Jump to content


Photo
- - - - -

New problems occured after receiving help!

Started by mexicano2232, Jun 15 2012 11:57 AM

  • This topic is locked This topic is locked
30 replies to this topic

#1 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 11:57 AM

I had a major infection on my computer but it was cured. Here is the original topic: http://forums.malwar...pic=110421&st=0


Now after all was done, I now have problems with my computer, such as: I cannot install Windows updates onto my computer, Windows Media Player does not load at all even when I click it or I try to play a song, Audacity cannot load any songs. And when I am using Google Chrome I cannot save a file onto my computer unless I run Chrome in Administrator.

This is very very frustrating. I have never had any of these problems until I downloaded and installed Malwarebytes. I regret making that decision but I need help!

#2 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 2,589 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 15 June 2012 - 12:09 PM

Send a Personal Message to Larry Tate (LDTate) and request that the former thread be re-opened indicating you have continued problems.
David H. Lipman
DLipman@Verizon.Net

#3 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 12:19 PM

I did and he told me to start a new topic

#4 AdvancedSetup

AdvancedSetup

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 27,402 posts
  • Gender:Male
  • Location:US

Posted 15 June 2012 - 01:12 PM

Your computer was infected with what appears to have been the ZeroAccess rootkit. It has nothing to do with the Malwarebytes program. Had you never used our program your computer was already damaged from this infection. It is a very nasty infection and does a lot of damage to most systems and cleaning up that damage can take a lot of time and often reinstalling Windows is simply easier.

To even have a chance at fixing your computer up please post back the following logs and prepare for this to take a while.


Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Ron Lewis
Forum Community Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 June 2012 - 01:40 PM

I did and he told me to start a new topic

Yes, in the Malware Removal forum.

I'll move it and please post the scan results AdvancedSetup ask you to do.

Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 02:12 PM

Attach:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 3/19/2008 1:13:05 PM
System Uptime: 6/15/2012 9:29:20 AM (4 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Celeron® CPU 420 @ 1.60GHz | Socket 775 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 29.848 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.293 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® 82562V-2 10/100 Network Connection
Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
Manufacturer: Intel
Name: Intel® 82562V-2 10/100 Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
Service: e1express
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
BufferChm
CCleaner
Conexant D850 PCI V.92 Modem
Content Transfer
ConvertXtoDVD 4.1.19.365
CopyTrans Suite Remove Only
D1500
D1500_Help
Defraggler
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Driver Reviver
eSupportQFolder
ffdshow [rev 3154] [2009-12-09]
Free PDF Tablet 0.1
Free Window Registry Repair
Google Chrome
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Solution Center 10.0
HPProductAssistant
Intel® Network Connections 13.5.32.0
iTunes
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NWZ-E350 WALKMAN Guide
OGA Notifier 2.0.0048.0
QuickConnect
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.8
SA30xx Media Converter
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SolutionCenter
swMSM
Toolbox
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
WinZip 12.1
YTD YouTube Downloader & Converter 3.6
.
==== Event Viewer Messages From Past Week ========
.
6/15/2012 9:39:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows Vista.
6/15/2012 9:31:24 AM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
6/15/2012 9:31:24 AM, Error: Service Control Manager [7000] - The SupportSoft RemoteAssist service failed to start due to the following error: The system cannot find the path specified.
6/15/2012 9:31:24 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
6/15/2012 8:57:47 AM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
6/10/2012 2:50:36 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/10/2012 2:44:52 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/10/2012 2:44:52 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
.
==== End Of File ===========================

#7 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 02:13 PM

DDS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by aaron's at 13:00:40 on 2012-06-15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.120 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aaron's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java™ Plug-In 2 SSV Helper
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: Download all by YouTube Robot
IE: Download by YouTube Robot
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: adobe.com\kb2
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{884CF6F3-CFFC-4BB7-9187-C19679DE6405} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-31 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-31 337880]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-5-25 27080]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-4-22 110304]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-1-2 87968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-31 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-31 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-31 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ee41abc7afe7;Google Update Service (gupdate1c9ee41abc7afe7);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-25 27192]
S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-4-22 544768]
S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2009-6-7 25952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-06-15 18:18:20 -------- d-----w- c:\users\aaron's\appdata\roaming\redsn0w
2012-06-15 17:22:03 -------- d-----w- c:\users\aaron's\appdata\local\libimobiledevice
2012-06-15 01:32:57 -------- d-----w- C:\audacity_temp
2012-06-10 08:46:23 -------- d-----w- c:\windows\system32\catroot2
2012-06-04 07:23:09 -------- d-----w- c:\users\aaron's\appdata\local\ElevatedDiagnostics
2012-06-01 20:32:41 -------- d-----w- c:\users\aaron's\appdata\local\temp
2012-06-01 20:23:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-31 01:36:37 -------- d-----w- c:\users\aaron's\appdata\roaming\Malwarebytes
2012-05-31 01:35:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-31 01:35:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 01:35:54 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-31 00:36:42 399264 ----a-w- c:\windows\unhide.exe
2012-05-30 23:20:28 -------- d-----w- C:\found.000
2012-05-28 05:20:19 -------- dc----w- c:\program files\Free Window Registry Repair
2012-05-26 04:45:37 -------- d-----w- c:\programdata\PC Tools
2012-05-26 04:45:35 -------- d-----w- c:\users\aaron's\appdata\roaming\Product_PT
2012-05-26 03:54:52 -------- dc----w- c:\program files\Defraggler
2012-05-26 01:46:59 -------- d-----w- c:\users\aaron's\appdata\local\VS Revo Group
2012-05-26 01:46:30 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-26 01:46:23 -------- dc----w- c:\program files\VS Revo Group
2012-05-26 01:00:04 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-05-25 23:55:14 511328 -c--a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2012-05-25 23:45:12 74703 ----a-w- c:\windows\system32\mfc45.dll
.
==================== Find3M ====================
.
2012-05-20 01:09:28 1668 ----a-w- c:\windows\system32\ASOROSet.bin
2012-05-05 06:11:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 06:11:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 18:11:36 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 18:11:36 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 13:03:37.77 ===============

#8 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 June 2012 - 02:43 PM

Next:
Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If Malicious objects are found then ensure Cure is selected
  • If TDLFS File System is found then ensure Delete is selected
  • Then click Continue Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 03:45 PM

14:37:18.0592 4832 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
14:37:19.0337 4832 ============================================================
14:37:19.0337 4832 Current date / time: 2012/06/15 14:37:19.0337
14:37:19.0338 4832 SystemInfo:
14:37:19.0338 4832
14:37:19.0338 4832 OS Version: 6.0.6002 ServicePack: 2.0
14:37:19.0338 4832 Product type: Workstation
14:37:19.0338 4832 ComputerName: MEZA-PC
14:37:19.0338 4832 UserName: aaron's
14:37:19.0338 4832 Windows directory: C:\Windows
14:37:19.0338 4832 System windows directory: C:\Windows
14:37:19.0338 4832 Processor architecture: Intel x86
14:37:19.0338 4832 Number of processors: 1
14:37:19.0338 4832 Page size: 0x1000
14:37:19.0338 4832 Boot type: Normal boot
14:37:19.0338 4832 ============================================================
14:37:21.0592 4832 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:37:21.0679 4832 Drive \Device\Harddisk5\DR5 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:37:21.0685 4832 ============================================================
14:37:21.0685 4832 \Device\Harddisk0\DR0:
14:37:21.0685 4832 MBR partitions:
14:37:21.0685 4832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
14:37:21.0685 4832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x115ED000
14:37:21.0685 4832 \Device\Harddisk5\DR5:
14:37:21.0691 4832 MBR partitions:
14:37:21.0691 4832 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
14:37:21.0691 4832 ============================================================
14:37:21.0834 4832 C: <-> \Device\Harddisk0\DR0\Partition1
14:37:21.0997 4832 D: <-> \Device\Harddisk0\DR0\Partition0
14:37:21.0998 4832 ============================================================
14:37:21.0998 4832 Initialize success
14:37:21.0998 4832 ============================================================
14:38:00.0600 4252 ============================================================
14:38:00.0600 4252 Scan started
14:38:00.0600 4252 Mode: Manual; SigCheck; TDLFS;
14:38:00.0600 4252 ============================================================
14:38:03.0906 4252 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
14:38:04.0203 4252 ACEDRV09 - ok
14:38:04.0293 4252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:38:04.0328 4252 ACPI - ok
14:38:04.0377 4252 ADASPROT - ok
14:38:04.0455 4252 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:38:04.0495 4252 AdobeFlashPlayerUpdateSvc - ok
14:38:04.0537 4252 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:38:04.0576 4252 adp94xx - ok
14:38:04.0610 4252 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:38:04.0648 4252 adpahci - ok
14:38:04.0671 4252 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:38:04.0696 4252 adpu160m - ok
14:38:04.0737 4252 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:38:04.0768 4252 adpu320 - ok
14:38:04.0802 4252 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:38:05.0311 4252 AeLookupSvc - ok
14:38:05.0395 4252 AERTFilters (a6ce73469591554279da63be715dbc93) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
14:38:05.0415 4252 AERTFilters - ok
14:38:05.0448 4252 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
14:38:05.0467 4252 Afc - ok
14:38:05.0509 4252 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:38:05.0714 4252 AFD - ok
14:38:05.0849 4252 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
14:38:05.0873 4252 agp440 - ok
14:38:06.0334 4252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:38:06.0501 4252 aic78xx - ok
14:38:06.0567 4252 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:38:06.0935 4252 ALG - ok
14:38:06.0976 4252 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
14:38:06.0996 4252 aliide - ok
14:38:07.0024 4252 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
14:38:07.0048 4252 amdagp - ok
14:38:07.0057 4252 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
14:38:07.0083 4252 amdide - ok
14:38:07.0115 4252 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:38:07.0298 4252 AmdK7 - ok
14:38:07.0325 4252 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:38:07.0422 4252 AmdK8 - ok
14:38:07.0506 4252 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:38:07.0652 4252 Appinfo - ok
14:38:07.0842 4252 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:38:07.0864 4252 Apple Mobile Device - ok
14:38:07.0921 4252 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:38:07.0944 4252 arc - ok
14:38:07.0983 4252 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:38:08.0005 4252 arcsas - ok
14:38:08.0142 4252 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
14:38:08.0201 4252 aswFsBlk - ok
14:38:08.0257 4252 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
14:38:08.0276 4252 aswMonFlt - ok
14:38:08.0290 4252 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
14:38:08.0312 4252 aswRdr - ok
14:38:08.0369 4252 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
14:38:08.0436 4252 aswSnx - ok
14:38:08.0493 4252 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
14:38:08.0530 4252 aswSP - ok
14:38:08.0569 4252 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
14:38:08.0588 4252 aswTdi - ok
14:38:08.0644 4252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:08.0730 4252 AsyncMac - ok
14:38:08.0788 4252 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:38:08.0808 4252 atapi - ok
14:38:08.0874 4252 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:38:08.0924 4252 AudioEndpointBuilder - ok
14:38:08.0932 4252 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:38:08.0975 4252 Audiosrv - ok
14:38:09.0064 4252 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:38:09.0083 4252 avast! Antivirus - ok
14:38:09.0137 4252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:38:09.0205 4252 Beep - ok
14:38:09.0448 4252 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:38:09.0520 4252 BFE - ok
14:38:09.0659 4252 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
14:38:09.0760 4252 BITS - ok
14:38:09.0805 4252 blbdrive - ok
14:38:09.0958 4252 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:38:10.0024 4252 Bonjour Service - ok
14:38:10.0062 4252 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:38:10.0168 4252 bowser - ok
14:38:10.0192 4252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:38:10.0243 4252 BrFiltLo - ok
14:38:10.0264 4252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:38:10.0307 4252 BrFiltUp - ok
14:38:10.0358 4252 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:38:10.0411 4252 Browser - ok
14:38:10.0588 4252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:38:10.0697 4252 Brserid - ok
14:38:10.0727 4252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:38:10.0814 4252 BrSerWdm - ok
14:38:10.0843 4252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:38:10.0931 4252 BrUsbMdm - ok
14:38:10.0952 4252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:38:11.0028 4252 BrUsbSer - ok
14:38:11.0064 4252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:38:11.0142 4252 BTHMODEM - ok
14:38:11.0152 4252 catchme - ok
14:38:11.0250 4252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:38:11.0337 4252 cdfs - ok
14:38:11.0381 4252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:38:11.0453 4252 cdrom - ok
14:38:11.0503 4252 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:38:11.0548 4252 CertPropSvc - ok
14:38:11.0575 4252 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:38:11.0663 4252 circlass - ok
14:38:11.0796 4252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:38:11.0830 4252 CLFS - ok
14:38:11.0927 4252 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:38:12.0037 4252 clr_optimization_v2.0.50727_32 - ok
14:38:12.0127 4252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:38:12.0292 4252 clr_optimization_v4.0.30319_32 - ok
14:38:12.0312 4252 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
14:38:12.0335 4252 cmdide - ok
14:38:12.0365 4252 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
14:38:12.0386 4252 Compbatt - ok
14:38:12.0393 4252 COMSysApp - ok
14:38:12.0425 4252 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:38:12.0444 4252 crcdisk - ok
14:38:12.0467 4252 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:38:12.0560 4252 Crusoe - ok
14:38:12.0618 4252 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:38:12.0654 4252 CryptSvc - ok
14:38:12.0727 4252 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:38:12.0796 4252 DcomLaunch - ok
14:38:12.0945 4252 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:38:13.0018 4252 DfsC - ok
14:38:13.0151 4252 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:38:13.0606 4252 DFSR - ok
14:38:13.0763 4252 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:38:13.0823 4252 Dhcp - ok
14:38:13.0903 4252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:38:13.0926 4252 disk - ok
14:38:13.0980 4252 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:38:14.0063 4252 Dnscache - ok
14:38:14.0122 4252 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:38:14.0186 4252 dot3svc - ok
14:38:14.0234 4252 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:38:14.0317 4252 DPS - ok
14:38:14.0358 4252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:38:14.0390 4252 drmkaud - ok
14:38:14.0452 4252 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:38:14.0504 4252 DXGKrnl - ok
14:38:14.0739 4252 e1express (422ca8361d33da819976b428b9c8e560) C:\Windows\system32\DRIVERS\e1e6032.sys
14:38:14.0771 4252 e1express - ok
14:38:14.0812 4252 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:38:14.0898 4252 E1G60 - ok
14:38:14.0950 4252 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:38:15.0000 4252 EapHost - ok
14:38:15.0112 4252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:38:15.0139 4252 Ecache - ok
14:38:15.0191 4252 ElRawDisk (e00cdaed2c0dbdc60c6e5d000dee01e9) C:\Windows\system32\drivers\ElRawDsk.sys
14:38:15.0212 4252 ElRawDisk - ok
14:38:15.0280 4252 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:38:15.0312 4252 elxstor - ok
14:38:15.0390 4252 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:38:15.0505 4252 EMDMgmt - ok
14:38:15.0748 4252 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:38:15.0834 4252 EventSystem - ok
14:38:15.0948 4252 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:38:16.0049 4252 exfat - ok
14:38:16.0102 4252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:38:16.0163 4252 fastfat - ok
14:38:16.0213 4252 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:38:16.0263 4252 fdc - ok
14:38:16.0347 4252 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:38:16.0417 4252 fdPHost - ok
14:38:16.0596 4252 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:38:16.0696 4252 FDResPub - ok
14:38:16.0744 4252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:38:16.0766 4252 FileInfo - ok
14:38:16.0818 4252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:38:16.0875 4252 Filetrace - ok
14:38:16.0906 4252 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:38:16.0980 4252 flpydisk - ok
14:38:17.0038 4252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:38:17.0114 4252 FltMgr - ok
14:38:17.0200 4252 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:38:17.0366 4252 FontCache - ok
14:38:17.0489 4252 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:38:17.0510 4252 FontCache3.0.0.0 - ok
14:38:17.0563 4252 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:38:17.0671 4252 Fs_Rec - ok
14:38:17.0701 4252 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:38:17.0722 4252 gagp30kx - ok
14:38:17.0796 4252 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:38:17.0852 4252 gpsvc - ok
14:38:17.0967 4252 gupdate1c9ee41abc7afe7 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:38:17.0995 4252 gupdate1c9ee41abc7afe7 - ok
14:38:18.0001 4252 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:38:18.0025 4252 gupdatem - ok
14:38:18.0386 4252 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:38:18.0452 4252 HDAudBus - ok
14:38:18.0496 4252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:38:18.0576 4252 HidBth - ok
14:38:18.0601 4252 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:38:18.0692 4252 HidIr - ok
14:38:18.0753 4252 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:38:18.0881 4252 hidserv - ok
14:38:18.0928 4252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:38:18.0961 4252 HidUsb - ok
14:38:19.0010 4252 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:38:19.0065 4252 hkmsvc - ok
14:38:19.0167 4252 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:38:19.0187 4252 HpCISSs - ok
14:38:19.0278 4252 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:38:19.0312 4252 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:38:19.0312 4252 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:38:19.0417 4252 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:38:19.0551 4252 HSF_DPV - ok
14:38:19.0603 4252 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:38:19.0645 4252 HSXHWBS2 - ok
14:38:19.0716 4252 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
14:38:19.0826 4252 HTTP - ok
14:38:19.0873 4252 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:38:19.0907 4252 i2omp - ok
14:38:20.0027 4252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:38:20.0081 4252 i8042prt - ok
14:38:20.0281 4252 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
14:38:20.0332 4252 iaStor - ok
14:38:20.0385 4252 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:38:20.0431 4252 iaStorV - ok
14:38:20.0612 4252 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:38:20.0681 4252 idsvc - ok
14:38:21.0001 4252 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:38:21.0432 4252 igfx - ok
14:38:21.0572 4252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:38:21.0596 4252 iirsp - ok
14:38:21.0727 4252 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:38:21.0798 4252 IKEEXT - ok
14:38:21.0961 4252 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
14:38:22.0266 4252 IntcAzAudAddService - ok
14:38:22.0447 4252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
14:38:22.0468 4252 intelide - ok
14:38:22.0621 4252 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:38:22.0703 4252 intelppm - ok
14:38:22.0770 4252 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:38:22.0833 4252 IPBusEnum - ok
14:38:22.0886 4252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:22.0939 4252 IpFilterDriver - ok
14:38:23.0015 4252 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:38:23.0122 4252 iphlpsvc - ok
14:38:23.0134 4252 IpInIp - ok
14:38:23.0169 4252 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:38:23.0250 4252 IPMIDRV - ok
14:38:23.0362 4252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:38:23.0413 4252 IPNAT - ok
14:38:23.0530 4252 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
14:38:23.0601 4252 iPod Service - ok
14:38:23.0663 4252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:38:23.0701 4252 IRENUM - ok
14:38:23.0747 4252 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
14:38:23.0768 4252 isapnp - ok
14:38:23.0893 4252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:38:23.0928 4252 iScsiPrt - ok
14:38:23.0956 4252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:38:23.0979 4252 iteatapi - ok
14:38:23.0999 4252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:38:24.0027 4252 iteraid - ok
14:38:24.0100 4252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:24.0123 4252 kbdclass - ok
14:38:24.0184 4252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:38:24.0222 4252 kbdhid - ok
14:38:24.0279 4252 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:38:24.0376 4252 KeyIso - ok
14:38:24.0406 4252 kl1 (6512f37e1b52531bfd8d65fa95b6ee63) C:\Windows\system32\DRIVERS\kl1.sys
14:38:24.0437 4252 kl1 - ok
14:38:24.0530 4252 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:38:24.0567 4252 KSecDD - ok
14:38:24.0649 4252 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:38:24.0727 4252 KtmRm - ok
14:38:24.0791 4252 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:38:24.0888 4252 LanmanServer - ok
14:38:25.0031 4252 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:38:25.0113 4252 LanmanWorkstation - ok
14:38:25.0209 4252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:38:25.0248 4252 lltdio - ok
14:38:25.0328 4252 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:38:25.0394 4252 lltdsvc - ok
14:38:25.0434 4252 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:38:25.0521 4252 lmhosts - ok
14:38:25.0567 4252 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:38:25.0605 4252 LSI_FC - ok
14:38:25.0627 4252 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:38:25.0649 4252 LSI_SAS - ok
14:38:25.0667 4252 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:38:25.0692 4252 LSI_SCSI - ok
14:38:25.0766 4252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:38:25.0829 4252 luafv - ok
14:38:25.0843 4252 MCSTRM - ok
14:38:25.0881 4252 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:38:25.0946 4252 mdmxsdk - ok
14:38:25.0994 4252 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:38:26.0014 4252 megasas - ok
14:38:26.0126 4252 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:38:26.0184 4252 MMCSS - ok
14:38:26.0237 4252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:38:26.0289 4252 Modem - ok
14:38:26.0347 4252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:38:26.0403 4252 monitor - ok
14:38:26.0458 4252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:38:26.0479 4252 mouclass - ok
14:38:26.0532 4252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:38:26.0614 4252 mouhid - ok
14:38:26.0682 4252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:38:26.0704 4252 MountMgr - ok
14:38:26.0744 4252 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:38:26.0766 4252 mpio - ok
14:38:26.0837 4252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:38:26.0869 4252 mpsdrv - ok
14:38:26.0966 4252 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:38:27.0065 4252 MpsSvc - ok
14:38:27.0110 4252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:38:27.0130 4252 Mraid35x - ok
14:38:27.0237 4252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:38:27.0297 4252 MRxDAV - ok
14:38:27.0358 4252 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:38:27.0469 4252 mrxsmb - ok
14:38:27.0532 4252 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:38:27.0587 4252 mrxsmb10 - ok
14:38:27.0642 4252 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:38:27.0677 4252 mrxsmb20 - ok
14:38:27.0708 4252 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
14:38:27.0730 4252 msahci - ok
14:38:27.0767 4252 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:38:27.0790 4252 msdsm - ok
14:38:27.0852 4252 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:38:27.0915 4252 MSDTC - ok
14:38:27.0991 4252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:38:28.0043 4252 Msfs - ok
14:38:28.0165 4252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:38:28.0214 4252 msisadrv - ok
14:38:28.0340 4252 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:38:28.0424 4252 MSiSCSI - ok
14:38:28.0440 4252 msiserver - ok
14:38:28.0502 4252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:38:28.0550 4252 MSKSSRV - ok
14:38:28.0588 4252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:38:28.0645 4252 MSPCLOCK - ok
14:38:28.0662 4252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:38:28.0702 4252 MSPQM - ok
14:38:28.0766 4252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:38:28.0801 4252 MsRPC - ok
14:38:29.0011 4252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:38:29.0042 4252 mssmbios - ok
14:38:29.0125 4252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:38:29.0180 4252 MSTEE - ok
14:38:29.0438 4252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:38:29.0543 4252 Mup - ok
14:38:29.0790 4252 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:38:29.0853 4252 napagent - ok
14:38:29.0912 4252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:38:29.0949 4252 NativeWifiP - ok
14:38:30.0035 4252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:38:30.0148 4252 NDIS - ok
14:38:30.0211 4252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:38:30.0262 4252 NdisTapi - ok
14:38:30.0426 4252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:38:30.0479 4252 Ndisuio - ok
14:38:30.0540 4252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:38:30.0596 4252 NdisWan - ok
14:38:30.0655 4252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:38:30.0702 4252 NDProxy - ok
14:38:30.0766 4252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:38:30.0829 4252 NetBIOS - ok
14:38:30.0892 4252 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:38:30.0917 4252 Netlogon - ok
14:38:30.0987 4252 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:38:31.0061 4252 Netman - ok
14:38:31.0132 4252 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:38:31.0197 4252 netprofm - ok
14:38:31.0338 4252 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:38:31.0420 4252 NetTcpPortSharing - ok
14:38:31.0724 4252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:38:31.0772 4252 nfrd960 - ok
14:38:31.0903 4252 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:38:31.0980 4252 NlaSvc - ok
14:38:32.0027 4252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:38:32.0073 4252 Npfs - ok
14:38:32.0133 4252 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:38:32.0177 4252 nsi - ok
14:38:32.0237 4252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:38:32.0300 4252 nsiproxy - ok
14:38:32.0440 4252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:38:32.0527 4252 Ntfs - ok
14:38:32.0677 4252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:38:32.0755 4252 ntrigdigi - ok
14:38:32.0810 4252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:38:32.0861 4252 Null - ok
14:38:32.0938 4252 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:38:32.0963 4252 nvraid - ok
14:38:32.0989 4252 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:38:33.0009 4252 nvstor - ok
14:38:33.0137 4252 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
14:38:33.0159 4252 nv_agp - ok
14:38:33.0172 4252 NwlnkFlt - ok
14:38:33.0187 4252 NwlnkFwd - ok
14:38:33.0398 4252 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:38:33.0456 4252 odserv - ok
14:38:33.0508 4252 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:38:33.0600 4252 ohci1394 - ok
14:38:33.0673 4252 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:38:33.0703 4252 ose - ok
14:38:33.0797 4252 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:38:33.0930 4252 p2pimsvc - ok
14:38:33.0947 4252 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:38:33.0987 4252 p2psvc - ok
14:38:34.0034 4252 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:38:34.0111 4252 Parport - ok
14:38:34.0231 4252 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:38:34.0300 4252 partmgr - ok
14:38:34.0393 4252 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:38:34.0478 4252 Parvdm - ok
14:38:34.0537 4252 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:38:34.0632 4252 PcaSvc - ok
14:38:34.0693 4252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:38:34.0719 4252 pci - ok
14:38:34.0774 4252 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:38:34.0796 4252 pciide - ok
14:38:34.0819 4252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:38:34.0874 4252 pcmcia - ok
14:38:34.0923 4252 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
14:38:34.0995 4252 pcouffin - ok
14:38:35.0055 4252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:38:35.0165 4252 PEAUTH - ok
14:38:35.0307 4252 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:38:35.0438 4252 pla - ok
14:38:35.0697 4252 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:38:35.0779 4252 PlugPlay - ok
14:38:35.0861 4252 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:38:35.0901 4252 PNRPAutoReg - ok
14:38:35.0940 4252 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:38:35.0997 4252 PNRPsvc - ok
14:38:36.0066 4252 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:38:36.0137 4252 PolicyAgent - ok
14:38:36.0235 4252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:38:36.0284 4252 PptpMiniport - ok
14:38:36.0329 4252 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:38:36.0400 4252 Processor - ok
14:38:36.0468 4252 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:38:36.0650 4252 ProfSvc - ok
14:38:36.0706 4252 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:38:36.0746 4252 ProtectedStorage - ok
14:38:36.0801 4252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:38:36.0847 4252 PSched - ok
14:38:36.0889 4252 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
14:38:36.0907 4252 PxHelp20 - ok
14:38:36.0966 4252 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:38:37.0026 4252 ql2300 - ok
14:38:37.0142 4252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:38:37.0174 4252 ql40xx - ok
14:38:37.0244 4252 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:38:37.0286 4252 QWAVE - ok
14:38:37.0347 4252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:38:37.0386 4252 QWAVEdrv - ok
14:38:37.0514 4252 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
14:38:37.0666 4252 R300 - ok
14:38:37.0910 4252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:38:37.0948 4252 RasAcd - ok
14:38:38.0012 4252 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:38:38.0084 4252 RasAuto - ok
14:38:38.0224 4252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:38:38.0274 4252 Rasl2tp - ok
14:38:38.0361 4252 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:38:38.0436 4252 RasMan - ok
14:38:38.0511 4252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:38:38.0543 4252 RasPppoe - ok
14:38:38.0611 4252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:38:38.0647 4252 RasSstp - ok
14:38:38.0717 4252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:38:38.0778 4252 rdbss - ok
14:38:38.0863 4252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:38:38.0927 4252 RDPCDD - ok
14:38:38.0985 4252 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
14:38:39.0049 4252 rdpdr - ok
14:38:39.0080 4252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:38:39.0119 4252 RDPENCDD - ok
14:38:39.0188 4252 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:38:39.0291 4252 RDPWD - ok
14:38:39.0396 4252 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:38:39.0440 4252 RemoteAccess - ok
14:38:39.0507 4252 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:38:39.0553 4252 RemoteRegistry - ok
14:38:39.0588 4252 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
14:38:39.0611 4252 Revoflt - ok
14:38:39.0677 4252 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:38:39.0826 4252 RpcLocator - ok
14:38:39.0919 4252 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:38:40.0037 4252 RpcSs - ok
14:38:40.0097 4252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:38:40.0136 4252 rspndr - ok
14:38:40.0187 4252 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:38:40.0212 4252 SamSs - ok
14:38:40.0289 4252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:38:40.0310 4252 sbp2port - ok
14:38:40.0373 4252 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:38:40.0420 4252 SCardSvr - ok
14:38:40.0557 4252 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:38:40.0766 4252 Schedule - ok
14:38:40.0838 4252 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:38:40.0870 4252 SCPolicySvc - ok
14:38:40.0981 4252 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:38:41.0223 4252 SDRSVC - ok
14:38:41.0255 4252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:38:41.0338 4252 secdrv - ok
14:38:41.0390 4252 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:38:41.0432 4252 seclogon - ok
14:38:41.0484 4252 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:38:41.0536 4252 SENS - ok
14:38:41.0563 4252 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:38:41.0644 4252 Serenum - ok
14:38:41.0684 4252 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:38:41.0751 4252 Serial - ok
14:38:41.0809 4252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:38:41.0848 4252 sermouse - ok
14:38:41.0934 4252 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:38:41.0999 4252 SessionEnv - ok
14:38:42.0037 4252 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
14:38:42.0094 4252 sffdisk - ok
14:38:42.0122 4252 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
14:38:42.0166 4252 sffp_mmc - ok
14:38:42.0305 4252 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
14:38:42.0334 4252 sffp_sd - ok
14:38:42.0378 4252 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:38:42.0458 4252 sfloppy - ok
14:38:42.0514 4252 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:38:42.0586 4252 SharedAccess - ok
14:38:42.0661 4252 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:38:42.0807 4252 ShellHWDetection - ok
14:38:42.0850 4252 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
14:38:42.0873 4252 sisagp - ok
14:38:42.0895 4252 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:38:42.0918 4252 SiSRaid2 - ok
14:38:42.0977 4252 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:38:42.0999 4252 SiSRaid4 - ok
14:38:43.0297 4252 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:38:43.0646 4252 slsvc - ok
14:38:43.0822 4252 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:38:43.0870 4252 SLUINotify - ok
14:38:43.0957 4252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:38:44.0005 4252 Smb - ok
14:38:44.0064 4252 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:38:44.0121 4252 SNMPTRAP - ok
14:38:44.0192 4252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:38:44.0213 4252 spldr - ok
14:38:44.0279 4252 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:38:44.0379 4252 Spooler - ok
14:38:44.0416 4252 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:38:44.0497 4252 srv - ok
14:38:44.0539 4252 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:38:44.0589 4252 srv2 - ok
14:38:44.0621 4252 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:38:44.0666 4252 srvnet - ok
14:38:44.0729 4252 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:38:44.0800 4252 SSDPSRV - ok
14:38:44.0863 4252 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:38:44.0910 4252 SstpSvc - ok
14:38:45.0086 4252 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:38:45.0164 4252 stisvc - ok
14:38:45.0242 4252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:38:45.0262 4252 swenum - ok
14:38:45.0335 4252 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:38:45.0408 4252 swprv - ok
14:38:45.0459 4252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:38:45.0488 4252 Symc8xx - ok
14:38:45.0522 4252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:38:45.0551 4252 Sym_hi - ok
14:38:45.0585 4252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:38:45.0608 4252 Sym_u3 - ok
14:38:45.0706 4252 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:38:45.0827 4252 SysMain - ok
14:38:45.0867 4252 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:38:45.0949 4252 TabletInputService - ok
14:38:46.0062 4252 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:38:46.0131 4252 TapiSrv - ok
14:38:46.0252 4252 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:38:46.0305 4252 TBS - ok
14:38:46.0458 4252 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:38:46.0520 4252 Tcpip - ok
14:38:46.0545 4252 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:38:46.0593 4252 Tcpip6 - ok
14:38:46.0649 4252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:38:46.0842 4252 tcpipreg - ok
14:38:46.0906 4252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:38:46.0961 4252 TDPIPE - ok
14:38:47.0018 4252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:38:47.0118 4252 TDTCP - ok
14:38:47.0179 4252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:38:47.0222 4252 tdx - ok
14:38:47.0286 4252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:38:47.0309 4252 TermDD - ok
14:38:47.0383 4252 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:38:47.0453 4252 TermService - ok
14:38:47.0525 4252 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:38:47.0570 4252 Themes - ok
14:38:47.0632 4252 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:38:47.0674 4252 THREADORDER - ok
14:38:47.0791 4252 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:38:47.0841 4252 TrkWks - ok
14:38:47.0926 4252 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:38:47.0959 4252 TrustedInstaller - ok
14:38:48.0035 4252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:48.0089 4252 tssecsrv - ok
14:38:48.0180 4252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:38:48.0308 4252 tunmp - ok
14:38:48.0352 4252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:38:48.0376 4252 tunnel - ok
14:38:48.0416 4252 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:38:48.0436 4252 uagp35 - ok
14:38:48.0505 4252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:38:48.0569 4252 udfs - ok
14:38:48.0645 4252 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:38:48.0689 4252 UI0Detect - ok
14:38:48.0742 4252 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
14:38:48.0774 4252 uliagpkx - ok
14:38:48.0820 4252 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:38:48.0852 4252 uliahci - ok
14:38:48.0882 4252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:38:48.0914 4252 UlSata - ok
14:38:48.0952 4252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:38:49.0001 4252 ulsata2 - ok
14:38:49.0064 4252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:38:49.0103 4252 umbus - ok
14:38:49.0177 4252 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:38:49.0246 4252 upnphost - ok
14:38:49.0478 4252 UPnPService (be2f0e19796e57d49bc8f8e0d045884a) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
14:38:49.0538 4252 UPnPService ( UnsignedFile.Multi.Generic ) - warning
14:38:49.0538 4252 UPnPService - detected UnsignedFile.Multi.Generic (1)
14:38:49.0608 4252 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:38:49.0699 4252 USBAAPL - ok
14:38:49.0714 4252 usbbus - ok
14:38:49.0779 4252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:38:49.0827 4252 usbccgp - ok
14:38:49.0865 4252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:38:49.0953 4252 usbcir - ok
14:38:49.0969 4252 UsbDiag - ok
14:38:50.0027 4252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:38:50.0075 4252 usbehci - ok
14:38:50.0112 4252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:38:50.0153 4252 usbhub - ok
14:38:50.0169 4252 USBModem - ok
14:38:50.0202 4252 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:38:50.0266 4252 usbohci - ok
14:38:50.0301 4252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:38:50.0357 4252 usbprint - ok
14:38:50.0426 4252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:38:50.0460 4252 USBSTOR - ok
14:38:50.0519 4252 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:38:50.0563 4252 usbuhci - ok
14:38:50.0631 4252 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:38:50.0678 4252 UxSms - ok
14:38:50.0754 4252 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:38:50.0816 4252 vds - ok
14:38:50.0880 4252 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:50.0944 4252 vga - ok
14:38:51.0003 4252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:38:51.0078 4252 VgaSave - ok
14:38:51.0197 4252 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
14:38:51.0218 4252 viaagp - ok
14:38:51.0260 4252 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:38:51.0341 4252 ViaC7 - ok
14:38:51.0407 4252 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
14:38:51.0428 4252 viaide - ok
14:38:51.0495 4252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:38:51.0517 4252 volmgr - ok
14:38:51.0582 4252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:38:51.0619 4252 volmgrx - ok
14:38:51.0697 4252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:38:51.0732 4252 volsnap - ok
14:38:51.0798 4252 vsbus (39d93b4c6c1216e00023f5f03420f54a) C:\Windows\system32\DRIVERS\vsb.sys
14:38:51.0831 4252 vsbus ( UnsignedFile.Multi.Generic ) - warning
14:38:51.0832 4252 vsbus - detected UnsignedFile.Multi.Generic (1)
14:38:51.0881 4252 vserial (ae90acf63103ecb9a5f40fcbd9166ae3) C:\Windows\system32\DRIVERS\vserial.sys
14:38:51.0936 4252 vserial ( UnsignedFile.Multi.Generic ) - warning
14:38:51.0936 4252 vserial - detected UnsignedFile.Multi.Generic (1)
14:38:51.0987 4252 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:38:52.0017 4252 vsmraid - ok
14:38:52.0164 4252 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:38:52.0453 4252 VSS - ok
14:38:52.0542 4252 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:38:52.0591 4252 W32Time - ok
14:38:52.0661 4252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:38:52.0765 4252 WacomPen - ok
14:38:52.0939 4252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:52.0972 4252 Wanarp - ok
14:38:52.0983 4252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:53.0017 4252 Wanarpv6 - ok
14:38:53.0195 4252 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:38:53.0318 4252 wcncsvc - ok
14:38:53.0353 4252 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:38:53.0419 4252 WcsPlugInService - ok
14:38:53.0497 4252 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:38:53.0517 4252 Wd - ok
14:38:53.0602 4252 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:38:53.0651 4252 Wdf01000 - ok
14:38:53.0729 4252 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:38:53.0781 4252 WdiServiceHost - ok
14:38:53.0795 4252 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:38:53.0842 4252 WdiSystemHost - ok
14:38:54.0070 4252 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:38:54.0129 4252 WebClient - ok
14:38:54.0200 4252 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:38:54.0392 4252 Wecsvc - ok
14:38:54.0460 4252 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:38:54.0514 4252 wercplsupport - ok
14:38:54.0576 4252 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:38:54.0637 4252 WerSvc - ok
14:38:54.0730 4252 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:38:54.0808 4252 winachsf - ok
14:38:54.0971 4252 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:38:55.0003 4252 WinDefend - ok
14:38:55.0023 4252 WinHttpAutoProxySvc - ok
14:38:55.0250 4252 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:38:55.0295 4252 Winmgmt - ok
14:38:55.0404 4252 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:38:55.0563 4252 WinRM - ok
14:38:55.0754 4252 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:38:55.0841 4252 Wlansvc - ok
14:38:55.0920 4252 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
14:38:55.0997 4252 WmiAcpi - ok
14:38:56.0093 4252 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:38:56.0158 4252 wmiApSrv - ok
14:38:56.0364 4252 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:38:56.0480 4252 WMPNetworkSvc - ok
14:38:56.0675 4252 WnsDrvr (b4cd1f39807884b9d3217feb71d96952) C:\Windows\system32\drivers\WnsDrvr.sys
14:38:56.0685 4252 WnsDrvr ( UnsignedFile.Multi.Generic ) - warning
14:38:56.0685 4252 WnsDrvr - detected UnsignedFile.Multi.Generic (1)
14:38:56.0754 4252 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:38:56.0851 4252 WPCSvc - ok
14:38:56.0914 4252 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:38:57.0016 4252 WPDBusEnum - ok
14:38:57.0079 4252 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:38:57.0129 4252 WpdUsb - ok
14:38:57.0522 4252 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:38:57.0583 4252 WPFFontCache_v0400 - ok
14:38:57.0647 4252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:38:57.0711 4252 ws2ifsl - ok
14:38:57.0770 4252 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:38:57.0817 4252 wscsvc - ok
14:38:57.0831 4252 WSearch - ok
14:38:58.0029 4252 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:38:58.0265 4252 wuauserv - ok
14:38:58.0495 4252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:58.0561 4252 WUDFRd - ok
14:38:58.0616 4252 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:38:58.0670 4252 wudfsvc - ok
14:38:58.0703 4252 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
14:38:58.0731 4252 XAudio - ok
14:38:58.0777 4252 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
14:38:58.0813 4252 XAudioService - ok
14:38:58.0861 4252 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:38:59.0139 4252 \Device\Harddisk0\DR0 - ok
14:38:59.0185 4252 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
14:39:00.0279 4252 \Device\Harddisk5\DR5 - ok
14:39:00.0312 4252 Boot (0x1200) (37aec735205a09bebb20a86b51fbed97) \Device\Harddisk0\DR0\Partition0
14:39:00.0314 4252 \Device\Harddisk0\DR0\Partition0 - ok
14:39:00.0332 4252 Boot (0x1200) (e963f7d02847b1c6af7ba856ce187ba5) \Device\Harddisk0\DR0\Partition1
14:39:00.0334 4252 \Device\Harddisk0\DR0\Partition1 - ok
14:39:00.0353 4252 Boot (0x1200) (80dd327d6b460d071eed70bfee11f636) \Device\Harddisk5\DR5\Partition0
14:39:00.0360 4252 \Device\Harddisk5\DR5\Partition0 - ok
14:39:00.0364 4252 ============================================================
14:39:00.0364 4252 Scan finished
14:39:00.0364 4252 ============================================================
14:39:00.0386 6060 Detected object count: 5
14:39:00.0386 6060 Actual detected object count: 5
14:42:35.0868 6060 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:42:35.0870 6060 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:42:35.0874 6060 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
14:42:35.0875 6060 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:42:35.0878 6060 vsbus ( UnsignedFile.Multi.Generic ) - skipped by user
14:42:35.0878 6060 vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:42:35.0881 6060 vserial ( UnsignedFile.Multi.Generic ) - skipped by user
14:42:35.0882 6060 vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:42:35.0887 6060 WnsDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
14:42:35.0887 6060 WnsDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:43:47.0142 4360 Deinitialize success

#10 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 June 2012 - 03:51 PM

Nothing bad there.

Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 06:28 PM

ComboFix 12-06-15.06 - aaron's 06/15/2012 15:14:27.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.366 [GMT -6:00]
Running from: c:\users\aaron's\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 21:45 . 2012-06-15 21:50 -------- d-----w- c:\users\aaron's\AppData\Local\temp
2012-06-15 21:45 . 2012-06-15 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 18:18 . 2012-06-15 18:18 -------- d-----w- c:\users\aaron's\AppData\Roaming\redsn0w
2012-06-15 17:22 . 2012-06-15 17:22 -------- d-----w- c:\users\aaron's\AppData\Local\libimobiledevice
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- C:\audacity_temp
2012-06-14 22:32 . 2012-06-14 22:32 -------- dc----w- c:\program files\Apple Software Update
2012-06-10 08:46 . 2012-06-14 22:28 -------- d-----w- c:\windows\system32\catroot2
2012-06-04 07:23 . 2012-06-04 07:28 -------- d-----w- c:\users\aaron's\AppData\Local\ElevatedDiagnostics
2012-05-31 01:36 . 2012-05-31 01:36 -------- d-----w- c:\users\aaron's\AppData\Roaming\Malwarebytes
2012-05-31 01:35 . 2012-05-31 01:35 -------- d-----w- c:\programdata\Malwarebytes
2012-05-31 01:35 . 2012-05-31 01:36 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-31 01:35 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 00:36 . 2012-05-31 00:36 399264 ----a-w- c:\windows\unhide.exe
2012-05-30 23:20 . 2012-05-30 23:20 -------- d-----w- C:\found.000
2012-05-28 05:20 . 2012-05-28 05:35 -------- dc----w- c:\program files\Free Window Registry Repair
2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\programdata\PC Tools
2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\users\aaron's\AppData\Roaming\Product_PT
2012-05-26 03:54 . 2012-05-26 03:55 -------- dc----w- c:\program files\Defraggler
2012-05-26 01:46 . 2012-05-26 01:46 -------- d-----w- c:\users\aaron's\AppData\Local\VS Revo Group
2012-05-26 01:46 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-26 01:46 . 2012-05-26 01:46 -------- dc----w- c:\program files\VS Revo Group
2012-05-26 01:00 . 2012-04-17 14:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-05-25 23:55 . 2010-09-23 18:29 511328 -c--a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-05-25 23:45 . 2012-05-25 23:45 74703 ----a-w- c:\windows\system32\mfc45.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 06:11 . 2012-04-17 01:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:11 . 2012-01-13 21:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-25 18:11 . 2012-04-25 18:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 18:11 . 2012-04-25 18:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-03 08:16 . 2012-05-09 20:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 20:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-09 20:19 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-09 20:22 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-09 20:22 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-03 9210400]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-04-22 110304]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2012-01-03 87968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 06:11]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000Core.job
- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000UA.job
- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: Download all by YouTube Robot
IE: Download by YouTube Robot
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: adobe.com\kb2
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 15:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vaaur8rPygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-4031169062-1864207035-1914167420-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,07,db,f1,87,7b,e6,76,34,33,d8,56,f0,9d,a6,d8,bd,40,00,1e,dc,
22,28,34,9f,c8,10,46,ac,39,d7,ef,93,1a,1e,bb,4f,4c,cf,2c,0b,8c,b0,fd,de,f0,\
"rkeysecu"=hex:2e,94,cc,97,cf,8d,95,62,3d,19,af,1e,26,41,cb,4b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
c:\windows\system32\lpremove.exe
.
**************************************************************************
.
Completion time: 2012-06-15 16:04:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 22:02
ComboFix2.txt 2012-06-01 20:32
.
Pre-Run: 32,107,421,696 bytes free
Post-Run: 33,018,576,896 bytes free
.
- - End Of File - - 4915FD97B7EEBCB432167A380CD08573

#12 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 June 2012 - 06:33 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
netbt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 06:51 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:44 on 15/06/2012 by aaron's
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys --a---- 184320 bytes [08:57 02/11/2006] [08:57 02/11/2006] E3A168912E7EEFC3BD3B814720D68B41
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [16:41 19/12/2008] [05:55 19/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [18:55 12/09/2009] [04:45 11/04/2009] 70635790371DAC98714CA365AFED79C2

-= EOF =-

#14 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 June 2012 - 06:56 PM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys | c:\windows\system32\drivers\netbt.sys


Folder::
c:\windows\$NtUninstallKB23894$


ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 15 June 2012 - 08:15 PM

ComboFix 12-06-15.06 - aaron's 06/15/2012 18:23:05.4.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.370 [GMT -6:00]
Running from: c:\users\aaron's\Desktop\ComboFix.exe
Command switches used :: c:\users\aaron's\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 00:50 . 2012-06-16 00:56 -------- d-----w- c:\users\aaron's\AppData\Local\temp
2012-06-16 00:50 . 2012-06-16 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 18:18 . 2012-06-15 18:18 -------- d-----w- c:\users\aaron's\AppData\Roaming\redsn0w
2012-06-15 17:22 . 2012-06-15 17:22 -------- d-----w- c:\users\aaron's\AppData\Local\libimobiledevice
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- C:\audacity_temp
2012-06-14 22:32 . 2012-06-14 22:32 -------- dc----w- c:\program files\Apple Software Update
2012-06-10 08:46 . 2012-06-14 22:28 -------- d-----w- c:\windows\system32\catroot2
2012-06-04 07:23 . 2012-06-04 07:28 -------- d-----w- c:\users\aaron's\AppData\Local\ElevatedDiagnostics
2012-05-31 01:36 . 2012-05-31 01:36 -------- d-----w- c:\users\aaron's\AppData\Roaming\Malwarebytes
2012-05-31 01:35 . 2012-05-31 01:35 -------- d-----w- c:\programdata\Malwarebytes
2012-05-31 01:35 . 2012-05-31 01:36 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-31 01:35 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 00:36 . 2012-05-31 00:36 399264 ----a-w- c:\windows\unhide.exe
2012-05-30 23:20 . 2012-05-30 23:20 -------- d-----w- C:\found.000
2012-05-28 05:20 . 2012-05-28 05:35 -------- dc----w- c:\program files\Free Window Registry Repair
2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\programdata\PC Tools
2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\users\aaron's\AppData\Roaming\Product_PT
2012-05-26 03:54 . 2012-05-26 03:55 -------- dc----w- c:\program files\Defraggler
2012-05-26 01:46 . 2012-05-26 01:46 -------- d-----w- c:\users\aaron's\AppData\Local\VS Revo Group
2012-05-26 01:46 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-26 01:46 . 2012-05-26 01:46 -------- dc----w- c:\program files\VS Revo Group
2012-05-26 01:00 . 2012-04-17 14:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-05-25 23:55 . 2010-09-23 18:29 511328 -c--a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-05-25 23:45 . 2012-05-25 23:45 74703 ----a-w- c:\windows\system32\mfc45.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 06:11 . 2012-04-17 01:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:11 . 2012-01-13 21:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-25 18:11 . 2012-04-25 18:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 18:11 . 2012-04-25 18:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-03 08:16 . 2012-05-09 20:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 20:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-09 20:19 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-09 20:22 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-09 20:22 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-03 9210400]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-04-22 110304]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2012-01-03 87968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 06:11]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000Core.job
- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000UA.job
- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: Download all by YouTube Robot
IE: Download by YouTube Robot
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: adobe.com\kb2
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 18:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vaaur8rPygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-4031169062-1864207035-1914167420-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,07,db,f1,87,7b,e6,76,34,33,d8,56,f0,9d,a6,d8,bd,40,00,1e,dc,
22,28,34,9f,c8,10,46,ac,39,d7,ef,93,1a,1e,bb,4f,4c,cf,2c,0b,8c,b0,fd,de,f0,\
"rkeysecu"=hex:2e,94,cc,97,cf,8d,95,62,3d,19,af,1e,26,41,cb,4b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-06-15 19:07:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 01:06
ComboFix2.txt 2012-06-15 22:04
ComboFix3.txt 2012-06-01 20:32
.
Pre-Run: 33,004,048,384 bytes free
Post-Run: 32,960,122,880 bytes free
.
- - End Of File - - A39907D264EED9841A682FD7505CFCCD

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 16 June 2012 - 05:54 AM

That didn't work. Try it this way.
Let me know if you see: One file copied.

Go to Start->Run, copy / paste

copy C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys c:\windows\system32\drivers\netbt.sys
Enter
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 16 June 2012 - 05:45 PM

I get a window that says "Windows cannot find 'copy'. Make sure you typed the name correctly and then try again."

#18 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 16 June 2012 - 05:46 PM

oh do I not copy and paste the word "copy" ?

#19 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 16 June 2012 - 05:48 PM

Oh. I'll just copy/paste C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys c:\windows\system32\drivers\netbt.sys

#20 mexicano2232

mexicano2232

    New Member

  • Members
  • Pip
  • 46 posts

Posted 16 June 2012 - 05:55 PM

It says " You are attempting to open a file of type 'System File' (.sys)" then I click on "open with" then it says windows cannot open this file. and to Use the web service to find the correct program or to select a program from a list of installed programs
Back to Resolved HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malware Removal Support
  3. Malware Removal Help
  4. Resolved HijackThis Logs
  5. Privacy Policy
  6. Terms of Use ·