Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me with my scan order


  • Please log in to reply
6 replies to this topic

#1 Hrvoje

Hrvoje

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 18 October 2012 - 02:13 AM

Hi, my girlfriends sister computer is slow like hell. I scann computer with Avira, MBAM and TDSS. These tools found some minor malwares which i deleted. After i run combofix i get "Your system is infected, combofix will now do intensive scan..." and this takes very long time, and i close tool. I read that combofix should only run if someone tells on this forum. What should i do? What scanning order should i do? Sorry for my bad english i hope you get the point :)

BC AdBot (Login to Remove)

 


#2 Quote

Quote

  • Banned
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 PM

Posted 18 October 2012 - 06:21 AM

Hello and welcome to BC!

Can you pleas post the logfiles of MBAM, Avaria and TDSS?

I wait for your next reply.

#3 Hrvoje

Hrvoje
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 18 October 2012 - 08:47 AM

MBAM Quick scan:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.17.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: SXP [administrator]

Protection: Enabled

17.10.2012 19:03:52
mbam-log-2012-10-17 (19-03-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175886
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\User\My Documents\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\User\My Documents\Downloads\DownloadSetup (2).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\User\My Documents\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)


MBAM Full scan:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.18.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: SXP [administrator]

Protection: Enabled

18.10.2012 14:30:36
mbam-log-2012-10-18 (14-30-36).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205205
Time elapsed: 43 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Utilities\[AdminTools]\RockXP4.exe (PUP.PWDump) -> Quarantined and deleted successfully.
C:\Utilities\[AdminTools]\DriverGenius\key.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Utilities\[AdminTools]\ThinApp\key.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.

(end)


TDSS

15:27:19.0625 3580  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:27:19.0796 3580  ============================================================
15:27:19.0796 3580  Current date / time: 2012/10/18 15:27:19.0796
15:27:19.0796 3580  SystemInfo:
15:27:19.0796 3580  
15:27:19.0796 3580  OS Version: 5.1.2600 ServicePack: 3.0
15:27:19.0796 3580  Product type: Workstation
15:27:19.0796 3580  ComputerName: SXP
15:27:19.0796 3580  UserName: User
15:27:19.0796 3580  Windows directory: C:\WINDOWS
15:27:19.0796 3580  System windows directory: C:\WINDOWS
15:27:19.0796 3580  Processor architecture: Intel x86
15:27:19.0796 3580  Number of processors: 2
15:27:19.0796 3580  Page size: 0x1000
15:27:19.0796 3580  Boot type: Normal boot
15:27:19.0796 3580  ============================================================
15:27:20.0312 3580  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:27:20.0312 3580  ============================================================
15:27:20.0312 3580  \Device\Harddisk0\DR0:
15:27:20.0312 3580  MBR partitions:
15:27:20.0312 3580  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
15:27:20.0328 3580  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x7DED20B
15:27:20.0328 3580  ============================================================
15:27:20.0375 3580  C: <-> \Device\Harddisk0\DR0\Partition1
15:27:20.0468 3580  D: <-> \Device\Harddisk0\DR0\Partition2
15:27:20.0500 3580  ============================================================
15:27:20.0500 3580  Initialize success
15:27:20.0500 3580  ============================================================
15:27:23.0531 3700  ============================================================
15:27:23.0531 3700  Scan started
15:27:23.0531 3700  Mode: Manual; 
15:27:23.0531 3700  ============================================================
15:27:24.0203 3700  ================ Scan system memory ========================
15:27:24.0218 3700  System memory - ok
15:27:24.0218 3700  ================ Scan services =============================
15:27:25.0062 3700  [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
15:27:25.0062 3700  Aavmker4 - ok
15:27:25.0078 3700  Abiosdsk - ok
15:27:25.0093 3700  abp480n5 - ok
15:27:25.0125 3700  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:27:25.0140 3700  ACPI - ok
15:27:25.0187 3700  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:27:25.0187 3700  ACPIEC - ok
15:27:25.0187 3700  adpu160m - ok
15:27:25.0234 3700  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:27:25.0250 3700  aec - ok
15:27:25.0281 3700  [ 38D7B715504DA4741DF35E3594FE2099 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:27:25.0281 3700  AFD - ok
15:27:25.0281 3700  Aha154x - ok
15:27:25.0296 3700  aic78u2 - ok
15:27:25.0312 3700  aic78xx - ok
15:27:25.0312 3700  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
15:27:25.0312 3700  ALG - ok
15:27:25.0328 3700  AliIde - ok
15:27:25.0406 3700  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
15:27:25.0468 3700  Ambfilt - ok
15:27:25.0484 3700  amsint - ok
15:27:25.0515 3700  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:27:25.0531 3700  AppMgmt - ok
15:27:25.0578 3700  [ A2F96787B7A958989A962EF3824D9CA8 ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
15:27:25.0625 3700  AR5416 - ok
15:27:25.0640 3700  asc - ok
15:27:25.0640 3700  asc3350p - ok
15:27:25.0656 3700  asc3550 - ok
15:27:25.0968 3700  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:27:25.0984 3700  aspnet_state - ok
15:27:26.0000 3700  [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:27:26.0015 3700  aswFsBlk - ok
15:27:26.0046 3700  [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
15:27:26.0046 3700  aswMon2 - ok
15:27:26.0078 3700  [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
15:27:26.0078 3700  AswRdr - ok
15:27:26.0125 3700  [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
15:27:26.0140 3700  aswSnx - ok
15:27:26.0156 3700  [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
15:27:26.0171 3700  aswSP - ok
15:27:26.0171 3700  [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
15:27:26.0171 3700  aswTdi - ok
15:27:26.0218 3700  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:27:26.0218 3700  AsyncMac - ok
15:27:26.0250 3700  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:27:26.0250 3700  atapi - ok
15:27:26.0265 3700  Atdisk - ok
15:27:26.0281 3700  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:27:26.0281 3700  Atmarpc - ok
15:27:26.0296 3700  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:27:26.0312 3700  AudioSrv - ok
15:27:26.0312 3700  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:27:26.0312 3700  audstub - ok
15:27:26.0421 3700  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:27:26.0437 3700  avast! Antivirus - ok
15:27:26.0468 3700  [ EA377A8E8E1000877210259750CBBF5F ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:27:26.0468 3700  b57w2k - ok
15:27:26.0515 3700  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:27:26.0562 3700  BITS - ok
15:27:26.0593 3700  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
15:27:26.0609 3700  Browser - ok
15:27:26.0781 3700  catchme - ok
15:27:26.0812 3700  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:27:26.0812 3700  cbidf2k - ok
15:27:26.0828 3700  cd20xrnt - ok
15:27:26.0828 3700  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:27:26.0828 3700  Cdaudio - ok
15:27:26.0859 3700  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:27:26.0859 3700  Cdfs - ok
15:27:26.0890 3700  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:27:26.0890 3700  Cdrom - ok
15:27:26.0906 3700  Changer - ok
15:27:26.0906 3700  CiSvc - ok
15:27:26.0937 3700  [ 48C5045062B0112946ED69BD90A0E753 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:27:26.0937 3700  ClipSrv - ok
15:27:26.0968 3700  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:26.0984 3700  clr_optimization_v2.0.50727_32 - ok
15:27:27.0015 3700  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:27:27.0015 3700  CmBatt - ok
15:27:27.0031 3700  CmdIde - ok
15:27:27.0046 3700  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:27:27.0046 3700  Compbatt - ok
15:27:27.0046 3700  COMSysApp - ok
15:27:27.0062 3700  Cpqarray - ok
15:27:27.0093 3700  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:27:27.0093 3700  CryptSvc - ok
15:27:27.0093 3700  dac2w2k - ok
15:27:27.0109 3700  dac960nt - ok
15:27:27.0156 3700  [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:27:27.0171 3700  DcomLaunch - ok
15:27:27.0250 3700  [ B0F9B3F576DDEC8975BF33FE27FF44FB ] DCSHost.exe     C:\Users\All Users\Application Data\DatacardService\DCSHost.exe
15:27:27.0250 3700  DCSHost.exe - ok
15:27:27.0296 3700  [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:27:27.0296 3700  Dhcp - ok
15:27:27.0312 3700  [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:27:27.0312 3700  Disk - ok
15:27:27.0328 3700  dmadmin - ok
15:27:27.0375 3700  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:27:27.0390 3700  dmboot - ok
15:27:27.0421 3700  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:27:27.0421 3700  dmio - ok
15:27:27.0453 3700  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:27:27.0453 3700  dmload - ok
15:27:27.0468 3700  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:27:27.0468 3700  dmserver - ok
15:27:27.0500 3700  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:27:27.0500 3700  DMusic - ok
15:27:27.0515 3700  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:27:27.0515 3700  Dnscache - ok
15:27:27.0531 3700  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:27:27.0546 3700  Dot3svc - ok
15:27:27.0546 3700  dpti2o - ok
15:27:27.0578 3700  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:27:27.0578 3700  drmkaud - ok
15:27:27.0593 3700  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:27:27.0609 3700  EapHost - ok
15:27:27.0640 3700  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:27:27.0640 3700  ERSvc - ok
15:27:27.0656 3700  [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog        C:\WINDOWS\system32\services.exe
15:27:27.0671 3700  Eventlog - ok
15:27:27.0687 3700  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem     C:\WINDOWS\system32\es.dll
15:27:27.0687 3700  EventSystem - ok
15:27:27.0734 3700  [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
15:27:27.0734 3700  exFat - ok
15:27:27.0765 3700  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:27:27.0765 3700  Fastfat - ok
15:27:27.0781 3700  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:27:27.0796 3700  FastUserSwitchingCompatibility - ok
15:27:27.0796 3700  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:27:27.0796 3700  Fdc - ok
15:27:27.0828 3700  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:27:27.0828 3700  Fips - ok
15:27:27.0843 3700  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:27:27.0843 3700  Flpydisk - ok
15:27:27.0890 3700  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:27:27.0890 3700  FltMgr - ok
15:27:27.0921 3700  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:27:27.0937 3700  FontCache3.0.0.0 - ok
15:27:27.0953 3700  [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:27:27.0968 3700  Fs_Rec - ok
15:27:27.0968 3700  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:27:27.0984 3700  Ftdisk - ok
15:27:28.0000 3700  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:27:28.0000 3700  Gpc - ok
15:27:28.0031 3700  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:27:28.0031 3700  HDAudBus - ok
15:27:28.0109 3700  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:27:28.0109 3700  HidServ - ok
15:27:28.0140 3700  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:27:28.0140 3700  HidUsb - ok
15:27:28.0187 3700  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:27:28.0187 3700  hkmsvc - ok
15:27:28.0203 3700  hpn - ok
15:27:28.0234 3700  [ 6361F419C1DFD5141702A90D93DBF569 ] HssDrv          C:\WINDOWS\system32\DRIVERS\HssDrv.sys
15:27:28.0234 3700  HssDrv - ok
15:27:28.0265 3700  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:27:28.0265 3700  HTTP - ok
15:27:28.0296 3700  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:27:28.0312 3700  HTTPFilter - ok
15:27:28.0328 3700  [ 20330198554B7DDB44403AF21D6AE179 ] hwdatacard      C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:27:28.0328 3700  hwdatacard - ok
15:27:28.0390 3700  [ 60726CB5F063FB25F8B6B71DF34FA1D8 ] hwusbdev        C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
15:27:28.0390 3700  hwusbdev - ok
15:27:28.0406 3700  i2omgmt - ok
15:27:28.0421 3700  i2omp - ok
15:27:28.0437 3700  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:27:28.0437 3700  i8042prt - ok
15:27:28.0671 3700  [ 3B743262B6456167888D15F1121B3BF7 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:27:28.0875 3700  ialm - ok
15:27:28.0906 3700  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:27:28.0921 3700  iaStor - ok
15:27:28.0984 3700  [ D483687EACE0C065EE772481A96E05F5 ] iastor89        C:\WINDOWS\system32\drivers\iastor89.sys
15:27:29.0000 3700  iastor89 - ok
15:27:29.0078 3700  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:27:29.0093 3700  idsvc - ok
15:27:29.0125 3700  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:27:29.0125 3700  Imapi - ok
15:27:29.0140 3700  ini910u - ok
15:27:29.0312 3700  [ AA5EEFCDB0869D45560FAB917316645A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:27:29.0453 3700  IntcAzAudAddService - ok
15:27:29.0468 3700  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
15:27:29.0468 3700  IntelIde - ok
15:27:29.0500 3700  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:27:29.0515 3700  intelppm - ok
15:27:29.0515 3700  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:27:29.0515 3700  Ip6Fw - ok
15:27:29.0546 3700  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:27:29.0546 3700  IpFilterDriver - ok
15:27:29.0546 3700  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:27:29.0562 3700  IpInIp - ok
15:27:29.0578 3700  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:27:29.0578 3700  IpNat - ok
15:27:29.0593 3700  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:27:29.0593 3700  IPSec - ok
15:27:29.0625 3700  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:27:29.0625 3700  IRENUM - ok
15:27:29.0640 3700  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:27:29.0640 3700  isapnp - ok
15:27:29.0671 3700  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:27:29.0671 3700  Kbdclass - ok
15:27:29.0703 3700  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:27:29.0703 3700  kbdhid - ok
15:27:29.0734 3700  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:27:29.0734 3700  kmixer - ok
15:27:29.0750 3700  [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:27:29.0750 3700  KSecDD - ok
15:27:29.0781 3700  [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
15:27:29.0781 3700  LanmanServer - ok
15:27:29.0812 3700  [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:27:29.0812 3700  lanmanworkstation - ok
15:27:29.0812 3700  lbrtfdc - ok
15:27:29.0859 3700  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:27:29.0859 3700  LmHosts - ok
15:27:29.0906 3700  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
15:27:29.0906 3700  MBAMProtector - ok
15:27:29.0968 3700  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:27:29.0968 3700  MBAMScheduler - ok
15:27:30.0015 3700  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:27:30.0031 3700  MBAMService - ok
15:27:30.0031 3700  MBAMSwissArmy - ok
15:27:30.0078 3700  [ E6D35F3AA51A65EB35C1F2340154A25E ] mjfg            C:\WINDOWS\system32\drivers\iwubdxli.sys
15:27:30.0078 3700  mjfg - ok
15:27:30.0093 3700  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:27:30.0093 3700  Modem - ok
15:27:30.0171 3700  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
15:27:30.0203 3700  Monfilt - ok
15:27:30.0218 3700  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:27:30.0218 3700  Mouclass - ok
15:27:30.0234 3700  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:27:30.0234 3700  mouhid - ok
15:27:30.0265 3700  [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:27:30.0265 3700  MountMgr - ok
15:27:30.0281 3700  mraid35x - ok
15:27:30.0312 3700  [ 65E818C473E220B6AB762E1966296FD1 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:27:30.0312 3700  MRxDAV - ok
15:27:30.0328 3700  [ DACB333A5D3758E7117522C1361075C6 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:27:30.0343 3700  MRxSmb - ok
15:27:30.0375 3700  [ 8AD4C9FBA923581E4F30596BD64F3D1E ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:27:30.0375 3700  MSDTC - ok
15:27:30.0406 3700  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:27:30.0421 3700  Msfs - ok
15:27:30.0421 3700  MSIServer - ok
15:27:30.0453 3700  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:27:30.0453 3700  MSKSSRV - ok
15:27:30.0484 3700  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:27:30.0484 3700  MSPCLOCK - ok
15:27:30.0484 3700  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:27:30.0500 3700  MSPQM - ok
15:27:30.0515 3700  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:27:30.0515 3700  mssmbios - ok
15:27:30.0531 3700  [ 6546FE6639499FA4BEF180BDF08266A1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:27:30.0531 3700  Mup - ok
15:27:30.0562 3700  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:27:30.0578 3700  napagent - ok
15:27:30.0625 3700  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:27:30.0625 3700  NDIS - ok
15:27:30.0640 3700  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:27:30.0640 3700  NdisTapi - ok
15:27:30.0656 3700  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:27:30.0656 3700  Ndisuio - ok
15:27:30.0656 3700  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:27:30.0671 3700  NdisWan - ok
15:27:30.0671 3700  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:27:30.0671 3700  NDProxy - ok
15:27:30.0687 3700  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:27:30.0687 3700  NetBIOS - ok
15:27:30.0703 3700  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:27:30.0703 3700  NetBT - ok
15:27:30.0718 3700  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:27:30.0734 3700  NetDDE - ok
15:27:30.0734 3700  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:27:30.0750 3700  NetDDEdsdm - ok
15:27:30.0781 3700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:27:30.0781 3700  Netlogon - ok
15:27:30.0812 3700  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
15:27:30.0812 3700  Netman - ok
15:27:30.0843 3700  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:30.0859 3700  NetTcpPortSharing - ok
15:27:30.0875 3700  [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:27:30.0875 3700  Nla - ok
15:27:30.0890 3700  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:27:30.0890 3700  Npfs - ok
15:27:30.0921 3700  [ 4C51D5275AE8A16999EDFE7E647D00DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:27:30.0921 3700  Ntfs - ok
15:27:30.0937 3700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:27:30.0937 3700  NtLmSsp - ok
15:27:30.0984 3700  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:27:30.0984 3700  NtmsSvc - ok
15:27:31.0015 3700  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:27:31.0015 3700  Null - ok
15:27:31.0015 3700  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:27:31.0015 3700  NwlnkFlt - ok
15:27:31.0031 3700  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:27:31.0031 3700  NwlnkFwd - ok
15:27:31.0078 3700  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:31.0078 3700  ose - ok
15:27:31.0250 3700  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:31.0437 3700  osppsvc - ok
15:27:31.0468 3700  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
15:27:31.0468 3700  Parport - ok
15:27:31.0484 3700  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:27:31.0484 3700  PartMgr - ok
15:27:31.0500 3700  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:27:31.0500 3700  ParVdm - ok
15:27:31.0531 3700  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:27:31.0531 3700  PCI - ok
15:27:31.0531 3700  PCIDump - ok
15:27:31.0562 3700  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
15:27:31.0562 3700  PCIIde - ok
15:27:31.0578 3700  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:27:31.0578 3700  Pcmcia - ok
15:27:31.0640 3700  [ A0937771070BF59468B4939DD0AE59FD ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
15:27:31.0656 3700  PCToolsSSDMonitorSvc - ok
15:27:31.0656 3700  PDCOMP - ok
15:27:31.0671 3700  PDFRAME - ok
15:27:31.0671 3700  PDRELI - ok
15:27:31.0687 3700  PDRFRAME - ok
15:27:31.0687 3700  perc2 - ok
15:27:31.0703 3700  perc2hib - ok
15:27:31.0734 3700  [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:27:31.0750 3700  PlugPlay - ok
15:27:31.0765 3700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:27:31.0765 3700  PolicyAgent - ok
15:27:31.0796 3700  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:27:31.0796 3700  PptpMiniport - ok
15:27:31.0812 3700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:27:31.0812 3700  ProtectedStorage - ok
15:27:31.0828 3700  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:27:31.0828 3700  PSched - ok
15:27:31.0859 3700  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:27:31.0859 3700  Ptilink - ok
15:27:31.0890 3700  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:27:31.0890 3700  PxHelp20 - ok
15:27:31.0906 3700  ql1080 - ok
15:27:31.0906 3700  Ql10wnt - ok
15:27:31.0921 3700  ql12160 - ok
15:27:31.0921 3700  ql1240 - ok
15:27:31.0937 3700  ql1280 - ok
15:27:31.0953 3700  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:27:31.0953 3700  RasAcd - ok
15:27:31.0968 3700  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:27:31.0968 3700  RasAuto - ok
15:27:31.0984 3700  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:31.0984 3700  Rasl2tp - ok
15:27:32.0000 3700  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:27:32.0015 3700  RasMan - ok
15:27:32.0015 3700  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:32.0015 3700  RasPppoe - ok
15:27:32.0031 3700  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:32.0031 3700  Raspti - ok
15:27:32.0062 3700  [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:32.0078 3700  Rdbss - ok
15:27:32.0078 3700  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:32.0093 3700  RDPCDD - ok
15:27:32.0125 3700  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:32.0125 3700  rdpdr - ok
15:27:32.0171 3700  [ E8E3107243B16A549B88D145EC051B06 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:32.0187 3700  RDPWD - ok
15:27:32.0218 3700  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:27:32.0234 3700  RDSessMgr - ok
15:27:32.0250 3700  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:32.0265 3700  redbook - ok
15:27:32.0296 3700  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:27:32.0296 3700  RemoteAccess - ok
15:27:32.0328 3700  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:27:32.0328 3700  RpcLocator - ok
15:27:32.0375 3700  [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:27:32.0375 3700  RpcSs - ok
15:27:32.0406 3700  [ 743D7D59767073A617B1DCC6C546F234 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
15:27:32.0406 3700  rspndr - ok
15:27:32.0437 3700  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:27:32.0453 3700  RSVP - ok
15:27:32.0468 3700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:27:32.0468 3700  SamSs - ok
15:27:32.0515 3700  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:27:32.0515 3700  SCardSvr - ok
15:27:32.0562 3700  [ 89CF8543BB208261C5A684636D379154 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
15:27:32.0562 3700  SCDEmu - ok
15:27:32.0593 3700  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:27:32.0609 3700  Schedule - ok
15:27:32.0625 3700  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:32.0625 3700  Secdrv - ok
15:27:32.0640 3700  seclogon - ok
15:27:32.0671 3700  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
15:27:32.0671 3700  SENS - ok
15:27:32.0687 3700  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
15:27:32.0687 3700  Serial - ok
15:27:32.0718 3700  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:32.0718 3700  Sfloppy - ok
15:27:32.0734 3700  [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:27:32.0750 3700  SharedAccess - ok
15:27:32.0765 3700  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:27:32.0781 3700  ShellHWDetection - ok
15:27:32.0781 3700  Simbad - ok
15:27:32.0828 3700  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:27:32.0828 3700  SkypeUpdate - ok
15:27:32.0843 3700  Sparrow - ok
15:27:32.0859 3700  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:27:32.0859 3700  splitter - ok
15:27:32.0890 3700  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:27:32.0890 3700  Spooler - ok
15:27:32.0968 3700  [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
15:27:32.0968 3700  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9
15:27:32.0968 3700  sptd ( LockedFile.Multi.Generic ) - warning
15:27:32.0968 3700  sptd - detected LockedFile.Multi.Generic (1)
15:27:32.0968 3700  srservice - ok
15:27:33.0015 3700  [ E89B42B216BC86ADA4345908284519CB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:33.0015 3700  Srv - ok
15:27:33.0046 3700  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:27:33.0046 3700  SSDPSRV - ok
15:27:33.0093 3700  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:27:33.0109 3700  stisvc - ok
15:27:33.0125 3700  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:33.0125 3700  swenum - ok
15:27:33.0140 3700  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:27:33.0140 3700  swmidi - ok
15:27:33.0156 3700  SwPrv - ok
15:27:33.0156 3700  symc810 - ok
15:27:33.0171 3700  symc8xx - ok
15:27:33.0187 3700  sym_hi - ok
15:27:33.0187 3700  sym_u3 - ok
15:27:33.0218 3700  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:33.0234 3700  sysaudio - ok
15:27:33.0250 3700  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:27:33.0265 3700  SysmonLog - ok
15:27:33.0296 3700  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
15:27:33.0296 3700  taphss - ok
15:27:33.0312 3700  [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:27:33.0328 3700  TapiSrv - ok
15:27:33.0343 3700  [ 25A740D70E8007814A48D3FA1B34FA34 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:33.0359 3700  Tcpip - ok
15:27:33.0375 3700  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:33.0390 3700  TDPIPE - ok
15:27:33.0406 3700  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:33.0406 3700  TDTCP - ok
15:27:33.0437 3700  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:33.0453 3700  TermDD - ok
15:27:33.0515 3700  [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService     C:\WINDOWS\System32\termsrv.dll
15:27:33.0515 3700  TermService - ok
15:27:33.0546 3700  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:27:33.0562 3700  Themes - ok
15:27:33.0562 3700  TosIde - ok
15:27:33.0609 3700  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:27:33.0609 3700  Udfs - ok
15:27:33.0625 3700  ultra - ok
15:27:33.0656 3700  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:27:33.0671 3700  Update - ok
15:27:33.0703 3700  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:27:33.0703 3700  upnphost - ok
15:27:33.0734 3700  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
15:27:33.0734 3700  UPS - ok
15:27:33.0765 3700  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:27:33.0781 3700  usbccgp - ok
15:27:33.0812 3700  [ 52674B5DBEE499342A599C7771ABECAA ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:33.0812 3700  usbehci - ok
15:27:33.0843 3700  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:33.0843 3700  usbhub - ok
15:27:33.0875 3700  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:33.0875 3700  USBSTOR - ok
15:27:33.0890 3700  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:27:33.0906 3700  usbuhci - ok
15:27:33.0937 3700  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:27:33.0937 3700  VgaSave - ok
15:27:33.0937 3700  ViaIde - ok
15:27:33.0953 3700  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:27:33.0953 3700  VolSnap - ok
15:27:33.0968 3700  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
15:27:33.0984 3700  VSS - ok
15:27:34.0000 3700  [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time         C:\WINDOWS\system32\w32time.dll
15:27:34.0015 3700  W32Time - ok
15:27:34.0015 3700  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:34.0031 3700  Wanarp - ok
15:27:34.0031 3700  WDICA - ok
15:27:34.0062 3700  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:34.0062 3700  wdmaud - ok
15:27:34.0062 3700  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:27:34.0078 3700  WebClient - ok
15:27:34.0218 3700  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:27:34.0234 3700  winmgmt - ok
15:27:34.0281 3700  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
15:27:34.0281 3700  WmdmPmSN - ok
15:27:34.0343 3700  [ C8A6C82F90B055149925DC7526B2D78C ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:27:34.0359 3700  Wmi - ok
15:27:34.0375 3700  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:27:34.0390 3700  WmiAcpi - ok
15:27:34.0453 3700  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:27:34.0453 3700  WmiApSrv - ok
15:27:34.0484 3700  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:27:34.0484 3700  WS2IFSL - ok
15:27:34.0500 3700  wscsvc - ok
15:27:34.0531 3700  [ AAE1A6FFBA2B0436E91795120F48C461 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:27:34.0546 3700  wuauserv - ok
15:27:34.0578 3700  [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:27:34.0593 3700  WZCSVC - ok
15:27:34.0609 3700  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:27:34.0625 3700  xmlprov - ok
15:27:34.0640 3700  ================ Scan global ===============================
15:27:34.0671 3700  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:27:34.0687 3700  [ 04477862429B341CFA19663C2A0FC141 ] C:\WINDOWS\system32\winsrv.dll
15:27:34.0703 3700  [ 04477862429B341CFA19663C2A0FC141 ] C:\WINDOWS\system32\winsrv.dll
15:27:34.0734 3700  [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] C:\WINDOWS\system32\services.exe
15:27:34.0734 3700  [Global] - ok
15:27:34.0734 3700  ================ Scan MBR ==================================
15:27:34.0750 3700  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:27:34.0968 3700  \Device\Harddisk0\DR0 - ok
15:27:34.0968 3700  ================ Scan VBR ==================================
15:27:34.0984 3700  [ 6A7CE878287D64184B886DD7FC1851C2 ] \Device\Harddisk0\DR0\Partition1
15:27:34.0984 3700  \Device\Harddisk0\DR0\Partition1 - ok
15:27:35.0000 3700  [ 77DE415CCEB343B9D6C196A1F45C09D6 ] \Device\Harddisk0\DR0\Partition2
15:27:35.0000 3700  \Device\Harddisk0\DR0\Partition2 - ok
15:27:35.0000 3700  ============================================================
15:27:35.0000 3700  Scan finished
15:27:35.0000 3700  ============================================================
15:27:35.0031 4048  Detected object count: 1
15:27:35.0031 4048  Actual detected object count: 1
15:27:45.0812 4048  C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
15:27:45.0953 4048  sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 

Avast log
No threats

Am i secured? I dont know why combofix state that my system is infected :/

#4 Quote

Quote

  • Banned
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 PM

Posted 18 October 2012 - 08:54 AM

Hello,

Ple. Post the logfile in your next reply.

I want in the your next reply the following logs:


Post ~Mod Boopme..OP needs to repost.

Edited by boopme, 18 October 2012 - 01:07 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:50 AM

Posted 18 October 2012 - 01:06 PM

Hello having run ComboFix we need to see that log and a DDS log.
Please follow the Guide HERE

Include those logs and the TDSS log above.

Let me know if that went well.

*fixed link. Queen-Evie*

Edited by Queen-Evie, 18 October 2012 - 01:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Hrvoje

Hrvoje
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 19 October 2012 - 01:04 PM

dds.txt

DDS (Ver_2012-10-19.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512
Run by User at 18:09:14 on 2012-10-19
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.221 [GMT 2:00]
.
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Datalode\Torchlight\encore_reg.exe
C:\Users\All Users\Application Data\DatacardService\DCSHost.exe
C:\Users\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=APN10374&gct=hp
mWinlogon: SFCDisable = dword:-99
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [20090604] c:\program files\common files\datalode\torchlight\encore_reg.exe /r "c:\program files\common files\datalode\torchlight\encore_reg.rpd"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: HideRunAsVerb = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoSMHelp = dword:1
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D1668157-C695-4D15-AB5E-9242D88A6003} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iastor89;iastor89;c:\windows\system32\drivers\iastor89.sys [2009-8-15 330264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-13 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-13 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-13 44808]
R2 DCSHost.exe;DCSHost.exe;c:\users\all users\application data\datacardservice\DCSHOST.exe [2012-8-1 110592]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-17 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-17 676936]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-9-30 793048]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-17 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-7-12 1684736]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-8-1 100736]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== File Associations ===============
.
ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxit\FOXITR~1.EXE"/p "%1" 
ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxit\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" 
.
=============== Created Last 30 ================
.
2012-10-18 17:54:01	--------	d-----w-	c:\windows\system32\LogFiles
2012-10-17 17:02:06	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-17 17:02:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-17 14:33:27	--------	d-----w-	c:\users\user\application data\runic games
2012-10-17 14:32:08	--------	d-----w-	c:\program files\common files\Datalode
2012-10-17 14:28:01	--------	d-----w-	c:\program files\Runic Games
2012-10-17 13:48:22	21504	----a-w-	c:\windows\system32\hidserv.dll
2012-10-17 13:48:21	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-10-17 13:48:20	14592	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2012-10-17 13:48:14	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
2012-10-09 18:47:58	388096	----a-r-	c:\users\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-10-09 18:47:57	--------	d-----w-	c:\program files\Trend Micro
2012-10-09 13:57:56	--------	d-----w-	c:\users\all users\application data\Malwarebytes
2012-10-09 13:57:02	--------	d-----w-	c:\users\user\application data\Malwarebytes
2012-10-09 13:53:38	--------	d-----w-	c:\users\all users\application data\Malwarebytes-BackupByMalwarebytesPortable
2012-10-03 12:30:34	--------	d-----w-	c:\program files\PowerISO
2012-10-03 09:08:49	--------	d-sha-r-	C:\cmdcons
2012-10-03 09:07:42	98816	----a-w-	c:\windows\sed.exe
2012-10-03 09:07:42	256000	----a-w-	c:\windows\PEV.exe
2012-10-03 09:07:42	208896	----a-w-	c:\windows\MBR.exe
2012-09-30 13:15:58	880640	----a-w-	c:\windows\system32\UniBox10.ocx
2012-09-30 13:15:58	37336	----a-w-	c:\windows\system32\CleanMFT32.exe
2012-09-30 13:15:58	212992	----a-w-	c:\windows\system32\UniBoxVB12.ocx
2012-09-30 13:15:58	1101824	----a-w-	c:\windows\system32\UniBox210.ocx
2012-09-30 13:15:57	658432	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2012-09-30 13:15:52	--------	d-----w-	c:\users\user\local settings\application data\APN
2012-09-30 13:15:49	--------	d-----w-	c:\program files\common files\PC Tools
2012-09-30 13:15:48	--------	d-----w-	c:\program files\PC Tools Registry Mechanic
2012-09-30 13:15:41	--------	d-----w-	c:\users\all users\application data\Ask
2012-09-30 13:15:12	--------	d-----w-	c:\users\all users\application data\YTD Video Downloader
2012-09-30 13:15:06	--------	d-----w-	c:\program files\GreenTree Applications
.
==================== Find3M  ====================
.
2012-08-21 09:13:15	729752	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33	41224	----a-w-	c:\windows\avastSS.scr
2012-08-17 04:41:50	113104	----a-w-	c:\windows\system32\drivers\scdemu.sys
.
============= FINISH: 18:09:49,67 ===============


attach.txt (from DDS)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.7.2012 3:48:15
System Uptime: 19.10.2012 13:46:10 (5 hours ago)
.
Motherboard: Acer      |  | Acadia   
Processor: Intel(R) Pentium(R) Dual  CPU  T2390  @ 1.86GHz | uPGA-478 | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 37,224 GiB free.
D: is FIXED (NTFS) - 63 GiB total, 0,859 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_10250136&REV_1002\4&2E584385&0&0101
Manufacturer: 
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_10250136&REV_1002\4&2E584385&0&0101
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.04 beta
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
µTorrent
avast! Free Antivirus
CCleaner
Free Audio CD Burner version 1.5.8.706
Google Chrome
HashCheck Shell Extension (x86-32)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java(TM) 6 Update 16
K-Lite Mega Codec Pack 5.0.5
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word 2010
Notepad++
Notepad2 (Notepad Replacement)
OpenOffice.org 3.1
PC Tools Registry Mechanic 11.0
PowerISO
QuickTime Alternative 1.90
Realtek High Definition Audio Driver
Skype™ 5.10
Spybot - Search & Destroy
Tele2 Mobile Partner
Torchlight
Winamp
WinRAR archiver
YTD Video Downloader 3.9.2
.
==== Event Viewer Messages From Past Week ========
.
16.10.2012 3:52:58, error: ACPIEC [1]  - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period.  This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.  The EC driver will retry the failed transaction if possible.
15.10.2012 22:39:01, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

GMER log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-19 19:06:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O
Running: z311964d.exe; Driver: C:\Users\User\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwAddBootEntry [0xA9729708]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwAllocateVirtualMemory [0xA97D47C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwAssignProcessToJobObject [0xA972A11C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwClose [0xA976B401]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateEvent [0xA9734F28]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateEventPair [0xA9734F74]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateIoCompletion [0xA97350F6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateKey [0xA976ADB5]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateMutant [0xA9734E96]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateSection [0xA9734FB8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateSemaphore [0xA9734EDE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateThread [0xA972A310]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateTimer [0xA97350B0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwDebugActiveProcess [0xA972AA9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwDeleteBootEntry [0xA9729756]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwDeleteKey [0xA976BAC7]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwDeleteValueKey [0xA976BD7D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwDuplicateObject [0xA972E0E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwEnumerateKey [0xA976B932]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwEnumerateValueKey [0xA976B79D]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwFreeVirtualMemory [0xA97D48AC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwLoadDriver [0xA97293BE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwModifyBootEntry [0xA97297A4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwNotifyChangeKey [0xA972E456]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwNotifyChangeMultipleKeys [0xA972B464]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenEvent [0xA9734F52]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenEventPair [0xA9734F96]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenIoCompletion [0xA973511A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenKey [0xA976B111]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenMutant [0xA9734EBC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenProcess [0xA972DC5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenSection [0xA973503A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenSemaphore [0xA9734F06]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenThread [0xA972DE8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenTimer [0xA97350D4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwProtectVirtualMemory [0xA97D4A2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwQueryKey [0xA976B618]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwQueryObject [0xA972B330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwQueryValueKey [0xA976B46A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwQueueApcThread [0xA972AEDA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwRenameKey [0xA97E030E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwRestoreKey [0xA976A428]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetBootEntryOrder [0xA97297F2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetBootOptions [0xA9729840]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetContextThread [0xA972A91C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetSystemInformation [0xA9729448]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetSystemPowerState [0xA97295F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetValueKey [0xA976BBCE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwShutdownSystem [0xA972959E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSuspendProcess [0xA972ABFE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSuspendThread [0xA972AD5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSystemDebugControl [0xA9729668]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwTerminateProcess [0xA972A632]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwTerminateThread [0xA972A794]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwVdmControl [0xA972988E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwWriteVirtualMemory [0xA972A160]

INT 0x62        ?                                                                                                                                 865D9BF8
INT 0x63        ?                                                                                                                                 8589FBF8
INT 0x63        ?                                                                                                                                 8589FBF8
INT 0x63        ?                                                                                                                                 8589FBF8
INT 0x82        ?                                                                                                                                 865D9BF8
INT 0x94        ?                                                                                                                                 8589FBF8
INT 0xA4        ?                                                                                                                                 8589FBF8
INT 0xB4        ?                                                                                                                                 86568BF8
INT 0xB4        ?                                                                                                                                 8589FBF8
INT 0xB4        ?                                                                                                                                 86568BF8

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwCreateProcessEx [0xA97EC966]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2C99                                                                                              80504535 7 Bytes  [A3, 72, A9, B0, 50, 73, A9] {MOV [0x50b0a972], EAX; JAE 0xffffffffffffffb0}
.text           ntkrnlpa.exe!ZwCallbackReturn + 2F10                                                                                              805047AC 12 Bytes  [F2, 97, 72, A9, 40, 98, 72, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FB8                                                                                              80504854 12 Bytes  [FE, AB, 72, A9, 5A, AD, 72, ...]
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC                                                                                       805A64B8 4 Bytes  CALL A972BAF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                805BC54A 5 Bytes  JMP A97E9806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                                       805C2FCE 5 Bytes  JMP A97EB320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                    805D1172 7 Bytes  JMP A97EC96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?               spyv.sys                                                                                                                          The system cannot find the file specified. !
.text           USBPORT.SYS!DllUnload                                                                                                             EC2B7934 5 Bytes  JMP 8589F1D8 
.text           win32k.sys!EngFreeUserMem + 674                                                                                                   BF80994A 5 Bytes  JMP A972FA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFreeUserMem + 35D0                                                                                                  BF80C8A6 5 Bytes  JMP A972F95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSurface + 45                                                                                                  BF813939 5 Bytes  JMP A972F918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0                                                                                          BF81C762 5 Bytes  JMP A972EFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngSetLastError + 7773                                                                                                 BF82409D 5 Bytes  JMP A972E6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + 1F5D                                                                                                 BF834E2B 5 Bytes  JMP A972FBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + 39FF                                                                                                 BF8368CD 5 Bytes  JMP A972FDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + CED2                                                                                                 BF83FDA0 5 Bytes  JMP A972F81E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + 10746                                                                                                BF843614 5 Bytes  JMP A972EFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBlt + 37BB                                                                                                   BF85046D 5 Bytes  JMP A972F9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBlt + 41E3                                                                                                   BF850E95 5 Bytes  JMP A972F08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBlt + 42A3                                                                                                   BF850F55 5 Bytes  JMP A972E592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 3617                                                                                           BF86DE2B 5 Bytes  JMP A972EC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 413A                                                                                           BF86E94E 5 Bytes  JMP A972EDC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetLastError + 1606                                                                                                 BF88BBC7 5 Bytes  JMP A972F0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 3FB4                                                                                                 BF890A38 5 Bytes  JMP A972FB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBltROP + 607D                                                                                                BF89700A 5 Bytes  JMP A972E5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + 5959                                                                                             BF8B52B1 5 Bytes  JMP A972E756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + A8E8                                                                                             BF8BA240 5 Bytes  JMP A972EB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + A973                                                                                             BF8BA2CB 5 Bytes  JMP A972EE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + E62A                                                                                             BF8BDF82 5 Bytes  JMP A972FD3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngAlphaBlend + 1A08                                                                                                   BF8C3113 5 Bytes  JMP A972E866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + 51AB                                                                                              BF8EDB43 5 Bytes  JMP A972E93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + 542B                                                                                              BF8EDDC3 5 Bytes  JMP A972EA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + 7651                                                                                              BF8EFFE9 5 Bytes  JMP A972E48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + EF2E                                                                                              BF8F78C6 5 Bytes  JMP A972EFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 1994                                                                                                   BF912A56 5 Bytes  JMP A972E682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 2568                                                                                                   BF91362A 5 Bytes  JMP A972E812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4EC7                                                                                                   BF915F89 5 Bytes  JMP A972EF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngPlgBlt + 1925                                                                                                       BF943F3B 5 Bytes  JMP A972FC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
?               C:\Users\User\LOCALS~1\Temp\mbr.sys                                                                                               The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\hkcmd.exe[180] ntdll.dll!RtlDosSearchPath_U + 1D1                                                             7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!GetBinaryTypeW + 80                                                               7C86936C 1 Byte  [62]
.text           C:\Users\User\My Documents\Downloads\z311964d.exe[356] ntdll.dll!RtlDosSearchPath_U + 1D1                                         7C916ADA 1 Byte  [62]
.text           C:\Users\User\My Documents\Downloads\z311964d.exe[356] kernel32.dll!GetBinaryTypeW + 80                                           7C86936C 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[504] ntdll.dll!RtlDosSearchPath_U + 1D1                                        7C916ADA 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[504] kernel32.dll!SetUnhandledExceptionFilter                                  7C844935 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[504] kernel32.dll!GetBinaryTypeW + 80                                          7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!RtlDosSearchPath_U + 1D1                                                           7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[568] kernel32.dll!GetBinaryTypeW + 80                                                             7C86936C 1 Byte  [62]
.text           C:\WINDOWS\System32\smss.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1                                                              7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1                                                             7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[900] KERNEL32.dll!GetBinaryTypeW + 80                                                               7C86936C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1008] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                  7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1008] kernel32.dll!GetBinaryTypeW + 80                                                                    7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[1332] ntdll.dll!RtlDosSearchPath_U + 1D1                                                         7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!GetBinaryTypeW + 80                                                           7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxtray.exe[1352] ntdll.dll!RtlDosSearchPath_U + 1D1                                                         7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxtray.exe[1352] kernel32.dll!GetBinaryTypeW + 80                                                           7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1                                                         7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[1376] kernel32.dll!GetBinaryTypeW + 80                                                           7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[1388] ntdll.dll!RtlDosSearchPath_U + 1D1                                                            7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!GetBinaryTypeW + 80                                                              7C86936C 1 Byte  [62]
.text           C:\WINDOWS\RTHDCPL.EXE[1392] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\RTHDCPL.EXE[1392] kernel32.dll!GetBinaryTypeW + 80                                                                     7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxpers.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1                                                         7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxpers.exe[1508] kernel32.dll!GetBinaryTypeW + 80                                                           7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 80                                                            7C86936C 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\avastUI.exe[1560] ntdll.dll!RtlDosSearchPath_U + 1D1                                        7C916ADA 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\avastUI.exe[1560] kernel32.dll!GetBinaryTypeW + 80                                          7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetBinaryTypeW + 80                                                            7C86936C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!GetBinaryTypeW + 80                                                            7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetBinaryTypeW + 80                                                            7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxsrvc.exe[1780] ntdll.dll!RtlDosSearchPath_U + 1D1                                                         7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\igfxsrvc.exe[1780] kernel32.dll!GetBinaryTypeW + 80                                                           7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[1844] ntdll.dll!RtlDosSearchPath_U + 1D1                                                           7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[1844] kernel32.dll!GetBinaryTypeW + 80                                                             7C86936C 1 Byte  [62]
.text           C:\Program Files\Common Files\Datalode\Torchlight\encore_reg.exe[1864] ntdll.dll!RtlDosSearchPath_U + 1D1                         7C916ADA 1 Byte  [62]
.text           C:\Program Files\Common Files\Datalode\Torchlight\encore_reg.exe[1864] kernel32.dll!GetBinaryTypeW + 80                           7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 80                                                            7C86936C 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, B4, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, B7, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, B4, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, B5, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B912BCE 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, B6, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, B5, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, B6, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B912C3F 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, B4, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B912D6D 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, B5, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, B6, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, B7, 55, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] ntdll.dll!RtlDosSearchPath_U + 1D1       7C916ADA 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2060] kernel32.dll!GetBinaryTypeW + 80         7C86936C 1 Byte  [62]
.text           C:\Users\All Users\Application Data\DatacardService\DCSHost.exe[2068] ntdll.dll!RtlDosSearchPath_U + 1D1                          7C916ADA 1 Byte  [62]
.text           C:\Users\All Users\Application Data\DatacardService\DCSHost.exe[2068] kernel32.dll!GetBinaryTypeW + 80                            7C86936C 1 Byte  [62]
.text           C:\Users\User\LOCALS~1\Temp\RtkBtMnt.exe[2296] ntdll.dll!RtlDosSearchPath_U + 1D1                                                 7C916ADA 1 Byte  [62]
.text           C:\Users\User\LOCALS~1\Temp\RtkBtMnt.exe[2296] kernel32.dll!GetBinaryTypeW + 80                                                   7C86936C 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2312] ntdll.dll!RtlDosSearchPath_U + 1D1                            7C916ADA 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2312] kernel32.dll!GetBinaryTypeW + 80                              7C86936C 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] ntdll.dll!RtlDosSearchPath_U + 1D1                              7C916ADA 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] kernel32.dll!GetBinaryTypeW + 80                                7C86936C 1 Byte  [62]
.text           C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2500] ntdll.dll!RtlDosSearchPath_U + 1D1                          7C916ADA 1 Byte  [62]
.text           C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2500] kernel32.dll!GetBinaryTypeW + 80                            7C86936C 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2524] ntdll.dll!RtlDosSearchPath_U + 1D1                                  7C916ADA 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2524] kernel32.dll!GetBinaryTypeW + 80                                    7C86936C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2560] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2560] kernel32.dll!GetBinaryTypeW + 80                                                            7C86936C 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, 38, E4, 00] {SUB [EAX], BH; IN AL, 0x0}
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, 3B, E4, 00] {SUB [EBX], BH; IN AL, 0x0}
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, 38, E4, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, 39, E4, 00] {TEST AL, 0x39; IN AL, 0x0}
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B91BA52 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, 3A, E4, 00] {TEST AL, 0x3a; IN AL, 0x0}
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, 39, E4, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, 3A, E4, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B91BAC3 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, 38, E4, 00] {TEST AL, 0x38; IN AL, 0x0}
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B91BBF1 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, 39, E4, 00] {SUB [ECX], BH; IN AL, 0x0}
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, 3A, E4, 00] {SUB [EDX], BH; IN AL, 0x0}
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, 3B, E4, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!RtlDosSearchPath_U + 1D1       7C916ADA 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3048] kernel32.dll!GetBinaryTypeW + 80         7C86936C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[3168] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C916ADA 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[3168] kernel32.dll!GetBinaryTypeW + 80                                                            7C86936C 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3280] ntdll.dll!RtlDosSearchPath_U + 1D1       7C916ADA 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3280] kernel32.dll!GetBinaryTypeW + 80         7C86936C 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, 84, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, 87, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, 84, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, 85, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B91CB9E 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, 86, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, 85, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, 86, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B91CC0F 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, 84, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B91CD3D 
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, 85, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, 86, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, 87, F5, 00]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!RtlDosSearchPath_U + 1D1       7C916ADA 1 Byte  [62]
.text           C:\Users\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3760] kernel32.dll!GetBinaryTypeW + 80         7C86936C 1 Byte  [62]

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                            aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\Ntfs \Ntfs                                                                                                            865D71F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                            aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbehci \Device\USBPDO-0                                                                                                  859DF500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                         865691F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                           865691F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                              865691F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                             865691F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                  858B61F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                  858B61F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{576ADB2F-CADA-4669-A3BA-212533CC860F}                                                          859FA1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                  858B61F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                  858B61F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                         aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbehci \Device\USBPDO-5                                                                                                  859DF500
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                  858B61F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                            865DA1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                            865DA1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                      858AA1F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                                [F72AA360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                [F7343B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                       [F7343B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                [F7343B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                                     [F72AA360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                           859FA1F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                  859FA1F8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                         aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                       aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                  858B61F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                  858B61F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                 84D301F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                  859DF500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                       84D301F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                                  858B61F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                  858B61F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                  865DA1F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                  858B61F8
Device          \Driver\usbehci \Device\USBFDO-6                                                                                                  859DF500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{D1668157-C695-4D15-AB5E-9242D88A6003}                                                          859FA1F8
Device          \FileSystem\Cdfs \Cdfs                                                                                                            84D1A1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                285507792
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                                15
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                                   10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                                 yes
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                                
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                                90
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                                  10000

---- EOF - GMER 1.0.15 ----


I can't paste ComboFix logs because i restart computer since ComboFix scan take too long. When i go to C:\ComboFix explorer redirects me to My Computer, WTF?!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:50 AM

Posted 19 October 2012 - 02:07 PM

Please repost your DDS log here
http://www.bleepingcomputer.com/forums/forum22.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users