Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stubborn Online Guard!

Started by hutina , Oct 10 2011 12:18 AM

  • This topic is locked This topic is locked

#31
hutina
Posted 13 October 2011 - 01:18 AM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
About how long does the combofix take?
  • 0

Advertisements

#32
maliprog
Posted 13 October 2011 - 01:20 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Usually not longer than 15 - 20 min. Combofix will probably ask you to restart your system in order to remove infection. Just follow the prompts and confirm everything.
  • 0

#33
hutina
Posted 13 October 2011 - 01:25 AM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I've been look at the same blue screen for more than 20 mins.
CA didn't get completely removed, but combo fix gave me the option of bypassing that the continue with the scan. Right at the beginning of the scan it did prompt about an update to a newer version, should I getting that
  • 0

#34
maliprog
Posted 13 October 2011 - 01:28 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try this. Reboot your system and start it in Safe Mode with networking. Remove your version of Combofix and download new one. Then run scan again.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#35
hutina
Posted 13 October 2011 - 01:35 AM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here we go again, hopefully better luck this time around.

Edited by hutina, 13 October 2011 - 01:36 AM.

  • 0

#36
hutina
Posted 13 October 2011 - 01:51 AM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Is it okay to leave the scan running since it's getting very late. Not sure how much longer I can stay awake :)
  • 0

#37
maliprog
Posted 13 October 2011 - 01:55 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Maybe you should click OK button few times but it's OK to leave it. I think it should be done in few minutes but if you can't stay then.... see you tomorrow :)
  • 0

#38
hutina
Posted 13 October 2011 - 02:00 AM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ok button, I don't see any ok button, was that a joke...
I guess I'll continue tomorrow
Thank you sooooo much.
  • 0

#39
hutina
Posted 13 October 2011 - 05:39 PM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
combofix found rootkit (took a long long time) had to restart
here's the log after the reboot.
Still having a hard time disabling and removing CA.

ComboFix 11-10-13.01 - Tina 3/2011 Thu 6:42.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.936.86.1033.18.3071.2305 [GMT -7:00]
Running from: c:\users\Tina\Desktop\ComboFix.exe
AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F}
FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\program files\Internet Explorer\2D28.tmp
c:\program files\Internet Explorer\30A1.tmp
c:\program files\Internet Explorer\D087.tmp
c:\program files\Internet Explorer\DD24.tmp
c:\program files\Internet Explorer\F93C.tmp
c:\program files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}
c:\program files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}\chrome\browserseek.jar
c:\program files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}\install.rdf
c:\programdata\WindowsVerifierUpdate.dll
c:\users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0
c:\users\Tina\AppData\Roaming\aSi3FHWd8qXUlt0\Guard Online .ico
c:\users\Tina\AppData\Roaming\CCekIVrzOyAuSiF
c:\users\Tina\AppData\Roaming\CCekIVrzOyAuSiF\Guard Online .ico
c:\users\Tina\AppData\Roaming\cRZ9hTXwjClBzNx
c:\users\Tina\AppData\Roaming\cRZ9hTXwjClBzNx\Guard Online .ico
c:\users\Tina\AppData\Roaming\Cua\wuhitak.exe
c:\users\Tina\AppData\Roaming\FmH6sWJ7fLgZhCk
c:\users\Tina\AppData\Roaming\FmH6sWJ7fLgZhCk\Guard Online .ico
c:\users\Tina\AppData\Roaming\IG5aQJ6dW8R9
c:\users\Tina\AppData\Roaming\IG5aQJ6dW8R9\Guard Online .ico
c:\users\Tina\AppData\Roaming\ldr.ini
c:\users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
c:\users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj
c:\users\Tina\AppData\Roaming\mmH5sQJ7dKgZhXj\Guard Online .ico
c:\users\Tina\AppData\Roaming\TVVrzNtxA0uS
c:\users\Tina\AppData\Roaming\TVVrzNtxA0uS\Guard Online .ico
c:\users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu
c:\users\Tina\AppData\Roaming\Wms6Ef9XUeIrNxu\Guard Online .ico
c:\users\Tina\AppData\Roaming\y8gRZ9hYXjV
c:\users\Tina\AppData\Roaming\y8gRZ9hYXjV\Guard Online .ico
c:\users\Tina\DesktopLSPFix.exe
c:\users\Tina\DesktopSafeMSI.exe
c:\users\Tina\DesktopWinsockxpFix.exe
c:\windows\$NtUninstallKB20410$
c:\windows\$NtUninstallKB20410$\2449755954
c:\windows\$NtUninstallKB20410$\3329193514\@
c:\windows\$NtUninstallKB20410$\3329193514\bckfg.tmp
c:\windows\$NtUninstallKB20410$\3329193514\cfg.ini
c:\windows\$NtUninstallKB20410$\3329193514\Desktop.ini
c:\windows\$NtUninstallKB20410$\3329193514\keywords
c:\windows\$NtUninstallKB20410$\3329193514\kwrd.dll
c:\windows\$NtUninstallKB20410$\3329193514\L\xadqgnnk
c:\windows\$NtUninstallKB20410$\3329193514\lsflt7.ver
c:\windows\$NtUninstallKB20410$\3329193514\U\00000001.@
c:\windows\$NtUninstallKB20410$\3329193514\U\00000002.@
c:\windows\$NtUninstallKB20410$\3329193514\U\80000000.@
c:\windows\$NtUninstallKB20410$\3329193514\U\80000032.@
c:\windows\Downloaded Program Files\Install.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserSeek Service
-------\Service_c66f762a
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-13 13:49 . 2011-10-13 13:51 -------- d-----w- c:\users\Tina\AppData\Local\temp
2011-10-13 13:49 . 2011-10-13 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-13 06:41 . 2011-07-02 04:36 1422672 ----a-w- c:\windows\system32\cfgmig32.dll
2011-10-13 06:41 . 2011-05-30 08:01 206160 ----a-w- c:\windows\system32\Isafprod.dll
2011-10-13 06:41 . 2011-05-30 08:01 95568 ----a-w- c:\windows\system32\Vetredir.dll
2011-10-13 06:41 . 2011-05-30 08:01 128336 ----a-w- c:\windows\system32\Isafeif.dll
2011-10-13 06:40 . 2011-10-13 06:52 -------- d-----w- c:\windows\rnapxs
2011-10-13 06:40 . 2005-04-04 05:57 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-10-13 06:37 . 2011-10-13 06:52 -------- d-----w- c:\programdata\CA
2011-10-13 06:08 . 2011-10-13 06:08 -------- d-----w- c:\windows\system32\winsflte.dl1
2011-10-13 06:08 . 2011-10-13 06:08 -------- d-----w- c:\windows\system32\winsflt.dl1
2011-10-13 05:50 . 2011-10-13 05:50 -------- d-----w- c:\program files\Common Files\Scanner
2011-10-13 03:12 . 2011-10-13 03:12 -------- d-----w- C:\Rbackup
2011-10-13 03:11 . 2011-10-13 03:12 -------- d-----w- c:\program files\Perfect Uninstaller
2011-10-12 13:47 . 2011-10-12 13:47 -------- d-----w- c:\users\Tina\AppData\Roaming\P1uvD2obFpGsJdK
2011-10-12 05:43 . 2011-10-12 05:43 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-11 22:54 . 2011-10-11 22:54 -------- d-----w- c:\users\Tina\AppData\Roaming\N1ivD2onFpHsJd
2011-10-11 22:30 . 2011-10-11 22:30 -------- d-----w- c:\users\Tina\AppData\Roaming\lrlONtxP0c1b3n4
2011-10-11 06:35 . 2011-10-11 06:35 -------- d-----w- c:\users\Tina\AppData\Roaming\dlIBrzPNyAuSoFp
2011-10-11 05:59 . 2011-10-11 05:59 -------- d-----w- c:\users\Tina\AppData\Roaming\mnG5aQH6dKfLgXj
2011-10-11 05:27 . 2011-10-11 05:27 -------- d-----w- c:\users\Tina\AppData\Roaming\QycA1ivD2n4
2011-10-11 05:15 . 2011-10-11 05:15 -------- d-----w- c:\users\Tina\AppData\Roaming\rEL8gTZqhCkVlBx
2011-10-11 05:15 . 2011-10-11 05:15 -------- d-----w- c:\users\Tina\AppData\Roaming\XL9gTZqjCk
2011-10-11 05:15 . 2011-10-11 05:15 -------- d-----w- c:\users\Tina\AppData\Roaming\tGQdKhwCBNAS3df
2011-10-11 05:15 . 2011-10-11 05:15 -------- d-----w- c:\users\Tina\AppData\Roaming\lciDGm6JEgqCUlt
2011-10-11 00:54 . 2011-10-13 13:49 -------- d-----w- c:\users\Tina\AppData\Roaming\Cua
2011-10-11 00:54 . 2011-10-11 05:18 -------- d-----w- c:\users\Tina\AppData\Roaming\Xaole
2011-10-11 00:02 . 2011-10-11 00:02 -------- d-----w- c:\users\Tina\AppData\Roaming\WibD3onG4m6W7E8
2011-10-11 00:02 . 2011-10-11 00:02 -------- d-----w- c:\users\Tina\AppData\Roaming\UwkIVrlONx0c1b3
2011-10-11 00:02 . 2011-10-11 00:02 -------- d-----w- c:\users\Tina\AppData\Roaming\bFms7KRhwUltPcu
2011-10-11 00:00 . 2011-10-11 00:00 -------- d-----w- C:\_OTL
2011-10-10 23:37 . 2011-10-10 23:37 -------- d-----w- c:\users\Tina\AppData\Roaming\pQHH6dW7RL9gXjC
2011-10-10 23:37 . 2011-10-10 23:37 -------- d-----w- c:\users\Tina\AppData\Roaming\pHddWffR9XqCVOt
2011-10-10 06:36 . 2010-11-09 21:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-10 06:36 . 2010-11-09 21:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-10-10 06:36 . 2011-10-10 06:36 -------- d-----w- C:\VIPRERESCUE
2011-10-10 06:09 . 2011-10-10 06:09 -------- d-----w- c:\users\Tina\AppData\Roaming\SUPERAntiSpyware.com
2011-10-10 06:09 . 2011-10-10 06:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-10 04:21 . 2011-10-10 04:21 -------- d--h--w- c:\windows\PIF
2011-10-10 03:56 . 2011-10-10 05:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-10 03:41 . 2011-10-10 03:41 -------- d-----w- c:\users\Tina\AppData\Local\ElevatedDiagnostics
2011-10-10 03:25 . 2011-10-10 03:25 -------- d-----w- c:\windows\Sun
2011-09-14 04:57 . 2011-09-30 23:19 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-14 04:57 . 2011-09-16 22:39 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-14 04:57 . 2011-09-16 22:39 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-14 04:57 . 2011-09-30 23:19 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-14 04:57 . 2011-09-30 23:19 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-14 04:57 . 2011-09-30 23:19 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-14 04:57 . 2011-09-30 23:19 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-14 04:57 . 2011-09-30 23:19 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-14 03:57 . 2011-09-14 03:57 -------- d-----w- c:\users\Tina\AppData\Local\VS Revo Group
2011-09-14 03:56 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-09-14 03:56 . 2011-09-14 03:56 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:37 . 2011-08-11 00:26 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-11 00:26 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-11 00:26 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-11 00:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 00:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 00:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 00:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 00:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-09-30 23:19 . 2011-09-14 04:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Tina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-04-06 05:31 185800 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2009-11-04 18:56 2540840 ----a-w- c:\program files\RayV\RayV\RayV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 SASDIFSV;SASDIFSV;c:\users\Tina\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Tina\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-03-21 68928]
S2 SplashtopRemoteService;Splashtop? Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2011-06-08 1775432]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2011-09-21 366408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all by FlashGet3 - c:\users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: 使用快车3下载 - c:\users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: 使用快车3下载全部链接 - c:\users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newenperbank/AxSafeControls.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.browserseek.com/?tmp=nemo_results_removelink&prt=BrowserskGG&keywords=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-WindowsVerifierUpdate - c:\programdata\WindowsVerifierUpdate.dll
Notify-PFW - (no file)
MSConfigStartUp-BJJ7dEK8gRhwUVI8234A - c:\windows\system32\GwkUeBP0yDon4m5.exe
MSConfigStartUp-cctray - c:\program files\CA\CA Internet Security Suite\casc.exe
MSConfigStartUp-iEEghYYCwkUrl8234A - c:\windows\system32\q666sWJJ7.exe
MSConfigStartUp-iHH55sWWJdLgRqY8234A - c:\windows\system32\F11ivD33onFa.exe
MSConfigStartUp-sNNyxxA1uS2bdT8234A - c:\windows\system32\ottzNyc4K9hTUlr.exe
MSConfigStartUp-volmgr - c:\windows\system32\config\systemprofile\AppData\Local\volmgr.exe
MSConfigStartUp-{0AC2812E-94E6-5E97-7142-5041BC926A9B} - c:\users\Tina\AppData\Roaming\Cua\wuhitak.exe
AddRemove-PPSGame - d:\pps.tv\PPSGame\unppsgame.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-683273971-958678362-1661301952-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u隷f?* N}廬
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Tina\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-683273971-958678362-1661301952-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u隷f?* N}廻Q钀]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Tina\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3356)
c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-10-13 06:54:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-13 13:54
.
Pre-Run: 161,654,734,848 bytes free
Post-Run: 162,263,404,544 bytes free
.
- - End Of File - - 59520FA6BEBED56023905EE0A98DD885
  • 0

#40
hutina
Posted 13 October 2011 - 11:58 PM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi Maliprog,
not sure if had time to look at the log yet...just wondering
  • 0

Advertisements

#41
maliprog
Posted 14 October 2011 - 12:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi hutina,

Combofix did great job! I think we are good now. Let's continue.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply


Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#42
hutina
Posted 14 October 2011 - 04:38 PM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Step 1
15:36:14.0913 2860 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
15:36:15.0553 2860 ============================================================
15:36:15.0553 2860 Current date / time: 2011/10/14 15:36:15.0553
15:36:15.0553 2860 SystemInfo:
15:36:15.0553 2860
15:36:15.0553 2860 OS Version: 6.1.7600 ServicePack: 0.0
15:36:15.0553 2860 Product type: Workstation
15:36:15.0553 2860 ComputerName: TINA-PC
15:36:15.0553 2860 UserName: Tina
15:36:15.0553 2860 Windows directory: C:\Windows
15:36:15.0553 2860 System windows directory: C:\Windows
15:36:15.0553 2860 Processor architecture: Intel x86
15:36:15.0553 2860 Number of processors: 2
15:36:15.0553 2860 Page size: 0x1000
15:36:15.0553 2860 Boot type: Normal boot
15:36:15.0553 2860 ============================================================
15:36:16.0427 2860 Initialize success
15:36:53.0773 3572 ============================================================
15:36:53.0773 3572 Scan started
15:36:53.0773 3572 Mode: Manual;
15:36:53.0773 3572 ============================================================
15:36:54.0475 3572 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:36:54.0475 3572 1394ohci - ok
15:36:54.0522 3572 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:36:54.0522 3572 ACPI - ok
15:36:54.0553 3572 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:36:54.0553 3572 AcpiPmi - ok
15:36:54.0600 3572 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:36:54.0615 3572 adp94xx - ok
15:36:54.0631 3572 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:36:54.0631 3572 adpahci - ok
15:36:54.0647 3572 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:36:54.0647 3572 adpu320 - ok
15:36:54.0709 3572 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:36:54.0725 3572 AFD - ok
15:36:54.0740 3572 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:36:54.0740 3572 agp440 - ok
15:36:54.0756 3572 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:36:54.0756 3572 aic78xx - ok
15:36:54.0787 3572 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:36:54.0787 3572 aliide - ok
15:36:54.0834 3572 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:36:54.0834 3572 amdagp - ok
15:36:54.0834 3572 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:36:54.0849 3572 amdide - ok
15:36:54.0849 3572 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:36:54.0849 3572 AmdK8 - ok
15:36:54.0865 3572 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:36:54.0865 3572 AmdPPM - ok
15:36:54.0912 3572 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:36:54.0912 3572 amdsata - ok
15:36:54.0927 3572 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:36:54.0943 3572 amdsbs - ok
15:36:54.0974 3572 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:36:54.0974 3572 amdxata - ok
15:36:54.0974 3572 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:36:54.0974 3572 AppID - ok
15:36:55.0037 3572 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:36:55.0037 3572 arc - ok
15:36:55.0052 3572 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:36:55.0052 3572 arcsas - ok
15:36:55.0083 3572 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:36:55.0083 3572 AsyncMac - ok
15:36:55.0099 3572 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:36:55.0099 3572 atapi - ok
15:36:55.0208 3572 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
15:36:55.0286 3572 atikmdag - ok
15:36:55.0317 3572 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:36:55.0317 3572 b06bdrv - ok
15:36:55.0349 3572 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:36:55.0349 3572 b57nd60x - ok
15:36:55.0380 3572 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:36:55.0380 3572 Beep - ok
15:36:55.0411 3572 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:36:55.0411 3572 blbdrive - ok
15:36:55.0458 3572 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:36:55.0458 3572 bowser - ok
15:36:55.0473 3572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:36:55.0473 3572 BrFiltLo - ok
15:36:55.0489 3572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:36:55.0489 3572 BrFiltUp - ok
15:36:55.0505 3572 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:36:55.0505 3572 Brserid - ok
15:36:55.0520 3572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:36:55.0536 3572 BrSerWdm - ok
15:36:55.0551 3572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:36:55.0551 3572 BrUsbMdm - ok
15:36:55.0567 3572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:36:55.0567 3572 BrUsbSer - ok
15:36:55.0583 3572 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:36:55.0583 3572 BTHMODEM - ok
15:36:55.0739 3572 catchme - ok
15:36:55.0770 3572 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:36:55.0770 3572 cdfs - ok
15:36:55.0801 3572 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:36:55.0817 3572 cdrom - ok
15:36:55.0832 3572 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:36:55.0832 3572 circlass - ok
15:36:55.0879 3572 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:36:55.0879 3572 CLFS - ok
15:36:55.0941 3572 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:36:55.0941 3572 CmBatt - ok
15:36:55.0957 3572 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:36:55.0957 3572 cmdide - ok
15:36:55.0988 3572 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:36:55.0988 3572 CNG - ok
15:36:56.0004 3572 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:36:56.0004 3572 Compbatt - ok
15:36:56.0051 3572 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:36:56.0051 3572 CompositeBus - ok
15:36:56.0066 3572 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:36:56.0066 3572 crcdisk - ok
15:36:56.0129 3572 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:36:56.0129 3572 CSC - ok
15:36:56.0191 3572 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:36:56.0191 3572 DfsC - ok
15:36:56.0269 3572 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
15:36:56.0269 3572 DgiVecp - ok
15:36:56.0285 3572 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:36:56.0300 3572 discache - ok
15:36:56.0347 3572 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:36:56.0347 3572 Disk - ok
15:36:56.0394 3572 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:36:56.0394 3572 drmkaud - ok
15:36:56.0456 3572 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:36:56.0456 3572 DXGKrnl - ok
15:36:56.0534 3572 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:36:56.0581 3572 ebdrv - ok
15:36:56.0612 3572 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:36:56.0612 3572 elxstor - ok
15:36:56.0628 3572 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:36:56.0628 3572 ErrDev - ok
15:36:56.0659 3572 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:36:56.0659 3572 exfat - ok
15:36:56.0675 3572 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:36:56.0675 3572 fastfat - ok
15:36:56.0721 3572 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:36:56.0721 3572 fdc - ok
15:36:56.0737 3572 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:36:56.0737 3572 FileInfo - ok
15:36:56.0753 3572 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:36:56.0753 3572 Filetrace - ok
15:36:56.0784 3572 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:36:56.0784 3572 flpydisk - ok
15:36:56.0799 3572 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:36:56.0799 3572 FltMgr - ok
15:36:56.0815 3572 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:36:56.0815 3572 FsDepends - ok
15:36:56.0831 3572 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:36:56.0831 3572 Fs_Rec - ok
15:36:56.0862 3572 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:36:56.0862 3572 fvevol - ok
15:36:56.0893 3572 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:36:56.0893 3572 gagp30kx - ok
15:36:56.0955 3572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:36:56.0955 3572 GEARAspiWDM - ok
15:36:56.0971 3572 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:36:56.0971 3572 hcw85cir - ok
15:36:57.0018 3572 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:36:57.0033 3572 HdAudAddService - ok
15:36:57.0065 3572 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:36:57.0065 3572 HDAudBus - ok
15:36:57.0096 3572 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:36:57.0096 3572 HidBatt - ok
15:36:57.0096 3572 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:36:57.0111 3572 HidBth - ok
15:36:57.0143 3572 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:36:57.0143 3572 HidIr - ok
15:36:57.0189 3572 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:36:57.0189 3572 HidUsb - ok
15:36:57.0205 3572 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:36:57.0205 3572 HpSAMD - ok
15:36:57.0299 3572 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:36:57.0314 3572 HTTP - ok
15:36:57.0408 3572 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:36:57.0408 3572 hwpolicy - ok
15:36:57.0423 3572 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:36:57.0423 3572 i8042prt - ok
15:36:57.0470 3572 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:36:57.0486 3572 iaStorV - ok
15:36:57.0517 3572 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:36:57.0517 3572 iirsp - ok
15:36:57.0595 3572 IntcAzAudAddService (8b27c21412ae4404eb0acfe1d98579ec) C:\Windows\system32\drivers\RTKVHDA.sys
15:36:57.0626 3572 IntcAzAudAddService - ok
15:36:57.0642 3572 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:36:57.0642 3572 intelide - ok
15:36:57.0673 3572 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:36:57.0673 3572 intelppm - ok
15:36:57.0689 3572 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:36:57.0689 3572 IpFilterDriver - ok
15:36:57.0720 3572 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:36:57.0720 3572 IPMIDRV - ok
15:36:57.0735 3572 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:36:57.0735 3572 IPNAT - ok
15:36:57.0767 3572 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:36:57.0767 3572 IRENUM - ok
15:36:57.0798 3572 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:36:57.0798 3572 isapnp - ok
15:36:57.0829 3572 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:36:57.0845 3572 iScsiPrt - ok
15:36:57.0860 3572 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:36:57.0860 3572 kbdclass - ok
15:36:57.0907 3572 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:36:57.0907 3572 kbdhid - ok
15:36:57.0954 3572 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
15:36:57.0954 3572 KSecDD - ok
15:36:58.0001 3572 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
15:36:58.0001 3572 KSecPkg - ok
15:36:58.0047 3572 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:36:58.0047 3572 lltdio - ok
15:36:58.0094 3572 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:36:58.0094 3572 LSI_FC - ok
15:36:58.0094 3572 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:36:58.0110 3572 LSI_SAS - ok
15:36:58.0110 3572 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:36:58.0110 3572 LSI_SAS2 - ok
15:36:58.0141 3572 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:36:58.0141 3572 LSI_SCSI - ok
15:36:58.0157 3572 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:36:58.0157 3572 luafv - ok
15:36:58.0188 3572 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:36:58.0188 3572 megasas - ok
15:36:58.0203 3572 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:36:58.0203 3572 MegaSR - ok
15:36:58.0250 3572 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:36:58.0250 3572 Modem - ok
15:36:58.0281 3572 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:36:58.0281 3572 monitor - ok
15:36:58.0313 3572 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:36:58.0313 3572 mouclass - ok
15:36:58.0344 3572 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:36:58.0344 3572 mouhid - ok
15:36:58.0359 3572 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:36:58.0359 3572 mountmgr - ok
15:36:58.0406 3572 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:36:58.0406 3572 mpio - ok
15:36:58.0453 3572 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:36:58.0453 3572 mpsdrv - ok
15:36:58.0469 3572 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:36:58.0469 3572 MRxDAV - ok
15:36:58.0515 3572 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:36:58.0515 3572 mrxsmb - ok
15:36:58.0562 3572 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:36:58.0562 3572 mrxsmb10 - ok
15:36:58.0609 3572 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:36:58.0609 3572 mrxsmb20 - ok
15:36:58.0625 3572 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:36:58.0625 3572 msahci - ok
15:36:58.0656 3572 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:36:58.0656 3572 msdsm - ok
15:36:58.0671 3572 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:36:58.0671 3572 Msfs - ok
15:36:58.0703 3572 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:36:58.0703 3572 mshidkmdf - ok
15:36:58.0703 3572 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:36:58.0703 3572 msisadrv - ok
15:36:58.0749 3572 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:36:58.0749 3572 MSKSSRV - ok
15:36:58.0796 3572 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:36:58.0796 3572 MSPCLOCK - ok
15:36:58.0827 3572 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:36:58.0827 3572 MSPQM - ok
15:36:58.0843 3572 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:36:58.0859 3572 MsRPC - ok
15:36:58.0874 3572 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:36:58.0874 3572 mssmbios - ok
15:36:58.0890 3572 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:36:58.0890 3572 MSTEE - ok
15:36:58.0905 3572 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:36:58.0905 3572 MTConfig - ok
15:36:58.0921 3572 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:36:58.0921 3572 Mup - ok
15:36:58.0968 3572 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:36:58.0968 3572 NativeWifiP - ok
15:36:58.0999 3572 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:36:59.0015 3572 NDIS - ok
15:36:59.0061 3572 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:36:59.0061 3572 NdisCap - ok
15:36:59.0077 3572 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:36:59.0077 3572 NdisTapi - ok
15:36:59.0108 3572 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:36:59.0108 3572 Ndisuio - ok
15:36:59.0124 3572 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:36:59.0124 3572 NdisWan - ok
15:36:59.0155 3572 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:36:59.0155 3572 NDProxy - ok
15:36:59.0186 3572 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:36:59.0202 3572 NetBIOS - ok
15:36:59.0217 3572 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:36:59.0217 3572 NetBT - ok
15:36:59.0264 3572 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:36:59.0264 3572 nfrd960 - ok
15:36:59.0327 3572 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:36:59.0342 3572 Npfs - ok
15:36:59.0358 3572 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:36:59.0358 3572 nsiproxy - ok
15:36:59.0420 3572 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:36:59.0436 3572 Ntfs - ok
15:36:59.0451 3572 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:36:59.0451 3572 Null - ok
15:36:59.0498 3572 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:36:59.0498 3572 nvraid - ok
15:36:59.0529 3572 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:36:59.0529 3572 nvstor - ok
15:36:59.0561 3572 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:36:59.0561 3572 nv_agp - ok
15:36:59.0576 3572 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:36:59.0576 3572 ohci1394 - ok
15:36:59.0623 3572 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:36:59.0639 3572 Parport - ok
15:36:59.0654 3572 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:36:59.0654 3572 partmgr - ok
15:36:59.0670 3572 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:36:59.0670 3572 Parvdm - ok
15:36:59.0685 3572 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:36:59.0685 3572 pci - ok
15:36:59.0701 3572 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:36:59.0717 3572 pciide - ok
15:36:59.0732 3572 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:36:59.0732 3572 pcmcia - ok
15:36:59.0763 3572 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:36:59.0763 3572 pcw - ok
15:36:59.0779 3572 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:36:59.0795 3572 PEAUTH - ok
15:36:59.0841 3572 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:36:59.0841 3572 PptpMiniport - ok
15:36:59.0857 3572 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:36:59.0857 3572 Processor - ok
15:36:59.0904 3572 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:36:59.0904 3572 Psched - ok
15:36:59.0951 3572 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:36:59.0966 3572 ql2300 - ok
15:36:59.0982 3572 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:36:59.0982 3572 ql40xx - ok
15:37:00.0013 3572 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:37:00.0013 3572 QWAVEdrv - ok
15:37:00.0029 3572 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:37:00.0029 3572 RasAcd - ok
15:37:00.0060 3572 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:37:00.0060 3572 RasAgileVpn - ok
15:37:00.0075 3572 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:00.0075 3572 Rasl2tp - ok
15:37:00.0122 3572 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:00.0122 3572 RasPppoe - ok
15:37:00.0138 3572 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:37:00.0138 3572 RasSstp - ok
15:37:00.0153 3572 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:37:00.0153 3572 rdbss - ok
15:37:00.0169 3572 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:37:00.0169 3572 rdpbus - ok
15:37:00.0185 3572 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:00.0185 3572 RDPCDD - ok
15:37:00.0216 3572 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:37:00.0216 3572 RDPDR - ok
15:37:00.0247 3572 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:37:00.0263 3572 RDPENCDD - ok
15:37:00.0278 3572 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:37:00.0278 3572 RDPREFMP - ok
15:37:00.0294 3572 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:37:00.0294 3572 RDPWD - ok
15:37:00.0341 3572 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:37:00.0341 3572 rdyboost - ok
15:37:00.0419 3572 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
15:37:00.0419 3572 Revoflt - ok
15:37:00.0481 3572 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:37:00.0497 3572 rspndr - ok
15:37:00.0543 3572 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:37:00.0543 3572 RTL8167 - ok
15:37:00.0590 3572 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:37:00.0590 3572 s3cap - ok
15:37:00.0715 3572 SASDIFSV - ok
15:37:00.0731 3572 SASKUTIL - ok
15:37:00.0762 3572 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:37:00.0762 3572 sbp2port - ok
15:37:00.0793 3572 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
15:37:00.0793 3572 SBRE - ok
15:37:00.0824 3572 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:37:00.0824 3572 scfilter - ok
15:37:00.0871 3572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:37:00.0871 3572 secdrv - ok
15:37:00.0918 3572 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:37:00.0918 3572 Serenum - ok
15:37:00.0933 3572 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:37:00.0933 3572 Serial - ok
15:37:00.0949 3572 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:37:00.0949 3572 sermouse - ok
15:37:00.0980 3572 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:37:00.0980 3572 sffdisk - ok
15:37:00.0996 3572 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:37:00.0996 3572 sffp_mmc - ok
15:37:01.0011 3572 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:37:01.0011 3572 sffp_sd - ok
15:37:01.0027 3572 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:37:01.0027 3572 sfloppy - ok
15:37:01.0043 3572 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:37:01.0043 3572 sisagp - ok
15:37:01.0074 3572 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:37:01.0074 3572 SiSRaid2 - ok
15:37:01.0089 3572 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:37:01.0089 3572 SiSRaid4 - ok
15:37:01.0121 3572 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:37:01.0121 3572 Smb - ok
15:37:01.0183 3572 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:37:01.0183 3572 spldr - ok
15:37:01.0230 3572 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:37:01.0230 3572 srv - ok
15:37:01.0245 3572 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:37:01.0245 3572 srv2 - ok
15:37:01.0292 3572 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:37:01.0292 3572 srvnet - ok
15:37:01.0339 3572 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
15:37:01.0355 3572 SSPORT - ok
15:37:01.0401 3572 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:37:01.0401 3572 stexstor - ok
15:37:01.0448 3572 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:37:01.0448 3572 storflt - ok
15:37:01.0464 3572 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:37:01.0464 3572 storvsc - ok
15:37:01.0479 3572 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:37:01.0495 3572 swenum - ok
15:37:01.0557 3572 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
15:37:01.0573 3572 Tcpip - ok
15:37:01.0620 3572 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
15:37:01.0635 3572 TCPIP6 - ok
15:37:01.0651 3572 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:37:01.0651 3572 tcpipreg - ok
15:37:01.0667 3572 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:37:01.0667 3572 TDPIPE - ok
15:37:01.0682 3572 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:37:01.0682 3572 TDTCP - ok
15:37:01.0713 3572 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:37:01.0713 3572 tdx - ok
15:37:01.0729 3572 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:37:01.0729 3572 TermDD - ok
15:37:01.0745 3572 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:01.0745 3572 tssecsrv - ok
15:37:01.0791 3572 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:37:01.0791 3572 tunnel - ok
15:37:01.0807 3572 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:37:01.0807 3572 uagp35 - ok
15:37:01.0838 3572 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:37:01.0838 3572 udfs - ok
15:37:01.0854 3572 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:37:01.0869 3572 uliagpkx - ok
15:37:01.0901 3572 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:37:01.0901 3572 umbus - ok
15:37:01.0932 3572 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:37:01.0932 3572 UmPass - ok
15:37:01.0979 3572 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
15:37:01.0979 3572 USBAAPL - ok
15:37:02.0025 3572 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:02.0025 3572 usbccgp - ok
15:37:02.0057 3572 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:37:02.0057 3572 usbcir - ok
15:37:02.0103 3572 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
15:37:02.0103 3572 usbehci - ok
15:37:02.0150 3572 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:37:02.0150 3572 usbhub - ok
15:37:02.0197 3572 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
15:37:02.0197 3572 usbohci - ok
15:37:02.0244 3572 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:37:02.0244 3572 usbprint - ok
15:37:02.0275 3572 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:37:02.0275 3572 usbscan - ok
15:37:02.0306 3572 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:02.0306 3572 USBSTOR - ok
15:37:02.0337 3572 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
15:37:02.0337 3572 usbuhci - ok
15:37:02.0384 3572 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:37:02.0384 3572 vdrvroot - ok
15:37:02.0415 3572 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:02.0415 3572 vga - ok
15:37:02.0431 3572 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:37:02.0431 3572 VgaSave - ok
15:37:02.0462 3572 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:37:02.0462 3572 vhdmp - ok
15:37:02.0493 3572 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:37:02.0493 3572 viaagp - ok
15:37:02.0509 3572 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:37:02.0509 3572 ViaC7 - ok
15:37:02.0525 3572 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:37:02.0525 3572 viaide - ok
15:37:02.0571 3572 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:37:02.0571 3572 vmbus - ok
15:37:02.0587 3572 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:37:02.0587 3572 VMBusHID - ok
15:37:02.0618 3572 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:37:02.0618 3572 volmgr - ok
15:37:02.0634 3572 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:37:02.0634 3572 volmgrx - ok
15:37:02.0665 3572 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:37:02.0665 3572 volsnap - ok
15:37:02.0696 3572 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:37:02.0696 3572 vsmraid - ok
15:37:02.0727 3572 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:37:02.0727 3572 vwifibus - ok
15:37:02.0759 3572 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:37:02.0759 3572 WacomPen - ok
15:37:02.0790 3572 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:02.0790 3572 WANARP - ok
15:37:02.0805 3572 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:02.0805 3572 Wanarpv6 - ok
15:37:02.0852 3572 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:37:02.0852 3572 Wd - ok
15:37:02.0883 3572 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:37:02.0883 3572 Wdf01000 - ok
15:37:02.0946 3572 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:37:02.0946 3572 WfpLwf - ok
15:37:02.0961 3572 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:37:02.0961 3572 WIMMount - ok
15:37:03.0008 3572 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
15:37:03.0008 3572 WinUsb - ok
15:37:03.0039 3572 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:37:03.0039 3572 WmiAcpi - ok
15:37:03.0071 3572 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:37:03.0071 3572 ws2ifsl - ok
15:37:03.0117 3572 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:37:03.0117 3572 WudfPf - ok
15:37:03.0164 3572 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:03.0164 3572 WUDFRd - ok
15:37:03.0195 3572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:37:03.0195 3572 \Device\Harddisk0\DR0 - ok
15:37:03.0211 3572 Boot (0x1200) (01acc836bbfc090d0d18d410df57f2cd) \Device\Harddisk0\DR0\Partition0
15:37:03.0211 3572 \Device\Harddisk0\DR0\Partition0 - ok
15:37:03.0227 3572 Boot (0x1200) (7c39e6a684d7d32e950baf94c3c0b8c5) \Device\Harddisk0\DR0\Partition1
15:37:03.0227 3572 \Device\Harddisk0\DR0\Partition1 - ok
15:37:03.0227 3572 ============================================================
15:37:03.0227 3572 Scan finished
15:37:03.0227 3572 ============================================================
15:37:03.0242 2592 Detected object count: 0
15:37:03.0242 2592 Actual detected object count: 0
  • 0

#43
hutina
Posted 14 October 2011 - 04:45 PM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
log from step 2
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-14 15:40:05
-----------------------------
15:40:05.648 OS Version: Windows 6.1.7600
15:40:05.648 Number of processors: 2 586 0x1706
15:40:05.648 ComputerName: TINA-PC UserName: Tina
15:40:18.549 Initialize success
15:42:42.028 AVAST engine defs: 11101401
15:42:55.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:42:55.647 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 11
15:42:57.675 Disk 0 MBR read successfully
15:42:57.675 Disk 0 MBR scan
15:42:57.675 Disk 0 Windows 7 default MBR code
15:42:57.691 Disk 0 scanning sectors +625139712
15:42:57.784 Disk 0 scanning C:\Windows\system32\drivers
15:43:04.804 Service scanning
15:43:05.896 Modules scanning
15:43:12.105 Disk 0 trace - called modules:
15:43:12.121 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys
15:43:12.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861cd030]
15:43:12.136 3 CLASSPNP.SYS[8b39659e] -> nt!IofCallDriver -> [0x85ce8918]
15:43:12.152 5 ACPI.sys[8ae9e3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ce3908]
15:43:14.024 AVAST engine scan C:\Windows
15:43:14.149 File: C:\Windows\712404934:965773781.exe **INFECTED** Win32:Sirefef-O [Rtk]
15:43:16.863 AVAST engine scan C:\Windows\system32
15:44:31.806 AVAST engine scan C:\Windows\system32\drivers
15:44:39.403 AVAST engine scan C:\Users\Tina
15:45:14.348 Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
15:45:14.348 The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR.txt"
  • 0

#44
maliprog
Posted 14 October 2011 - 11:20 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi hutina,

How is your system now? Any problems?
  • 0

#45
hutina
Posted 14 October 2011 - 11:55 PM

hutina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
system is running fine
i don't see online guard.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP