End Of File - - E150DE0C391910DBAD1E7F2639AB5405

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 29 April 2012 - 06:30 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tizerist

tizerist
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 30 April 2012 - 10:54 AM

Hey thanks Gringo, heres the results

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tizerist :: TIZERIST-PC [administrator]

30/04/2012 00:36:49
mbam-log-2012-04-30 (00-36-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 427963
Time elapsed: 44 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:51:41, on 30/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files (x86)\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\tizerist\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9146 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 30 April 2012 - 11:17 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files (x86)\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tizerist

tizerist
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 01 May 2012 - 04:01 PM

Hi there. Okay, scan is finished. The only thing to copy from the clipboard was

C:\Users\Malcolm\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application

which is certainly a false positive.

So, is it complete now? I'll go ahead and use my three antivirus utilities once the instructions are that it's finished.

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users