Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit still alive after Reformat barrage...


  • This topic is locked This topic is locked
40 replies to this topic

#1 Assassin_of_Red

Assassin_of_Red

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 26 December 2013 - 07:46 AM

Ok,so,err,Happy Holidays to everyone,i guess~

Anyway,got.....devastated badly by a rootkit.

 

Malwarebytes could scan but it endlessly rescans desktop.ini non-stop,already left it scanning for hours...

(If I count former reformats?....Avast failed,HARD.IT GOT UNINSTALLED and COULDNT RUN after i reset a few times,talk about being pwned...Emirsoft?Nope,nu-uh,nothing.Malwarebytes? Scan never finishes. Anything else? ><)

 

Read through the instructions,and,despite how TEMPTED i am to spam the banhammer of Thor by downloading and launching every single virus-removal program here,ill follow the instructions instead.

 

Ive got a flash disk ready,my data is already saved(OK,ill upload some new anime......*images* since i saved some awhile ago)

 

 

How many reformats i did?...Probably more then 11,deleted partitions too...(actually,its more then 11,i seriously lost count)

 

 

(incase you ask? Yes i can go into Safemode,then it resets after a few moves.....-.-)

 

Attaching files now...

 

 

Please and thanks guys,oh and...how can i donate without a Credit Card?(im from the Phillipines...)

 

 

edit: Im a BIT REALLY TEMPTED to dl Rkill.exe(ill wait for instructions this time...) ,i dled it some few reformats back and it temporarily made my PC work in tip-top shape. Yes i savor those few precious moments... QQ

 

 

ok,ill type in something i did in the...former reformats,one time i got so mad i dled MBAM,TDSS Killer,Sality Killer,Rkill.exe,Combofix,Adwcleaner,JRT,AND while MBAM was scanning,i was repeatedly rerunning Rkill.exe to _kill_ the disablers. Obviusly that didnt work...

 

edit2: I dont mind if the response is delayed(for starters? Its the Holidays,so,yeah,take your time~),i mean,ive ran into _worse_ rootkits years ago (which was solvable by one instant nuke aka reformat),and its more bearable atm (Provided i dont go Safemode,or scan with avs,etc)


oh and,if you have a Turkey for the holidays? ME JELLY D:

(1 baby Turkey in PH=P1000 php. Note that a normal meal is P50 php....*RAGEQUIT ><)

.

edit3: Although im abit talkative,ill admit im abit TICKED OFF at this rootkit,so im not going to hold back and im willing to use anything(except buying a new comp,thats too much),so,yeah,reformat,ANY NUKE,ill TAKE IT ><.Also,obviusly,i have windows XP installer,)

 

oh and,im a guy. Semiramis-sama(teh avatar) IS JUST TOO CUTE ok?

 

 

 

 

edit4: Read the instructions again...

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 10.45.2
Run by Stocking Anarchy at 9:57:03 on 2013-12-28
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.766.33 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ultdrvmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} -
TB: QT Tab Standard Buttons: {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} -
TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UltimateServices] c:\windows\system32\ultsvcs.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [VisualTaskTips] c:\windows\system32\visualtasktips.exe
dRun: [TopDesk] c:\windows\system32\topdesk.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [RTUserConfig] c:\windows\system32\rtusercfg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.0.251 168.95.1.1
TCP: Interfaces\{95984771-96D2-486A-BE0C-CA51F1FF9202} : DHCPNameServer = 192.168.0.251 168.95.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stocking anarchy\application data\mozilla\firefox\profiles\hmbdv8jx.default\
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-12-28 35144]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-12-27 1684736]
S3 MFE_RR;MFE_RR;\??\c:\users\stocki~1\locals~1\temp\mfe_rr.sys --> c:\users\stocki~1\locals~1\temp\mfe_rr.sys [?]
.
=============== Created Last 30 ================
.
2019-09-25 22:40:30    20480    ----a-w-    c:\windows\system32\APITypes.dll
2013-12-28 17:08:27    --------    d-----w-    C:\FRST
2013-12-28 16:48:02    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-28 16:47:51    --------    d--h--w-    c:\windows\PIF
2013-12-28 16:38:55    --------    d-----w-    c:\users\stocking anarchy\application data\Malwarebytes
2013-12-28 16:38:31    --------    d-----w-    c:\users\all users\application data\Malwarebytes
2013-12-28 16:38:29    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-12-28 16:38:29    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-12-28 15:20:03    --------    d-----w-    c:\program files\Steam
2013-12-27 21:17:30    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Microsoft Games
2013-12-27 20:47:55    --------    d-----w-    c:\program files\Defraggler
2013-12-27 20:45:58    --------    d-----w-    c:\users\all users\application data\NVIDIA Corporation
2013-12-27 20:44:43    65536    ----a-w-    c:\windows\system32\OpenCL.dll
2013-12-27 20:44:38    1072544    ----a-w-    c:\windows\system32\nvdrsdb1.bin
2013-12-27 20:44:38    1072544    ----a-w-    c:\windows\system32\nvdrsdb0.bin
2013-12-27 20:44:38    1    ----a-w-    c:\windows\system32\nvdrssel.bin
2013-12-27 20:44:06    892704    ----a-w-    c:\windows\system32\nvdispgenco32.dll
2013-12-27 20:44:06    5967872    ----a-w-    c:\windows\system32\nvopencl.dll
2013-12-27 20:44:06    1010464    ----a-w-    c:\windows\system32\nvdispco32.dll
2013-12-27 20:44:04    17551360    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-12-27 20:43:43    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-12-27 20:43:19    --------    d-----w-    C:\NVIDIA
2013-12-27 17:41:27    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Sun
2013-12-27 17:39:56    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-12-27 17:39:49    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-27 17:30:54    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Google
2013-12-27 12:19:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-27 12:19:14    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-27 12:11:58    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Adobe
2013-12-27 12:08:57    --------    d-----w-    c:\program files\KeyTweak
2013-12-27 12:08:51    --------    d-----w-    c:\windows\system32\SoftwareDistribution
2013-12-27 12:07:20    --------    d-----w-    c:\windows\system32\Lang
2013-12-27 12:04:44    54784    ----a-w-    c:\windows\system32\drivers\NVENETFD.sys
2013-12-27 12:04:44    200704    ----a-w-    c:\windows\system32\fdco1ins.dll
2013-12-27 12:04:44    200704    ----a-w-    c:\windows\system32\fdco1.dll
2013-12-27 12:04:12    9216    ----a-w-    c:\windows\system32\bdco1ins.dll
2013-12-27 12:04:12    9216    ----a-w-    c:\windows\system32\bdco1.dll
2013-12-27 12:04:12    261632    ----a-w-    c:\windows\system32\drivers\nvsnpu.sys
2013-12-27 12:04:12    22016    ----a-w-    c:\windows\system32\drivers\nvnetbus.sys
2013-12-27 12:04:12    122880    ----a-w-    c:\windows\system32\nvconrm.dll
2013-12-27 12:04:11    955520    ----a-w-    c:\windows\system32\drivers\nvnrm.sys
2013-12-27 12:04:11    42112    ----a-w-    c:\windows\system32\drivers\nvefd2k.sys
.
==================== Find3M  ====================
.
.
============= FINISH:  9:57:58.98 ===============

 

for the log files

 

 

Most of the replies have _run Farbar_ scan,since its just a scan that just,err,scans and doesnt do anything yet,i may aswell,to help save time

 

(in the log)
 

Attached Files


Edited by Assassin_of_Red, 26 December 2013 - 09:06 AM.


BC AdBot (Login to Remove)

 


#2 Assassin_of_Red

Assassin_of_Red
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 27 December 2013 - 10:14 PM

Oh wow,now it redirects me to start.bramjnet.com

Browser Hijack,seriously?

Niiiice



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 31 December 2013 - 07:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518642 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Assassin_of_Red

Assassin_of_Red
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 01 January 2014 - 08:27 AM

Still the same,MBAM cant finish,i know i'd get results from Emsisoft if i dl and scan it BUT it would just hang like hell as usual,though it did detect some stuff too.(i dont want to do anything since,though it slows my comp down,it slows it EXCESSIVELY over the top when i use an AV. My Comp handled Dual Godswar Client and Avast SCANNING sometime ago,unlike last reformat where Avast alone is slow as hell)

 

 

Description-wise,err,look above...(incase you ask,i did not install anything else ever since i last posted. I only.....uhh.....saved some anime images.......the website its from is safe anyway.


Danbooru.donmai.us if your that curious. ITS NOT SAFE FOR WORK/NSFW SO DONT OPEN IT. Other websites opened are Mediafire.com,Youtube.com,Mail.com,so its safe.)

 

OH WAIT,i DID install Skype only,but apart from that(have to talk abroad afterall)? Yeah...

 

ok posting DDS

(update-wise.....it DID change my homepage out of nowhere but it doesnt anymore. But i always see that Firefox _downloads_ something. Since im just letting it be for now-it'll slow down if i do any attempt to remove-,i'll just let it be...FOR NOW)

 

 

I couldnt exactly do a _reformat Barrage_ if i didnt have a Windows Installer DVD so...i think that answers it.

 

 

(Helpbot is funny how its sorry,well,i dont mind if it takes awhile,its the HOLIDAYS afterall.....)

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 10.45.2
Run by Stocking Anarchy at 10:18:46 on 2014-01-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.766.131 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Users\Stocking Anarchy\Application Data\LClock\lclock.exe
C:\WINDOWS\system32\ultdrvmon.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} -
TB: QT Tab Standard Buttons: {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} -
TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UltimateServices] c:\windows\system32\ultsvcs.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
dRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [VisualTaskTips] c:\windows\system32\visualtasktips.exe
dRun: [TopDesk] c:\windows\system32\topdesk.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [RTUserConfig] c:\windows\system32\rtusercfg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.0.251 168.95.1.1
TCP: Interfaces\{95984771-96D2-486A-BE0C-CA51F1FF9202} : DHCPNameServer = 192.168.0.251 168.95.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stocking anarchy\application data\mozilla\firefox\profiles\hmbdv8jx.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-12-27 1684736]
S3 MFE_RR;MFE_RR;\??\c:\users\stocki~1\locals~1\temp\mfe_rr.sys --> c:\users\stocki~1\locals~1\temp\mfe_rr.sys [?]
.
=============== Created Last 30 ================
.
2019-09-25 22:40:30    20480    ----a-w-    c:\windows\system32\APITypes.dll
2014-01-03 18:18:25    688992    ------r-    c:\users\stocking anarchy\dds.com
2013-12-31 17:42:50    --------    d-----w-    c:\users\stocking anarchy\AutomaticSolution Software
2013-12-31 17:42:49    --------    d-----w-    c:\program files\AutoClickerbyShocker
2013-12-31 16:43:12    --------    d-----w-    c:\program files\Combined Community Codec Pack
2013-12-31 16:27:18    26368    -c--a-w-    c:\windows\system32\dllcache\usbstor.sys
2013-12-29 21:39:58    81920    ----a-w-    c:\windows\system32\VM303STI.dll
2013-12-29 21:39:57    61440    ----a-w-    c:\windows\VM303_STI.EXE
2013-12-29 21:39:57    390849    ----a-w-    c:\windows\system32\drivers\usbVM303.sys
2013-12-29 21:39:57    270421    ----a-w-    c:\windows\system32\VM303Prp.Ax
2013-12-29 21:39:57    172032    ----a-w-    c:\windows\amcap.exe
2013-12-29 21:39:57    102400    ----a-w-    c:\windows\VM303Cap.exe
2013-12-29 21:26:20    --------    d-----r-    c:\program files\Skype
2013-12-29 08:56:13    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Identities
2013-12-29 01:06:48    --------    d-----w-    c:\windows\Simple Shutdown Timer
2013-12-29 01:06:48    --------    d-----w-    c:\program files\Simple Shutdown Timer
2013-12-28 17:08:27    --------    d-----w-    C:\FRST
2013-12-28 16:47:51    --------    d--h--w-    c:\windows\PIF
2013-12-28 16:38:55    --------    d-----w-    c:\users\stocking anarchy\application data\Malwarebytes
2013-12-28 16:38:31    --------    d-----w-    c:\users\all users\application data\Malwarebytes
2013-12-28 15:20:03    --------    d-----w-    c:\program files\Steam
2013-12-27 21:17:30    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Microsoft Games
2013-12-27 20:47:55    --------    d-----w-    c:\program files\Defraggler
2013-12-27 20:45:58    --------    d-----w-    c:\users\all users\application data\NVIDIA Corporation
2013-12-27 20:44:43    65536    ----a-w-    c:\windows\system32\OpenCL.dll
2013-12-27 20:44:38    1072544    ----a-w-    c:\windows\system32\nvdrsdb1.bin
2013-12-27 20:44:38    1072544    ----a-w-    c:\windows\system32\nvdrsdb0.bin
2013-12-27 20:44:38    1    ----a-w-    c:\windows\system32\nvdrssel.bin
2013-12-27 20:44:06    892704    ----a-w-    c:\windows\system32\nvdispgenco32.dll
2013-12-27 20:44:06    5967872    ----a-w-    c:\windows\system32\nvopencl.dll
2013-12-27 20:44:06    1010464    ----a-w-    c:\windows\system32\nvdispco32.dll
2013-12-27 20:44:04    17551360    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-12-27 20:43:43    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-12-27 17:41:27    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Sun
2013-12-27 17:39:56    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-12-27 17:39:49    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-27 17:30:54    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Google
2013-12-27 12:19:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-27 12:19:14    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-27 12:11:58    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Adobe
2013-12-27 12:08:57    --------    d-----w-    c:\program files\KeyTweak
2013-12-27 12:08:51    --------    d-----w-    c:\windows\system32\SoftwareDistribution
2013-12-27 12:07:20    --------    d-----w-    c:\windows\system32\Lang
2013-12-27 12:04:44    54784    ----a-w-    c:\windows\system32\drivers\NVENETFD.sys
2013-12-27 12:04:44    200704    ----a-w-    c:\windows\system32\fdco1ins.dll
2013-12-27 12:04:44    200704    ----a-w-    c:\windows\system32\fdco1.dll
2013-12-27 12:04:12    9216    ----a-w-    c:\windows\system32\bdco1ins.dll
2013-12-27 12:04:12    9216    ----a-w-    c:\windows\system32\bdco1.dll
2013-12-27 12:04:12    261632    ----a-w-    c:\windows\system32\drivers\nvsnpu.sys
2013-12-27 12:04:12    22016    ----a-w-    c:\windows\system32\drivers\nvnetbus.sys
2013-12-27 12:04:12    122880    ----a-w-    c:\windows\system32\nvconrm.dll
2013-12-27 12:04:11    955520    ----a-w-    c:\windows\system32\drivers\nvnrm.sys
2013-12-27 12:04:11    42112    ----a-w-    c:\windows\system32\drivers\nvefd2k.sys
.
==================== Find3M  ====================
.
.
============= FINISH: 10:19:45.03 ===============
 

Attached Files


Edited by Assassin_of_Red, 01 January 2014 - 08:42 AM.


#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 05 January 2014 - 07:55 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:03 AM

Posted 05 January 2014 - 06:13 PM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
I would like to apologize for the time that you had to wait, but as you can see we are very busy here. 
 
Do you still need help? 
 
If so, please run new scans with DDS and post the new logs made.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 Assassin_of_Red

Assassin_of_Red
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 05 January 2014 - 09:40 PM

Why Vegeta....Anyway Thanks :o.



Yeah i never did anything to fix it since,err,i already tried the above with no sequence.

 

Ok gonna get a new DDS

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 10.45.2
Run by Stocking Anarchy at 23:34:11 on 2014-01-07
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.766.107 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\VM303_STI.EXE
C:\Users\Stocking Anarchy\Application Data\LClock\lclock.exe
C:\WINDOWS\system32\ultdrvmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} -
TB: QT Tab Standard Buttons: {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} -
TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UltimateServices] c:\windows\system32\ultsvcs.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [VisualTaskTips] c:\windows\system32\visualtasktips.exe
dRun: [TopDesk] c:\windows\system32\topdesk.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [RTUserConfig] c:\windows\system32\rtusercfg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.0.251 168.95.1.1
TCP: Interfaces\{95984771-96D2-486A-BE0C-CA51F1FF9202} : DHCPNameServer = 192.168.0.251 168.95.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stocking anarchy\application data\mozilla\firefox\profiles\hmbdv8jx.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-12-27 1684736]
S3 MFE_RR;MFE_RR;\??\c:\users\stocki~1\locals~1\temp\mfe_rr.sys --> c:\users\stocki~1\locals~1\temp\mfe_rr.sys [?]
.
=============== Created Last 30 ================
.
2019-09-25 22:40:30    20480    ----a-w-    c:\windows\system32\APITypes.dll
2014-01-05 23:07:23    --------    d-----w-    c:\users\stocking anarchy\application data\openvr
2014-01-04 09:21:07    --------    d-----w-    c:\users\stocking anarchy\application data\mIRC
2014-01-04 09:06:51    --------    d-----w-    c:\windows\system32\CatRoot_bak
2014-01-03 18:18:25    688992    ------r-    c:\users\stocking anarchy\dds.com
2013-12-31 17:42:50    --------    d-----w-    c:\users\stocking anarchy\AutomaticSolution Software
2013-12-31 17:42:49    --------    d-----w-    c:\program files\AutoClickerbyShocker
2013-12-31 16:43:12    --------    d-----w-    c:\program files\Combined Community Codec Pack
2013-12-31 16:27:18    26368    -c--a-w-    c:\windows\system32\dllcache\usbstor.sys
2013-12-29 21:39:58    81920    ----a-w-    c:\windows\system32\VM303STI.dll
2013-12-29 21:39:57    61440    ----a-w-    c:\windows\VM303_STI.EXE
2013-12-29 21:39:57    390849    ----a-w-    c:\windows\system32\drivers\usbVM303.sys
2013-12-29 21:39:57    270421    ----a-w-    c:\windows\system32\VM303Prp.Ax
2013-12-29 21:39:57    172032    ----a-w-    c:\windows\amcap.exe
2013-12-29 21:39:57    102400    ----a-w-    c:\windows\VM303Cap.exe
2013-12-29 21:26:20    --------    d-----r-    c:\program files\Skype
2013-12-29 08:56:13    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Identities
2013-12-29 01:06:48    --------    d-----w-    c:\windows\Simple Shutdown Timer
2013-12-29 01:06:48    --------    d-----w-    c:\program files\Simple Shutdown Timer
2013-12-28 17:08:27    --------    d-----w-    C:\FRST
2013-12-28 16:47:51    --------    d--h--w-    c:\windows\PIF
2013-12-28 16:38:55    --------    d-----w-    c:\users\stocking anarchy\application data\Malwarebytes
2013-12-28 16:38:31    --------    d-----w-    c:\users\all users\application data\Malwarebytes
2013-12-28 15:20:03    --------    d-----w-    c:\program files\Steam
2013-12-27 21:17:30    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Microsoft Games
2013-12-27 20:47:55    --------    d-----w-    c:\program files\Defraggler
2013-12-27 20:45:58    --------    d-----w-    c:\users\all users\application data\NVIDIA Corporation
2013-12-27 20:44:43    65536    ----a-w-    c:\windows\system32\OpenCL.dll
2013-12-27 20:44:38    1072544    ----a-w-    c:\windows\system32\nvdrsdb1.bin
2013-12-27 20:44:38    1072544    ----a-w-    c:\windows\system32\nvdrsdb0.bin
2013-12-27 20:44:38    1    ----a-w-    c:\windows\system32\nvdrssel.bin
2013-12-27 20:44:06    892704    ----a-w-    c:\windows\system32\nvdispgenco32.dll
2013-12-27 20:44:06    5967872    ----a-w-    c:\windows\system32\nvopencl.dll
2013-12-27 20:44:06    1010464    ----a-w-    c:\windows\system32\nvdispco32.dll
2013-12-27 20:44:04    17551360    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-12-27 20:43:43    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-12-27 17:41:27    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Sun
2013-12-27 17:39:56    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-12-27 17:39:49    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-27 17:30:54    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Google
2013-12-27 12:19:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-27 12:19:14    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-27 12:11:58    --------    d-----w-    c:\users\stocking anarchy\local settings\application data\Adobe
2013-12-27 12:08:57    --------    d-----w-    c:\program files\KeyTweak
2013-12-27 12:08:51    --------    d-----w-    c:\windows\system32\SoftwareDistribution
2013-12-27 12:07:20    --------    d-----w-    c:\windows\system32\Lang
2013-12-27 12:04:44    54784    ----a-w-    c:\windows\system32\drivers\NVENETFD.sys
2013-12-27 12:04:44    200704    ----a-w-    c:\windows\system32\fdco1ins.dll
2013-12-27 12:04:44    200704    ----a-w-    c:\windows\system32\fdco1.dll
2013-12-27 12:04:12    9216    ----a-w-    c:\windows\system32\bdco1ins.dll
2013-12-27 12:04:12    9216    ----a-w-    c:\windows\system32\bdco1.dll
2013-12-27 12:04:12    261632    ----a-w-    c:\windows\system32\drivers\nvsnpu.sys
2013-12-27 12:04:12    22016    ----a-w-    c:\windows\system32\drivers\nvnetbus.sys
2013-12-27 12:04:12    122880    ----a-w-    c:\windows\system32\nvconrm.dll
2013-12-27 12:04:11    955520    ----a-w-    c:\windows\system32\drivers\nvnrm.sys
2013-12-27 12:04:11    42112    ----a-w-    c:\windows\system32\drivers\nvefd2k.sys
.
==================== Find3M  ====================
.
.
============= FINISH: 23:34:52.56 ===============
 

 

 

 

 

AAAnd the Attach

 

 



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:03 AM

Posted 06 January 2014 - 08:01 AM

Hi,
 

Why Vegeta....Anyway Thanks

:P  Why not?   Nothing like an anti-hero.
 
You have an outdated version of Internet Explorer on your system.  You can download the most recent copy from here.
Even if you do not use Internet Explorer it is important to keep it up to date because that is the browser that Windows uses to perform updates by default.
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
n3uobiT.jpg  Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 Assassin_of_Red

Assassin_of_Red
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 06 January 2014 - 09:01 AM

Wow Thanks :o....

 

Why not?Err,its just i remember something........9000-ish (Anti-hero at least does good stuff,my avatar=aBIT evil,but She's Awesome and hot)

 

 

aaaaaaaaaanyway

 

IE Installer is still _downloading updates_...for...................hours already(the dl speed is usually fast so this is,yeah,stuck? ill leave it on)

 

 

TDSSKiller didnt find any,logs here are

 

 

10:51:31.0187 2892  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:51:32.0687 2892  ============================================================
10:51:32.0687 2892  Current date / time: 2014/01/08 10:51:32.0687
10:51:32.0687 2892  SystemInfo:
10:51:32.0687 2892  
10:51:32.0687 2892  OS Version: 5.1.2600 ServicePack: 3.0
10:51:32.0687 2892  Product type: Workstation
10:51:32.0687 2892  ComputerName: ASSASSIN-5A4E34
10:51:32.0703 2892  UserName: Stocking Anarchy
10:51:32.0703 2892  Windows directory: C:\WINDOWS
10:51:32.0703 2892  System windows directory: C:\WINDOWS
10:51:32.0703 2892  Processor architecture: Intel x86
10:51:32.0703 2892  Number of processors: 2
10:51:32.0703 2892  Page size: 0x1000
10:51:32.0703 2892  Boot type: Normal boot
10:51:32.0703 2892  ============================================================
10:51:34.0875 2892  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:51:34.0921 2892  ============================================================
10:51:34.0921 2892  \Device\Harddisk0\DR0:
10:51:34.0937 2892  MBR partitions:
10:51:34.0937 2892  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
10:51:34.0968 2892  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A8533F, BlocksNum 0x4A852C1
10:51:34.0968 2892  ============================================================
10:51:35.0046 2892  C: <-> \Device\Harddisk0\DR0\Partition1
10:51:35.0109 2892  D: <-> \Device\Harddisk0\DR0\Partition2
10:51:35.0125 2892  ============================================================
10:51:35.0125 2892  Initialize success
10:51:35.0125 2892  ============================================================
10:51:50.0906 2944  ============================================================
10:51:50.0906 2944  Scan started
10:51:50.0906 2944  Mode: Manual;
10:51:50.0906 2944  ============================================================
10:51:51.0937 2944  ================ Scan system memory ========================
10:51:51.0953 2944  System memory - ok
10:51:51.0953 2944  ================ Scan services =============================
10:51:52.0062 2944  Abiosdsk - ok
10:51:52.0062 2944  abp480n5 - ok
10:51:52.0093 2944  [ D9CE207DE54B3CB8C00E8D64E423F985 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:51:52.0093 2944  ACPI - ok
10:51:52.0125 2944  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:51:52.0125 2944  ACPIEC - ok
10:51:52.0203 2944  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:51:52.0203 2944  AdobeFlashPlayerUpdateSvc - ok
10:51:52.0218 2944  adpu160m - ok
10:51:52.0250 2944  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:51:52.0265 2944  aec - ok
10:51:52.0296 2944  [ EEDECE1D153C5A4F44063F6B81BB128D ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:51:52.0312 2944  AFD - ok
10:51:52.0312 2944  Aha154x - ok
10:51:52.0312 2944  aic78u2 - ok
10:51:52.0328 2944  aic78xx - ok
10:51:52.0343 2944  [ 5256587EE0AA52B8D2DD487B6A01CA9A ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:51:52.0375 2944  Alerter - ok
10:51:52.0406 2944  [ 9D8B712141B4803EAC4EEC8D74A7D227 ] ALG             C:\WINDOWS\System32\alg.exe
10:51:52.0406 2944  ALG - ok
10:51:52.0421 2944  AliIde - ok
10:51:52.0484 2944  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
10:51:52.0546 2944  Ambfilt - ok
10:51:52.0562 2944  [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:51:52.0578 2944  AmdK8 - ok
10:51:52.0593 2944  amsint - ok
10:51:52.0640 2944  [ 7F6F63CD85AB5BE482DFD243421DF76A ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:51:52.0640 2944  AppMgmt - ok
10:51:52.0687 2944  asc - ok
10:51:52.0687 2944  asc3350p - ok
10:51:52.0703 2944  asc3550 - ok
10:51:52.0843 2944  [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:51:52.0843 2944  aspnet_state - ok
10:51:52.0875 2944  [ 26E7300ADAF32AFC70CD6CB91D9B127B ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:51:52.0875 2944  AsyncMac - ok
10:51:52.0890 2944  [ 5C57FA4B5B2776C970C4F566A2DF5B68 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:51:52.0890 2944  atapi - ok
10:51:52.0906 2944  Atdisk - ok
10:51:52.0937 2944  [ 71152B9DE4A97F0410D38C52DC536E64 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:51:52.0937 2944  Atmarpc - ok
10:51:52.0953 2944  [ E14EADDE155CE5932232EA4AF91CB224 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:51:52.0968 2944  AudioSrv - ok
10:51:53.0000 2944  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:51:53.0000 2944  audstub - ok
10:51:53.0031 2944  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:51:53.0031 2944  Beep - ok
10:51:53.0062 2944  [ ECAC5CAB09E9F023EE2A60A9D4D2E785 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:51:53.0140 2944  BITS - ok
10:51:53.0187 2944  [ 54672E9CCB43591788EC8A54A9973D32 ] Browser         C:\WINDOWS\System32\browser.dll
10:51:53.0187 2944  Browser - ok
10:51:53.0218 2944  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:51:53.0218 2944  cbidf2k - ok
10:51:53.0250 2944  [ CF86C18E78F0C61890F7F2D05154EC8F ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:51:53.0265 2944  CCDECODE - ok
10:51:53.0265 2944  cd20xrnt - ok
10:51:53.0296 2944  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:51:53.0296 2944  Cdaudio - ok
10:51:53.0328 2944  [ 9529EF0AD949465CF0F178DF918F451A ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:51:53.0328 2944  Cdfs - ok
10:51:53.0343 2944  [ 2BB41F9E073E1B6FC08CECD7FCB460FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:51:53.0343 2944  Cdrom - ok
10:51:53.0343 2944  Changer - ok
10:51:53.0390 2944  [ DD7A688F120D6CB4FC27006894DC9529 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:51:53.0390 2944  CiSvc - ok
10:51:53.0421 2944  [ 4DC5C33134F1DC7B427A44092FBE7559 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:51:53.0421 2944  ClipSrv - ok
10:51:53.0453 2944  [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:51:53.0453 2944  clr_optimization_v2.0.50727_32 - ok
10:51:53.0468 2944  CmdIde - ok
10:51:53.0484 2944  COMSysApp - ok
10:51:53.0500 2944  Cpqarray - ok
10:51:53.0531 2944  [ E849B38138D40B45D7A5B1EDAC972A99 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:51:53.0531 2944  CryptSvc - ok
10:51:53.0531 2944  dac2w2k - ok
10:51:53.0546 2944  dac960nt - ok
10:51:53.0578 2944  [ D27C33B341768E3EA31EB1A7BE206AAC ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:51:53.0593 2944  DcomLaunch - ok
10:51:53.0640 2944  [ 91E5296C704A42FDABA55EA5FCCBD520 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:51:53.0656 2944  Dhcp - ok
10:51:53.0859 2944  [ 4454F78A5F283C42DB9FB5098372B547 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:51:53.0859 2944  Disk - ok
10:51:53.0859 2944  dmadmin - ok
10:51:53.0921 2944  [ FC3EB0005D9B2367AC8DE241B7DD2841 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:51:53.0937 2944  dmboot - ok
10:51:53.0953 2944  [ D41FA055EFA29D858DF0AC70F7CD6516 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:51:53.0968 2944  dmio - ok
10:51:53.0984 2944  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:51:53.0984 2944  dmload - ok
10:51:54.0000 2944  [ C873D7D7D9E0631388E54752D0E0FF52 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:51:54.0000 2944  dmserver - ok
10:51:54.0046 2944  [ BAFC50AA5B584BE3EBC42C41BB7DBFEE ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:51:54.0046 2944  DMusic - ok
10:51:54.0078 2944  [ 9DEDDCAC356983C11BF102B3297407F4 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:51:54.0093 2944  Dnscache - ok
10:51:54.0109 2944  [ 47EAD5E92F38A8939A7AC7FFC7DFD0F4 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:51:54.0109 2944  Dot3svc - ok
10:51:54.0125 2944  dpti2o - ok
10:51:54.0156 2944  [ 24EA6CF426CF20B6C3FB67B6938DE84C ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:51:54.0171 2944  drmkaud - ok
10:51:54.0187 2944  [ AD4D1BDCAD0E06BF95187943E11ABF34 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:51:54.0187 2944  EapHost - ok
10:51:54.0250 2944  [ E29D8F8680B706A3F701F6276956FBFF ] ehSched         C:\WINDOWS\ehome\ehSched.exe
10:51:54.0265 2944  ehSched - ok
10:51:54.0312 2944  [ B4F61F2F23AF3CC69C94F13B3D132AAD ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:51:54.0312 2944  ERSvc - ok
10:51:54.0343 2944  [ F8ACC55443546F4C6FF5B388EEFFDDB7 ] Eventlog        C:\WINDOWS\system32\services.exe
10:51:54.0375 2944  Eventlog - ok
10:51:54.0421 2944  [ F60A4DE56E26197608511A8917075922 ] EventSystem     C:\WINDOWS\system32\es.dll
10:51:54.0437 2944  EventSystem - ok
10:51:54.0468 2944  [ 0290DE29CEF5795064D8ECB44DB96709 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:51:54.0468 2944  Fastfat - ok
10:51:54.0500 2944  [ 513CDDCF59CFBF28D085FCD8D13981DB ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:51:54.0531 2944  FastUserSwitchingCompatibility - ok
10:51:54.0578 2944  [ 3168E82018B1E88E089013AC7970BAD8 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:51:54.0578 2944  Fdc - ok
10:51:54.0593 2944  [ 752498F9DD288D59C6F0513C1EE88352 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:51:54.0593 2944  Fips - ok
10:51:54.0609 2944  [ 10E9E0676AF71FE78F03853F933137AB ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:51:54.0609 2944  Flpydisk - ok
10:51:54.0640 2944  [ 09257EAE1EA003020B26D3A723159033 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:51:54.0640 2944  FltMgr - ok
10:51:54.0687 2944  [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:51:54.0687 2944  FontCache3.0.0.0 - ok
10:51:54.0718 2944  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:51:54.0718 2944  Fs_Rec - ok
10:51:54.0750 2944  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:51:54.0750 2944  Ftdisk - ok
10:51:54.0781 2944  [ 056E68384160CEE86A3E8419FC892D07 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:51:54.0781 2944  Gpc - ok
10:51:54.0859 2944  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:54.0859 2944  gupdate - ok
10:51:54.0875 2944  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:54.0875 2944  gupdatem - ok
10:51:54.0906 2944  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:51:54.0906 2944  HDAudBus - ok
10:51:54.0968 2944  [ 522486AF22D2E960920D2EFA976E85D9 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:51:54.0968 2944  helpsvc - ok
10:51:54.0984 2944  HidServ - ok
10:51:55.0000 2944  [ A9A5808F3BEBEFBC212FD0C6E1591202 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:51:55.0015 2944  hkmsvc - ok
10:51:55.0015 2944  hpn - ok
10:51:55.0046 2944  [ C28CB834B5CBBB8B68C29D0EB2021CE7 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:51:55.0062 2944  HTTP - ok
10:51:55.0093 2944  [ 3474037FD58C3E850BCF3946F4E55243 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:51:55.0093 2944  HTTPFilter - ok
10:51:55.0109 2944  i2omgmt - ok
10:51:55.0109 2944  i2omp - ok
10:51:55.0140 2944  [ 0E3FA77F8FA3DFFE35650777410217D9 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:51:55.0140 2944  i8042prt - ok
10:51:55.0218 2944  [ E7CC3AEAED9893A88876744CD439F76C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:51:55.0312 2944  idsvc - ok
10:51:55.0343 2944  [ C8608B31B59CB8988EC2CEB4CF4A94F3 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:51:55.0343 2944  Imapi - ok
10:51:55.0359 2944  [ D8C2FFE15E07B06F6BFFAE3F7C5D6094 ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:51:55.0375 2944  ImapiService - ok
10:51:55.0375 2944  ini910u - ok
10:51:55.0562 2944  [ 512CC914475348D774D1BB9F866396A5 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:51:55.0718 2944  IntcAzAudAddService - ok
10:51:55.0718 2944  IntelIde - ok
10:51:55.0765 2944  [ F65D35815863E623890EF73F54DB61AB ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:51:55.0765 2944  Ip6Fw - ok
10:51:55.0796 2944  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:51:55.0796 2944  IpFilterDriver - ok
10:51:55.0812 2944  [ 9E01AC500963C5AB62FC98F59BA7960F ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:51:55.0812 2944  IpInIp - ok
10:51:55.0843 2944  [ 597A994DB7BD42DFD85B1214D3DE0416 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:51:55.0843 2944  IpNat - ok
10:51:55.0875 2944  [ 17C65C873ED09769AC6E45C0D461EA2E ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:51:55.0875 2944  IPSec - ok
10:51:55.0890 2944  [ 1FDCAB16E51CAF0219B8693C517C17A1 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:51:55.0906 2944  IRENUM - ok
10:51:55.0921 2944  [ 9E25F42578BC22AFE3D405414A177067 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:51:55.0921 2944  isapnp - ok
10:51:55.0984 2944  [ 80A79264302910C7C24BA7E44267EFEF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:51:56.0000 2944  JavaQuickStarterService - ok
10:51:56.0046 2944  [ 0C6A9734730068CD373034226F36F1E8 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:51:56.0046 2944  Kbdclass - ok
10:51:56.0078 2944  [ BB69D5A68F937EE946ABCC0B934EA7BC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:51:56.0078 2944  kmixer - ok
10:51:56.0109 2944  [ 9B4DE82EC3C42326AF6A1B9AD708A84E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:51:56.0125 2944  KSecDD - ok
10:51:56.0187 2944  [ 099B4C45DC60197651D7C9FA0121ADF3 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
10:51:56.0187 2944  LanmanServer - ok
10:51:56.0234 2944  [ 5BB0B70A595B1BD26E29145B03E1F568 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:51:56.0250 2944  lanmanworkstation - ok
10:51:56.0250 2944  lbrtfdc - ok
10:51:56.0265 2944  [ 64EC3B9EFF64C1E551B59DA48A0AED15 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:51:56.0265 2944  LmHosts - ok
10:51:56.0328 2944  [ AA48E9DDEADA6DDD62D0C17E89D76A6C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:51:56.0328 2944  Messenger - ok
10:51:56.0468 2944  MFE_RR - ok
10:51:56.0500 2944  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:51:56.0500 2944  mnmdd - ok
10:51:56.0531 2944  [ BE7785245C090980580DFC33B7D00FBF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:51:56.0531 2944  mnmsrvc - ok
10:51:56.0578 2944  [ 4DD00375C2A6FAFB9BFD12246848875A ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:51:56.0593 2944  Modem - ok
10:51:56.0656 2944  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
10:51:56.0718 2944  Monfilt - ok
10:51:56.0750 2944  [ 8CA12D7D14A25B37F56D5F1FE9A25A60 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:51:56.0750 2944  Mouclass - ok
10:51:56.0781 2944  [ A1F6E5985D4B6332765BBD752B585820 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:51:56.0781 2944  MountMgr - ok
10:51:56.0828 2944  [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:51:56.0906 2944  MozillaMaintenance - ok
10:51:57.0031 2944  mraid35x - ok
10:51:57.0062 2944  [ B9F3E668F69F62572DA2EF5A4E637F3D ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:51:57.0062 2944  MRxDAV - ok
10:51:57.0125 2944  [ FC56A3D7E0960C061C971E1338F0023F ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:51:57.0140 2944  MRxSmb - ok
10:51:57.0171 2944  [ 9A8C97EE2E086E4A27A7B0C0F4B0A40E ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:51:57.0171 2944  MSDTC - ok
10:51:57.0203 2944  [ 317C43683419458D0FD5F8107A30913A ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:51:57.0203 2944  Msfs - ok
10:51:57.0203 2944  MSIServer - ok
10:51:57.0250 2944  [ FB715EEBFB34C937472C615A0FD3231B ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:51:57.0250 2944  MSKSSRV - ok
10:51:57.0281 2944  [ 2FB80EC34B3BFA8617B55FE2B9D33106 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:51:57.0281 2944  MSPCLOCK - ok
10:51:57.0296 2944  [ DFC52003F881409650F81AA7716DDCF3 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:51:57.0312 2944  MSPQM - ok
10:51:57.0328 2944  [ 0BB1037D1C00F3A154205C7550AF2845 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:51:57.0343 2944  mssmbios - ok
10:51:57.0390 2944  [ 838B7287DCB39ACD15B11F374E71625F ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:51:57.0390 2944  MSTEE - ok
10:51:57.0437 2944  [ D49499E4C395940A3FBAA9DC66D23A63 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:51:57.0437 2944  Mup - ok
10:51:57.0484 2944  [ 8BA5F02AB47423CBD13A615B93578311 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:51:57.0484 2944  NABTSFEC - ok
10:51:57.0546 2944  [ 4457C80A57669A9703A74EF17D34D402 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:51:57.0546 2944  napagent - ok
10:51:57.0578 2944  [ 7EAF6AC0FEA24CE89B298B52EDE1B5C4 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:51:57.0578 2944  NDIS - ok
10:51:57.0625 2944  [ 8C7FA358F3750C3976622E0AE3BE73F8 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:51:57.0625 2944  NdisIP - ok
10:51:57.0640 2944  [ 27AFA919C0E3F139A193E9758532D5E6 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:51:57.0640 2944  NdisTapi - ok
10:51:57.0671 2944  [ 1F482BCDB22B941C7ED7159633A45B6E ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:51:57.0671 2944  Ndisuio - ok
10:51:57.0687 2944  [ DB8DF6110124ADE6149C29DAC88C3879 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:51:57.0687 2944  NdisWan - ok
10:51:57.0718 2944  [ 44B60DB4C7B16675643F2F7604016103 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:51:57.0718 2944  NDProxy - ok
10:51:57.0734 2944  [ CE36BD0EEA5B4B278DFCC7E59A1D1E86 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:51:57.0734 2944  NetBIOS - ok
10:51:57.0765 2944  [ 30DA2FA55D186EF6C753BA736BEDA9FB ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:51:57.0765 2944  NetBT - ok
10:51:57.0796 2944  [ 907B4FEC442A4F8FAFCC37BA2D7ABF55 ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:51:57.0796 2944  NetDDE - ok
10:51:57.0812 2944  [ 907B4FEC442A4F8FAFCC37BA2D7ABF55 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:51:57.0812 2944  NetDDEdsdm - ok
10:51:57.0828 2944  [ 4C905DFDCDE68E940B7D903F4DAF8108 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:51:57.0843 2944  Netlogon - ok
10:51:57.0859 2944  [ BB6EDC4318AE0B35ADCE7A900ABFF82A ] Netman          C:\WINDOWS\System32\netman.dll
10:51:57.0859 2944  Netman - ok
10:51:57.0890 2944  [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:51:57.0906 2944  NetTcpPortSharing - ok
10:51:57.0953 2944  [ 420F4BA42C06E44C5B82274C4CF1CCDE ] Nla             C:\WINDOWS\System32\mswsock.dll
10:51:57.0968 2944  Nla - ok
10:51:57.0984 2944  [ 4B719885E41CA3425D36A69A0C057B3C ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:51:57.0984 2944  Npfs - ok
10:51:58.0062 2944  [ A470C31513534F650A59E78A2FE783C1 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:51:58.0078 2944  Ntfs - ok
10:51:58.0093 2944  [ 4C905DFDCDE68E940B7D903F4DAF8108 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:51:58.0093 2944  NtLmSsp - ok
10:51:58.0140 2944  [ 5EFBDCEA6935CC3AA15DAAF33CB7E8C6 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:51:58.0156 2944  NtmsSvc - ok
10:51:58.0187 2944  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:51:58.0187 2944  Null - ok
10:51:58.0765 2944  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:51:59.0140 2944  nv - ok
10:51:59.0250 2944  [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvatabus        C:\WINDOWS\system32\drivers\nvatabus.sys
10:51:59.0281 2944  nvatabus - ok
10:51:59.0312 2944  [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:51:59.0328 2944  NVENETFD - ok
10:51:59.0359 2944  [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:51:59.0359 2944  nvnetbus - ok
10:51:59.0421 2944  [ 1982E96B2C5C2EFFEF38EFC37293A42E ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
10:51:59.0453 2944  NVSvc - ok
10:51:59.0578 2944  [ E6568D2D90028207587CB43CD8E5FD01 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:51:59.0640 2944  nvUpdatusService - ok
10:51:59.0671 2944  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:51:59.0671 2944  NwlnkFlt - ok
10:51:59.0703 2944  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:51:59.0703 2944  NwlnkFwd - ok
10:51:59.0734 2944  [ A54D582B1737095CF71FC4C75E7E4BB5 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:51:59.0750 2944  Parport - ok
10:51:59.0765 2944  [ 268917BC207A3105D975741C1C5285E8 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:51:59.0765 2944  PartMgr - ok
10:51:59.0781 2944  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:51:59.0781 2944  ParVdm - ok
10:51:59.0796 2944  [ 7F4CBF9DF8BA8003CA145E5BBE95EB81 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:51:59.0812 2944  PCI - ok
10:51:59.0828 2944  PCIDump - ok
10:51:59.0859 2944  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:51:59.0859 2944  PCIIde - ok
10:51:59.0890 2944  [ A925580E85B1AEEC64A5C39AB79ECC7D ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:51:59.0906 2944  Pcmcia - ok
10:51:59.0906 2944  PDCOMP - ok
10:51:59.0906 2944  PDFRAME - ok
10:51:59.0921 2944  PDRELI - ok
10:51:59.0921 2944  PDRFRAME - ok
10:51:59.0937 2944  perc2 - ok
10:51:59.0937 2944  perc2hib - ok
10:51:59.0984 2944  [ F8ACC55443546F4C6FF5B388EEFFDDB7 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:51:59.0984 2944  PlugPlay - ok
10:52:00.0000 2944  [ 4C905DFDCDE68E940B7D903F4DAF8108 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:52:00.0000 2944  PolicyAgent - ok
10:52:00.0031 2944  [ 5F125A075F48EE11D23CD1D59B5B5CA0 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:52:00.0031 2944  PptpMiniport - ok
10:52:00.0109 2944  [ 4C905DFDCDE68E940B7D903F4DAF8108 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:52:00.0109 2944  ProtectedStorage - ok
10:52:00.0156 2944  [ B6E3F0CBF53530B1EB92E29C0C3EBEAC ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:52:00.0156 2944  PSched - ok
10:52:00.0187 2944  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:52:00.0187 2944  Ptilink - ok
10:52:00.0203 2944  ql1080 - ok
10:52:00.0203 2944  Ql10wnt - ok
10:52:00.0218 2944  ql12160 - ok
10:52:00.0218 2944  ql1240 - ok
10:52:00.0234 2944  ql1280 - ok
10:52:00.0250 2944  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:52:00.0250 2944  RasAcd - ok
10:52:00.0265 2944  [ 9F62D0E35429830BDB60798D1AB45E05 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:52:00.0281 2944  RasAuto - ok
10:52:00.0296 2944  [ 2024F3C75D6CB95E0FDDB1517FB21EB5 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:52:00.0296 2944  Rasl2tp - ok
10:52:00.0328 2944  [ E733A03E672D4F6655D15286CA1820B9 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:52:00.0328 2944  RasMan - ok
10:52:00.0359 2944  [ A3A64B2F69B8E384029373845C273E6F ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:52:00.0359 2944  RasPppoe - ok
10:52:00.0390 2944  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:52:00.0390 2944  Raspti - ok
10:52:00.0437 2944  [ 3D5C240AE89126E2CEAC04F229A62C94 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:52:00.0437 2944  Rdbss - ok
10:52:00.0453 2944  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:52:00.0453 2944  RDPCDD - ok
10:52:00.0500 2944  [ 98CC7AC6614002080A92C5533608E425 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:52:00.0515 2944  rdpdr - ok
10:52:00.0546 2944  [ BCA59653D57BF56B3E2EB34EDD1C55DF ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:52:00.0562 2944  RDPWD - ok
10:52:00.0578 2944  [ 8AA43DF9B974FE13AD43AE574A7B7C99 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:52:00.0578 2944  RDSessMgr - ok
10:52:00.0593 2944  [ 49C5CE86BC164709FDA25212E4731126 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:52:00.0609 2944  redbook - ok
10:52:00.0640 2944  [ 139C4FE201A92CDFA479A45F27BC5AA2 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:52:00.0640 2944  RemoteAccess - ok
10:52:00.0671 2944  [ 36866E1121F2C4947DA350D2D449BBB3 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:52:00.0671 2944  RemoteRegistry - ok
10:52:00.0718 2944  [ BCC77153A1EE5B3B2C54792A75CE4BF7 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:52:00.0718 2944  RpcLocator - ok
10:52:00.0734 2944  [ D27C33B341768E3EA31EB1A7BE206AAC ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:52:00.0750 2944  RpcSs - ok
10:52:00.0781 2944  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:52:00.0781 2944  RSVP - ok
10:52:00.0796 2944  [ 4C905DFDCDE68E940B7D903F4DAF8108 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:52:00.0796 2944  SamSs - ok
10:52:00.0828 2944  [ 803314847E6ACCA303809FBBF41FDCC9 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:52:00.0843 2944  SCardSvr - ok
10:52:00.0890 2944  [ E380E4BF92F32B8315558A356D30E50D ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:52:00.0890 2944  Schedule - ok
10:52:00.0921 2944  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:52:00.0921 2944  Secdrv - ok
10:52:00.0953 2944  [ C715E49D39ADAB5814E3A0C8A1F912A6 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:52:00.0953 2944  seclogon - ok
10:52:00.0968 2944  [ 0B27CD25AAA261C3BE3574CACF8C46F1 ] SENS            C:\WINDOWS\system32\sens.dll
10:52:00.0968 2944  SENS - ok
10:52:01.0000 2944  [ A6864B3A9C68BE45C23DF7EA3895D53B ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:52:01.0000 2944  serenum - ok
10:52:01.0015 2944  [ 5A49BC6B85CF7132CD742D284CC9D977 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:52:01.0015 2944  Serial - ok
10:52:01.0062 2944  [ DF0061645DA3C6592F13104E838774C8 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:52:01.0078 2944  Sfloppy - ok
10:52:01.0125 2944  [ 1638CAB5E54D68CB8AFD34F48D47ACCD ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:52:01.0140 2944  SharedAccess - ok
10:52:01.0156 2944  [ 513CDDCF59CFBF28D085FCD8D13981DB ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:52:01.0171 2944  ShellHWDetection - ok
10:52:01.0171 2944  Simbad - ok
10:52:01.0234 2944  [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:52:01.0250 2944  SkypeUpdate - ok
10:52:01.0296 2944  [ FAA2DD3BE63BB792977816597284932B ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:52:01.0296 2944  SLIP - ok
10:52:01.0312 2944  Sparrow - ok
10:52:01.0343 2944  [ A7FEE4C5D140E32D45538D40A5ED67E2 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:52:01.0343 2944  splitter - ok
10:52:01.0390 2944  [ 7E57290F2E794EE98B5B84E5DFF9CE61 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:52:01.0390 2944  Spooler - ok
10:52:01.0421 2944  [ E650C7B9A96A7A0B345A6D19C462D2AF ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:52:01.0437 2944  sr - ok
10:52:01.0453 2944  [ 173358B633DCC8921970ECB55989F11A ] srservice       C:\WINDOWS\system32\srsvc.dll
10:52:01.0453 2944  srservice - ok
10:52:01.0484 2944  [ 6F2A87510E9E2EF79B9DEC48E38F37CF ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:52:01.0484 2944  Srv - ok
10:52:01.0515 2944  [ 637485C11BD7E20AFB57F1B9A0645FAA ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:52:01.0515 2944  SSDPSRV - ok
10:52:01.0562 2944  [ CEA57B3E435695F050200E09F74E1ED5 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:52:01.0562 2944  stisvc - ok
10:52:01.0593 2944  [ 72AA882E6AE3AE350F30113A8184C4D6 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:52:01.0593 2944  streamip - ok
10:52:01.0656 2944  [ 578418D07C7C7BAC36A1F6832D4FCAF1 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:52:01.0656 2944  swenum - ok
10:52:01.0671 2944  [ BCCF5102409538B01AAC7AAA73660860 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:52:01.0671 2944  swmidi - ok
10:52:01.0687 2944  SwPrv - ok
10:52:01.0687 2944  symc810 - ok
10:52:01.0703 2944  symc8xx - ok
10:52:01.0703 2944  sym_hi - ok
10:52:01.0718 2944  sym_u3 - ok
10:52:01.0750 2944  [ 8B0ACE8441356A7327DA88D86E4672B7 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:52:01.0750 2944  sysaudio - ok
10:52:01.0781 2944  [ 25A7DDDBBEF3CB6823466CA5A5D23C9F ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:52:01.0781 2944  SysmonLog - ok
10:52:01.0828 2944  [ 2BE23EE3A9BB24A7388D1005179F11A7 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:52:01.0828 2944  TapiSrv - ok
10:52:01.0859 2944  [ 270684847A8EF5C51FFF58457E4DC8C6 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:52:01.0875 2944  Tcpip - ok
10:52:01.0890 2944  [ 3EBF04DF288699CBE92860FC2FC77156 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:52:01.0890 2944  TDPIPE - ok
10:52:01.0906 2944  [ EF72B325BFC20182A9070393EAFC00B2 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:52:01.0906 2944  TDTCP - ok
10:52:01.0937 2944  [ B1D8DF0D53171EA964DF87CF0248FD08 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:52:01.0937 2944  TermDD - ok
10:52:01.0968 2944  [ B60D522418AD74B4A1DA5FB41C147CBA ] TermService     C:\WINDOWS\System32\termsrv.dll
10:52:01.0968 2944  TermService - ok
10:52:02.0000 2944  [ 513CDDCF59CFBF28D085FCD8D13981DB ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:52:02.0000 2944  Themes - ok
10:52:02.0031 2944  [ 26244767BA5F419B37F0B4575AD5738B ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
10:52:02.0046 2944  TlntSvr - ok
10:52:02.0046 2944  TosIde - ok
10:52:02.0062 2944  [ 3B27FB36349048B17F8065BF2AE57AA5 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:52:02.0078 2944  TrkWks - ok
10:52:02.0093 2944  [ DDD12FC258E777B3A6A49E75BF3D6899 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:52:02.0109 2944  Udfs - ok
10:52:02.0109 2944  ultra - ok
10:52:02.0140 2944  [ 2256719DE3722BC2F47A05172AA423BC ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:52:02.0156 2944  Update - ok
10:52:02.0171 2944  [ B68509F26F8222C803839986271B7B08 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:52:02.0171 2944  upnphost - ok
10:52:02.0203 2944  [ C24DE6F6DDF234858D8BF2A10781C32D ] UPS             C:\WINDOWS\System32\ups.exe
10:52:02.0203 2944  UPS - ok
10:52:02.0218 2944  [ AE18E087754F290FC05F81CC3A4EC6C9 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:52:02.0218 2944  usbehci - ok
10:52:02.0250 2944  [ C8731EF48BAE257E1948B8D87D8DE0FB ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:52:02.0250 2944  usbhub - ok
10:52:02.0265 2944  [ 34CCC5A23A35C70C432242B64EF6DA95 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:52:02.0281 2944  usbohci - ok
10:52:02.0328 2944  [ 479485D182199FACF965BC4D2756D456 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:52:02.0328 2944  USBSTOR - ok
10:52:02.0359 2944  [ A856A8A639D6BC16B65CFB7C4AAA45D5 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:52:02.0375 2944  VgaSave - ok
10:52:02.0406 2944  ViaIde - ok
10:52:02.0421 2944  [ 868170260A32FD080FB637DA3F2A4423 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:52:02.0421 2944  VolSnap - ok
10:52:02.0437 2944  [ 15EA5417514B4354403EE3CEA0A63497 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:52:02.0453 2944  VSS - ok
10:52:02.0484 2944  [ 2596B0FF66D5E163C40181442CCE9E80 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:52:02.0484 2944  W32Time - ok
10:52:02.0531 2944  [ C37D29A03E5181B2C49103803B62583F ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:52:02.0531 2944  Wanarp - ok
10:52:02.0531 2944  WDICA - ok
10:52:02.0562 2944  [ A687BE1DC68EF2EF0D76216F9F05F986 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:52:02.0562 2944  wdmaud - ok
10:52:02.0578 2944  [ 93D9FDA0EA2143229EF935A3CAFCB266 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:52:02.0593 2944  WebClient - ok
10:52:02.0656 2944  [ 4C0C03C32C9078553F505272600ACF3F ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:52:02.0656 2944  winmgmt - ok
10:52:02.0703 2944  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
10:52:02.0703 2944  WmdmPmSN - ok
10:52:02.0765 2944  [ 0CFAF1B0F440F93C5E283B102A1C6378 ] Wmi             C:\WINDOWS\System32\advapi32.dll
10:52:02.0781 2944  Wmi - ok
10:52:02.0812 2944  [ 66BBE6A8B5C8C2716C2736DEAA26E0E3 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:52:02.0812 2944  WmiApSrv - ok
10:52:02.0906 2944  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:52:02.0968 2944  WMPNetworkSvc - ok
10:52:03.0015 2944  [ 602C4B221489E5BA0735F60D9CFDDB2F ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:52:03.0031 2944  wscsvc - ok
10:52:03.0046 2944  [ 76A1ABFD1B627486CE1C4BA2C56D2EC5 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:52:03.0046 2944  WSTCODEC - ok
10:52:03.0078 2944  [ E9E2E8FDE99090C1CA5189947F188C80 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:52:03.0093 2944  wuauserv - ok
10:52:03.0140 2944  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:52:03.0140 2944  WudfPf - ok
10:52:03.0156 2944  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:52:03.0156 2944  WudfRd - ok
10:52:03.0171 2944  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:52:03.0171 2944  WudfSvc - ok
10:52:03.0203 2944  [ 7655D55CD44CBCDBD1B4458D9B0D2161 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:52:03.0218 2944  WZCSVC - ok
10:52:03.0234 2944  [ BF803BD167DDF45AAF364B49B7FB39E3 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:52:03.0250 2944  xmlprov - ok
10:52:03.0296 2944  [ 07F90A3574769A28AD3F45CCC61394EC ] ZSMC303         C:\WINDOWS\system32\Drivers\usbVM303.sys
10:52:03.0296 2944  ZSMC303 - ok
10:52:03.0328 2944  ================ Scan global ===============================
10:52:03.0375 2944  [ 4539B01033708E3DC28247742A1D2564 ] C:\WINDOWS\system32\basesrv.dll
10:52:03.0421 2944  [ B0FBF51499C60661EEAE12DF1AC9B88F ] C:\WINDOWS\system32\winsrv.dll
10:52:03.0437 2944  [ B0FBF51499C60661EEAE12DF1AC9B88F ] C:\WINDOWS\system32\winsrv.dll
10:52:03.0453 2944  [ F8ACC55443546F4C6FF5B388EEFFDDB7 ] C:\WINDOWS\system32\services.exe
10:52:03.0453 2944  [Global] - ok
10:52:03.0468 2944  ================ Scan MBR ==================================
10:52:03.0484 2944  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:52:03.0640 2944  \Device\Harddisk0\DR0 - ok
10:52:03.0640 2944  ================ Scan VBR ==================================
10:52:03.0640 2944  [ 011FBF7E16C5315FCA1A756A47E89382 ] \Device\Harddisk0\DR0\Partition1
10:52:03.0640 2944  \Device\Harddisk0\DR0\Partition1 - ok
10:52:03.0671 2944  [ 59FDF2DBFAE381B6991B745FDC4440A5 ] \Device\Harddisk0\DR0\Partition2
10:52:03.0671 2944  \Device\Harddisk0\DR0\Partition2 - ok
10:52:03.0671 2944  ============================================================
10:52:03.0671 2944  Scan finished
10:52:03.0671 2944  ============================================================
10:52:03.0687 1988  Detected object count: 0
10:52:03.0687 1988  Actual detected object count: 0
10:52:16.0671 2808  Deinitialize success
 

 

 

aand CK

 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.ICNABZ
 ----- EOF -----
 



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:03 AM

Posted 06 January 2014 - 09:22 AM

Hi,

 

When you are done with the IE update, please do the following....
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 
Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



RCUpdate1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


Edited by jeffce, 06 January 2014 - 09:22 AM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 Assassin_of_Red

Assassin_of_Red
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 06 January 2014 - 12:11 PM

_Downloading Updates_ still not done/same stage,but the PC reset by itself.

 

I think its a signal that i should sleep since i still have classes to my course tomorow...(1am right now,classes at 7 30am,yeah,niiiice)

 

 

Ill continue tomorow when i get back(Thanks btw)


I havent used Adwcleaner and Combofix yet though,still waiting for the instal to finish



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:03 AM

Posted 06 January 2014 - 12:28 PM

Ok thanks for letting me know.  :) 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 Assassin_of_Red

Assassin_of_Red
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 07 January 2014 - 08:19 AM

Internet Explorer _Downloading Update_ has been in the smae stage for 5 hours.....................i manually downloaded the other updates it needed and it took less then 3 minutes....

 

 

(the update says that the Service Pack version of the system is newer then the update im applying...)

 

 

Do i keep waiting? :o

 

 

 

(back from school hours ago btw)



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:03 AM

Posted 07 January 2014 - 08:21 AM

Cancel the download of Internet Explorer. 

 

Reboot your system and then continue with the instructions for AdwCleaner and ComboFix I gave you earlier.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 Assassin_of_Red

Assassin_of_Red
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My Aerial Garden of Vanity.Known as the Hanging Gardens of Babylonia.
  • Local time:07:03 AM

Posted 07 January 2014 - 08:22 AM

got it :D

Finally,time to obliterate this.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users