Jump to content

Rootkit virus


Recommended Posts

Hi!

Malwarebytes is able to find the virus, but can not permanently remove it. I think I picked up the virus from "updating" adobe.

Thanks in advance for your help.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Isis at 18:12:02 on 2012-07-08

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6723 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{3B2D2F21-63C4-4A63-9A12-A8456EA43F10} : DhcpNameServer = 10.0.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.mangareader.net/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3045275&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-27 791488]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-23 2253120]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-09 01:09:54 -------- d-----w- C:\Users\Isis\AppData\Local\{879230A4-118A-4542-80AC-58F163027112}

2012-07-09 01:09:42 -------- d-----w- C:\Users\Isis\AppData\Local\{3AB946BF-312D-4716-8C05-C8E34E1F1542}

2012-07-08 05:04:40 -------- d-----w- C:\Users\Isis\AppData\Local\{DC12D7BB-9321-4351-83C0-65271C9AD995}

2012-07-08 05:04:29 -------- d-----w- C:\Users\Isis\AppData\Local\{2BEB8D9F-59E0-44D2-898F-DDC7AA2935C0}

2012-07-06 19:55:54 -------- d-----w- C:\Users\Isis\AppData\Roaming\Anvisoft

2012-07-06 19:55:48 -------- d-----w- C:\Program Files (x86)\Anvisoft

2012-07-06 19:35:19 -------- d-----w- C:\Users\Isis\AppData\Local\{20EA5AFB-EF70-40C6-989E-429CD88EFA1F}

2012-07-06 19:35:08 -------- d-----w- C:\Users\Isis\AppData\Local\{A93DD4E6-548A-4E14-8DE3-541B759C6B31}

2012-07-06 07:57:31 -------- d-----w- C:\Program Files\CCleaner

2012-07-06 05:06:13 -------- d-----w- C:\Users\Isis\AppData\Local\{D1F3ED8D-6C50-466D-8569-7BE735B380BD}

2012-07-06 05:05:58 -------- d-----w- C:\Users\Isis\AppData\Local\{80FA99EC-EA7E-4DBB-8DF5-B22079F47EE3}

2012-07-05 07:39:56 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-07-05 07:09:27 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1362962A-8585-43FF-887D-6E59755217F2}\mpengine.dll

2012-07-05 07:07:00 -------- d-----w- C:\Users\Isis\AppData\Local\{6D171D3D-3810-4353-B7C3-72478F1919D3}

2012-07-05 07:06:48 -------- d-----w- C:\Users\Isis\AppData\Local\{081129C1-7DB3-4A03-83AD-861E85A9C6C1}

2012-07-03 20:00:00 -------- d-----w- C:\Users\Isis\AppData\Local\{688DB8FF-3568-4BE0-84A6-FDF050430807}

2012-07-03 19:59:49 -------- d-----w- C:\Users\Isis\AppData\Local\{1AC779D3-6E39-4337-AC9F-D107C8014A7B}

2012-07-03 04:23:28 -------- d-----w- C:\Users\Isis\AppData\Local\{27DD4768-DA8F-4E2A-BACF-3A313C51CE34}

2012-07-03 04:23:17 -------- d-----w- C:\Users\Isis\AppData\Local\{65B2AD7E-7C0C-44C8-8EC5-8E10FAD9DC66}

2012-07-02 08:36:58 -------- d-----w- C:\Users\Isis\AppData\Local\{B4AD9D2C-FFAB-4721-9D75-9ADBD54A02E9}

2012-07-02 08:36:47 -------- d-----w- C:\Users\Isis\AppData\Local\{5CFA20B8-ED3B-449E-8B4B-86B2A6A0FFDB}

2012-07-02 07:57:45 -------- d-----w- C:\Program Files (x86)\IObit Toolbar

2012-07-02 07:57:45 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-07-02 07:57:45 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-07-01 20:36:20 -------- d-----w- C:\Users\Isis\AppData\Local\{90C8C1E4-76E5-424A-B41F-6BC231A2C842}

2012-07-01 20:36:08 -------- d-----w- C:\Users\Isis\AppData\Local\{9046B33A-9579-4362-9EDC-B1951657F43C}

2012-07-01 04:40:04 -------- d-----w- C:\Users\Isis\AppData\Local\{771CD846-BFEE-432B-BD32-B3ED04194205}

2012-07-01 04:39:52 -------- d-----w- C:\Users\Isis\AppData\Local\{8EB24791-7748-4648-B725-F7925928F51E}

2012-06-30 08:11:36 -------- d-----w- C:\Users\Isis\AppData\Local\{445F2A12-4D2C-4271-AB1A-43E97348C07E}

2012-06-30 08:11:25 -------- d-----w- C:\Users\Isis\AppData\Local\{33038FCD-386B-42C0-AA9D-C0A88EFD527E}

2012-06-29 20:10:56 -------- d-----w- C:\Users\Isis\AppData\Local\{77EAD35B-8B17-4110-BA54-BF9A5DA627C7}

2012-06-29 20:10:44 -------- d-----w- C:\Users\Isis\AppData\Local\{7354E308-F88A-4A64-A91F-CA675852F877}

2012-06-29 08:01:29 -------- d-----w- C:\Users\Isis\AppData\Local\{F8031744-7C7D-4EAA-ACE0-B885BACC74EE}

2012-06-29 08:01:18 -------- d-----w- C:\Users\Isis\AppData\Local\{A6622361-5E4F-4BAF-9202-49E2FE215586}

2012-06-28 20:00:52 -------- d-----w- C:\Users\Isis\AppData\Local\{055703A5-8AC0-4C2C-A43D-64310E9E0B98}

2012-06-28 20:00:41 -------- d-----w- C:\Users\Isis\AppData\Local\{9C46E032-D333-4BF3-8529-821933BFAF79}

2012-06-27 23:05:03 -------- d-----w- C:\Users\Isis\AppData\Local\{93FD267B-BD79-47D5-B7AE-B982E41B4529}

2012-06-27 23:04:51 -------- d-----w- C:\Users\Isis\AppData\Local\{52937C90-CB16-45BE-AB17-91EEB34BAFFF}

2012-06-27 06:34:20 -------- d-----w- C:\Users\Isis\AppData\Local\{C4D6AFEC-545F-456F-91E6-A212BC30557F}

2012-06-27 06:34:09 -------- d-----w- C:\Users\Isis\AppData\Local\{321C0D50-989E-4B21-8FE1-DF78524A0337}

2012-06-26 18:33:42 -------- d-----w- C:\Users\Isis\AppData\Local\{2FBBBB2A-0764-48B9-8B62-6BA88410E6BA}

2012-06-26 18:33:29 -------- d-----w- C:\Users\Isis\AppData\Local\{CCFBEACA-A8E3-4459-A878-A572FF971A32}

2012-06-26 04:43:14 -------- d-----w- C:\Users\Isis\AppData\Local\{F5F5E4A5-5E94-4037-8A4D-04724BD5B97B}

2012-06-26 04:43:01 -------- d-----w- C:\Users\Isis\AppData\Local\{A1930692-F1BD-40B9-8187-E99FC94E6FC9}

2012-06-25 04:24:16 -------- d-----w- C:\Users\Isis\AppData\Local\{BEC9FEC2-2A2C-4888-86C8-A2A79B567B5A}

2012-06-25 04:24:04 -------- d-----w- C:\Users\Isis\AppData\Local\{F40DF3F6-3924-48D8-AEB5-C1A1EA9D7DDD}

2012-06-24 05:45:05 -------- d-----w- C:\Users\Isis\AppData\Local\Macromedia

2012-06-24 04:38:42 -------- d-----w- C:\Users\Isis\AppData\Local\{C8FC6663-1768-4C6E-9307-FB6B6426EA1B}

2012-06-24 04:38:31 -------- d-----w- C:\Users\Isis\AppData\Local\{4AAF5F40-323B-4387-BD52-ED4AB8ECF1AE}

2012-06-23 10:21:02 -------- d-----w- C:\Users\Isis\AppData\Local\{D2F5DA4F-79C8-4253-94E6-157461BCBFCA}

2012-06-23 10:20:51 -------- d-----w- C:\Users\Isis\AppData\Local\{A4A1D2E8-1252-4233-927D-E7FF6C06E39D}

2012-06-22 22:20:39 -------- d-----w- C:\Users\Isis\AppData\Local\{BB4A3CC3-B348-481F-BBAA-BBDB72C9ACF9}

2012-06-22 22:20:27 -------- d-----w- C:\Users\Isis\AppData\Local\{6444F604-B88F-46FC-B205-FB8E164E3CA8}

2012-06-22 10:20:02 -------- d-----w- C:\Users\Isis\AppData\Local\{C28E6269-4D29-459D-8554-BAA3783DED70}

2012-06-22 10:19:51 -------- d-----w- C:\Users\Isis\AppData\Local\{42333D64-0ABC-4119-B2CB-046FDE3BFB9C}

2012-06-21 20:45:11 -------- d-----w- C:\Users\Isis\AppData\Local\{8D61CC0C-3ABD-40D8-A003-3CF9FF29878B}

2012-06-21 20:44:58 -------- d-----w- C:\Users\Isis\AppData\Local\{BB3EA0E1-2E84-45F7-B5FC-B5E5C7DDDCF0}

2012-06-21 20:36:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 20:35:52 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 20:35:41 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 20:35:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 04:47:32 -------- d-----w- C:\Users\Isis\AppData\Local\{02DC6AA1-0D4B-4312-A190-760A38CAE57C}

2012-06-18 04:23:22 -------- d-----w- C:\Users\Isis\AppData\Local\{AAAE072F-2B4D-4B82-A6E1-20E83619D22D}

2012-06-17 09:32:30 -------- d-----w- C:\Users\Isis\AppData\Local\{0C17825F-3521-4E64-9B1A-AAB5779EA814}

2012-06-16 21:32:18 -------- d-----w- C:\Users\Isis\AppData\Local\{5FC0661E-4BEA-4BEF-AABF-47E15B27851B}

2012-06-16 05:23:55 -------- d-----w- C:\Users\Isis\AppData\Local\{A6E9704F-6663-41DD-8949-0B9FF6F65354}

2012-06-14 20:31:55 -------- d-----w- C:\Users\Isis\AppData\Local\{69FE90AD-7F40-42FF-83FE-C808CC4E7581}

2012-06-14 20:31:42 -------- d-----w- C:\Users\Isis\AppData\Local\{B3C73A0B-7C41-424B-BE2E-B753F662EEB6}

2012-06-14 01:57:13 -------- d-----w- C:\Users\Isis\AppData\Local\{0A4E7E73-1C33-4E62-8036-65BF0E9E6517}

2012-06-14 01:57:00 -------- d-----w- C:\Users\Isis\AppData\Local\{D570F33F-DE48-45A5-AE61-6968153944A4}

2012-06-13 08:26:34 -------- d-----w- C:\Users\Isis\AppData\Local\{44ABC095-5818-4425-8E56-FD09FED5666B}

2012-06-13 08:26:23 -------- d-----w- C:\Users\Isis\AppData\Local\{46FE7409-B1F7-4495-9C7C-6D158F1FB7DF}

2012-06-12 20:25:58 -------- d-----w- C:\Users\Isis\AppData\Local\{B2CB9295-B243-4A29-84EC-C8B14E71DDB4}

2012-06-12 20:25:46 -------- d-----w- C:\Users\Isis\AppData\Local\{9621D248-5883-4909-AB9F-C4B9D0D01581}

2012-06-12 07:41:02 -------- d-----w- C:\Users\Isis\AppData\Local\{3A6D357F-55B1-4B41-91E5-82B8526E2A36}

2012-06-12 07:40:51 -------- d-----w- C:\Users\Isis\AppData\Local\{5C0D0779-CABF-4EB8-A8CA-8A14F97B3E9E}

2012-06-11 19:40:25 -------- d-----w- C:\Users\Isis\AppData\Local\{7BFF8979-AF6B-4EB9-B322-B841A49C9A7E}

2012-06-11 19:40:14 -------- d-----w- C:\Users\Isis\AppData\Local\{5A35F847-D14C-4BE0-BBFE-E3BE2D94585C}

2012-06-11 01:52:23 -------- d-----w- C:\Users\Isis\AppData\Local\{898FC85A-CCB4-4CC5-B81B-F44807075FFC}

2012-06-11 01:52:11 -------- d-----w- C:\Users\Isis\AppData\Local\{F546DCED-9D94-4F6A-98F9-89EDE2A13A85}

2012-06-09 20:55:47 -------- d-----w- C:\Users\Isis\AppData\Local\{F288A294-1533-4526-843D-CD7166AD2DCB}

2012-06-09 20:55:35 -------- d-----w- C:\Users\Isis\AppData\Local\{C0EC43FF-D494-4DE8-AD84-2CF913E7BAAC}

2012-06-09 02:47:55 -------- d-----w- C:\Users\Isis\AppData\Local\{49FA23FA-B960-4034-92FA-7816A4A68A36}

2012-06-09 02:47:42 -------- d-----w- C:\Users\Isis\AppData\Local\{3047563A-0AA7-42E8-9687-D18B262F9B31}

.

==================== Find3M ====================

.

2012-07-05 07:32:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-05 07:32:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-06 20:26:32 332288 ----a-w- C:\Windows\System32\uxtheme.dll

2012-05-06 20:26:30 2851840 ----a-w- C:\Windows\System32\themeui.dll

2012-05-06 20:26:28 44544 ----a-w- C:\Windows\System32\themeservice.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-11 04:57:02 102248 ----a-w- C:\Users\Isis\GoToAssistDownloadHelper.exe

.

============= FINISH: 18:13:02.34 ===============

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Hi Gringo, thanks for your help.

The virus makes music come out of my speakers about once a day, lagging everything I do horribly. Unfortunately until it does, I have no other indication if the virus is affecting my computer. So far it hasn't even happened today, and the only reason I know it's still there is because malwarebytes still finds it.

Here's the security check logs

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 31

Java version out of Date!

Adobe Reader X (10.1.3)

Mozilla Firefox (13.0.1)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

And the combofix

ComboFix 12-07-08.01 - Isis 07/08/2012 23:21:19.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.7081 [GMT -7:00]

Running from: c:\users\Isis\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Isis\GoToAssistDownloadHelper.exe

c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\@

c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\00000001.@

c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\80000000.@

c:\windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\800000cb.@

.

Infected copy of c:\windows\system32\services.exe was found and disinfected

Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\users\Isis\AppData\Roaming\Anvisoft

2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\program files (x86)\Anvisoft

2012-07-06 07:57 . 2012-07-06 07:57 -------- d-----w- c:\program files\CCleaner

2012-07-05 07:39 . 2012-07-05 07:39 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-05 07:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1362962A-8585-43FF-887D-6E59755217F2}\mpengine.dll

2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Application Updater

2012-06-24 05:45 . 2012-06-24 05:45 -------- d-----w- c:\users\Isis\AppData\Local\Macromedia

2012-06-21 20:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 20:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 20:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 20:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 20:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 20:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 20:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 20:35 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 20:35 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-05 07:32 . 2012-04-23 22:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-05 07:32 . 2012-03-23 21:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 20:26 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll

2012-05-06 20:26 . 2012-03-25 02:24 2851840 ----a-w- c:\windows\system32\themeui.dll

2012-05-06 20:26 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2012-03-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[-] 2012-03-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-28 1090440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-27 1255736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-28 791488]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.mangareader.net/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3045275&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{656461ef-40f6-4115-9ff1-bced9812ccbb} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\IObit\Game Booster 3\gbtray.exe

.

**************************************************************************

.

Completion time: 2012-07-08 23:29:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-09 06:29

.

Pre-Run: 423,312,117,760 bytes free

Post-Run: 423,180,369,920 bytes free

.

- - End Of File - - 7CA53096FAD4465FCC43CE6651A706EE

Thanks again for your help!

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

aswmbr

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-09 00:41:42

-----------------------------

00:41:42.608 OS Version: Windows x64 6.1.7601 Service Pack 1

00:41:42.608 Number of processors: 4 586 0x2A07

00:41:42.608 ComputerName: ISIS-PC UserName: Isis

00:41:43.347 Initialize success

00:41:51.819 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

00:41:51.820 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3

00:41:51.836 Disk 0 MBR read successfully

00:41:51.838 Disk 0 MBR scan

00:41:51.839 Disk 0 Windows 7 default MBR code

00:41:51.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

00:41:51.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

00:41:51.855 Disk 0 scanning C:\Windows\system32\drivers

00:41:56.837 Service scanning

00:42:09.217 Modules scanning

00:42:09.217 Disk 0 trace - called modules:

00:42:09.233 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

00:42:09.233 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d94060]

00:42:09.233 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007ae2520]

00:42:09.233 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ae3060]

00:42:09.249 Scan finished successfully

00:42:17.376 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"

00:42:17.379 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswMBR.txt"

Link to post
Share on other sites

Tdds part 1

00:45:24.0738 2340 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

00:45:25.0143 2340 ============================================================

00:45:25.0143 2340 Current date / time: 2012/07/09 00:45:25.0143

00:45:25.0143 2340 SystemInfo:

00:45:25.0143 2340

00:45:25.0143 2340 OS Version: 6.1.7601 ServicePack: 1.0

00:45:25.0143 2340 Product type: Workstation

00:45:25.0143 2340 ComputerName: ISIS-PC

00:45:25.0143 2340 UserName: Isis

00:45:25.0143 2340 Windows directory: C:\Windows

00:45:25.0143 2340 System windows directory: C:\Windows

00:45:25.0143 2340 Running under WOW64

00:45:25.0143 2340 Processor architecture: Intel x64

00:45:25.0143 2340 Number of processors: 4

00:45:25.0143 2340 Page size: 0x1000

00:45:25.0143 2340 Boot type: Normal boot

00:45:25.0143 2340 ============================================================

00:45:25.0736 2340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:45:25.0752 2340 ============================================================

00:45:25.0752 2340 \Device\Harddisk0\DR0:

00:45:25.0752 2340 MBR partitions:

00:45:25.0752 2340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

00:45:25.0752 2340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

00:45:25.0752 2340 ============================================================

00:45:25.0767 2340 C: <-> \Device\Harddisk0\DR0\Partition1

00:45:25.0767 2340 ============================================================

00:45:25.0767 2340 Initialize success

00:45:25.0767 2340 ============================================================

00:45:33.0676 0884 ============================================================

00:45:33.0676 0884 Scan started

00:45:33.0676 0884 Mode: Manual; SigCheck; TDLFS;

00:45:33.0676 0884 ============================================================

00:45:34.0332 0884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:45:34.0363 0884 1394ohci - ok

00:45:34.0394 0884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:45:34.0394 0884 ACPI - ok

00:45:34.0410 0884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:45:34.0425 0884 AcpiPmi - ok

00:45:34.0503 0884 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

00:45:34.0519 0884 AdobeARMservice - ok

00:45:34.0566 0884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

00:45:34.0581 0884 adp94xx - ok

00:45:34.0597 0884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

00:45:34.0612 0884 adpahci - ok

00:45:34.0628 0884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

00:45:34.0628 0884 adpu320 - ok

00:45:34.0659 0884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:45:34.0675 0884 AeLookupSvc - ok

00:45:34.0722 0884 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

00:45:34.0737 0884 AFD - ok

00:45:34.0768 0884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:45:34.0768 0884 agp440 - ok

00:45:34.0784 0884 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:45:34.0800 0884 ALG - ok

00:45:34.0831 0884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:45:34.0831 0884 aliide - ok

00:45:34.0831 0884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:45:34.0846 0884 amdide - ok

00:45:34.0878 0884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

00:45:34.0878 0884 AmdK8 - ok

00:45:34.0878 0884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

00:45:34.0893 0884 AmdPPM - ok

00:45:34.0909 0884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:45:34.0909 0884 amdsata - ok

00:45:34.0924 0884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

00:45:34.0940 0884 amdsbs - ok

00:45:34.0940 0884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:45:34.0956 0884 amdxata - ok

00:45:35.0002 0884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:45:35.0018 0884 AppID - ok

00:45:35.0034 0884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:45:35.0065 0884 AppIDSvc - ok

00:45:35.0112 0884 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:45:35.0127 0884 Appinfo - ok

00:45:35.0190 0884 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:45:35.0205 0884 Apple Mobile Device - ok

00:45:35.0252 0884 Application Updater (b4a30f0a7494cdbec73f6bd30fb619d9) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

00:45:35.0268 0884 Application Updater - ok

00:45:35.0408 0884 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

00:45:35.0424 0884 AppMgmt - ok

00:45:35.0439 0884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

00:45:35.0455 0884 arc - ok

00:45:35.0455 0884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

00:45:35.0470 0884 arcsas - ok

00:45:35.0486 0884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:45:35.0502 0884 AsyncMac - ok

00:45:35.0533 0884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:45:35.0548 0884 atapi - ok

00:45:35.0626 0884 athur (36322190763845975e0d001e90687bf2) C:\Windows\system32\DRIVERS\athurx.sys

00:45:35.0642 0884 athur - ok

00:45:35.0736 0884 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys

00:45:35.0736 0884 ATITool ( UnsignedFile.Multi.Generic ) - warning

00:45:35.0736 0884 ATITool - detected UnsignedFile.Multi.Generic (1)

00:45:35.0782 0884 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:45:35.0814 0884 AudioEndpointBuilder - ok

00:45:35.0814 0884 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:45:35.0845 0884 AudioSrv - ok

00:45:35.0892 0884 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:45:35.0907 0884 AxInstSV - ok

00:45:35.0938 0884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

00:45:35.0954 0884 b06bdrv - ok

00:45:35.0985 0884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:45:35.0985 0884 b57nd60a - ok

00:45:36.0048 0884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:45:36.0048 0884 BDESVC - ok

00:45:36.0063 0884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:45:36.0094 0884 Beep - ok

00:45:36.0157 0884 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

00:45:36.0172 0884 BFE - ok

00:45:36.0219 0884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:45:36.0219 0884 blbdrive - ok

00:45:36.0297 0884 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

00:45:36.0313 0884 Bonjour Service - ok

00:45:36.0360 0884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:45:36.0360 0884 bowser - ok

00:45:36.0375 0884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:45:36.0391 0884 BrFiltLo - ok

00:45:36.0391 0884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:45:36.0406 0884 BrFiltUp - ok

00:45:36.0422 0884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

00:45:36.0453 0884 BridgeMP - ok

00:45:36.0469 0884 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:45:36.0500 0884 Browser - ok

00:45:36.0516 0884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:45:36.0531 0884 Brserid - ok

00:45:36.0531 0884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:45:36.0547 0884 BrSerWdm - ok

00:45:36.0547 0884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:45:36.0547 0884 BrUsbMdm - ok

00:45:36.0562 0884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:45:36.0562 0884 BrUsbSer - ok

00:45:36.0562 0884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

00:45:36.0578 0884 BTHMODEM - ok

00:45:36.0609 0884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:45:36.0625 0884 bthserv - ok

00:45:36.0640 0884 catchme - ok

00:45:36.0640 0884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:45:36.0672 0884 cdfs - ok

00:45:36.0718 0884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

00:45:36.0734 0884 cdrom - ok

00:45:36.0765 0884 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:45:36.0781 0884 CertPropSvc - ok

00:45:36.0796 0884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:45:36.0812 0884 circlass - ok

00:45:36.0843 0884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:45:36.0843 0884 CLFS - ok

00:45:36.0906 0884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:45:36.0906 0884 clr_optimization_v2.0.50727_32 - ok

00:45:36.0952 0884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:45:36.0952 0884 clr_optimization_v2.0.50727_64 - ok

00:45:37.0015 0884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:45:37.0030 0884 clr_optimization_v4.0.30319_32 - ok

00:45:37.0046 0884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:45:37.0062 0884 clr_optimization_v4.0.30319_64 - ok

00:45:37.0077 0884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:45:37.0093 0884 CmBatt - ok

00:45:37.0108 0884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:45:37.0124 0884 cmdide - ok

00:45:37.0171 0884 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

00:45:37.0186 0884 CNG - ok

00:45:37.0202 0884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:45:37.0202 0884 Compbatt - ok

00:45:37.0218 0884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:45:37.0233 0884 CompositeBus - ok

00:45:37.0233 0884 COMSysApp - ok

00:45:37.0280 0884 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys

00:45:37.0280 0884 cpuz135 - ok

00:45:37.0296 0884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

00:45:37.0296 0884 crcdisk - ok

00:45:37.0342 0884 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

00:45:37.0342 0884 CryptSvc - ok

00:45:37.0389 0884 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

00:45:37.0405 0884 CSC - ok

00:45:37.0436 0884 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

00:45:37.0436 0884 CscService - ok

00:45:37.0498 0884 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:45:37.0514 0884 DcomLaunch - ok

00:45:37.0545 0884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:45:37.0576 0884 defragsvc - ok

00:45:37.0623 0884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:45:37.0654 0884 DfsC - ok

00:45:37.0670 0884 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:45:37.0701 0884 Dhcp - ok

00:45:37.0717 0884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:45:37.0732 0884 discache - ok

00:45:37.0748 0884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

00:45:37.0764 0884 Disk - ok

00:45:37.0795 0884 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:45:37.0810 0884 Dnscache - ok

00:45:37.0842 0884 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:45:37.0873 0884 dot3svc - ok

00:45:37.0904 0884 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:45:37.0920 0884 DPS - ok

00:45:37.0951 0884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:45:37.0966 0884 drmkaud - ok

00:45:38.0013 0884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:45:38.0029 0884 DXGKrnl - ok

00:45:38.0060 0884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:45:38.0076 0884 EapHost - ok

00:45:38.0185 0884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

00:45:38.0216 0884 ebdrv - ok

00:45:38.0310 0884 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

00:45:38.0310 0884 EFS - ok

00:45:38.0388 0884 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:45:38.0403 0884 ehRecvr - ok

00:45:38.0419 0884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:45:38.0419 0884 ehSched - ok

00:45:38.0481 0884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

00:45:38.0497 0884 elxstor - ok

00:45:38.0512 0884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:45:38.0528 0884 ErrDev - ok

00:45:38.0544 0884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:45:38.0575 0884 EventSystem - ok

00:45:38.0606 0884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:45:38.0622 0884 exfat - ok

00:45:38.0653 0884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:45:38.0668 0884 fastfat - ok

00:45:38.0715 0884 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:45:38.0715 0884 Fax - ok

00:45:38.0731 0884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

00:45:38.0746 0884 fdc - ok

00:45:38.0762 0884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:45:38.0793 0884 fdPHost - ok

00:45:38.0793 0884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:45:38.0824 0884 FDResPub - ok

00:45:38.0824 0884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:45:38.0840 0884 FileInfo - ok

00:45:38.0856 0884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:45:38.0871 0884 Filetrace - ok

00:45:38.0887 0884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

00:45:38.0902 0884 flpydisk - ok

00:45:38.0934 0884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:45:38.0949 0884 FltMgr - ok

00:45:38.0996 0884 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll

00:45:39.0027 0884 FontCache - ok

00:45:39.0090 0884 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:45:39.0090 0884 FontCache3.0.0.0 - ok

00:45:39.0121 0884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:45:39.0121 0884 FsDepends - ok

00:45:39.0168 0884 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

00:45:39.0168 0884 Fs_Rec - ok

00:45:39.0199 0884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:45:39.0214 0884 fvevol - ok

00:45:39.0230 0884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:45:39.0246 0884 gagp30kx - ok

00:45:39.0261 0884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:45:39.0277 0884 GEARAspiWDM - ok

00:45:39.0324 0884 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:45:39.0339 0884 gpsvc - ok

00:45:39.0355 0884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:45:39.0355 0884 hcw85cir - ok

00:45:39.0402 0884 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:45:39.0417 0884 HdAudAddService - ok

00:45:39.0433 0884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:45:39.0448 0884 HDAudBus - ok

00:45:39.0448 0884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

00:45:39.0464 0884 HidBatt - ok

00:45:39.0480 0884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:45:39.0480 0884 HidBth - ok

00:45:39.0495 0884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

00:45:39.0495 0884 HidIr - ok

00:45:39.0511 0884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

00:45:39.0542 0884 hidserv - ok

00:45:39.0558 0884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

00:45:39.0573 0884 HidUsb - ok

00:45:39.0604 0884 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:45:39.0620 0884 hkmsvc - ok

00:45:39.0667 0884 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:45:39.0682 0884 HomeGroupListener - ok

00:45:39.0714 0884 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:45:39.0714 0884 HomeGroupProvider - ok

00:45:39.0745 0884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:45:39.0745 0884 HpSAMD - ok

00:45:39.0807 0884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:45:39.0838 0884 HTTP - ok

00:45:39.0870 0884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:45:39.0870 0884 hwpolicy - ok

00:45:39.0916 0884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

00:45:39.0916 0884 i8042prt - ok

00:45:39.0963 0884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:45:39.0963 0884 iaStorV - ok

00:45:40.0057 0884 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:45:40.0072 0884 idsvc - ok

00:45:40.0104 0884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

00:45:40.0104 0884 iirsp - ok

00:45:40.0166 0884 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:45:40.0197 0884 IKEEXT - ok

00:45:40.0228 0884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:45:40.0228 0884 intelide - ok

00:45:40.0244 0884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:45:40.0260 0884 intelppm - ok

Link to post
Share on other sites

Part 2

00:45:40.0291 0884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:45:40.0306 0884 IPBusEnum - ok

00:45:40.0338 0884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:45:40.0369 0884 IpFilterDriver - ok

00:45:40.0447 0884 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

00:45:40.0462 0884 iphlpsvc - ok

00:45:40.0478 0884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:45:40.0494 0884 IPMIDRV - ok

00:45:40.0525 0884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:45:40.0540 0884 IPNAT - ok

00:45:40.0618 0884 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

00:45:40.0634 0884 iPod Service - ok

00:45:40.0665 0884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:45:40.0665 0884 IRENUM - ok

00:45:40.0712 0884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:45:40.0712 0884 isapnp - ok

00:45:40.0743 0884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:45:40.0743 0884 iScsiPrt - ok

00:45:40.0774 0884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

00:45:40.0774 0884 kbdclass - ok

00:45:40.0790 0884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

00:45:40.0790 0884 kbdhid - ok

00:45:40.0837 0884 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:45:40.0837 0884 KeyIso - ok

00:45:40.0852 0884 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

00:45:40.0852 0884 KSecDD - ok

00:45:40.0868 0884 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

00:45:40.0884 0884 KSecPkg - ok

00:45:40.0884 0884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:45:40.0915 0884 ksthunk - ok

00:45:40.0946 0884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:45:40.0962 0884 KtmRm - ok

00:45:40.0993 0884 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

00:45:41.0024 0884 LanmanServer - ok

00:45:41.0055 0884 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:45:41.0071 0884 LanmanWorkstation - ok

00:45:41.0102 0884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:45:41.0118 0884 lltdio - ok

00:45:41.0164 0884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:45:41.0180 0884 lltdsvc - ok

00:45:41.0196 0884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:45:41.0211 0884 lmhosts - ok

00:45:41.0242 0884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:45:41.0258 0884 LSI_FC - ok

00:45:41.0274 0884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:45:41.0289 0884 LSI_SAS - ok

00:45:41.0289 0884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:45:41.0305 0884 LSI_SAS2 - ok

00:45:41.0305 0884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:45:41.0320 0884 LSI_SCSI - ok

00:45:41.0320 0884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:45:41.0352 0884 luafv - ok

00:45:41.0383 0884 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:45:41.0398 0884 Mcx2Svc - ok

00:45:41.0414 0884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

00:45:41.0430 0884 megasas - ok

00:45:41.0445 0884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

00:45:41.0461 0884 MegaSR - ok

00:45:41.0492 0884 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

00:45:41.0508 0884 MEIx64 - ok

00:45:41.0539 0884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:45:41.0554 0884 MMCSS - ok

00:45:41.0570 0884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:45:41.0601 0884 Modem - ok

00:45:41.0632 0884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:45:41.0632 0884 monitor - ok

00:45:41.0679 0884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:45:41.0679 0884 mouclass - ok

00:45:41.0695 0884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:45:41.0695 0884 mouhid - ok

00:45:41.0742 0884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:45:41.0742 0884 mountmgr - ok

00:45:41.0835 0884 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

00:45:41.0835 0884 MozillaMaintenance - ok

00:45:41.0866 0884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:45:41.0882 0884 mpio - ok

00:45:41.0898 0884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:45:41.0929 0884 mpsdrv - ok

00:45:41.0976 0884 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

00:45:42.0007 0884 MpsSvc - ok

00:45:42.0038 0884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:45:42.0054 0884 MRxDAV - ok

00:45:42.0085 0884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:45:42.0100 0884 mrxsmb - ok

00:45:42.0116 0884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:45:42.0132 0884 mrxsmb10 - ok

00:45:42.0163 0884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:45:42.0163 0884 mrxsmb20 - ok

00:45:42.0194 0884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:45:42.0194 0884 msahci - ok

00:45:42.0225 0884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:45:42.0241 0884 msdsm - ok

00:45:42.0272 0884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:45:42.0288 0884 MSDTC - ok

00:45:42.0319 0884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:45:42.0334 0884 Msfs - ok

00:45:42.0366 0884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:45:42.0381 0884 mshidkmdf - ok

00:45:42.0381 0884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:45:42.0397 0884 msisadrv - ok

00:45:42.0412 0884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:45:42.0444 0884 MSiSCSI - ok

00:45:42.0444 0884 msiserver - ok

00:45:42.0459 0884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:45:42.0475 0884 MSKSSRV - ok

00:45:42.0475 0884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:45:42.0490 0884 MSPCLOCK - ok

00:45:42.0506 0884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:45:42.0522 0884 MSPQM - ok

00:45:42.0553 0884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:45:42.0568 0884 MsRPC - ok

00:45:42.0600 0884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:45:42.0600 0884 mssmbios - ok

00:45:42.0615 0884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:45:42.0631 0884 MSTEE - ok

00:45:42.0631 0884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

00:45:42.0646 0884 MTConfig - ok

00:45:42.0662 0884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:45:42.0662 0884 Mup - ok

00:45:42.0709 0884 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:45:42.0724 0884 napagent - ok

00:45:42.0771 0884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:45:42.0771 0884 NativeWifiP - ok

00:45:42.0849 0884 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:45:42.0865 0884 NDIS - ok

00:45:42.0880 0884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:45:42.0912 0884 NdisCap - ok

00:45:42.0927 0884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:45:42.0943 0884 NdisTapi - ok

00:45:42.0958 0884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:45:42.0990 0884 Ndisuio - ok

00:45:43.0021 0884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:45:43.0036 0884 NdisWan - ok

00:45:43.0068 0884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:45:43.0083 0884 NDProxy - ok

00:45:43.0099 0884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:45:43.0130 0884 NetBIOS - ok

00:45:43.0146 0884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:45:43.0177 0884 NetBT - ok

00:45:43.0224 0884 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:45:43.0224 0884 Netlogon - ok

00:45:43.0270 0884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:45:43.0286 0884 Netman - ok

00:45:43.0317 0884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:45:43.0333 0884 netprofm - ok

00:45:43.0380 0884 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:45:43.0395 0884 NetTcpPortSharing - ok

00:45:43.0411 0884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

00:45:43.0426 0884 nfrd960 - ok

00:45:43.0473 0884 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:45:43.0489 0884 NlaSvc - ok

00:45:43.0504 0884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:45:43.0520 0884 Npfs - ok

00:45:43.0536 0884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:45:43.0567 0884 nsi - ok

00:45:43.0567 0884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:45:43.0598 0884 nsiproxy - ok

00:45:43.0676 0884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:45:43.0692 0884 Ntfs - ok

00:45:43.0785 0884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:45:43.0801 0884 Null - ok

00:45:44.0191 0884 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:45:44.0331 0884 nvlddmkm - ok

00:45:44.0440 0884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:45:44.0440 0884 nvraid - ok

00:45:44.0456 0884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:45:44.0472 0884 nvstor - ok

00:45:44.0565 0884 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

00:45:44.0581 0884 nvsvc - ok

00:45:44.0674 0884 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

00:45:44.0706 0884 nvUpdatusService - ok

00:45:44.0815 0884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:45:44.0815 0884 nv_agp - ok

00:45:44.0846 0884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:45:44.0846 0884 ohci1394 - ok

00:45:44.0877 0884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:45:44.0893 0884 p2pimsvc - ok

00:45:44.0924 0884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:45:44.0924 0884 p2psvc - ok

00:45:44.0955 0884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

00:45:44.0971 0884 Parport - ok

00:45:45.0002 0884 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

00:45:45.0002 0884 partmgr - ok

00:45:45.0018 0884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:45:45.0018 0884 PcaSvc - ok

00:45:45.0033 0884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:45:45.0049 0884 pci - ok

00:45:45.0080 0884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:45:45.0080 0884 pciide - ok

00:45:45.0096 0884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

00:45:45.0111 0884 pcmcia - ok

00:45:45.0127 0884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:45:45.0127 0884 pcw - ok

00:45:45.0158 0884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:45:45.0174 0884 PEAUTH - ok

00:45:45.0236 0884 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

00:45:45.0252 0884 PeerDistSvc - ok

00:45:45.0298 0884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:45:45.0314 0884 PerfHost - ok

00:45:45.0408 0884 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:45:45.0439 0884 pla - ok

00:45:45.0486 0884 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:45:45.0501 0884 PlugPlay - ok

00:45:45.0517 0884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:45:45.0517 0884 PNRPAutoReg - ok

00:45:45.0548 0884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:45:45.0548 0884 PNRPsvc - ok

00:45:45.0579 0884 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:45:45.0595 0884 PolicyAgent - ok

00:45:45.0642 0884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:45:45.0657 0884 Power - ok

00:45:45.0704 0884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:45:45.0735 0884 PptpMiniport - ok

00:45:45.0751 0884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

00:45:45.0751 0884 Processor - ok

00:45:45.0798 0884 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

00:45:45.0798 0884 ProfSvc - ok

00:45:45.0829 0884 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:45:45.0829 0884 ProtectedStorage - ok

00:45:45.0876 0884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:45:45.0907 0884 Psched - ok

00:45:45.0969 0884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

00:45:45.0985 0884 ql2300 - ok

00:45:46.0078 0884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

00:45:46.0078 0884 ql40xx - ok

00:45:46.0110 0884 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:45:46.0110 0884 QWAVE - ok

00:45:46.0125 0884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:45:46.0125 0884 QWAVEdrv - ok

00:45:46.0141 0884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:45:46.0156 0884 RasAcd - ok

00:45:46.0188 0884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:45:46.0203 0884 RasAgileVpn - ok

00:45:46.0235 0884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:45:46.0250 0884 RasAuto - ok

00:45:46.0281 0884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:45:46.0313 0884 Rasl2tp - ok

00:45:46.0344 0884 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:45:46.0375 0884 RasMan - ok

00:45:46.0391 0884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:45:46.0422 0884 RasPppoe - ok

00:45:46.0437 0884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:45:46.0453 0884 RasSstp - ok

00:45:46.0484 0884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:45:46.0515 0884 rdbss - ok

00:45:46.0515 0884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

00:45:46.0531 0884 rdpbus - ok

00:45:46.0547 0884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:45:46.0562 0884 RDPCDD - ok

00:45:46.0609 0884 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

00:45:46.0609 0884 RDPDR - ok

00:45:46.0640 0884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:45:46.0656 0884 RDPENCDD - ok

00:45:46.0656 0884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:45:46.0687 0884 RDPREFMP - ok

00:45:46.0718 0884 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

00:45:46.0734 0884 RdpVideoMiniport - ok

00:45:46.0765 0884 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

00:45:46.0765 0884 RDPWD - ok

00:45:46.0812 0884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:45:46.0827 0884 rdyboost - ok

00:45:46.0874 0884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:45:46.0890 0884 RemoteAccess - ok

00:45:46.0905 0884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:45:46.0937 0884 RemoteRegistry - ok

00:45:46.0937 0884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:45:46.0968 0884 RpcEptMapper - ok

00:45:46.0968 0884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:45:46.0983 0884 RpcLocator - ok

00:45:47.0015 0884 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:45:47.0046 0884 RpcSs - ok

00:45:47.0077 0884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:45:47.0093 0884 rspndr - ok

00:45:47.0124 0884 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

00:45:47.0124 0884 s3cap - ok

00:45:47.0155 0884 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:45:47.0155 0884 SamSs - ok

00:45:47.0171 0884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:45:47.0186 0884 sbp2port - ok

00:45:47.0217 0884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:45:47.0233 0884 SCardSvr - ok

00:45:47.0264 0884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:45:47.0280 0884 scfilter - ok

00:45:47.0342 0884 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:45:47.0373 0884 Schedule - ok

00:45:47.0405 0884 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:45:47.0436 0884 SCPolicySvc - ok

00:45:47.0467 0884 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:45:47.0467 0884 SDRSVC - ok

00:45:47.0529 0884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:45:47.0545 0884 secdrv - ok

00:45:47.0561 0884 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:45:47.0576 0884 seclogon - ok

00:45:47.0592 0884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

00:45:47.0623 0884 SENS - ok

00:45:47.0639 0884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:45:47.0639 0884 SensrSvc - ok

00:45:47.0654 0884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

00:45:47.0654 0884 Serenum - ok

00:45:47.0670 0884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

00:45:47.0685 0884 Serial - ok

00:45:47.0717 0884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

00:45:47.0717 0884 sermouse - ok

00:45:47.0763 0884 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:45:47.0779 0884 SessionEnv - ok

00:45:47.0810 0884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:45:47.0810 0884 sffdisk - ok

00:45:47.0826 0884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:45:47.0826 0884 sffp_mmc - ok

00:45:47.0826 0884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:45:47.0841 0884 sffp_sd - ok

00:45:47.0857 0884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

00:45:47.0857 0884 sfloppy - ok

00:45:47.0919 0884 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:45:47.0935 0884 SharedAccess - ok

00:45:47.0966 0884 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:45:47.0982 0884 ShellHWDetection - ok

00:45:48.0013 0884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:45:48.0013 0884 SiSRaid2 - ok

00:45:48.0029 0884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

00:45:48.0029 0884 SiSRaid4 - ok

00:45:48.0091 0884 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

00:45:48.0091 0884 SkypeUpdate - ok

00:45:48.0091 0884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:45:48.0122 0884 Smb - ok

00:45:48.0153 0884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:45:48.0153 0884 SNMPTRAP - ok

00:45:48.0185 0884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:45:48.0185 0884 spldr - ok

00:45:48.0231 0884 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:45:48.0263 0884 Spooler - ok

00:45:48.0387 0884 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:45:48.0434 0884 sppsvc - ok

00:45:48.0512 0884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:45:48.0528 0884 sppuinotify - ok

00:45:48.0590 0884 sprtsvc_verizondm - ok

00:45:48.0668 0884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:45:48.0668 0884 srv - ok

00:45:48.0699 0884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:45:48.0699 0884 srv2 - ok

00:45:48.0715 0884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:45:48.0731 0884 srvnet - ok

00:45:48.0746 0884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:45:48.0777 0884 SSDPSRV - ok

00:45:48.0793 0884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:45:48.0809 0884 SstpSvc - ok

00:45:48.0887 0884 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

00:45:48.0887 0884 Stereo Service - ok

00:45:48.0918 0884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

00:45:48.0918 0884 stexstor - ok

00:45:48.0980 0884 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:45:48.0996 0884 stisvc - ok

00:45:49.0027 0884 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

00:45:49.0027 0884 storflt - ok

00:45:49.0058 0884 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

00:45:49.0058 0884 storvsc - ok

00:45:49.0074 0884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:45:49.0089 0884 swenum - ok

00:45:49.0121 0884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:45:49.0152 0884 swprv - ok

00:45:49.0167 0884 Synth3dVsc - ok

00:45:49.0245 0884 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:45:49.0261 0884 SysMain - ok

00:45:49.0339 0884 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:45:49.0355 0884 TabletInputService - ok

00:45:49.0386 0884 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:45:49.0417 0884 TapiSrv - ok

00:45:49.0433 0884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:45:49.0464 0884 TBS - ok

00:45:49.0557 0884 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

00:45:49.0589 0884 Tcpip - ok

00:45:49.0682 0884 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

00:45:49.0698 0884 TCPIP6 - ok

00:45:49.0760 0884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:45:49.0776 0884 tcpipreg - ok

00:45:49.0791 0884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:45:49.0807 0884 TDPIPE - ok

00:45:49.0823 0884 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

00:45:49.0838 0884 TDTCP - ok

00:45:49.0854 0884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:45:49.0885 0884 tdx - ok

00:45:49.0916 0884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:45:49.0932 0884 TermDD - ok

00:45:49.0979 0884 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:45:49.0994 0884 TermService - ok

00:45:50.0057 0884 tgsrvc_verizondm - ok

00:45:50.0072 0884 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll

00:45:50.0072 0884 Themes ( UnsignedFile.Multi.Generic ) - warning

00:45:50.0072 0884 Themes - detected UnsignedFile.Multi.Generic (1)

00:45:50.0103 0884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:45:50.0135 0884 THREADORDER - ok

00:45:50.0181 0884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:45:50.0197 0884 TrkWks - ok

00:45:50.0244 0884 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:45:50.0275 0884 TrustedInstaller - ok

00:45:50.0306 0884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:45:50.0322 0884 tssecsrv - ok

00:45:50.0353 0884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:45:50.0369 0884 TsUsbFlt - ok

00:45:50.0369 0884 tsusbhub - ok

00:45:50.0431 0884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:45:50.0447 0884 tunnel - ok

00:45:50.0478 0884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

00:45:50.0478 0884 uagp35 - ok

00:45:50.0509 0884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:45:50.0540 0884 udfs - ok

00:45:50.0556 0884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:45:50.0556 0884 UI0Detect - ok

00:45:50.0618 0884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:45:50.0618 0884 uliagpkx - ok

00:45:50.0649 0884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

00:45:50.0649 0884 umbus - ok

00:45:50.0665 0884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

00:45:50.0665 0884 UmPass - ok

00:45:50.0712 0884 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

00:45:50.0712 0884 UmRdpService - ok

00:45:50.0743 0884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:45:50.0759 0884 upnphost - ok

00:45:50.0790 0884 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

00:45:50.0790 0884 USBAAPL64 - ok

00:45:50.0837 0884 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

00:45:50.0852 0884 usbaudio - ok

00:45:50.0899 0884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

00:45:50.0899 0884 usbccgp - ok

00:45:50.0930 0884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:45:50.0930 0884 usbcir - ok

00:45:50.0946 0884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

00:45:50.0961 0884 usbehci - ok

00:45:50.0993 0884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:45:50.0993 0884 usbhub - ok

00:45:51.0008 0884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:45:51.0008 0884 usbohci - ok

00:45:51.0039 0884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:45:51.0039 0884 usbprint - ok

00:45:51.0055 0884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:45:51.0071 0884 USBSTOR - ok

00:45:51.0071 0884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:45:51.0071 0884 usbuhci - ok

00:45:51.0102 0884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:45:51.0117 0884 UxSms - ok

00:45:51.0149 0884 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:45:51.0164 0884 VaultSvc - ok

00:45:51.0195 0884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:45:51.0195 0884 vdrvroot - ok

00:45:51.0242 0884 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:45:51.0258 0884 vds - ok

00:45:51.0289 0884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:45:51.0305 0884 vga - ok

00:45:51.0305 0884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:45:51.0336 0884 VgaSave - ok

00:45:51.0336 0884 VGPU - ok

00:45:51.0367 0884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:45:51.0367 0884 vhdmp - ok

00:45:51.0383 0884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:45:51.0383 0884 viaide - ok

00:45:51.0414 0884 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

00:45:51.0414 0884 vmbus - ok

00:45:51.0445 0884 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

00:45:51.0461 0884 VMBusHID - ok

00:45:51.0492 0884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:45:51.0507 0884 volmgr - ok

00:45:51.0539 0884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:45:51.0554 0884 volmgrx - ok

00:45:51.0570 0884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:45:51.0585 0884 volsnap - ok

00:45:51.0617 0884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

00:45:51.0632 0884 vsmraid - ok

00:45:51.0695 0884 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:45:51.0741 0884 VSS - ok

00:45:51.0835 0884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

00:45:51.0835 0884 vwifibus - ok

00:45:51.0851 0884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:45:51.0866 0884 vwififlt - ok

00:45:51.0882 0884 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

00:45:51.0897 0884 vwifimp - ok

00:45:51.0929 0884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:45:51.0960 0884 W32Time - ok

00:45:51.0975 0884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

00:45:51.0975 0884 WacomPen - ok

00:45:52.0022 0884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:45:52.0053 0884 WANARP - ok

00:45:52.0053 0884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:45:52.0069 0884 Wanarpv6 - ok

00:45:52.0163 0884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:45:52.0178 0884 WatAdminSvc - ok

00:45:52.0241 0884 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:45:52.0272 0884 wbengine - ok

00:45:52.0350 0884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:45:52.0350 0884 WbioSrvc - ok

00:45:52.0397 0884 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:45:52.0412 0884 wcncsvc - ok

00:45:52.0412 0884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:45:52.0428 0884 WcsPlugInService - ok

00:45:52.0459 0884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

00:45:52.0475 0884 Wd - ok

00:45:52.0506 0884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:45:52.0506 0884 Wdf01000 - ok

00:45:52.0521 0884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:45:52.0537 0884 WdiServiceHost - ok

00:45:52.0537 0884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:45:52.0537 0884 WdiSystemHost - ok

00:45:52.0584 0884 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:45:52.0599 0884 WebClient - ok

00:45:52.0615 0884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:45:52.0646 0884 Wecsvc - ok

00:45:52.0646 0884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:45:52.0677 0884 wercplsupport - ok

00:45:52.0693 0884 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:45:52.0709 0884 WerSvc - ok

00:45:52.0740 0884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:45:52.0755 0884 WfpLwf - ok

00:45:52.0771 0884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:45:52.0771 0884 WIMMount - ok

00:45:52.0802 0884 WinDefend - ok

00:45:52.0818 0884 WinHttpAutoProxySvc - ok

00:45:52.0865 0884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:45:52.0880 0884 Winmgmt - ok

00:45:52.0974 0884 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:45:53.0005 0884 WinRM - ok

00:45:53.0099 0884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:45:53.0114 0884 Wlansvc - ok

00:45:53.0239 0884 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:45:53.0255 0884 wlidsvc - ok

00:45:53.0348 0884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:45:53.0364 0884 WmiAcpi - ok

00:45:53.0395 0884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:45:53.0411 0884 wmiApSrv - ok

00:45:53.0442 0884 WMPNetworkSvc - ok

00:45:53.0473 0884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:45:53.0473 0884 WPCSvc - ok

00:45:53.0504 0884 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:45:53.0520 0884 WPDBusEnum - ok

00:45:53.0535 0884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:45:53.0567 0884 ws2ifsl - ok

00:45:53.0582 0884 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

00:45:53.0598 0884 wscsvc - ok

00:45:53.0598 0884 WSearch - ok

00:45:53.0707 0884 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

00:45:53.0738 0884 wuauserv - ok

00:45:53.0847 0884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:45:53.0863 0884 WudfPf - ok

00:45:53.0894 0884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:45:53.0910 0884 WUDFRd - ok

00:45:53.0941 0884 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:45:53.0957 0884 wudfsvc - ok

00:45:53.0988 0884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

00:45:54.0003 0884 WwanSvc - ok

00:45:54.0019 0884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:45:54.0175 0884 \Device\Harddisk0\DR0 - ok

00:45:54.0191 0884 Boot (0x1200) (c36dd71b4e99a26b8907b578404552ed) \Device\Harddisk0\DR0\Partition0

00:45:54.0191 0884 \Device\Harddisk0\DR0\Partition0 - ok

00:45:54.0206 0884 Boot (0x1200) (2416b9fa5b16ca036f45c1d82fdc5a5f) \Device\Harddisk0\DR0\Partition1

00:45:54.0206 0884 \Device\Harddisk0\DR0\Partition1 - ok

00:45:54.0222 0884 ============================================================

00:45:54.0222 0884 Scan finished

00:45:54.0222 0884 ============================================================

00:45:54.0222 4604 Detected object count: 2

00:45:54.0222 4604 Actual detected object count: 2

00:46:01.0445 4604 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user

00:46:01.0445 4604 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:46:01.0445 4604 Themes ( UnsignedFile.Multi.Generic ) - skipped by user

00:46:01.0445 4604 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Sorry didn't read the instructions correctly on the asw. Here's the correct log. Sorry about that!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-09 00:48:10

-----------------------------

00:48:10.649 OS Version: Windows x64 6.1.7601 Service Pack 1

00:48:10.649 Number of processors: 4 586 0x2A07

00:48:10.649 ComputerName: ISIS-PC UserName: Isis

00:48:11.413 Initialize success

00:52:38.328 AVAST engine defs: 12070900

00:52:56.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

00:52:56.518 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3

00:52:56.534 Disk 0 MBR read successfully

00:52:56.534 Disk 0 MBR scan

00:52:56.534 Disk 0 Windows 7 default MBR code

00:52:56.534 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

00:52:56.549 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

00:52:56.565 Disk 0 scanning C:\Windows\system32\drivers

00:53:03.226 Service scanning

00:53:18.748 Modules scanning

00:53:18.748 Disk 0 trace - called modules:

00:53:18.764 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

00:53:18.764 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d94060]

00:53:18.764 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007ae2520]

00:53:18.764 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ae3060]

00:53:19.746 AVAST engine scan C:\Windows

00:53:21.307 AVAST engine scan C:\Windows\system32

00:55:02.941 AVAST engine scan C:\Windows\system32\drivers

00:55:10.273 AVAST engine scan C:\Users\Isis

00:55:53.142 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"

00:55:53.157 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswMBR.txt"

00:56:25.245 AVAST engine scan C:\ProgramData

00:56:31.111 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"

00:56:31.111 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswMBR.txt"

00:56:41.491 Disk 0 MBR has been saved successfully to "C:\Users\Isis\Desktop\MBR.dat"

00:56:41.507 The log file has been saved successfully to "C:\Users\Isis\Desktop\aswmrb2.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:


ClearJavaCache::

FireFox::
FF - ProfilePath - c:\users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3045275&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

My computer still seems to be running fine, but malwarebytes still detects the virus.

Here's the log.

ComboFix 12-07-08.01 - Isis 07/09/2012 2:00.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6490 [GMT -7:00]

Running from: c:\users\Isis\Desktop\ComboFix.exe

Command switches used :: c:\users\Isis\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2012-07-09 09:02 . 2012-07-09 09:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-09 09:02 . 2012-07-09 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\users\Isis\AppData\Roaming\Anvisoft

2012-07-06 19:55 . 2012-07-08 05:18 -------- d-----w- c:\program files (x86)\Anvisoft

2012-07-06 07:57 . 2012-07-06 07:57 -------- d-----w- c:\program files\CCleaner

2012-07-05 07:39 . 2012-07-05 07:39 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-05 07:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1362962A-8585-43FF-887D-6E59755217F2}\mpengine.dll

2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-07-02 07:57 . 2012-07-02 07:57 -------- d-----w- c:\program files (x86)\Application Updater

2012-06-24 05:45 . 2012-06-24 05:45 -------- d-----w- c:\users\Isis\AppData\Local\Macromedia

2012-06-21 20:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 20:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 20:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 20:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 20:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 20:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 20:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 20:35 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 20:35 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-05 07:32 . 2012-04-23 22:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-05 07:32 . 2012-03-23 21:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 20:26 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll

2012-05-06 20:26 . 2012-03-25 02:24 2851840 ----a-w- c:\windows\system32\themeui.dll

2012-05-06 20:26 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2012-03-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[-] 2012-03-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-07-09_06.26.29 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-09 06:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-09 09:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-09 06:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-09 09:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-09 06:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-09 09:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-03-23 21:26 . 2012-07-09 06:35 40872 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-09 06:35 26832 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-03-23 20:45 . 2012-07-09 06:35 10094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-144253042-2406972773-1586009904-1000_UserData.bin

+ 2012-03-24 23:49 . 2012-07-09 06:32 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-07-09 06:26 . 2012-07-09 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-09 09:03 . 2012-07-09 09:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-09 09:03 . 2012-07-09 09:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-09 06:26 . 2012-07-09 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-07-09 06:23 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-09 06:38 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-09 06:38 106316 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-09 06:23 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-07-09 09:02 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-09 06:25 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-03-23 21:22 . 2012-07-09 09:02 20228372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-144253042-2406972773-1586009904-1000-8192.dat

- 2012-03-23 21:22 . 2012-07-09 06:17 20228372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-144253042-2406972773-1586009904-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-28 1090440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-27 1255736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-28 791488]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

.

--------- X64 Entries -----------

.

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Isis\AppData\Roaming\Mozilla\Firefox\Profiles\ji3l7q4b.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.mangareader.net/

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\IObit\Game Booster 3\gbtray.exe

.

**************************************************************************

.

Completion time: 2012-07-09 02:07:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-09 09:07

ComboFix2.txt 2012-07-09 06:29

.

Pre-Run: 423,103,332,352 bytes free

Post-Run: 422,788,886,528 bytes free

.

- - End Of File - - 452D4B9EF10478A10710B05859C12C6D

Thanks for your continued help.

Link to post
Share on other sites

Sorry not sure if this is the log you want.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.07.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Isis :: ISIS-PC [administrator]

7/7/2012 10:18:49 PM

mbam-log-2012-07-07 (22-18-49).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 326161

Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{b3d868f6-1eb7-ce36-0688-17eff5a727a2}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

  • Staff

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.