Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accounts keep getting compromised


  • This topic is locked This topic is locked
19 replies to this topic

#1 capozide

capozide

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 25 August 2012 - 08:04 AM

Hi,
The past couple of weeks I've kept getting my accounts accessed by other people and I'm unable to find the source. It originally started when my Diablo III account got compromised, and I had to get that account restored. Then just recently I'm receiving messages saying someone in South Korea is accessing my gmail, so I'm worried now that there is some sort of trojan keylogger on my computer. I've tried a decent amount of normal programs in order to try and detect something and remove it, but to no success. Microsoft Security Essentials, Malwarebytes, and a bootable offline version of Windows Defender all found nothing... but my accounts are still being accessed and compromised. I'd just like to try and remove whatever it is without reformatting. I've been changing my passwords every couple of days since this started happening, and some of my accounts are still getting compromised.

Also, unfortunately I've already run Combofix before consulting this forum, simply because while telling a friend of my plight, he recommended using it and I didn't really bother to read the instructions, just brainlessly downloaded and ran it. If you need me to post that log too I can.

EDIT: I also wanted to note that my CD/DVD isn't working/isn't detected by Windows, and it take an abnormal amount of time for my motherboard to go through the post/bios screens upon booting. I have a SSD so usually cold boot to desktop is typically less than 10 seconds, but now I have to wait on the BIOS to finish posting for a least a minute before Windows boots. I've had a friend tell me that this could possible be an Alureon trojan, which upon reading up about, does install on the MBR. But he stated that the bootable Windows Defender should be able to scan and remove it, but it didn't.

Here is my DDS log.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Andrew at 8:44:05 on 2012-08-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2042 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{A77D215C-DB31-4C9D-B011-699B69DF74B1} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\iuvc0irx.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-1 250568]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-1 113120]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-25 12:39:21 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-08-25 12:17:12 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FA985E0-8600-4510-87DF-7338796371BF}\mpengine.dll
2012-08-25 11:59:03 -------- d-----w- C:\$RECYCLE.BIN
2012-08-25 11:50:08 98816 ----a-w- C:\Windows\sed.exe
2012-08-25 11:50:08 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-25 11:50:08 256000 ----a-w- C:\Windows\PEV.exe
2012-08-25 11:50:08 208896 ----a-w- C:\Windows\MBR.exe
2012-08-25 11:34:48 119808 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-08-25 11:26:07 -------- d-----w- C:\Users\Andrew\AppData\Roaming\QuickScan
2012-08-25 07:00:53 -------- d-----w- C:\Users\Andrew\AppData\Local\{C1BBDB7F-4406-4AEA-8600-49D40388681F}
2012-08-24 13:34:22 4121080 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-08-24 13:34:13 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-08-24 13:34:13 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-08-24 13:33:53 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-08-24 12:39:20 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-24 12:39:18 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-24 12:17:41 -------- d-----w- C:\Users\Andrew\AppData\Local\{DCF6519B-04DF-4CF9-8DFF-CC5E89957A24}
2012-08-24 12:11:58 -------- d-----w- C:\gPotato
2012-08-24 00:27:45 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-24 00:17:17 -------- d-----w- C:\Users\Andrew\AppData\Local\{9C041615-D60F-4C5E-BC28-BC5004BD1920}
2012-08-23 10:12:22 -------- d-----w- C:\Users\Andrew\AppData\Local\{C32BC14D-9935-4081-9811-BA959C5F1D3B}
2012-08-22 15:43:50 -------- d-----w- C:\Users\Andrew\AppData\Local\{ED8C7DE8-B1D8-4B75-8BE3-DE2F2AEB76DA}
2012-08-22 00:17:12 -------- d-----w- C:\Users\Andrew\AppData\Local\{C331265E-A337-49A2-AF9E-BBCF7D0664AF}
2012-08-21 10:17:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{95E6DB73-FE4F-47DB-97FD-65E7C1BE2EF8}
2012-08-20 22:04:45 -------- d-----w- C:\Users\Andrew\AppData\Local\{FD9BECDF-53D7-4DAC-834E-4262A14E167B}
2012-08-20 21:37:53 -------- d-----w- C:\found.002
2012-08-20 10:04:21 -------- d-----w- C:\Users\Andrew\AppData\Local\{5220DD70-D8DD-4373-853A-F23A0F3FAEBA}
2012-08-19 15:56:06 -------- d-----w- C:\Users\Andrew\AppData\Local\{9E1E76BF-563C-4DF9-A81E-3CB8A8AFE980}
2012-08-19 13:51:05 -------- d-----w- C:\found.001
2012-08-19 03:55:43 -------- d-----w- C:\Users\Andrew\AppData\Local\{6B6D5453-083C-4F14-B2C9-78A694C6A896}
2012-08-18 15:55:32 -------- d-----w- C:\Users\Andrew\AppData\Local\{1CB43DDA-AEF3-46CC-92CF-5C24C58DD0A8}
2012-08-18 15:55:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{8FFC8D5E-0248-439A-9B4B-1BF00B05C486}
2012-08-18 07:03:15 -------- d-----w- C:\Riot Games
2012-08-18 03:54:59 -------- d-----w- C:\Users\Andrew\AppData\Local\{6EB4919D-7822-4170-BFDA-7AEF9BDFF263}
2012-08-18 03:54:48 -------- d-----w- C:\Users\Andrew\AppData\Local\{BAEDA2DB-01CB-408B-A2B1-630A619BC5DD}
2012-08-17 11:37:35 -------- d-----w- C:\Users\Andrew\AppData\Local\{F30F3211-D14E-477C-B7EA-30970C992079}
2012-08-17 11:37:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{86776F90-0BD5-4581-849C-3F38DE25BED0}
2012-08-16 19:30:35 -------- d-----w- C:\Users\Andrew\AppData\Local\LogiShrd
2012-08-16 19:30:25 53248 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-16 19:30:21 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-08-16 19:29:14 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Logishrd
2012-08-16 10:34:57 -------- d-----w- C:\Users\Andrew\AppData\Local\{484C9022-E024-45C0-A65C-4FC297F7C7B1}
2012-08-16 10:34:46 -------- d-----w- C:\Users\Andrew\AppData\Local\{83F68441-5361-4C85-AEB5-4140042BD154}
2012-08-15 12:02:53 -------- d-----w- C:\Users\Andrew\AppData\Local\{F0824B17-669E-46CF-840B-D47B11FA61DB}
2012-08-15 12:02:31 -------- d-----w- C:\Users\Andrew\AppData\Local\{21DED4A1-555C-4583-9B6E-B59B639B2FA0}
2012-08-15 11:25:56 -------- d-----w- C:\Program Files (x86)\StarCraft II
2012-08-15 10:23:49 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 10:23:49 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 10:23:49 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 10:23:48 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 10:23:48 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 00:02:07 -------- d-----w- C:\Users\Andrew\AppData\Local\{650CFF50-7251-4729-8F4A-C49A3F81B7BE}
2012-08-15 00:01:45 -------- d-----w- C:\Users\Andrew\AppData\Local\{4913A3DD-A62E-48A2-A7A4-17E26015EECB}
2012-08-14 16:33:55 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-14 12:01:21 -------- d-----w- C:\Users\Andrew\AppData\Local\{4E2D19AC-DB0D-47DA-BE26-95C8A6F0E617}
2012-08-14 12:00:59 -------- d-----w- C:\Users\Andrew\AppData\Local\{24D92DF4-8563-406C-AC70-4B31CEEDDFF5}
2012-08-14 00:00:35 -------- d-----w- C:\Users\Andrew\AppData\Local\{4B247820-D438-4778-94D5-5AF60E3D8392}
2012-08-14 00:00:13 -------- d-----w- C:\Users\Andrew\AppData\Local\{19107558-6D19-4345-9378-E5B12C135F5A}
2012-08-13 11:59:49 -------- d-----w- C:\Users\Andrew\AppData\Local\{C66B7E5A-76AC-4A36-8BF4-99FA10C3206D}
2012-08-13 11:59:38 -------- d-----w- C:\Users\Andrew\AppData\Local\{45059744-EAE2-4BAF-84F7-A0FE3E310EDE}
2012-08-12 11:58:48 -------- d-----w- C:\Users\Andrew\AppData\Local\{0B8166BF-A300-48E1-BF95-A0754F8F0CC2}
2012-08-12 11:58:25 -------- d-----w- C:\Users\Andrew\AppData\Local\{AFBC14CE-C13C-4B12-B93A-1B615776D25D}
2012-08-11 23:58:01 -------- d-----w- C:\Users\Andrew\AppData\Local\{C53EFDDD-80C6-4CC2-820B-D25D5DC40049}
2012-08-11 23:57:50 -------- d-----w- C:\Users\Andrew\AppData\Local\{F54DF083-C08B-4E13-AE35-7F6E86C9FF6F}
2012-08-11 10:43:42 -------- d-----w- C:\Users\Andrew\AppData\Local\{499071C3-5692-4003-916F-67A9CBD5434A}
2012-08-11 10:43:26 -------- d-----w- C:\Users\Andrew\AppData\Local\{66934C33-0310-46B7-B634-282E4A529312}
2012-08-10 11:49:46 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
2012-08-10 10:24:53 -------- d-----w- C:\Users\Andrew\AppData\Local\{F77F7F47-14C9-4F82-AAA9-CA49BD7350DE}
2012-08-10 10:24:38 -------- d-----w- C:\Users\Andrew\AppData\Local\{C63A947C-1DD7-4935-B665-71A3913F834F}
2012-08-09 13:02:01 -------- d-----w- C:\found.000
2012-08-09 10:05:42 -------- d-----w- C:\Users\Andrew\AppData\Local\{CEEBB2D2-FE4B-4018-8D4B-F58DE04DFA66}
2012-08-09 10:05:26 -------- d-----w- C:\Users\Andrew\AppData\Local\{C8F8B87D-D053-4F3A-A6ED-81C8E0C375BA}
2012-08-08 21:52:04 -------- d-----w- C:\Users\Andrew\AppData\Local\{65AC95CB-99E3-44AC-94A2-9357AC43A7F3}
2012-08-08 09:51:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{89A1520D-4A5E-422D-8B2A-F7899EC46AD4}
2012-08-08 09:51:14 -------- d-----w- C:\Users\Andrew\AppData\Local\{29D1EDC6-F902-407D-BDE0-D5C50955C91B}
2012-08-07 09:51:33 -------- d-----w- C:\Users\Andrew\AppData\Local\{B97EEA4B-39BA-4A75-A086-7A87B92F31C9}
2012-08-07 09:51:17 -------- d-----w- C:\Users\Andrew\AppData\Local\{A0773112-B0D6-47EE-B8E5-27FE221A126E}
2012-08-06 13:29:03 -------- d-----w- C:\Users\Andrew\AppData\Local\{2BBF598F-E283-4D5E-85CE-CD1491A248FE}
2012-08-06 13:28:45 -------- d-----w- C:\Users\Andrew\AppData\Local\{FF9B5FB1-C403-4156-9800-D99CE366DC07}
2012-08-05 12:49:00 -------- d-----w- C:\Users\Andrew\AppData\Local\{0817BCBD-3F72-4C2E-9278-A05242B8E69F}
2012-08-05 00:48:25 -------- d-----w- C:\Users\Andrew\AppData\Local\{039F59C7-B0C8-43FB-AC56-E52E320BB47D}
2012-08-05 00:48:04 -------- d-----w- C:\Users\Andrew\AppData\Local\{BAA43A7C-4F34-40BC-9ACA-807B3A4042AF}
2012-08-04 12:47:40 -------- d-----w- C:\Users\Andrew\AppData\Local\{F9D19370-E32D-4761-96E9-2A97EBFD6EA5}
2012-08-04 00:47:06 -------- d-----w- C:\Users\Andrew\AppData\Local\{8E3AE0CC-EBE7-4815-8AC5-4B673C2EB8E3}
2012-08-03 13:12:31 -------- d-----w- C:\Users\Andrew\AppData\Local\SKIDROW
2012-08-03 13:11:15 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast LLC
2012-08-03 13:05:24 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2012-08-03 12:56:55 -------- d-----w- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Pro
2012-08-03 12:56:52 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2012-08-03 12:46:36 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes
2012-08-03 12:46:32 -------- d-----w- C:\Users\Andrew\AppData\Local\{5FBB0AE8-8FB3-4102-80AA-AC0DA81079B8}
2012-08-03 12:46:21 -------- d-----w- C:\Users\Andrew\AppData\Local\{7A98018A-1056-43E0-9609-DBFDAE7CC966}
2012-08-03 12:33:20 -------- d-----w- C:\Users\Andrew\AppData\Local\{2974AAC9-12AD-4959-988E-8886CE2E4190}
2012-08-03 12:33:06 -------- d-----w- C:\Users\Andrew\AppData\Local\{67F56157-B253-4348-8C77-E195AF081DC8}
2012-08-03 12:31:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{11D54E83-96A1-4BB6-979A-3B7FF81D453D}
2012-08-02 12:17:15 -------- d-----w- C:\Users\Andrew\AppData\Local\{89A1695C-BF52-4CB0-A505-26CA61393B6C}
2012-08-02 12:16:53 -------- d-----w- C:\Users\Andrew\AppData\Local\{D03F8C72-8B1C-422F-A998-E8044F9CA1F4}
2012-08-02 00:25:06 -------- d-----w- C:\Windows\System32\SPReview
2012-08-02 00:24:59 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-02 00:16:28 -------- d-----w- C:\Users\Andrew\AppData\Local\{1271766F-13A5-45AC-8B16-5BE70D0CE70A}
2012-08-02 00:16:13 -------- d-----w- C:\Users\Andrew\AppData\Local\{AB55A65B-4111-46C3-B409-E7C1D5916529}
2012-08-02 00:05:12 -------- d-----w- C:\Users\Andrew\AppData\Local\{302981A4-CFD2-4FD8-A8A3-83C6B73E7264}
2012-08-02 00:04:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{7463C11E-398A-47C1-8A94-DC6059E6BF34}
2012-08-01 09:54:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{81194533-A0C6-4E0F-8AB0-A9EA537A5B24}
2012-08-01 09:54:39 -------- d-----w- C:\Users\Andrew\AppData\Local\{9228E2B7-B412-4ADA-9CCA-32C250E1FDC4}
2012-07-31 10:33:51 -------- d-----w- C:\Users\Andrew\AppData\Local\{C5DB58AB-6872-416A-9C20-E541F179DC5D}
2012-07-31 10:33:29 -------- d-----w- C:\Users\Andrew\AppData\Local\{6382284F-D0A5-4CC3-86EE-C01FDCCE4C82}
2012-07-30 22:33:03 -------- d-----w- C:\Users\Andrew\AppData\Local\{748AC102-E5E4-41E8-A3AE-C900A149ECA9}
2012-07-30 22:32:41 -------- d-----w- C:\Users\Andrew\AppData\Local\{FF61FE88-37A6-4360-AF55-101C716A42E4}
2012-07-30 10:32:15 -------- d-----w- C:\Users\Andrew\AppData\Local\{4CA79D30-40AE-4D63-953B-8AEFD5BF4A77}
2012-07-30 10:31:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{561AD9EE-3E62-461F-A67B-39183E540CF4}
2012-07-29 22:31:28 -------- d-----w- C:\Users\Andrew\AppData\Local\{E63556DB-D159-4453-9E88-1FB4B04AC154}
2012-07-29 13:04:09 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-29 13:04:09 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-29 10:30:53 -------- d-----w- C:\Users\Andrew\AppData\Local\{381470ED-7634-412A-A282-29173F66D1AF}
2012-07-29 10:30:31 -------- d-----w- C:\Users\Andrew\AppData\Local\{FD3EA7D1-58DF-44F5-8921-33244FBE2F26}
2012-07-28 22:30:03 -------- d-----w- C:\Users\Andrew\AppData\Local\{0958CA54-7B09-4CE5-BDCF-A41FC14E05B2}
2012-07-28 10:29:28 -------- d-----w- C:\Users\Andrew\AppData\Local\{E1AAB7F9-5F21-458F-BD4B-D7ADBD3F7D65}
2012-07-27 22:28:52 -------- d-----w- C:\Users\Andrew\AppData\Local\{F868B9B2-4B52-45AF-93D7-B0F6FBC890FF}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 10:28:18 -------- d-----w- C:\Users\Andrew\AppData\Local\{4942E0D1-4607-4C3F-BDE4-A41C72923E6F}
2012-07-26 22:27:44 -------- d-----w- C:\Users\Andrew\AppData\Local\{7451FAB9-852E-4F37-92D8-F640E93B7406}
2012-07-26 22:27:22 -------- d-----w- C:\Users\Andrew\AppData\Local\{3AC52C88-4B69-4E1F-AF4A-9732862A8C36}
.
==================== Find3M ====================
.
2012-08-25 07:08:36 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 07:08:36 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 12:39:15 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-02 00:27:32 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-02 00:27:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-07 23:24:27 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-07 23:24:27 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-05 01:41:28 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-05 01:41:01 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-30 06:17:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-05-30 06:17:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
.
============= FINISH: 8:44:28.13 ===============

Attached Files


Edited by capozide, 25 August 2012 - 08:12 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 PM

Posted 29 August 2012 - 03:02 PM

Greetings capozide and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2: If you prefer I call you something other than your screen name I would be pleased to do so.


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like you to post the previous Combofix log and run 2 other programs for me. Please complete the following, if you would.


===================================================


chkdsk /r Command from the Run Box in Windows 7/Vista

--------------------

  • Press the windows key Posted Image + r on your keyboard at the same time
  • Copy and paste the following in the Run box then hit Enter

    CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30
  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will reboot
  • Press windows key Posted Image + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Expand Windows Logs, then select Application
  • Locate the entry for today's date and time of running chkdsk /r for an entry similar to this which includes Source Winint and Event ID 1001:

    Posted Image
  • Left click on the entry then copy and paste the information under the General tab in your reply

===================================================


Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.

C:\ComboFix.txt


===================================================


Disable CD Emulation

--------------------

  • Please download DeFogger and save it to your desktop
  • Double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Event viewer information
  • Combofix.txt
  • TDSSKiller log
  • aswMBR log

Edited by Oh My, 29 August 2012 - 05:24 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 capozide

capozide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 29 August 2012 - 05:25 PM

Hi Gary,

Here are the logs you requested. Attached is ComboFix, pasted are TDSS and aswMBR (I think you wanted me to paste those rather than attach?)

TDSS
-----------------
18:06:55.0397 5028 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:06:55.0834 5028 ============================================================
18:06:55.0834 5028 Current date / time: 2012/08/29 18:06:55.0834
18:06:55.0834 5028 SystemInfo:
18:06:55.0834 5028
18:06:55.0834 5028 OS Version: 6.1.7601 ServicePack: 1.0
18:06:55.0834 5028 Product type: Workstation
18:06:55.0834 5028 ComputerName: ANDREW-PC
18:06:55.0834 5028 UserName: Andrew
18:06:55.0834 5028 Windows directory: C:\Windows
18:06:55.0834 5028 System windows directory: C:\Windows
18:06:55.0834 5028 Running under WOW64
18:06:55.0834 5028 Processor architecture: Intel x64
18:06:55.0834 5028 Number of processors: 8
18:06:55.0834 5028 Page size: 0x1000
18:06:55.0834 5028 Boot type: Normal boot
18:06:55.0834 5028 ============================================================
18:06:56.0177 5028 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:06:56.0193 5028 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:06:56.0193 5028 Drive \Device\Harddisk2\DR2 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:06:56.0193 5028 ============================================================
18:06:56.0193 5028 \Device\Harddisk0\DR0:
18:06:56.0193 5028 MBR partitions:
18:06:56.0193 5028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:06:56.0193 5028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
18:06:56.0193 5028 \Device\Harddisk1\DR1:
18:06:56.0193 5028 MBR partitions:
18:06:56.0193 5028 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:06:56.0193 5028 \Device\Harddisk2\DR2:
18:06:56.0193 5028 MBR partitions:
18:06:56.0193 5028 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x1DD2080
18:06:56.0193 5028 ============================================================
18:06:56.0208 5028 C: <-> \Device\Harddisk0\DR0\Partition2
18:06:56.0208 5028 F: <-> \Device\Harddisk1\DR1\Partition1
18:06:56.0208 5028 ============================================================
18:06:56.0208 5028 Initialize success
18:06:56.0208 5028 ============================================================
18:07:07.0483 0856 ============================================================
18:07:07.0483 0856 Scan started
18:07:07.0483 0856 Mode: Manual;
18:07:07.0483 0856 ============================================================
18:07:07.0530 0856 ================ Scan system memory ========================
18:07:07.0530 0856 System memory - ok
18:07:07.0530 0856 ================ Scan services =============================
18:07:07.0546 0856 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:07:07.0561 0856 1394ohci - ok
18:07:07.0561 0856 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:07:07.0561 0856 ACPI - ok
18:07:07.0561 0856 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:07:07.0561 0856 AcpiPmi - ok
18:07:07.0561 0856 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:07:07.0561 0856 AdobeARMservice - ok
18:07:07.0577 0856 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:07.0577 0856 AdobeFlashPlayerUpdateSvc - ok
18:07:07.0592 0856 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:07:07.0592 0856 adp94xx - ok
18:07:07.0592 0856 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:07:07.0592 0856 adpahci - ok
18:07:07.0608 0856 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:07:07.0608 0856 adpu320 - ok
18:07:07.0608 0856 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:07:07.0608 0856 AeLookupSvc - ok
18:07:07.0608 0856 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:07:07.0624 0856 AFD - ok
18:07:07.0624 0856 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:07:07.0624 0856 agp440 - ok
18:07:07.0624 0856 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:07:07.0624 0856 ALG - ok
18:07:07.0624 0856 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:07:07.0624 0856 aliide - ok
18:07:07.0624 0856 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:07:07.0655 0856 AMD External Events Utility - ok
18:07:07.0655 0856 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:07:07.0655 0856 amdide - ok
18:07:07.0655 0856 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:07:07.0670 0856 AmdK8 - ok
18:07:07.0733 0856 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:07:07.0811 0856 amdkmdag - ok
18:07:07.0826 0856 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:07:07.0842 0856 amdkmdap - ok
18:07:07.0842 0856 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:07:07.0842 0856 AmdPPM - ok
18:07:07.0842 0856 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:07:07.0842 0856 amdsata - ok
18:07:07.0842 0856 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:07:07.0842 0856 amdsbs - ok
18:07:07.0858 0856 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:07:07.0858 0856 amdxata - ok
18:07:07.0858 0856 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:07:07.0858 0856 AppID - ok
18:07:07.0858 0856 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:07:07.0858 0856 AppIDSvc - ok
18:07:07.0858 0856 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:07:07.0858 0856 Appinfo - ok
18:07:07.0858 0856 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:07.0858 0856 Apple Mobile Device - ok
18:07:07.0873 0856 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:07:07.0873 0856 AppMgmt - ok
18:07:07.0873 0856 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:07:07.0873 0856 arc - ok
18:07:07.0873 0856 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:07:07.0873 0856 arcsas - ok
18:07:07.0889 0856 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:07:07.0889 0856 aspnet_state - ok
18:07:07.0889 0856 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:07:07.0889 0856 AsyncMac - ok
18:07:07.0889 0856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:07:07.0889 0856 atapi - ok
18:07:07.0889 0856 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:07:07.0889 0856 AtiHDAudioService - ok
18:07:07.0904 0856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:07:07.0904 0856 AudioEndpointBuilder - ok
18:07:07.0920 0856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:07:07.0920 0856 AudioSrv - ok
18:07:07.0920 0856 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:07:07.0920 0856 AxInstSV - ok
18:07:07.0920 0856 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:07:07.0936 0856 b06bdrv - ok
18:07:07.0936 0856 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:07:07.0936 0856 b57nd60a - ok
18:07:07.0936 0856 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:07:07.0936 0856 BDESVC - ok
18:07:07.0936 0856 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:07:07.0951 0856 Beep - ok
18:07:07.0951 0856 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:07:07.0951 0856 BFE - ok
18:07:07.0967 0856 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:07:07.0982 0856 BITS - ok
18:07:07.0982 0856 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:07:07.0982 0856 blbdrive - ok
18:07:07.0982 0856 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:07:07.0998 0856 Bonjour Service - ok
18:07:07.0998 0856 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:07:07.0998 0856 bowser - ok
18:07:07.0998 0856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:07:07.0998 0856 BrFiltLo - ok
18:07:07.0998 0856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:07:07.0998 0856 BrFiltUp - ok
18:07:07.0998 0856 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:07:07.0998 0856 BridgeMP - ok
18:07:08.0014 0856 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:07:08.0014 0856 Browser - ok
18:07:08.0014 0856 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:07:08.0014 0856 Brserid - ok
18:07:08.0014 0856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:07:08.0014 0856 BrSerWdm - ok
18:07:08.0014 0856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:07:08.0014 0856 BrUsbMdm - ok
18:07:08.0029 0856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:07:08.0029 0856 BrUsbSer - ok
18:07:08.0029 0856 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:07:08.0029 0856 BTHMODEM - ok
18:07:08.0029 0856 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:07:08.0029 0856 bthserv - ok
18:07:08.0029 0856 catchme - ok
18:07:08.0029 0856 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:07:08.0029 0856 cdfs - ok
18:07:08.0045 0856 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:07:08.0045 0856 cdrom - ok
18:07:08.0045 0856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:07:08.0045 0856 CertPropSvc - ok
18:07:08.0060 0856 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:07:08.0060 0856 circlass - ok
18:07:08.0060 0856 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:07:08.0060 0856 CLFS - ok
18:07:08.0060 0856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:08.0060 0856 clr_optimization_v2.0.50727_32 - ok
18:07:08.0076 0856 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:07:08.0076 0856 clr_optimization_v2.0.50727_64 - ok
18:07:08.0076 0856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:07:08.0092 0856 clr_optimization_v4.0.30319_32 - ok
18:07:08.0092 0856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:07:08.0092 0856 clr_optimization_v4.0.30319_64 - ok
18:07:08.0092 0856 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:07:08.0092 0856 CmBatt - ok
18:07:08.0107 0856 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:07:08.0107 0856 cmdide - ok
18:07:08.0107 0856 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:07:08.0107 0856 CNG - ok
18:07:08.0107 0856 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:07:08.0107 0856 Compbatt - ok
18:07:08.0107 0856 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:07:08.0123 0856 CompositeBus - ok
18:07:08.0123 0856 COMSysApp - ok
18:07:08.0123 0856 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
18:07:08.0123 0856 cpuz135 - ok
18:07:08.0123 0856 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:07:08.0123 0856 crcdisk - ok
18:07:08.0123 0856 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:07:08.0123 0856 CryptSvc - ok
18:07:08.0138 0856 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:07:08.0138 0856 CSC - ok
18:07:08.0138 0856 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:07:08.0154 0856 CscService - ok
18:07:08.0154 0856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:07:08.0154 0856 DcomLaunch - ok
18:07:08.0170 0856 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:07:08.0170 0856 defragsvc - ok
18:07:08.0170 0856 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:07:08.0170 0856 DfsC - ok
18:07:08.0170 0856 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:07:08.0170 0856 Dhcp - ok
18:07:08.0185 0856 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:07:08.0185 0856 discache - ok
18:07:08.0185 0856 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:07:08.0185 0856 Disk - ok
18:07:08.0185 0856 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:07:08.0185 0856 Dnscache - ok
18:07:08.0185 0856 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:07:08.0201 0856 dot3svc - ok
18:07:08.0201 0856 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:07:08.0201 0856 DPS - ok
18:07:08.0201 0856 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:07:08.0201 0856 drmkaud - ok
18:07:08.0201 0856 dump_wmimmc - ok
18:07:08.0216 0856 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:07:08.0216 0856 DXGKrnl - ok
18:07:08.0216 0856 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
18:07:08.0232 0856 e1yexpress - ok
18:07:08.0232 0856 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:07:08.0232 0856 EapHost - ok
18:07:08.0248 0856 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:07:08.0279 0856 ebdrv - ok
18:07:08.0279 0856 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:07:08.0279 0856 EFS - ok
18:07:08.0294 0856 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:07:08.0294 0856 ehRecvr - ok
18:07:08.0294 0856 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:07:08.0294 0856 ehSched - ok
18:07:08.0294 0856 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:07:08.0310 0856 elxstor - ok
18:07:08.0310 0856 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:07:08.0310 0856 ErrDev - ok
18:07:08.0310 0856 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:07:08.0310 0856 EventSystem - ok
18:07:08.0326 0856 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:07:08.0326 0856 exfat - ok
18:07:08.0326 0856 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:07:08.0326 0856 fastfat - ok
18:07:08.0341 0856 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:07:08.0341 0856 Fax - ok
18:07:08.0341 0856 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:07:08.0341 0856 fdc - ok
18:07:08.0341 0856 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:07:08.0341 0856 fdPHost - ok
18:07:08.0341 0856 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:07:08.0341 0856 FDResPub - ok
18:07:08.0357 0856 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:07:08.0357 0856 FileInfo - ok
18:07:08.0357 0856 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:07:08.0357 0856 Filetrace - ok
18:07:08.0357 0856 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:07:08.0357 0856 flpydisk - ok
18:07:08.0357 0856 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:07:08.0357 0856 FltMgr - ok
18:07:08.0372 0856 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:07:08.0372 0856 FontCache - ok
18:07:08.0388 0856 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:07:08.0388 0856 FontCache3.0.0.0 - ok
18:07:08.0388 0856 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:07:08.0388 0856 FsDepends - ok
18:07:08.0388 0856 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:07:08.0388 0856 Fs_Rec - ok
18:07:08.0388 0856 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:07:08.0388 0856 fvevol - ok
18:07:08.0404 0856 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:07:08.0404 0856 gagp30kx - ok
18:07:08.0404 0856 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:07:08.0404 0856 GEARAspiWDM - ok
18:07:08.0404 0856 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:07:08.0419 0856 gpsvc - ok
18:07:08.0419 0856 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:07:08.0419 0856 hcw85cir - ok
18:07:08.0419 0856 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:07:08.0419 0856 HdAudAddService - ok
18:07:08.0419 0856 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:07:08.0419 0856 HDAudBus - ok
18:07:08.0435 0856 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:07:08.0435 0856 HidBatt - ok
18:07:08.0435 0856 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:07:08.0435 0856 HidBth - ok
18:07:08.0435 0856 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:07:08.0435 0856 HidIr - ok
18:07:08.0435 0856 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:07:08.0435 0856 hidserv - ok
18:07:08.0435 0856 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:07:08.0450 0856 HidUsb - ok
18:07:08.0450 0856 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:07:08.0450 0856 hkmsvc - ok
18:07:08.0450 0856 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:07:08.0450 0856 HomeGroupListener - ok
18:07:08.0466 0856 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:07:08.0466 0856 HomeGroupProvider - ok
18:07:08.0466 0856 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:07:08.0466 0856 HpSAMD - ok
18:07:08.0466 0856 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:07:08.0482 0856 HTTP - ok
18:07:08.0482 0856 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:07:08.0482 0856 hwpolicy - ok
18:07:08.0482 0856 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:07:08.0482 0856 i8042prt - ok
18:07:08.0482 0856 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:07:08.0497 0856 iaStorV - ok
18:07:08.0497 0856 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:07:08.0513 0856 idsvc - ok
18:07:08.0513 0856 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:07:08.0513 0856 iirsp - ok
18:07:08.0513 0856 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:07:08.0528 0856 IKEEXT - ok
18:07:08.0544 0856 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:07:08.0560 0856 IntcAzAudAddService - ok
18:07:08.0560 0856 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:07:08.0560 0856 intelide - ok
18:07:08.0560 0856 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:07:08.0560 0856 intelppm - ok
18:07:08.0560 0856 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:07:08.0575 0856 IPBusEnum - ok
18:07:08.0575 0856 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:07:08.0575 0856 IpFilterDriver - ok
18:07:08.0575 0856 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:07:08.0575 0856 iphlpsvc - ok
18:07:08.0591 0856 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:07:08.0591 0856 IPMIDRV - ok
18:07:08.0591 0856 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:07:08.0591 0856 IPNAT - ok
18:07:08.0591 0856 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:07:08.0606 0856 iPod Service - ok
18:07:08.0606 0856 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:07:08.0606 0856 IRENUM - ok
18:07:08.0606 0856 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:07:08.0606 0856 isapnp - ok
18:07:08.0606 0856 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:07:08.0622 0856 iScsiPrt - ok
18:07:08.0622 0856 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:07:08.0622 0856 kbdclass - ok
18:07:08.0622 0856 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:07:08.0622 0856 kbdhid - ok
18:07:08.0638 0856 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:07:08.0638 0856 KeyIso - ok
18:07:08.0638 0856 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:07:08.0638 0856 KSecDD - ok
18:07:08.0638 0856 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:07:08.0638 0856 KSecPkg - ok
18:07:08.0638 0856 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:07:08.0638 0856 ksthunk - ok
18:07:08.0653 0856 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:07:08.0653 0856 KtmRm - ok
18:07:08.0653 0856 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:07:08.0653 0856 LanmanServer - ok
18:07:08.0653 0856 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:07:08.0669 0856 LanmanWorkstation - ok
18:07:08.0669 0856 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:07:08.0669 0856 LBTServ - ok
18:07:08.0669 0856 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:07:08.0669 0856 LHidFilt - ok
18:07:08.0684 0856 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:07:08.0684 0856 lltdio - ok
18:07:08.0684 0856 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:07:08.0684 0856 lltdsvc - ok
18:07:08.0684 0856 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:07:08.0684 0856 lmhosts - ok
18:07:08.0684 0856 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:07:08.0684 0856 LMouFilt - ok
18:07:08.0700 0856 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:07:08.0700 0856 LSI_FC - ok
18:07:08.0700 0856 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:07:08.0700 0856 LSI_SAS - ok
18:07:08.0700 0856 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:07:08.0700 0856 LSI_SAS2 - ok
18:07:08.0700 0856 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:07:08.0700 0856 LSI_SCSI - ok
18:07:08.0716 0856 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:07:08.0716 0856 luafv - ok
18:07:08.0716 0856 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:07:08.0716 0856 Mcx2Svc - ok
18:07:08.0716 0856 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:07:08.0716 0856 megasas - ok
18:07:08.0716 0856 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:07:08.0716 0856 MegaSR - ok
18:07:08.0731 0856 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:07:08.0731 0856 MMCSS - ok
18:07:08.0731 0856 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:07:08.0731 0856 Modem - ok
18:07:08.0731 0856 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:07:08.0731 0856 monitor - ok
18:07:08.0731 0856 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:07:08.0731 0856 mouclass - ok
18:07:08.0731 0856 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:07:08.0747 0856 mouhid - ok
18:07:08.0747 0856 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:07:08.0747 0856 mountmgr - ok
18:07:08.0747 0856 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:07:08.0747 0856 MozillaMaintenance - ok
18:07:08.0747 0856 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:07:08.0762 0856 MpFilter - ok
18:07:08.0762 0856 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:07:08.0762 0856 mpio - ok
18:07:08.0762 0856 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:07:08.0762 0856 mpsdrv - ok
18:07:08.0778 0856 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:07:08.0778 0856 MpsSvc - ok
18:07:08.0778 0856 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:07:08.0778 0856 MRxDAV - ok
18:07:08.0778 0856 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:07:08.0794 0856 mrxsmb - ok
18:07:08.0794 0856 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:07:08.0794 0856 mrxsmb10 - ok
18:07:08.0794 0856 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:07:08.0794 0856 mrxsmb20 - ok
18:07:08.0794 0856 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:07:08.0794 0856 msahci - ok
18:07:08.0809 0856 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:07:08.0809 0856 msdsm - ok
18:07:08.0809 0856 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:07:08.0809 0856 MSDTC - ok
18:07:08.0809 0856 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:07:08.0809 0856 Msfs - ok
18:07:08.0809 0856 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:07:08.0809 0856 mshidkmdf - ok
18:07:08.0825 0856 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:07:08.0825 0856 msisadrv - ok
18:07:08.0825 0856 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:07:08.0825 0856 MSiSCSI - ok
18:07:08.0825 0856 msiserver - ok
18:07:08.0825 0856 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:07:08.0825 0856 MSKSSRV - ok
18:07:08.0825 0856 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:07:08.0825 0856 MsMpSvc - ok
18:07:08.0825 0856 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:07:08.0825 0856 MSPCLOCK - ok
18:07:08.0840 0856 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:07:08.0840 0856 MSPQM - ok
18:07:08.0840 0856 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:07:08.0840 0856 MsRPC - ok
18:07:08.0840 0856 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:07:08.0840 0856 mssmbios - ok
18:07:08.0840 0856 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:07:08.0840 0856 MSTEE - ok
18:07:08.0856 0856 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:07:08.0856 0856 MTConfig - ok
18:07:08.0856 0856 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:07:08.0856 0856 Mup - ok
18:07:08.0856 0856 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:07:08.0856 0856 napagent - ok
18:07:08.0872 0856 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:07:08.0872 0856 NativeWifiP - ok
18:07:08.0872 0856 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:07:08.0887 0856 NDIS - ok
18:07:08.0887 0856 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:07:08.0887 0856 NdisCap - ok
18:07:08.0887 0856 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:07:08.0887 0856 NdisTapi - ok
18:07:08.0887 0856 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:07:08.0887 0856 Ndisuio - ok
18:07:08.0903 0856 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:07:08.0903 0856 NdisWan - ok
18:07:08.0903 0856 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:07:08.0903 0856 NDProxy - ok
18:07:08.0903 0856 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:07:08.0903 0856 NetBIOS - ok
18:07:08.0903 0856 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:07:08.0903 0856 NetBT - ok
18:07:08.0918 0856 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:07:08.0918 0856 Netlogon - ok
18:07:08.0918 0856 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:07:08.0918 0856 Netman - ok
18:07:08.0918 0856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:08.0918 0856 NetMsmqActivator - ok
18:07:08.0934 0856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:08.0934 0856 NetPipeActivator - ok
18:07:08.0934 0856 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:07:08.0934 0856 netprofm - ok
18:07:08.0934 0856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:08.0934 0856 NetTcpActivator - ok
18:07:08.0934 0856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:08.0950 0856 NetTcpPortSharing - ok
18:07:08.0950 0856 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:07:08.0950 0856 nfrd960 - ok
18:07:08.0950 0856 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:07:08.0950 0856 NisDrv - ok
18:07:08.0950 0856 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:07:08.0950 0856 NisSrv - ok
18:07:08.0965 0856 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:07:08.0965 0856 NlaSvc - ok
18:07:08.0965 0856 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:07:08.0965 0856 Npfs - ok
18:07:08.0965 0856 npggsvc - ok
18:07:08.0965 0856 NPPTNT2 - ok
18:07:08.0965 0856 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:07:08.0965 0856 nsi - ok
18:07:08.0981 0856 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:07:08.0981 0856 nsiproxy - ok
18:07:08.0981 0856 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:07:08.0996 0856 Ntfs - ok
18:07:09.0012 0856 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:07:09.0012 0856 Null - ok
18:07:09.0012 0856 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:07:09.0028 0856 nvraid - ok
18:07:09.0028 0856 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:07:09.0028 0856 nvstor - ok
18:07:09.0028 0856 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:07:09.0028 0856 nv_agp - ok
18:07:09.0028 0856 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:07:09.0028 0856 ohci1394 - ok
18:07:09.0028 0856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:07:09.0043 0856 p2pimsvc - ok
18:07:09.0043 0856 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:07:09.0043 0856 p2psvc - ok
18:07:09.0043 0856 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:07:09.0043 0856 Parport - ok
18:07:09.0059 0856 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:07:09.0059 0856 partmgr - ok
18:07:09.0059 0856 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:07:09.0059 0856 PcaSvc - ok
18:07:09.0059 0856 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:07:09.0059 0856 pci - ok
18:07:09.0059 0856 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:07:09.0059 0856 pciide - ok
18:07:09.0074 0856 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:07:09.0074 0856 pcmcia - ok
18:07:09.0074 0856 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:07:09.0074 0856 pcw - ok
18:07:09.0074 0856 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:07:09.0090 0856 PEAUTH - ok
18:07:09.0090 0856 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:07:09.0106 0856 PeerDistSvc - ok
18:07:09.0121 0856 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:07:09.0121 0856 PerfHost - ok
18:07:09.0137 0856 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:07:09.0152 0856 pla - ok
18:07:09.0152 0856 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:07:09.0152 0856 PlugPlay - ok
18:07:09.0168 0856 PnkBstrA - ok
18:07:09.0168 0856 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:07:09.0168 0856 PNRPAutoReg - ok
18:07:09.0168 0856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:07:09.0168 0856 PNRPsvc - ok
18:07:09.0168 0856 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:07:09.0184 0856 PolicyAgent - ok
18:07:09.0184 0856 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:07:09.0184 0856 Power - ok
18:07:09.0184 0856 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:07:09.0184 0856 PptpMiniport - ok
18:07:09.0199 0856 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:07:09.0199 0856 Processor - ok
18:07:09.0199 0856 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:07:09.0199 0856 ProfSvc - ok
18:07:09.0199 0856 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:07:09.0199 0856 ProtectedStorage - ok
18:07:09.0199 0856 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:07:09.0199 0856 Psched - ok
18:07:09.0215 0856 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:07:09.0230 0856 ql2300 - ok
18:07:09.0230 0856 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:07:09.0230 0856 ql40xx - ok
18:07:09.0230 0856 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:07:09.0246 0856 QWAVE - ok
18:07:09.0246 0856 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:07:09.0246 0856 QWAVEdrv - ok
18:07:09.0246 0856 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:07:09.0246 0856 RasAcd - ok
18:07:09.0246 0856 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:07:09.0246 0856 RasAgileVpn - ok
18:07:09.0246 0856 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:07:09.0246 0856 RasAuto - ok
18:07:09.0246 0856 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:07:09.0262 0856 Rasl2tp - ok
18:07:09.0262 0856 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:07:09.0262 0856 RasMan - ok
18:07:09.0262 0856 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:07:09.0262 0856 RasPppoe - ok
18:07:09.0262 0856 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:07:09.0262 0856 RasSstp - ok
18:07:09.0277 0856 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:07:09.0277 0856 rdbss - ok
18:07:09.0277 0856 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:07:09.0277 0856 rdpbus - ok
18:07:09.0277 0856 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:07:09.0277 0856 RDPCDD - ok
18:07:09.0277 0856 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:07:09.0293 0856 RDPDR - ok
18:07:09.0293 0856 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:07:09.0293 0856 RDPENCDD - ok
18:07:09.0293 0856 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:07:09.0293 0856 RDPREFMP - ok
18:07:09.0293 0856 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:07:09.0293 0856 RdpVideoMiniport - ok
18:07:09.0293 0856 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:07:09.0293 0856 RDPWD - ok
18:07:09.0308 0856 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:07:09.0308 0856 rdyboost - ok
18:07:09.0308 0856 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:07:09.0308 0856 RemoteAccess - ok
18:07:09.0308 0856 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:07:09.0308 0856 RemoteRegistry - ok
18:07:09.0324 0856 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:07:09.0324 0856 RpcEptMapper - ok
18:07:09.0324 0856 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:07:09.0324 0856 RpcLocator - ok
18:07:09.0324 0856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:07:09.0324 0856 RpcSs - ok
18:07:09.0324 0856 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:07:09.0340 0856 rspndr - ok
18:07:09.0340 0856 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:07:09.0340 0856 s3cap - ok
18:07:09.0340 0856 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:07:09.0340 0856 SamSs - ok
18:07:09.0340 0856 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:07:09.0340 0856 sbp2port - ok
18:07:09.0340 0856 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:07:09.0340 0856 SCardSvr - ok
18:07:09.0355 0856 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:07:09.0355 0856 scfilter - ok
18:07:09.0355 0856 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:07:09.0371 0856 Schedule - ok
18:07:09.0371 0856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:07:09.0371 0856 SCPolicySvc - ok
18:07:09.0371 0856 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:07:09.0371 0856 SDRSVC - ok
18:07:09.0371 0856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:07:09.0371 0856 secdrv - ok
18:07:09.0386 0856 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:07:09.0386 0856 seclogon - ok
18:07:09.0386 0856 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:07:09.0386 0856 SENS - ok
18:07:09.0386 0856 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:07:09.0386 0856 SensrSvc - ok
18:07:09.0386 0856 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:07:09.0386 0856 Serenum - ok
18:07:09.0386 0856 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:07:09.0386 0856 Serial - ok
18:07:09.0402 0856 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:07:09.0402 0856 sermouse - ok
18:07:09.0402 0856 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:07:09.0402 0856 SessionEnv - ok
18:07:09.0402 0856 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:07:09.0402 0856 sffdisk - ok
18:07:09.0402 0856 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:07:09.0402 0856 sffp_mmc - ok
18:07:09.0402 0856 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:07:09.0402 0856 sffp_sd - ok
18:07:09.0418 0856 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:07:09.0418 0856 sfloppy - ok
18:07:09.0418 0856 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:07:09.0418 0856 SharedAccess - ok
18:07:09.0418 0856 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:07:09.0433 0856 ShellHWDetection - ok
18:07:09.0433 0856 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:07:09.0433 0856 SiSRaid2 - ok
18:07:09.0433 0856 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:07:09.0433 0856 SiSRaid4 - ok
18:07:09.0433 0856 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:07:09.0433 0856 Smb - ok
18:07:09.0433 0856 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:07:09.0449 0856 SNMPTRAP - ok
18:07:09.0449 0856 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:07:09.0449 0856 spldr - ok
18:07:09.0449 0856 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:07:09.0464 0856 Spooler - ok
18:07:09.0496 0856 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:07:09.0511 0856 sppsvc - ok
18:07:09.0527 0856 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:07:09.0527 0856 sppuinotify - ok
18:07:09.0527 0856 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:07:09.0527 0856 srv - ok
18:07:09.0542 0856 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:07:09.0542 0856 srv2 - ok
18:07:09.0542 0856 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:07:09.0542 0856 srvnet - ok
18:07:09.0542 0856 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:07:09.0542 0856 SSDPSRV - ok
18:07:09.0558 0856 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:07:09.0558 0856 SstpSvc - ok
18:07:09.0558 0856 Steam Client Service - ok
18:07:09.0558 0856 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:07:09.0558 0856 stexstor - ok
18:07:09.0558 0856 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:07:09.0574 0856 stisvc - ok
18:07:09.0574 0856 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:07:09.0574 0856 storflt - ok
18:07:09.0574 0856 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:07:09.0574 0856 storvsc - ok
18:07:09.0574 0856 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:07:09.0574 0856 swenum - ok
18:07:09.0589 0856 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:07:09.0589 0856 swprv - ok
18:07:09.0589 0856 Synth3dVsc - ok
18:07:09.0605 0856 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:07:09.0620 0856 SysMain - ok
18:07:09.0620 0856 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:07:09.0620 0856 TabletInputService - ok
18:07:09.0620 0856 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:07:09.0620 0856 TapiSrv - ok
18:07:09.0636 0856 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:07:09.0636 0856 TBS - ok
18:07:09.0652 0856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:07:09.0652 0856 Tcpip - ok
18:07:09.0667 0856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:07:09.0683 0856 TCPIP6 - ok
18:07:09.0683 0856 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:07:09.0683 0856 tcpipreg - ok
18:07:09.0683 0856 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:07:09.0683 0856 TDPIPE - ok
18:07:09.0683 0856 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:07:09.0683 0856 TDTCP - ok
18:07:09.0698 0856 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:07:09.0698 0856 tdx - ok
18:07:09.0698 0856 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:07:09.0698 0856 TermDD - ok
18:07:09.0698 0856 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:07:09.0714 0856 TermService - ok
18:07:09.0714 0856 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:07:09.0714 0856 Themes - ok
18:07:09.0714 0856 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:07:09.0714 0856 THREADORDER - ok
18:07:09.0714 0856 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:07:09.0714 0856 TrkWks - ok
18:07:09.0730 0856 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:07:09.0730 0856 TrustedInstaller - ok
18:07:09.0730 0856 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:07:09.0730 0856 tssecsrv - ok
18:07:09.0730 0856 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:07:09.0730 0856 TsUsbFlt - ok
18:07:09.0730 0856 tsusbhub - ok
18:07:09.0730 0856 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:07:09.0745 0856 tunnel - ok
18:07:09.0745 0856 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:07:09.0745 0856 uagp35 - ok
18:07:09.0745 0856 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:07:09.0745 0856 udfs - ok
18:07:09.0745 0856 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:07:09.0761 0856 UI0Detect - ok
18:07:09.0761 0856 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:07:09.0761 0856 uliagpkx - ok
18:07:09.0761 0856 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:07:09.0761 0856 umbus - ok
18:07:09.0761 0856 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:07:09.0761 0856 UmPass - ok
18:07:09.0761 0856 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:07:09.0761 0856 UmRdpService - ok
18:07:09.0776 0856 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:07:09.0776 0856 upnphost - ok
18:07:09.0776 0856 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:07:09.0792 0856 usbccgp - ok
18:07:09.0792 0856 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:07:09.0792 0856 usbcir - ok
18:07:09.0792 0856 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:07:09.0792 0856 usbehci - ok
18:07:09.0808 0856 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:07:09.0808 0856 usbhub - ok
18:07:09.0808 0856 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:07:09.0823 0856 usbohci - ok
18:07:09.0823 0856 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:07:09.0823 0856 usbprint - ok
18:07:09.0823 0856 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:07:09.0839 0856 USBSTOR - ok
18:07:09.0839 0856 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:07:09.0839 0856 usbuhci - ok
18:07:09.0839 0856 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:07:09.0839 0856 UxSms - ok
18:07:09.0839 0856 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:07:09.0839 0856 VaultSvc - ok
18:07:09.0839 0856 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:07:09.0854 0856 vdrvroot - ok
18:07:09.0854 0856 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:07:09.0854 0856 vds - ok
18:07:09.0854 0856 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:07:09.0854 0856 vga - ok
18:07:09.0854 0856 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:07:09.0870 0856 VgaSave - ok
18:07:09.0870 0856 VGPU - ok
18:07:09.0870 0856 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:07:09.0870 0856 vhdmp - ok
18:07:09.0870 0856 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:07:09.0870 0856 viaide - ok
18:07:09.0870 0856 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:07:09.0886 0856 vmbus - ok
18:07:09.0886 0856 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:07:09.0886 0856 VMBusHID - ok
18:07:09.0886 0856 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:07:09.0886 0856 volmgr - ok
18:07:09.0886 0856 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:07:09.0886 0856 volmgrx - ok
18:07:09.0901 0856 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:07:09.0901 0856 volsnap - ok
18:07:09.0901 0856 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:07:09.0901 0856 vsmraid - ok
18:07:09.0917 0856 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:07:09.0932 0856 VSS - ok
18:07:09.0932 0856 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:07:09.0932 0856 vwifibus - ok
18:07:09.0932 0856 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:07:09.0932 0856 W32Time - ok
18:07:09.0948 0856 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:07:09.0948 0856 WacomPen - ok
18:07:09.0948 0856 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:07:09.0948 0856 WANARP - ok
18:07:09.0948 0856 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:07:09.0948 0856 Wanarpv6 - ok
18:07:09.0964 0856 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:07:09.0964 0856 WatAdminSvc - ok
18:07:09.0979 0856 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:07:09.0995 0856 wbengine - ok
18:07:09.0995 0856 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:07:09.0995 0856 WbioSrvc - ok
18:07:09.0995 0856 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:07:10.0010 0856 wcncsvc - ok
18:07:10.0010 0856 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:07:10.0010 0856 WcsPlugInService - ok
18:07:10.0010 0856 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:07:10.0010 0856 Wd - ok
18:07:10.0026 0856 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:07:10.0026 0856 Wdf01000 - ok
18:07:10.0026 0856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:07:10.0026 0856 WdiServiceHost - ok
18:07:10.0026 0856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:07:10.0026 0856 WdiSystemHost - ok
18:07:10.0026 0856 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:07:10.0042 0856 WebClient - ok
18:07:10.0042 0856 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:07:10.0042 0856 Wecsvc - ok
18:07:10.0042 0856 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:07:10.0042 0856 wercplsupport - ok
18:07:10.0042 0856 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:07:10.0057 0856 WerSvc - ok
18:07:10.0057 0856 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:07:10.0057 0856 WfpLwf - ok
18:07:10.0057 0856 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:07:10.0057 0856 WIMMount - ok
18:07:10.0057 0856 WinDefend - ok
18:07:10.0057 0856 WinHttpAutoProxySvc - ok
18:07:10.0073 0856 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:07:10.0073 0856 Winmgmt - ok
18:07:10.0088 0856 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:07:10.0104 0856 WinRM - ok
18:07:10.0104 0856 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:07:10.0120 0856 Wlansvc - ok
18:07:10.0135 0856 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:07:10.0151 0856 wlidsvc - ok
18:07:10.0151 0856 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:07:10.0151 0856 WmiAcpi - ok
18:07:10.0151 0856 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:07:10.0166 0856 wmiApSrv - ok
18:07:10.0166 0856 WMPNetworkSvc - ok
18:07:10.0166 0856 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:07:10.0166 0856 WPCSvc - ok
18:07:10.0166 0856 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:07:10.0166 0856 WPDBusEnum - ok
18:07:10.0166 0856 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:07:10.0166 0856 ws2ifsl - ok
18:07:10.0182 0856 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:07:10.0182 0856 wscsvc - ok
18:07:10.0182 0856 WSearch - ok
18:07:10.0198 0856 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:07:10.0213 0856 wuauserv - ok
18:07:10.0213 0856 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:07:10.0213 0856 WudfPf - ok
18:07:10.0229 0856 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:07:10.0229 0856 WUDFRd - ok
18:07:10.0229 0856 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:07:10.0229 0856 wudfsvc - ok
18:07:10.0229 0856 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:07:10.0229 0856 WwanSvc - ok
18:07:10.0244 0856 ================ Scan global ===============================
18:07:10.0244 0856 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:07:10.0244 0856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:07:10.0244 0856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:07:10.0244 0856 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:07:10.0260 0856 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:07:10.0260 0856 [Global] - ok
18:07:10.0260 0856 ================ Scan MBR ==================================
18:07:10.0260 0856 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:07:10.0416 0856 \Device\Harddisk0\DR0 - ok
18:07:10.0416 0856 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:07:10.0416 0856 \Device\Harddisk1\DR1 - ok
18:07:10.0416 0856 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
18:07:10.0900 0856 \Device\Harddisk2\DR2 - ok
18:07:10.0900 0856 ================ Scan VBR ==================================
18:07:10.0900 0856 [ C29786383CDF310B07FFF3CF3EA11FA2 ] \Device\Harddisk0\DR0\Partition1
18:07:10.0900 0856 \Device\Harddisk0\DR0\Partition1 - ok
18:07:10.0900 0856 [ DA94EF9DF6182F5F0F4FD5B48003D771 ] \Device\Harddisk0\DR0\Partition2
18:07:10.0900 0856 \Device\Harddisk0\DR0\Partition2 - ok
18:07:10.0900 0856 [ A658475E48EC74FC6F5B790A9AA6AFA7 ] \Device\Harddisk1\DR1\Partition1
18:07:10.0900 0856 \Device\Harddisk1\DR1\Partition1 - ok
18:07:10.0900 0856 [ 009D1B2052790B4A71A36A14867C3576 ] \Device\Harddisk2\DR2\Partition1
18:07:10.0915 0856 \Device\Harddisk2\DR2\Partition1 - ok
18:07:10.0915 0856 ============================================================
18:07:10.0915 0856 Scan finished
18:07:10.0915 0856 ============================================================
18:07:10.0915 5160 Detected object count: 0
18:07:10.0915 5160 Actual detected object count: 0
18:08:18.0369 4236 Deinitialize success


aswMBR
------------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 18:19:18
-----------------------------
18:19:18.281 OS Version: Windows x64 6.1.7601 Service Pack 1
18:19:18.281 Number of processors: 8 586 0x1A05
18:19:18.281 ComputerName: ANDREW-PC UserName: Andrew
18:19:18.437 Initialize success
18:19:21.807 AVAST engine defs: 12082901
18:19:26.700 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
18:19:26.700 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 3
18:19:26.700 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
18:19:26.700 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
18:19:26.715 Disk 0 MBR read successfully
18:19:26.715 Disk 0 MBR scan
18:19:26.715 Disk 0 Windows 7 default MBR code
18:19:26.731 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:19:26.731 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
18:19:26.731 Disk 0 scanning C:\Windows\system32\drivers
18:19:30.444 Service scanning
18:19:35.108 Modules scanning
18:19:35.108 Disk 0 trace - called modules:
18:19:35.108 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:19:35.108 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004567790]
18:19:35.124 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004330520]
18:19:35.124 5 ACPI.sys[fffff88000d7c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa8004349680]
18:19:35.311 AVAST engine scan C:\Windows
18:19:36.949 AVAST engine scan C:\Windows\system32
18:20:44.012 AVAST engine scan C:\Windows\system32\drivers
18:20:47.832 AVAST engine scan C:\Users\Andrew
18:21:07.134 AVAST engine scan C:\ProgramData
18:21:18.937 Scan finished successfully
18:21:29.061 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\Desktop\MBR.dat"
18:21:29.061 The log file has been saved successfully to "C:\Users\Andrew\Desktop\aswMBR.txt"

Thanks for your time,
--Andrew

Attached Files



#4 capozide

capozide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 29 August 2012 - 05:51 PM

chkdsk log as requested:




Checking file system on C:
The type of the file system is NTFS.
Volume label is SSD Boot.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
187648 file records processed. File verification completed.
574 large file records processed. 0 bad file records processed. 2 EA records processed. 43 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
263394 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
187648 file SDs/SIDs processed. Cleaning up 91 unused index entries from index $SII of file 0x9.
Cleaning up 91 unused index entries from index $SDH of file 0x9.
Cleaning up 91 unused security descriptors.
Security descriptor verification completed.
37874 data files processed. CHKDSK is verifying Usn Journal...
34568312 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
187632 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
8282108 free clusters processed. Free space verification is complete.
Windows has checked the file system and found no problems.

124930047 KB total disk space.
91409804 KB in 140827 files.
99316 KB in 37875 indexes.
0 KB in bad sectors.
292495 KB in use by the system.
65536 KB occupied by the log file.
33128432 KB available on disk.

4096 bytes in each allocation unit.
31232511 total allocation units on disk.
8282108 allocation units available on disk.

Internal Info:
00 dd 02 00 19 ba 02 00 78 27 05 00 00 00 00 00 ........x'......
6a 01 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 j...+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 PM

Posted 29 August 2012 - 07:21 PM

Greetings capozide,

You ran Combofix in August 25th. Have you changed your passwords since that date and do you have any confirmed account hacking after that? Example, changed password on Gmail on the 27th but notified on the 28th someone overseas is accessing the account.

I want to look a little deeper into your computer. Please do this for me.


===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


xPUD MBR Dump and Driver Scan using USB

--------------------

Try this please. You will need a USB drive with no less than 64 mb of space.

  • Insert your USB drive. Caution: The next step will remove all information from your USB device.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop.
  • Download UNetbootin and save it to your Desktop as well.
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run then OK. Note: If you receive the message "You must select a distribution to load" just follow the instructions/image below
  • Select the Diskimage Option then click the Browse Button located on the right side of the textbox field.


    Posted Image

  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?) If it is not there remove the USB device for 5 seconds then reinsert.
  • Confirm that you see driver.sh that you downloaded there
  • Click Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh and press Enter
  • After it has finished a report will be located on your USB device named report.txt
  • Now type bash driver.sh -af and press Enter
  • You will be prompted to input a file name. Please type the following then press Enter:

    Winlogon.exe
  • After the search is completed please type the following then press Enter:

    volsnap.sys
  • After the search is completed please type the following then press Enter:

    explorer.exe
  • After the search is completed please type the following then press Enter:

    Userinit.exe
  • After the search is complete please type Exit and press Enter
  • A report will be located in the USB drive as filefind.txt
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • After it has finished (within just a few seconds) a file will be located on your USB drive named mbr.bin.
  • Remove the USB drive, insert it back in your working computer
  • Navigate to mbr.bin, zip the file, and attach it to your next reply
  • Copy and paste the contents of report.txt and filefind.txt in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • BSOD.txt
  • report.txt
  • filefind.txt
  • mbr.zip (attach)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 capozide

capozide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 30 August 2012 - 11:25 AM

Hi Gary,

I was unable to run the 2nd program on the USB drive, it keept saying BOOTMGR missing, press ctrl + alt + del to restart, I've tried reformatting and following the steps twice, and it doesn't boot for me.

EDIT: Also yes, I'm still getting emails in my gmail saying that different accounts I have are requesting a password change, when I didn't do them myself. Just had another one on 8/28 after running combofix.

Here is my BSOD log.


==================================================
Dump File : 081912-11809-01.dmp
Crash Time : 8/19/2012 3:14:35 AM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`044e88f8
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b09cc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+4b09cc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081912-11809-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 081012-7706-01.dmp
Crash Time : 8/10/2012 7:58:11 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`4002b8d8
Parameter 2 : ffffffff`c0000185
Parameter 3 : 00000000`134fa860
Parameter 4 : fffff880`0571bcd0
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081012-7706-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 080212-7534-01.dmp
Crash Time : 8/2/2012 1:04:13 PM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`045318f8
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b09cc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+4b09cc
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080212-7534-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 071012-9656-01.dmp
Crash Time : 7/10/2012 8:43:29 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0654fb30
Parameter 3 : fffffa80`0654fe10
Parameter 4 : fffff800`031d2720
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\071012-9656-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 276,192
==================================================

==================================================
Dump File : 070112-11247-01.dmp
Crash Time : 7/1/2012 11:22:52 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fb`80000000
Parameter 2 : ffffffff`c000000e
Parameter 3 : 00000000`147d3880
Parameter 4 : fffff700`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\070112-11247-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 283,904
==================================================

==================================================
Dump File : 051612-8143-01.dmp
Crash Time : 5/16/2012 11:37:56 AM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`03cc1038
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4a4f1c
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+4a4f1c
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051612-8143-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 262,144
==================================================

Edited by capozide, 30 August 2012 - 11:29 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 PM

Posted 30 August 2012 - 02:00 PM

Greetings capozide,

Please attempt it again one more time but make sure when you format the USB device you select FAT32. Sometimes this makes a difference.

Please let me know what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 capozide

capozide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 30 August 2012 - 02:23 PM

FAT32 formatting got it past the original error I had, but now it's booting into xpud and then giving a ton of errors and shows no GUI and then proceeds to do nothing. Tried reinstalling it twice on FAT32

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 PM

Posted 30 August 2012 - 03:51 PM

Greetings capozide,

OK, let's see if we can get your CD up and running. There is another way to do the same thing we have been trying but by using a CD. Please perform the following steps for me.


===================================================


Because the steps in the next process are dependent on the state of your computer I am unable to give specific steps all the way to the end of the process. Therefore please follow the prompts as is requested in the instructions below.


Microsoft CD/DVD Drive Fix it

----------

  • Download MicrosoftFixit.dvd.Run.exe and save it to your desktop
  • Double click the icon and select OK then Run
  • Click Accept then allow the program to run
  • Select Detect problems and apply the fixes for me (Recommended)
  • Continue to follow the prompts
  • Once completer reboot your computer if not done automatically
  • Check to see if your CD/DVD drive is listed and works properly

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Does your CD work?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 capozide

capozide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 31 August 2012 - 05:31 AM

Hey Gary,

Sorry I didn't reply sooner, had to sleep and go to work (I work 3rd shift so that's probably going to slow this process down a bit but, I have the next 2 days off so hopefully we'll make better progress soon).

Anyways, to describe the problem more thoroughly, my CD/DVD drive does work, it's hooked up to my mobo via sata and power. It's just when the computer boots, and I'm looking at my BIOS auto-detect my devices (SSD, HDDs, CD drive, etc)... MOST of the time, it will show ATAPI CD-ROM for the CD-ROM drive, and then it will not appear in Windows and won't boot from the drive. But a couple of times when I've tried to boot off of my USB drive (most recently with xPUD, and with Windows Defender offline, and Windows 7 installer), for the NEXT boot immediately afterwards, it will actually detect the CD drive (It's an ASUS) and will display ASUS-(whatever model number) instead of ATAPI CD-ROM, BIOS will clear and Windows will boot at normal speeds (cold boot to desktop and using programs in 10-15~ seconds typically) and it will appear in Windows and I can read/write discs with it. But after shutting down from that session, and cold booting, or rebooting after that session, it will go back to taking forever for BIOS to finish and to boot (happens 95% of the time unless I do what I described earlier where I change the BIOS boot sequence and then exit BIOS and reboot into Windows).

So upon noticing these changes, I'm not jumping to conclusions, but I think whatever I have is probably affecting my atapi.sys file (causing the slow boot times, and making my CD drive not work since it is the driver for ATA/IDE controller).

So upon this instance, my CD drive is working and the file you told me to download and use found no errors, but I'll try and reduplicate the CD drive problem and then go from there. I'm assuming if I can get my CD drive to work 100% of the time, you'll want me to put the xPUD ISO on a CD/DVD and boot it from there rather than my USB drive since that was unsuccessful.

EDIT: I installed the ISO and also burned the driver.sh file to a CD, and xPUD will boot and show the GUI before it auto boots, but then when it does it goes to a black screen, spits errors, and then does nothing again.

--Andrew

Edited by capozide, 31 August 2012 - 06:01 AM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 PM

Posted 31 August 2012 - 11:38 AM

Greetings capozide,

I am providing instructions for running xPUD from a CD. We will need to burn it again but driver.sh has to be copied onto the USB device.

Please do this.


===================================================


GET xPUD MBR Dump and Driver Search

--------------------

For this step you will need a USB device and a blank CD. I have provided step by step instructions for this process in order to simplify the detailed task.

  • Download GETxPUD.exe to the desktop of your clean computer
  • Double click the Posted Image icon
  • Click Run
  • Double click the Posted Image folder which should now be on your desktop
  • Double click on Posted Image
  • The program will download xpud_0.9.2.iso, and when it is finished it will open a BurnCDCC window

    Posted Image
  • Click on Start, insert a blank CD when instructed, then click OK
  • When completed, the CD will eject for removal
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert both into the infected computer
  • Boot the infected computer with the CD you just burned
  • As the computer boots up gently tap F12 and choose to boot from the CD by using the keyboard arrow keys to highlight CD/DVD and then hit Enter
  • At the first screen select English
  • A Welcome to xPUD screen will appear
  • Press File
  • Under File System on the left hand side click on the triangle symbol to expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB (you should see the driver.sh file)
  • Double click on the folder that represents your USB drive (sdb1 ?).
  • If you do not see the USB device show up, please remove it, wait about 5 seconds, reinsert it, then click on the Refresh icon. It should then be added under mnt
  • On the top bar select Tool then select Open Terminal
  • Type bash driver.sh and press Enter
  • After it has finished a report will be located on your USB device named report.txt
  • Now type bash driver.sh -af and press Enter
  • You will be prompted to input a file name. Please type the following then press Enter:

    Winlogon.exe
  • After the search is completed please type the following then press Enter:

    volsnap.sys
  • After the search is completed please type the following then press Enter:

    explorer.exe
  • After the search is completed please type the following then press Enter:

    Userinit.exe
  • After the search is complete please type Exit and press Enter
  • A report will be located in the USB drive as filefind.txt
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • After it has finished (within just a few seconds) a file will be located on your USB drive named mbr.bin.
  • Remove the USB drive, insert it back in your working computer
  • Navigate to mbr.bin, zip the file, and attach it to your next reply
  • Copy and paste the contents of report.txt and filefind.txt in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • mbr.zip (attach)
  • report.txt
  • filefind.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 PM

Posted 03 September 2012 - 08:31 AM

Greetings capozide,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 capozide

capozide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 04 September 2012 - 05:29 AM

Hey Gary,

Sorry I haven't replied promptly, haven't had much time to keep messing around with the computer issues until now.

I installed xPUD onto another DVD with the directions you gave me, and it still gives me errors. The Welcome to xPUD splash comes up, says Automatic boot in X seconds, then when the countdown is finished it still goes to a black screen and gives errors. There is supposed to be a GUI that comes up correct? If so, I'm not seeing it.

EDIT: Just wanted to add that the microsoft fix dvd program didn't detect any errors/problems with the drive when I ran it.

--Andrew

Edited by capozide, 04 September 2012 - 05:31 AM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 PM

Posted 04 September 2012 - 09:22 AM

Greetings capozide,

No problem with the delay but it helps if you post a quick message "It will be a few days but I am still here." Often time people give up but don't let us know.

Let's reinstall your CD driver. The last Blue Screen error code relates to a hardware issue and that seems to dovetail right into what you are experiencing with your CD.

By the way, your atapi.sys file is fine. I did follow up on your hunch. From your TDSSKiller log:

18:07:07.0889 0856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:07:07.0889 0856 atapi - ok


Please do this.


===================================================


Reinstalling Driver Through Device Manager

----------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type mmc devmgmt.msc and press Enter
  • Expand the CD-ROM device by clicking the + sign
  • Right click on the CD-ROM device and select Uninstall
  • Click Action, then Scan for hardware changes
  • Verify the CD-ROM is listed then try your CD again

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Any change with your CD?

Edited by Oh My, 04 September 2012 - 09:33 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 capozide

capozide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 04 September 2012 - 10:59 AM

Hey Gary,

The CD drive wasn't detected during this boot, I moved the cable from one sata port to another, windows detected it and installed the drivers for it automatically, then I uninstalled and rescanned from the device management, and still no change in the xPUD CD. Here is a picture of it. http://img69.imageshack.us/img69/705/img00991.jpg It also happened with the USB drive after I formatted it to FAT32. Kind of blurry, crappy phone camera.

--Andrew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users