Jump to content


Photo
- - - - -

Rootkit virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 July 2012 - 08:21 PM

Hi!
Malwarebytes is able to find the virus, but can not permanently remove it. I think I picked up the virus from "updating" adobe.
Thanks in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Isis at 18:12:02 on 2012-07-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6723 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3B2D2F21-63C4-4A63-9A12-A8456EA43F10} : DhcpNameServer = 10.0.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mangareader.net/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3045275&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-27 791488]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-23 2253120]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640]
R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-09 01:09:54 -------- d-----w- C:\Users\Isis\AppData\Local\{879230A4-118A-4542-80AC-58F163027112}
2012-07-09 01:09:42 -------- d-----w- C:\Users\Isis\AppData\Local\{3AB946BF-312D-4716-8C05-C8E34E1F1542}
2012-07-08 05:04:40 -------- d-----w- C:\Users\Isis\AppData\Local\{DC12D7BB-9321-4351-83C0-65271C9AD995}
2012-07-08 05:04:29 -------- d-----w- C:\Users\Isis\AppData\Local\{2BEB8D9F-59E0-44D2-898F-DDC7AA2935C0}
2012-07-06 19:55:54 -------- d-----w- C:\Users\Isis\AppData\Roaming\Anvisoft
2012-07-06 19:55:48 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-07-06 19:35:19 -------- d-----w- C:\Users\Isis\AppData\Local\{20EA5AFB-EF70-40C6-989E-429CD88EFA1F}
2012-07-06 19:35:08 -------- d-----w- C:\Users\Isis\AppData\Local\{A93DD4E6-548A-4E14-8DE3-541B759C6B31}
2012-07-06 07:57:31 -------- d-----w- C:\Program Files\CCleaner
2012-07-06 05:06:13 -------- d-----w- C:\Users\Isis\AppData\Local\{D1F3ED8D-6C50-466D-8569-7BE735B380BD}
2012-07-06 05:05:58 -------- d-----w- C:\Users\Isis\AppData\Local\{80FA99EC-EA7E-4DBB-8DF5-B22079F47EE3}
2012-07-05 07:39:56 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-05 07:09:27 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1362962A-8585-43FF-887D-6E59755217F2}\mpengine.dll
2012-07-05 07:07:00 -------- d-----w- C:\Users\Isis\AppData\Local\{6D171D3D-3810-4353-B7C3-72478F1919D3}
2012-07-05 07:06:48 -------- d-----w- C:\Users\Isis\AppData\Local\{081129C1-7DB3-4A03-83AD-861E85A9C6C1}
2012-07-03 20:00:00 -------- d-----w- C:\Users\Isis\AppData\Local\{688DB8FF-3568-4BE0-84A6-FDF050430807}
2012-07-03 19:59:49 -------- d-----w- C:\Users\Isis\AppData\Local\{1AC779D3-6E39-4337-AC9F-D107C8014A7B}
2012-07-03 04:23:28 -------- d-----w- C:\Users\Isis\AppData\Local\{27DD4768-DA8F-4E2A-BACF-3A313C51CE34}
2012-07-03 04:23:17 -------- d-----w- C:\Users\Isis\AppData\Local\{65B2AD7E-7C0C-44C8-8EC5-8E10FAD9DC66}
2012-07-02 08:36:58 -------- d-----w- C:\Users\Isis\AppData\Local\{B4AD9D2C-FFAB-4721-9D75-9ADBD54A02E9}
2012-07-02 08:36:47 -------- d-----w- C:\Users\Isis\AppData\Local\{5CFA20B8-ED3B-449E-8B4B-86B2A6A0FFDB}
2012-07-02 07:57:45 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-07-02 07:57:45 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-07-02 07:57:45 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-07-01 20:36:20 -------- d-----w- C:\Users\Isis\AppData\Local\{90C8C1E4-76E5-424A-B41F-6BC231A2C842}
2012-07-01 20:36:08 -------- d-----w- C:\Users\Isis\AppData\Local\{9046B33A-9579-4362-9EDC-B1951657F43C}
2012-07-01 04:40:04 -------- d-----w- C:\Users\Isis\AppData\Local\{771CD846-BFEE-432B-BD32-B3ED04194205}
2012-07-01 04:39:52 -------- d-----w- C:\Users\Isis\AppData\Local\{8EB24791-7748-4648-B725-F7925928F51E}
2012-06-30 08:11:36 -------- d-----w- C:\Users\Isis\AppData\Local\{445F2A12-4D2C-4271-AB1A-43E97348C07E}
2012-06-30 08:11:25 -------- d-----w- C:\Users\Isis\AppData\Local\{33038FCD-386B-42C0-AA9D-C0A88EFD527E}
2012-06-29 20:10:56 -------- d-----w- C:\Users\Isis\AppData\Local\{77EAD35B-8B17-4110-BA54-BF9A5DA627C7}
2012-06-29 20:10:44 -------- d-----w- C:\Users\Isis\AppData\Local\{7354E308-F88A-4A64-A91F-CA675852F877}
2012-06-29 08:01:29 -------- d-----w- C:\Users\Isis\AppData\Local\{F8031744-7C7D-4EAA-ACE0-B885BACC74EE}
2012-06-29 08:01:18 -------- d-----w- C:\Users\Isis\AppData\Local\{A6622361-5E4F-4BAF-9202-49E2FE215586}
2012-06-28 20:00:52 -------- d-----w- C:\Users\Isis\AppData\Local\{055703A5-8AC0-4C2C-A43D-64310E9E0B98}
2012-06-28 20:00:41 -------- d-----w- C:\Users\Isis\AppData\Local\{9C46E032-D333-4BF3-8529-821933BFAF79}
2012-06-27 23:05:03 -------- d-----w- C:\Users\Isis\AppData\Local\{93FD267B-BD79-47D5-B7AE-B982E41B4529}
2012-06-27 23:04:51 -------- d-----w- C:\Users\Isis\AppData\Local\{52937C90-CB16-45BE-AB17-91EEB34BAFFF}
2012-06-27 06:34:20 -------- d-----w- C:\Users\Isis\AppData\Local\{C4D6AFEC-545F-456F-91E6-A212BC30557F}
2012-06-27 06:34:09 -------- d-----w- C:\Users\Isis\AppData\Local\{321C0D50-989E-4B21-8FE1-DF78524A0337}
2012-06-26 18:33:42 -------- d-----w- C:\Users\Isis\AppData\Local\{2FBBBB2A-0764-48B9-8B62-6BA88410E6BA}
2012-06-26 18:33:29 -------- d-----w- C:\Users\Isis\AppData\Local\{CCFBEACA-A8E3-4459-A878-A572FF971A32}
2012-06-26 04:43:14 -------- d-----w- C:\Users\Isis\AppData\Local\{F5F5E4A5-5E94-4037-8A4D-04724BD5B97B}
2012-06-26 04:43:01 -------- d-----w- C:\Users\Isis\AppData\Local\{A1930692-F1BD-40B9-8187-E99FC94E6FC9}
2012-06-25 04:24:16 -------- d-----w- C:\Users\Isis\AppData\Local\{BEC9FEC2-2A2C-4888-86C8-A2A79B567B5A}
2012-06-25 04:24:04 -------- d-----w- C:\Users\Isis\AppData\Local\{F40DF3F6-3924-48D8-AEB5-C1A1EA9D7DDD}
2012-06-24 05:45:05 -------- d-----w- C:\Users\Isis\AppData\Local\Macromedia
2012-06-24 04:38:42 -------- d-----w- C:\Users\Isis\AppData\Local\{C8FC6663-1768-4C6E-9307-FB6B6426EA1B}
2012-06-24 04:38:31 -------- d-----w- C:\Users\Isis\AppData\Local\{4AAF5F40-323B-4387-BD52-ED4AB8ECF1AE}
2012-06-23 10:21:02 -------- d-----w- C:\Users\Isis\AppData\Local\{D2F5DA4F-79C8-4253-94E6-157461BCBFCA}
2012-06-23 10:20:51 -------- d-----w- C:\Users\Isis\AppData\Local\{A4A1D2E8-1252-4233-927D-E7FF6C06E39D}
2012-06-22 22:20:39 -------- d-----w- C:\Users\Isis\AppData\Local\{BB4A3CC3-B348-481F-BBAA-BBDB72C9ACF9}
2012-06-22 22:20:27 -------- d-----w- C:\Users\Isis\AppData\Local\{6444F604-B88F-46FC-B205-FB8E164E3CA8}
2012-06-22 10:20:02 -------- d-----w- C:\Users\Isis\AppData\Local\{C28E6269-4D29-459D-8554-BAA3783DED70}
2012-06-22 10:19:51 -------- d-----w- C:\Users\Isis\AppData\Local\{42333D64-0ABC-4119-B2CB-046FDE3BFB9C}
2012-06-21 20:45:11 -------- d-----w- C:\Users\Isis\AppData\Local\{8D61CC0C-3ABD-40D8-A003-3CF9FF29878B}
2012-06-21 20:44:58 -------- d-----w- C:\Users\Isis\AppData\Local\{BB3EA0E1-2E84-45F7-B5FC-B5E5C7DDDCF0}
2012-06-21 20:36:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 20:35:52 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 20:35:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 20:35:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 04:47:32 -------- d-----w- C:\Users\Isis\AppData\Local\{02DC6AA1-0D4B-4312-A190-760A38CAE57C}
2012-06-18 04:23:22 -------- d-----w- C:\Users\Isis\AppData\Local\{AAAE072F-2B4D-4B82-A6E1-20E83619D22D}
2012-06-17 09:32:30 -------- d-----w- C:\Users\Isis\AppData\Local\{0C17825F-3521-4E64-9B1A-AAB5779EA814}
2012-06-16 21:32:18 -------- d-----w- C:\Users\Isis\AppData\Local\{5FC0661E-4BEA-4BEF-AABF-47E15B27851B}
2012-06-16 05:23:55 -------- d-----w- C:\Users\Isis\AppData\Local\{A6E9704F-6663-41DD-8949-0B9FF6F65354}
2012-06-14 20:31:55 -------- d-----w- C:\Users\Isis\AppData\Local\{69FE90AD-7F40-42FF-83FE-C808CC4E7581}
2012-06-14 20:31:42 -------- d-----w- C:\Users\Isis\AppData\Local\{B3C73A0B-7C41-424B-BE2E-B753F662EEB6}
2012-06-14 01:57:13 -------- d-----w- C:\Users\Isis\AppData\Local\{0A4E7E73-1C33-4E62-8036-65BF0E9E6517}
2012-06-14 01:57:00 -------- d-----w- C:\Users\Isis\AppData\Local\{D570F33F-DE48-45A5-AE61-6968153944A4}
2012-06-13 08:26:34 -------- d-----w- C:\Users\Isis\AppData\Local\{44ABC095-5818-4425-8E56-FD09FED5666B}
2012-06-13 08:26:23 -------- d-----w- C:\Users\Isis\AppData\Local\{46FE7409-B1F7-4495-9C7C-6D158F1FB7DF}
2012-06-12 20:25:58 -------- d-----w- C:\Users\Isis\AppData\Local\{B2CB9295-B243-4A29-84EC-C8B14E71DDB4}
2012-06-12 20:25:46 -------- d-----w- C:\Users\Isis\AppData\Local\{9621D248-5883-4909-AB9F-C4B9D0D01581}
2012-06-12 07:41:02 -------- d-----w- C:\Users\Isis\AppData\Local\{3A6D357F-55B1-4B41-91E5-82B8526E2A36}
2012-06-12 07:40:51 -------- d-----w- C:\Users\Isis\AppData\Local\{5C0D0779-CABF-4EB8-A8CA-8A14F97B3E9E}
2012-06-11 19:40:25 -------- d-----w- C:\Users\Isis\AppData\Local\{7BFF8979-AF6B-4EB9-B322-B841A49C9A7E}
2012-06-11 19:40:14 -------- d-----w- C:\Users\Isis\AppData\Local\{5A35F847-D14C-4BE0-BBFE-E3BE2D94585C}
2012-06-11 01:52:23 -------- d-----w- C:\Users\Isis\AppData\Local\{898FC85A-CCB4-4CC5-B81B-F44807075FFC}
2012-06-11 01:52:11 -------- d-----w- C:\Users\Isis\AppData\Local\{F546DCED-9D94-4F6A-98F9-89EDE2A13A85}
2012-06-09 20:55:47 -------- d-----w- C:\Users\Isis\AppData\Local\{F288A294-1533-4526-843D-CD7166AD2DCB}
2012-06-09 20:55:35 -------- d-----w- C:\Users\Isis\AppData\Local\{C0EC43FF-D494-4DE8-AD84-2CF913E7BAAC}
2012-06-09 02:47:55 -------- d-----w- C:\Users\Isis\AppData\Local\{49FA23FA-B960-4034-92FA-7816A4A68A36}
2012-06-09 02:47:42 -------- d-----w- C:\Users\Isis\AppData\Local\{3047563A-0AA7-42E8-9687-D18B262F9B31}
.
==================== Find3M ====================
.
2012-07-05 07:32:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 07:32:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-06 20:26:32 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2012-05-06 20:26:30 2851840 ----a-w- C:\Windows\System32\themeui.dll
2012-05-06 20:26:28 44544 ----a-w- C:\Windows\System32\themeservice.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-11 04:57:02 102248 ----a-w- C:\Users\Isis\GoToAssistDownloadHelper.exe
.
============= FINISH: 18:13:02.34 ===============

#2 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 09 July 2012 - 12:47 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 01:38 AM

Hi Gringo, thanks for your help.

The virus makes music come out of my speakers about once a day, lagging everything I do horribly. Unfortunately until it does, I have no other indication if the virus is affecting my computer. So far it hasn't even happened today, and the only reason I know it's still there is because malwarebytes still finds it.

Here's the security check logs

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````




And the combofix

ComboFix 12-07-08.01 - Isis 07/08/2012 23:21:19.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.7081 [GMT -7:00]
Running from: c:\users\Isis\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Isis\GoToAssistDownloadHelper.exe
c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\@
c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\00000001.@
c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\80000000.@
c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\800000cb.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\users\Isis\AppData\Roaming\Anvisoft
2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\program files (x86)\Anvisoft
2012-07-06 07:57 . 2012-07-06 07:57 -------- d-----w- c:\program files\CCleaner
2012-07-05 07:39 . 2012-07-05 07:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-05 07:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1362962A-8585-43FF-887D-6E59755217F2}\mpengine.dll
2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Application Updater
2012-06-24 05:45 . 2012-06-24 05:45 -------- d-----w- c:\users\Isis\AppData\Local\Macromedia
2012-06-21 20:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 20:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 20:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 20:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 20:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 20:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 20:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 20:35 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 20:35 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 07:32 . 2012-04-23 22:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 07:32 . 2012-03-23 21:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 20:26 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-05-06 20:26 . 2012-03-25 02:24 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-05-06 20:26 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-03-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-03-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-28 1090440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-27 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-28 791488]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mangareader.net/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3045275&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{656461ef-40f6-4115-9ff1-bced9812ccbb} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
.
**************************************************************************
.
Completion time: 2012-07-08 23:29:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 06:29
.
Pre-Run: 423,312,117,760 bytes free
Post-Run: 423,180,369,920 bytes free
.
- - End Of File - - 7CA53096FAD4465FCC43CE6651A706EE


Thanks again for your help!

#4 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 09 July 2012 - 02:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 02:44 AM

aswmbr
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 00:41:42
-----------------------------
00:41:42.608 OS Version: Windows x64 6.1.7601 Service Pack 1
00:41:42.608 Number of processors: 4 586 0x2A07
00:41:42.608 ComputerName: ISIS-PC UserName: Isis
00:41:43.347 Initialize success
00:41:51.819 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
00:41:51.820 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
00:41:51.836 Disk 0 MBR read successfully
00:41:51.838 Disk 0 MBR scan
00:41:51.839 Disk 0 Windows 7 default MBR code
00:41:51.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:41:51.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
00:41:51.855 Disk 0 scanning C:\Windows\system32\drivers
00:41:56.837 Service scanning
00:42:09.217 Modules scanning
00:42:09.217 Disk 0 trace - called modules:
00:42:09.233 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:42:09.233 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d94060]
00:42:09.233 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007ae2520]
00:42:09.233 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ae3060]
00:42:09.249 Scan finished successfully
00:42:17.376 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"
00:42:17.379 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswMBR.txt"

#6 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 02:46 AM

Tdds part 1
00:45:24.0738 2340 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
00:45:25.0143 2340 ============================================================
00:45:25.0143 2340 Current date / time: 2012/07/09 00:45:25.0143
00:45:25.0143 2340 SystemInfo:
00:45:25.0143 2340
00:45:25.0143 2340 OS Version: 6.1.7601 ServicePack: 1.0
00:45:25.0143 2340 Product type: Workstation
00:45:25.0143 2340 ComputerName: ISIS-PC
00:45:25.0143 2340 UserName: Isis
00:45:25.0143 2340 Windows directory: C:\Windows
00:45:25.0143 2340 System windows directory: C:\Windows
00:45:25.0143 2340 Running under WOW64
00:45:25.0143 2340 Processor architecture: Intel x64
00:45:25.0143 2340 Number of processors: 4
00:45:25.0143 2340 Page size: 0x1000
00:45:25.0143 2340 Boot type: Normal boot
00:45:25.0143 2340 ============================================================
00:45:25.0736 2340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:45:25.0752 2340 ============================================================
00:45:25.0752 2340 \Device\Harddisk0\DR0:
00:45:25.0752 2340 MBR partitions:
00:45:25.0752 2340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:45:25.0752 2340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
00:45:25.0752 2340 ============================================================
00:45:25.0767 2340 C: <-> \Device\Harddisk0\DR0\Partition1
00:45:25.0767 2340 ============================================================
00:45:25.0767 2340 Initialize success
00:45:25.0767 2340 ============================================================
00:45:33.0676 0884 ============================================================
00:45:33.0676 0884 Scan started
00:45:33.0676 0884 Mode: Manual; SigCheck; TDLFS;
00:45:33.0676 0884 ============================================================
00:45:34.0332 0884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:45:34.0363 0884 1394ohci - ok
00:45:34.0394 0884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:45:34.0394 0884 ACPI - ok
00:45:34.0410 0884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:45:34.0425 0884 AcpiPmi - ok
00:45:34.0503 0884 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:45:34.0519 0884 AdobeARMservice - ok
00:45:34.0566 0884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:45:34.0581 0884 adp94xx - ok
00:45:34.0597 0884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:45:34.0612 0884 adpahci - ok
00:45:34.0628 0884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:45:34.0628 0884 adpu320 - ok
00:45:34.0659 0884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:45:34.0675 0884 AeLookupSvc - ok
00:45:34.0722 0884 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:45:34.0737 0884 AFD - ok
00:45:34.0768 0884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:45:34.0768 0884 agp440 - ok
00:45:34.0784 0884 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:45:34.0800 0884 ALG - ok
00:45:34.0831 0884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:45:34.0831 0884 aliide - ok
00:45:34.0831 0884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:45:34.0846 0884 amdide - ok
00:45:34.0878 0884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:45:34.0878 0884 AmdK8 - ok
00:45:34.0878 0884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:45:34.0893 0884 AmdPPM - ok
00:45:34.0909 0884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:45:34.0909 0884 amdsata - ok
00:45:34.0924 0884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:45:34.0940 0884 amdsbs - ok
00:45:34.0940 0884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:45:34.0956 0884 amdxata - ok
00:45:35.0002 0884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:45:35.0018 0884 AppID - ok
00:45:35.0034 0884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:45:35.0065 0884 AppIDSvc - ok
00:45:35.0112 0884 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:45:35.0127 0884 Appinfo - ok
00:45:35.0190 0884 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:45:35.0205 0884 Apple Mobile Device - ok
00:45:35.0252 0884 Application Updater (b4a30f0a7494cdbec73f6bd30fb619d9) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
00:45:35.0268 0884 Application Updater - ok
00:45:35.0408 0884 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:45:35.0424 0884 AppMgmt - ok
00:45:35.0439 0884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:45:35.0455 0884 arc - ok
00:45:35.0455 0884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:45:35.0470 0884 arcsas - ok
00:45:35.0486 0884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:45:35.0502 0884 AsyncMac - ok
00:45:35.0533 0884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:45:35.0548 0884 atapi - ok
00:45:35.0626 0884 athur (36322190763845975e0d001e90687bf2) C:\Windows\system32\DRIVERS\athurx.sys
00:45:35.0642 0884 athur - ok
00:45:35.0736 0884 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys
00:45:35.0736 0884 ATITool ( UnsignedFile.Multi.Generic ) - warning
00:45:35.0736 0884 ATITool - detected UnsignedFile.Multi.Generic (1)
00:45:35.0782 0884 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:45:35.0814 0884 AudioEndpointBuilder - ok
00:45:35.0814 0884 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:45:35.0845 0884 AudioSrv - ok
00:45:35.0892 0884 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:45:35.0907 0884 AxInstSV - ok
00:45:35.0938 0884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:45:35.0954 0884 b06bdrv - ok
00:45:35.0985 0884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:45:35.0985 0884 b57nd60a - ok
00:45:36.0048 0884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:45:36.0048 0884 BDESVC - ok
00:45:36.0063 0884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:45:36.0094 0884 Beep - ok
00:45:36.0157 0884 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:45:36.0172 0884 BFE - ok
00:45:36.0219 0884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:45:36.0219 0884 blbdrive - ok
00:45:36.0297 0884 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:45:36.0313 0884 Bonjour Service - ok
00:45:36.0360 0884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:45:36.0360 0884 bowser - ok
00:45:36.0375 0884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:45:36.0391 0884 BrFiltLo - ok
00:45:36.0391 0884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:45:36.0406 0884 BrFiltUp - ok
00:45:36.0422 0884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:45:36.0453 0884 BridgeMP - ok
00:45:36.0469 0884 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:45:36.0500 0884 Browser - ok
00:45:36.0516 0884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:45:36.0531 0884 Brserid - ok
00:45:36.0531 0884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:45:36.0547 0884 BrSerWdm - ok
00:45:36.0547 0884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:45:36.0547 0884 BrUsbMdm - ok
00:45:36.0562 0884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:45:36.0562 0884 BrUsbSer - ok
00:45:36.0562 0884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:45:36.0578 0884 BTHMODEM - ok
00:45:36.0609 0884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:45:36.0625 0884 bthserv - ok
00:45:36.0640 0884 catchme - ok
00:45:36.0640 0884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:45:36.0672 0884 cdfs - ok
00:45:36.0718 0884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:45:36.0734 0884 cdrom - ok
00:45:36.0765 0884 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:45:36.0781 0884 CertPropSvc - ok
00:45:36.0796 0884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:45:36.0812 0884 circlass - ok
00:45:36.0843 0884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:45:36.0843 0884 CLFS - ok
00:45:36.0906 0884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:45:36.0906 0884 clr_optimization_v2.0.50727_32 - ok
00:45:36.0952 0884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:45:36.0952 0884 clr_optimization_v2.0.50727_64 - ok
00:45:37.0015 0884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:45:37.0030 0884 clr_optimization_v4.0.30319_32 - ok
00:45:37.0046 0884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:45:37.0062 0884 clr_optimization_v4.0.30319_64 - ok
00:45:37.0077 0884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:45:37.0093 0884 CmBatt - ok
00:45:37.0108 0884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:45:37.0124 0884 cmdide - ok
00:45:37.0171 0884 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:45:37.0186 0884 CNG - ok
00:45:37.0202 0884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:45:37.0202 0884 Compbatt - ok
00:45:37.0218 0884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:45:37.0233 0884 CompositeBus - ok
00:45:37.0233 0884 COMSysApp - ok
00:45:37.0280 0884 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
00:45:37.0280 0884 cpuz135 - ok
00:45:37.0296 0884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:45:37.0296 0884 crcdisk - ok
00:45:37.0342 0884 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:45:37.0342 0884 CryptSvc - ok
00:45:37.0389 0884 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:45:37.0405 0884 CSC - ok
00:45:37.0436 0884 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:45:37.0436 0884 CscService - ok
00:45:37.0498 0884 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:45:37.0514 0884 DcomLaunch - ok
00:45:37.0545 0884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:45:37.0576 0884 defragsvc - ok
00:45:37.0623 0884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:45:37.0654 0884 DfsC - ok
00:45:37.0670 0884 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:45:37.0701 0884 Dhcp - ok
00:45:37.0717 0884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:45:37.0732 0884 discache - ok
00:45:37.0748 0884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:45:37.0764 0884 Disk - ok
00:45:37.0795 0884 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:45:37.0810 0884 Dnscache - ok
00:45:37.0842 0884 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:45:37.0873 0884 dot3svc - ok
00:45:37.0904 0884 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:45:37.0920 0884 DPS - ok
00:45:37.0951 0884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:45:37.0966 0884 drmkaud - ok
00:45:38.0013 0884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:45:38.0029 0884 DXGKrnl - ok
00:45:38.0060 0884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:45:38.0076 0884 EapHost - ok
00:45:38.0185 0884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:45:38.0216 0884 ebdrv - ok
00:45:38.0310 0884 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:45:38.0310 0884 EFS - ok
00:45:38.0388 0884 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:45:38.0403 0884 ehRecvr - ok
00:45:38.0419 0884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:45:38.0419 0884 ehSched - ok
00:45:38.0481 0884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:45:38.0497 0884 elxstor - ok
00:45:38.0512 0884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:45:38.0528 0884 ErrDev - ok
00:45:38.0544 0884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:45:38.0575 0884 EventSystem - ok
00:45:38.0606 0884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:45:38.0622 0884 exfat - ok
00:45:38.0653 0884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:45:38.0668 0884 fastfat - ok
00:45:38.0715 0884 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:45:38.0715 0884 Fax - ok
00:45:38.0731 0884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:45:38.0746 0884 fdc - ok
00:45:38.0762 0884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:45:38.0793 0884 fdPHost - ok
00:45:38.0793 0884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:45:38.0824 0884 FDResPub - ok
00:45:38.0824 0884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:45:38.0840 0884 FileInfo - ok
00:45:38.0856 0884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:45:38.0871 0884 Filetrace - ok
00:45:38.0887 0884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:45:38.0902 0884 flpydisk - ok
00:45:38.0934 0884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:45:38.0949 0884 FltMgr - ok
00:45:38.0996 0884 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
00:45:39.0027 0884 FontCache - ok
00:45:39.0090 0884 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:45:39.0090 0884 FontCache3.0.0.0 - ok
00:45:39.0121 0884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:45:39.0121 0884 FsDepends - ok
00:45:39.0168 0884 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:45:39.0168 0884 Fs_Rec - ok
00:45:39.0199 0884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:45:39.0214 0884 fvevol - ok
00:45:39.0230 0884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:45:39.0246 0884 gagp30kx - ok
00:45:39.0261 0884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:45:39.0277 0884 GEARAspiWDM - ok
00:45:39.0324 0884 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:45:39.0339 0884 gpsvc - ok
00:45:39.0355 0884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:45:39.0355 0884 hcw85cir - ok
00:45:39.0402 0884 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:45:39.0417 0884 HdAudAddService - ok
00:45:39.0433 0884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:45:39.0448 0884 HDAudBus - ok
00:45:39.0448 0884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:45:39.0464 0884 HidBatt - ok
00:45:39.0480 0884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:45:39.0480 0884 HidBth - ok
00:45:39.0495 0884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:45:39.0495 0884 HidIr - ok
00:45:39.0511 0884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:45:39.0542 0884 hidserv - ok
00:45:39.0558 0884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:45:39.0573 0884 HidUsb - ok
00:45:39.0604 0884 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:45:39.0620 0884 hkmsvc - ok
00:45:39.0667 0884 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:45:39.0682 0884 HomeGroupListener - ok
00:45:39.0714 0884 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:45:39.0714 0884 HomeGroupProvider - ok
00:45:39.0745 0884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:45:39.0745 0884 HpSAMD - ok
00:45:39.0807 0884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:45:39.0838 0884 HTTP - ok
00:45:39.0870 0884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:45:39.0870 0884 hwpolicy - ok
00:45:39.0916 0884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:45:39.0916 0884 i8042prt - ok
00:45:39.0963 0884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:45:39.0963 0884 iaStorV - ok
00:45:40.0057 0884 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:45:40.0072 0884 idsvc - ok
00:45:40.0104 0884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:45:40.0104 0884 iirsp - ok
00:45:40.0166 0884 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:45:40.0197 0884 IKEEXT - ok
00:45:40.0228 0884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:45:40.0228 0884 intelide - ok
00:45:40.0244 0884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:45:40.0260 0884 intelppm - ok

#7 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 02:47 AM

Part 2
00:45:40.0291 0884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:45:40.0306 0884 IPBusEnum - ok
00:45:40.0338 0884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:45:40.0369 0884 IpFilterDriver - ok
00:45:40.0447 0884 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:45:40.0462 0884 iphlpsvc - ok
00:45:40.0478 0884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:45:40.0494 0884 IPMIDRV - ok
00:45:40.0525 0884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:45:40.0540 0884 IPNAT - ok
00:45:40.0618 0884 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:45:40.0634 0884 iPod Service - ok
00:45:40.0665 0884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:45:40.0665 0884 IRENUM - ok
00:45:40.0712 0884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:45:40.0712 0884 isapnp - ok
00:45:40.0743 0884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:45:40.0743 0884 iScsiPrt - ok
00:45:40.0774 0884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:45:40.0774 0884 kbdclass - ok
00:45:40.0790 0884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:45:40.0790 0884 kbdhid - ok
00:45:40.0837 0884 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:45:40.0837 0884 KeyIso - ok
00:45:40.0852 0884 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:45:40.0852 0884 KSecDD - ok
00:45:40.0868 0884 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:45:40.0884 0884 KSecPkg - ok
00:45:40.0884 0884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:45:40.0915 0884 ksthunk - ok
00:45:40.0946 0884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:45:40.0962 0884 KtmRm - ok
00:45:40.0993 0884 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:45:41.0024 0884 LanmanServer - ok
00:45:41.0055 0884 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:45:41.0071 0884 LanmanWorkstation - ok
00:45:41.0102 0884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:45:41.0118 0884 lltdio - ok
00:45:41.0164 0884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:45:41.0180 0884 lltdsvc - ok
00:45:41.0196 0884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:45:41.0211 0884 lmhosts - ok
00:45:41.0242 0884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:45:41.0258 0884 LSI_FC - ok
00:45:41.0274 0884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:45:41.0289 0884 LSI_SAS - ok
00:45:41.0289 0884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:45:41.0305 0884 LSI_SAS2 - ok
00:45:41.0305 0884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:45:41.0320 0884 LSI_SCSI - ok
00:45:41.0320 0884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:45:41.0352 0884 luafv - ok
00:45:41.0383 0884 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:45:41.0398 0884 Mcx2Svc - ok
00:45:41.0414 0884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:45:41.0430 0884 megasas - ok
00:45:41.0445 0884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:45:41.0461 0884 MegaSR - ok
00:45:41.0492 0884 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:45:41.0508 0884 MEIx64 - ok
00:45:41.0539 0884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:45:41.0554 0884 MMCSS - ok
00:45:41.0570 0884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:45:41.0601 0884 Modem - ok
00:45:41.0632 0884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:45:41.0632 0884 monitor - ok
00:45:41.0679 0884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:45:41.0679 0884 mouclass - ok
00:45:41.0695 0884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:45:41.0695 0884 mouhid - ok
00:45:41.0742 0884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:45:41.0742 0884 mountmgr - ok
00:45:41.0835 0884 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:45:41.0835 0884 MozillaMaintenance - ok
00:45:41.0866 0884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:45:41.0882 0884 mpio - ok
00:45:41.0898 0884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:45:41.0929 0884 mpsdrv - ok
00:45:41.0976 0884 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:45:42.0007 0884 MpsSvc - ok
00:45:42.0038 0884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:45:42.0054 0884 MRxDAV - ok
00:45:42.0085 0884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:45:42.0100 0884 mrxsmb - ok
00:45:42.0116 0884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:45:42.0132 0884 mrxsmb10 - ok
00:45:42.0163 0884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:45:42.0163 0884 mrxsmb20 - ok
00:45:42.0194 0884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:45:42.0194 0884 msahci - ok
00:45:42.0225 0884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:45:42.0241 0884 msdsm - ok
00:45:42.0272 0884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:45:42.0288 0884 MSDTC - ok
00:45:42.0319 0884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:45:42.0334 0884 Msfs - ok
00:45:42.0366 0884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:45:42.0381 0884 mshidkmdf - ok
00:45:42.0381 0884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:45:42.0397 0884 msisadrv - ok
00:45:42.0412 0884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:45:42.0444 0884 MSiSCSI - ok
00:45:42.0444 0884 msiserver - ok
00:45:42.0459 0884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:45:42.0475 0884 MSKSSRV - ok
00:45:42.0475 0884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:45:42.0490 0884 MSPCLOCK - ok
00:45:42.0506 0884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:45:42.0522 0884 MSPQM - ok
00:45:42.0553 0884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:45:42.0568 0884 MsRPC - ok
00:45:42.0600 0884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:45:42.0600 0884 mssmbios - ok
00:45:42.0615 0884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:45:42.0631 0884 MSTEE - ok
00:45:42.0631 0884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:45:42.0646 0884 MTConfig - ok
00:45:42.0662 0884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:45:42.0662 0884 Mup - ok
00:45:42.0709 0884 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:45:42.0724 0884 napagent - ok
00:45:42.0771 0884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:45:42.0771 0884 NativeWifiP - ok
00:45:42.0849 0884 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:45:42.0865 0884 NDIS - ok
00:45:42.0880 0884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:45:42.0912 0884 NdisCap - ok
00:45:42.0927 0884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:45:42.0943 0884 NdisTapi - ok
00:45:42.0958 0884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:45:42.0990 0884 Ndisuio - ok
00:45:43.0021 0884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:45:43.0036 0884 NdisWan - ok
00:45:43.0068 0884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:45:43.0083 0884 NDProxy - ok
00:45:43.0099 0884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:45:43.0130 0884 NetBIOS - ok
00:45:43.0146 0884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:45:43.0177 0884 NetBT - ok
00:45:43.0224 0884 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:45:43.0224 0884 Netlogon - ok
00:45:43.0270 0884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:45:43.0286 0884 Netman - ok
00:45:43.0317 0884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:45:43.0333 0884 netprofm - ok
00:45:43.0380 0884 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:45:43.0395 0884 NetTcpPortSharing - ok
00:45:43.0411 0884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:45:43.0426 0884 nfrd960 - ok
00:45:43.0473 0884 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:45:43.0489 0884 NlaSvc - ok
00:45:43.0504 0884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:45:43.0520 0884 Npfs - ok
00:45:43.0536 0884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:45:43.0567 0884 nsi - ok
00:45:43.0567 0884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:45:43.0598 0884 nsiproxy - ok
00:45:43.0676 0884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:45:43.0692 0884 Ntfs - ok
00:45:43.0785 0884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:45:43.0801 0884 Null - ok
00:45:44.0191 0884 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:45:44.0331 0884 nvlddmkm - ok
00:45:44.0440 0884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:45:44.0440 0884 nvraid - ok
00:45:44.0456 0884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:45:44.0472 0884 nvstor - ok
00:45:44.0565 0884 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
00:45:44.0581 0884 nvsvc - ok
00:45:44.0674 0884 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:45:44.0706 0884 nvUpdatusService - ok
00:45:44.0815 0884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:45:44.0815 0884 nv_agp - ok
00:45:44.0846 0884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:45:44.0846 0884 ohci1394 - ok
00:45:44.0877 0884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:45:44.0893 0884 p2pimsvc - ok
00:45:44.0924 0884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:45:44.0924 0884 p2psvc - ok
00:45:44.0955 0884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:45:44.0971 0884 Parport - ok
00:45:45.0002 0884 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:45:45.0002 0884 partmgr - ok
00:45:45.0018 0884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:45:45.0018 0884 PcaSvc - ok
00:45:45.0033 0884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:45:45.0049 0884 pci - ok
00:45:45.0080 0884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:45:45.0080 0884 pciide - ok
00:45:45.0096 0884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:45:45.0111 0884 pcmcia - ok
00:45:45.0127 0884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:45:45.0127 0884 pcw - ok
00:45:45.0158 0884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:45:45.0174 0884 PEAUTH - ok
00:45:45.0236 0884 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:45:45.0252 0884 PeerDistSvc - ok
00:45:45.0298 0884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:45:45.0314 0884 PerfHost - ok
00:45:45.0408 0884 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:45:45.0439 0884 pla - ok
00:45:45.0486 0884 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:45:45.0501 0884 PlugPlay - ok
00:45:45.0517 0884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:45:45.0517 0884 PNRPAutoReg - ok
00:45:45.0548 0884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:45:45.0548 0884 PNRPsvc - ok
00:45:45.0579 0884 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:45:45.0595 0884 PolicyAgent - ok
00:45:45.0642 0884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:45:45.0657 0884 Power - ok
00:45:45.0704 0884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:45:45.0735 0884 PptpMiniport - ok
00:45:45.0751 0884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:45:45.0751 0884 Processor - ok
00:45:45.0798 0884 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:45:45.0798 0884 ProfSvc - ok
00:45:45.0829 0884 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:45:45.0829 0884 ProtectedStorage - ok
00:45:45.0876 0884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:45:45.0907 0884 Psched - ok
00:45:45.0969 0884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:45:45.0985 0884 ql2300 - ok
00:45:46.0078 0884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:45:46.0078 0884 ql40xx - ok
00:45:46.0110 0884 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:45:46.0110 0884 QWAVE - ok
00:45:46.0125 0884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:45:46.0125 0884 QWAVEdrv - ok
00:45:46.0141 0884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:45:46.0156 0884 RasAcd - ok
00:45:46.0188 0884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:45:46.0203 0884 RasAgileVpn - ok
00:45:46.0235 0884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:45:46.0250 0884 RasAuto - ok
00:45:46.0281 0884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:45:46.0313 0884 Rasl2tp - ok
00:45:46.0344 0884 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:45:46.0375 0884 RasMan - ok
00:45:46.0391 0884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:45:46.0422 0884 RasPppoe - ok
00:45:46.0437 0884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:45:46.0453 0884 RasSstp - ok
00:45:46.0484 0884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:45:46.0515 0884 rdbss - ok
00:45:46.0515 0884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:45:46.0531 0884 rdpbus - ok
00:45:46.0547 0884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:45:46.0562 0884 RDPCDD - ok
00:45:46.0609 0884 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:45:46.0609 0884 RDPDR - ok
00:45:46.0640 0884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:45:46.0656 0884 RDPENCDD - ok
00:45:46.0656 0884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:45:46.0687 0884 RDPREFMP - ok
00:45:46.0718 0884 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:45:46.0734 0884 RdpVideoMiniport - ok
00:45:46.0765 0884 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:45:46.0765 0884 RDPWD - ok
00:45:46.0812 0884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:45:46.0827 0884 rdyboost - ok
00:45:46.0874 0884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:45:46.0890 0884 RemoteAccess - ok
00:45:46.0905 0884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:45:46.0937 0884 RemoteRegistry - ok
00:45:46.0937 0884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:45:46.0968 0884 RpcEptMapper - ok
00:45:46.0968 0884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:45:46.0983 0884 RpcLocator - ok
00:45:47.0015 0884 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:45:47.0046 0884 RpcSs - ok
00:45:47.0077 0884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:45:47.0093 0884 rspndr - ok
00:45:47.0124 0884 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:45:47.0124 0884 s3cap - ok
00:45:47.0155 0884 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:45:47.0155 0884 SamSs - ok
00:45:47.0171 0884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:45:47.0186 0884 sbp2port - ok
00:45:47.0217 0884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:45:47.0233 0884 SCardSvr - ok
00:45:47.0264 0884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:45:47.0280 0884 scfilter - ok
00:45:47.0342 0884 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:45:47.0373 0884 Schedule - ok
00:45:47.0405 0884 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:45:47.0436 0884 SCPolicySvc - ok
00:45:47.0467 0884 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:45:47.0467 0884 SDRSVC - ok
00:45:47.0529 0884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:45:47.0545 0884 secdrv - ok
00:45:47.0561 0884 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:45:47.0576 0884 seclogon - ok
00:45:47.0592 0884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:45:47.0623 0884 SENS - ok
00:45:47.0639 0884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:45:47.0639 0884 SensrSvc - ok
00:45:47.0654 0884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:45:47.0654 0884 Serenum - ok
00:45:47.0670 0884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:45:47.0685 0884 Serial - ok
00:45:47.0717 0884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:45:47.0717 0884 sermouse - ok
00:45:47.0763 0884 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:45:47.0779 0884 SessionEnv - ok
00:45:47.0810 0884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:45:47.0810 0884 sffdisk - ok
00:45:47.0826 0884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:45:47.0826 0884 sffp_mmc - ok
00:45:47.0826 0884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:45:47.0841 0884 sffp_sd - ok
00:45:47.0857 0884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:45:47.0857 0884 sfloppy - ok
00:45:47.0919 0884 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:45:47.0935 0884 SharedAccess - ok
00:45:47.0966 0884 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:45:47.0982 0884 ShellHWDetection - ok
00:45:48.0013 0884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:45:48.0013 0884 SiSRaid2 - ok
00:45:48.0029 0884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:45:48.0029 0884 SiSRaid4 - ok
00:45:48.0091 0884 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:45:48.0091 0884 SkypeUpdate - ok
00:45:48.0091 0884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:45:48.0122 0884 Smb - ok
00:45:48.0153 0884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:45:48.0153 0884 SNMPTRAP - ok
00:45:48.0185 0884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:45:48.0185 0884 spldr - ok
00:45:48.0231 0884 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:45:48.0263 0884 Spooler - ok
00:45:48.0387 0884 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:45:48.0434 0884 sppsvc - ok
00:45:48.0512 0884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:45:48.0528 0884 sppuinotify - ok
00:45:48.0590 0884 sprtsvc_verizondm - ok
00:45:48.0668 0884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:45:48.0668 0884 srv - ok
00:45:48.0699 0884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:45:48.0699 0884 srv2 - ok
00:45:48.0715 0884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:45:48.0731 0884 srvnet - ok
00:45:48.0746 0884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:45:48.0777 0884 SSDPSRV - ok
00:45:48.0793 0884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:45:48.0809 0884 SstpSvc - ok
00:45:48.0887 0884 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:45:48.0887 0884 Stereo Service - ok
00:45:48.0918 0884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:45:48.0918 0884 stexstor - ok
00:45:48.0980 0884 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:45:48.0996 0884 stisvc - ok
00:45:49.0027 0884 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:45:49.0027 0884 storflt - ok
00:45:49.0058 0884 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:45:49.0058 0884 storvsc - ok
00:45:49.0074 0884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:45:49.0089 0884 swenum - ok
00:45:49.0121 0884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:45:49.0152 0884 swprv - ok
00:45:49.0167 0884 Synth3dVsc - ok
00:45:49.0245 0884 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:45:49.0261 0884 SysMain - ok
00:45:49.0339 0884 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:45:49.0355 0884 TabletInputService - ok
00:45:49.0386 0884 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:45:49.0417 0884 TapiSrv - ok
00:45:49.0433 0884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:45:49.0464 0884 TBS - ok
00:45:49.0557 0884 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:45:49.0589 0884 Tcpip - ok
00:45:49.0682 0884 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:45:49.0698 0884 TCPIP6 - ok
00:45:49.0760 0884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:45:49.0776 0884 tcpipreg - ok
00:45:49.0791 0884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:45:49.0807 0884 TDPIPE - ok
00:45:49.0823 0884 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:45:49.0838 0884 TDTCP - ok
00:45:49.0854 0884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:45:49.0885 0884 tdx - ok
00:45:49.0916 0884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:45:49.0932 0884 TermDD - ok
00:45:49.0979 0884 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:45:49.0994 0884 TermService - ok
00:45:50.0057 0884 tgsrvc_verizondm - ok
00:45:50.0072 0884 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
00:45:50.0072 0884 Themes ( UnsignedFile.Multi.Generic ) - warning
00:45:50.0072 0884 Themes - detected UnsignedFile.Multi.Generic (1)
00:45:50.0103 0884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:45:50.0135 0884 THREADORDER - ok
00:45:50.0181 0884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:45:50.0197 0884 TrkWks - ok
00:45:50.0244 0884 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:45:50.0275 0884 TrustedInstaller - ok
00:45:50.0306 0884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:45:50.0322 0884 tssecsrv - ok
00:45:50.0353 0884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:45:50.0369 0884 TsUsbFlt - ok
00:45:50.0369 0884 tsusbhub - ok
00:45:50.0431 0884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:45:50.0447 0884 tunnel - ok
00:45:50.0478 0884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:45:50.0478 0884 uagp35 - ok
00:45:50.0509 0884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:45:50.0540 0884 udfs - ok
00:45:50.0556 0884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:45:50.0556 0884 UI0Detect - ok
00:45:50.0618 0884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:45:50.0618 0884 uliagpkx - ok
00:45:50.0649 0884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:45:50.0649 0884 umbus - ok
00:45:50.0665 0884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:45:50.0665 0884 UmPass - ok
00:45:50.0712 0884 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:45:50.0712 0884 UmRdpService - ok
00:45:50.0743 0884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:45:50.0759 0884 upnphost - ok
00:45:50.0790 0884 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:45:50.0790 0884 USBAAPL64 - ok
00:45:50.0837 0884 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:45:50.0852 0884 usbaudio - ok
00:45:50.0899 0884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:45:50.0899 0884 usbccgp - ok
00:45:50.0930 0884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:45:50.0930 0884 usbcir - ok
00:45:50.0946 0884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:45:50.0961 0884 usbehci - ok
00:45:50.0993 0884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:45:50.0993 0884 usbhub - ok
00:45:51.0008 0884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:45:51.0008 0884 usbohci - ok
00:45:51.0039 0884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:45:51.0039 0884 usbprint - ok
00:45:51.0055 0884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:45:51.0071 0884 USBSTOR - ok
00:45:51.0071 0884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:45:51.0071 0884 usbuhci - ok
00:45:51.0102 0884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:45:51.0117 0884 UxSms - ok
00:45:51.0149 0884 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:45:51.0164 0884 VaultSvc - ok
00:45:51.0195 0884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:45:51.0195 0884 vdrvroot - ok
00:45:51.0242 0884 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:45:51.0258 0884 vds - ok
00:45:51.0289 0884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:45:51.0305 0884 vga - ok
00:45:51.0305 0884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:45:51.0336 0884 VgaSave - ok
00:45:51.0336 0884 VGPU - ok
00:45:51.0367 0884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:45:51.0367 0884 vhdmp - ok
00:45:51.0383 0884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:45:51.0383 0884 viaide - ok
00:45:51.0414 0884 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:45:51.0414 0884 vmbus - ok
00:45:51.0445 0884 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:45:51.0461 0884 VMBusHID - ok
00:45:51.0492 0884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:45:51.0507 0884 volmgr - ok
00:45:51.0539 0884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:45:51.0554 0884 volmgrx - ok
00:45:51.0570 0884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:45:51.0585 0884 volsnap - ok
00:45:51.0617 0884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:45:51.0632 0884 vsmraid - ok
00:45:51.0695 0884 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:45:51.0741 0884 VSS - ok
00:45:51.0835 0884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:45:51.0835 0884 vwifibus - ok
00:45:51.0851 0884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:45:51.0866 0884 vwififlt - ok
00:45:51.0882 0884 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:45:51.0897 0884 vwifimp - ok
00:45:51.0929 0884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:45:51.0960 0884 W32Time - ok
00:45:51.0975 0884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:45:51.0975 0884 WacomPen - ok
00:45:52.0022 0884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:45:52.0053 0884 WANARP - ok
00:45:52.0053 0884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:45:52.0069 0884 Wanarpv6 - ok
00:45:52.0163 0884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:45:52.0178 0884 WatAdminSvc - ok
00:45:52.0241 0884 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:45:52.0272 0884 wbengine - ok
00:45:52.0350 0884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:45:52.0350 0884 WbioSrvc - ok
00:45:52.0397 0884 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:45:52.0412 0884 wcncsvc - ok
00:45:52.0412 0884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:45:52.0428 0884 WcsPlugInService - ok
00:45:52.0459 0884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:45:52.0475 0884 Wd - ok
00:45:52.0506 0884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:45:52.0506 0884 Wdf01000 - ok
00:45:52.0521 0884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:45:52.0537 0884 WdiServiceHost - ok
00:45:52.0537 0884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:45:52.0537 0884 WdiSystemHost - ok
00:45:52.0584 0884 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:45:52.0599 0884 WebClient - ok
00:45:52.0615 0884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:45:52.0646 0884 Wecsvc - ok
00:45:52.0646 0884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:45:52.0677 0884 wercplsupport - ok
00:45:52.0693 0884 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:45:52.0709 0884 WerSvc - ok
00:45:52.0740 0884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:45:52.0755 0884 WfpLwf - ok
00:45:52.0771 0884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:45:52.0771 0884 WIMMount - ok
00:45:52.0802 0884 WinDefend - ok
00:45:52.0818 0884 WinHttpAutoProxySvc - ok
00:45:52.0865 0884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:45:52.0880 0884 Winmgmt - ok
00:45:52.0974 0884 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:45:53.0005 0884 WinRM - ok
00:45:53.0099 0884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:45:53.0114 0884 Wlansvc - ok
00:45:53.0239 0884 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:45:53.0255 0884 wlidsvc - ok
00:45:53.0348 0884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:45:53.0364 0884 WmiAcpi - ok
00:45:53.0395 0884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:45:53.0411 0884 wmiApSrv - ok
00:45:53.0442 0884 WMPNetworkSvc - ok
00:45:53.0473 0884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:45:53.0473 0884 WPCSvc - ok
00:45:53.0504 0884 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:45:53.0520 0884 WPDBusEnum - ok
00:45:53.0535 0884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:45:53.0567 0884 ws2ifsl - ok
00:45:53.0582 0884 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:45:53.0598 0884 wscsvc - ok
00:45:53.0598 0884 WSearch - ok
00:45:53.0707 0884 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:45:53.0738 0884 wuauserv - ok
00:45:53.0847 0884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:45:53.0863 0884 WudfPf - ok
00:45:53.0894 0884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:45:53.0910 0884 WUDFRd - ok
00:45:53.0941 0884 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:45:53.0957 0884 wudfsvc - ok
00:45:53.0988 0884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:45:54.0003 0884 WwanSvc - ok
00:45:54.0019 0884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:45:54.0175 0884 \Device\Harddisk0\DR0 - ok
00:45:54.0191 0884 Boot (0x1200) (c36dd71b4e99a26b8907b578404552ed) \Device\Harddisk0\DR0\Partition0
00:45:54.0191 0884 \Device\Harddisk0\DR0\Partition0 - ok
00:45:54.0206 0884 Boot (0x1200) (2416b9fa5b16ca036f45c1d82fdc5a5f) \Device\Harddisk0\DR0\Partition1
00:45:54.0206 0884 \Device\Harddisk0\DR0\Partition1 - ok
00:45:54.0222 0884 ============================================================
00:45:54.0222 0884 Scan finished
00:45:54.0222 0884 ============================================================
00:45:54.0222 4604 Detected object count: 2
00:45:54.0222 4604 Actual detected object count: 2
00:46:01.0445 4604 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
00:46:01.0445 4604 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:46:01.0445 4604 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
00:46:01.0445 4604 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 02:57 AM

Sorry didn't read the instructions correctly on the asw. Here's the correct log. Sorry about that!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 00:48:10
-----------------------------
00:48:10.649 OS Version: Windows x64 6.1.7601 Service Pack 1
00:48:10.649 Number of processors: 4 586 0x2A07
00:48:10.649 ComputerName: ISIS-PC UserName: Isis
00:48:11.413 Initialize success
00:52:38.328 AVAST engine defs: 12070900
00:52:56.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
00:52:56.518 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
00:52:56.534 Disk 0 MBR read successfully
00:52:56.534 Disk 0 MBR scan
00:52:56.534 Disk 0 Windows 7 default MBR code
00:52:56.534 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:52:56.549 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
00:52:56.565 Disk 0 scanning C:\Windows\system32\drivers
00:53:03.226 Service scanning
00:53:18.748 Modules scanning
00:53:18.748 Disk 0 trace - called modules:
00:53:18.764 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:53:18.764 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d94060]
00:53:18.764 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007ae2520]
00:53:18.764 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ae3060]
00:53:19.746 AVAST engine scan C:\Windows
00:53:21.307 AVAST engine scan C:\Windows\system32
00:55:02.941 AVAST engine scan C:\Windows\system32\drivers
00:55:10.273 AVAST engine scan C:\Users\Isis
00:55:53.142 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"
00:55:53.157 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswMBR.txt"
00:56:25.245 AVAST engine scan C:\ProgramData
00:56:31.111 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"
00:56:31.111 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswMBR.txt"
00:56:41.491 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"
00:56:41.507 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswmrb2.txt"

#9 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 09 July 2012 - 03:35 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3045275&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 04:14 AM

My computer still seems to be running fine, but malwarebytes still detects the virus.
Here's the log.
ComboFix 12-07-08.01 - Isis 07/09/2012 2:00.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6490 [GMT -7:00]
Running from: c:\users\Isis\Desktop\ComboFix.exe
Command switches used :: c:\users\Isis\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 09:02 . 2012-07-09 09:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 09:02 . 2012-07-09 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\users\Isis\AppData\Roaming\Anvisoft
2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\program files (x86)\Anvisoft
2012-07-06 07:57 . 2012-07-06 07:57 -------- d-----w- c:\program files\CCleaner
2012-07-05 07:39 . 2012-07-05 07:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-05 07:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1362962A-8585-43FF-887D-6E59755217F2}\mpengine.dll
2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Application Updater
2012-06-24 05:45 . 2012-06-24 05:45 -------- d-----w- c:\users\Isis\AppData\Local\Macromedia
2012-06-21 20:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 20:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 20:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 20:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 20:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 20:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 20:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 20:35 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 20:35 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 07:32 . 2012-04-23 22:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 07:32 . 2012-03-23 21:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 20:26 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-05-06 20:26 . 2012-03-25 02:24 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-05-06 20:26 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-03-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-03-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_06.26.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-09 06:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-09 09:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-09 06:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-09 09:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-09 06:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-09 09:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-23 21:26 . 2012-07-09 06:35 40872 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-09 06:35 26832 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-23 20:45 . 2012-07-09 06:35 10094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-144253042-2406972773-1586009904-1000_UserData.bin
+ 2012-03-24 23:49 . 2012-07-09 06:32 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-09 06:26 . 2012-07-09 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-09 09:03 . 2012-07-09 09:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-09 09:03 . 2012-07-09 09:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-09 06:26 . 2012-07-09 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-09 06:23 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-09 06:38 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-09 06:38 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-09 06:23 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-09 09:02 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-09 06:25 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-23 21:22 . 2012-07-09 09:02 20228372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-144253042-2406972773-1586009904-1000-8192.dat
- 2012-03-23 21:22 . 2012-07-09 06:17 20228372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-144253042-2406972773-1586009904-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-28 1090440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-27 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-28 791488]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mangareader.net/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
.
**************************************************************************
.
Completion time: 2012-07-09 02:07:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 09:07
ComboFix2.txt 2012-07-09 06:29
.
Pre-Run: 423,103,332,352 bytes free
Post-Run: 422,788,886,528 bytes free
.
- - End Of File - - 452D4B9EF10478A10710B05859C12C6D

Thanks for your continued help.

#11 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 09 July 2012 - 08:33 AM

Greetings


let me see the report from MBAM please


gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 06:43 PM

Sorry not sure if this is the log you want.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Isis :: ISIS-PC [administrator]

7/7/2012 10:18:49 PM
mbam-log-2012-07-07 (22-18-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326161
Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

#13 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 09 July 2012 - 08:05 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 bacchae

bacchae

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 July 2012 - 08:56 PM

Thanks for all your help Gringo. I think i'm just going to reformat my harddrive. Sorry for wasting your time and once again thanks.

#15 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 09 July 2012 - 09:46 PM

Greetings


thank you for letting me know and I will keep this open for a few days in case you need any help with it.

gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users