Jump to content


Photo

SMART HDD removal issues


  • This topic is locked This topic is locked
11 replies to this topic

#1 hylndr11

hylndr11

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 01 April 2012 - 03:55 PM

Had the SMART HDD rogue on the computer - followed the directions to get rid of it with Malware bytes and rkill etc. Got rid of it it seems and used unhide to get icons back. It mostly worked but the computer is acting odd, seems my browser is hijacked by something - internet runs real slow and goes to other sites that I am not clicking on when I surf. For example click on something in google SERP it just goes to some other page. Here are the files malware bytes files first then after with the complete scan. Thank you guys for helping us out!!





Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MININT-AH1V0P8 [administrator]

Protection: Enabled

4/1/2012 12:14:27 PM
mbam-log-2012-04-01 (12-14-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211173
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 2
C:\ProgramData\FdrllxJJnSf.exe (Trojan.Agent) -> 3120 -> Delete on reboot.
C:\ProgramData\C1X7BFyCZohH4R.exe (Rogue.FakeHDD) -> 4696 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FdrllxJJnSf.exe (Trojan.Agent) -> Data: C:\ProgramData\FdrllxJJnSf.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\FdrllxJJnSf.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\C1X7BFyCZohH4R.exe (Rogue.FakeHDD) -> Delete on reboot.

(end)

complete scan after removal and running rkill

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MININT-AH1V0P8 [administrator]

Protection: Disabled

4/1/2012 12:45:52 PM
mbam-log-2012-04-01 (12-45-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461893
Time elapsed: 1 hour(s), 27 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS.txt ------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Matt at 16:28:21 on 2012-04-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.4766 [GMT -4:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.dell.com
uDefault_Page_URL = www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Kudos Chat Search] C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\05F696E6475602F6660265965677 : DhcpNameServer = 4.2.2.2 4.2.2.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\455402E65647 : DhcpNameServer = 192.168.1.10
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\54E434F42554934434534443 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\66573686964716 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\A496D6D69702349707865627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\C696E6B6379737 : DhcpNameServer = 4.2.2.2 4.2.2.1 192.168.1.1 4.2.2.2 4.2.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\KudosChatSearchAgent\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 173.213.90.71
FF - prefs.js: network.proxy.http_port - 55555
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
.
=============== File Associations ===============
.
.txt=GetDiz.TextFile
.
=============== Created Last 30 ================
.
2012-04-01 16:13:46 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2012-04-01 16:13:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-01 16:13:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-22 00:20:24 -------- d-----w- C:\Program Files (x86)\Kudos Chat Search v2
2012-03-22 00:18:16 -------- d-----w- C:\Users\Matt\AppData\Roaming\KudosChatSearch
2012-03-22 00:18:12 -------- d-----w- C:\Program Files (x86)\KudosChatSearchAgent
2012-03-19 14:02:11 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 14:02:11 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 14:02:10 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-19 14:02:10 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-19 14:02:10 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-10 21:06:31 -------- d-----w- C:\Windows\SysWow64\NV
2012-03-10 21:06:31 -------- d-----w- C:\Windows\System32\NV
2012-03-10 21:05:24 9832 ----a-w- C:\Windows\System32\NVMUPEventMsg.dll
2012-03-10 20:59:35 1652840 ----a-w- C:\Windows\System32\nvdispco6420141.dll
2012-03-10 20:59:35 1398376 ----a-w- C:\Windows\System32\nvgenco642061.dll
2012-03-10 20:58:59 -------- d-----w- C:\Windows\nvmup
2012-03-10 20:58:29 -------- d-----w- C:\Users\Matt\AppData\Local\Dell
2012-03-10 20:51:34 -------- d-----w- C:\Users\Matt\AppData\Local\Deployment
.
==================== Find3M ====================
.
2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 16:36:43.95 ===============



Cannot get security check to pop up the notepad file - I have some trendmicro stuff that came on this lappy - its a dell e5620

#2 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 02 April 2012 - 07:29 AM

Welcome hylndr11 to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

Just a few things before we begin:

:excl: Before proceeding:
  • In the upper right hand corner of this topic there is a button labelled Watch this topic. Please click this button, select Immediate E-Mail notification and then click Proceed to ensure you are notified when I reply.
  • Please back up your personal documents and files by copying them to a location other than your system drive.
  • Please open Notepad>Format and if Word Wrap is ticked, please select it to untick it.

:excl: For the duration of this topic:
Please DO NOT run, install and/or uninstall/remove any tools/ programs other than those I suggest to you in order to avoid conflicts and/or additional problems on your system. :thumbup:


:excl: When you receive new instructions:
  • Please read the whole post before carrying out any of the instructions.
  • All our tools must be downloaded to the Desktop and launched from there (unless I specify otherwise).
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program unless I ask you to.
  • Please DO NOT plug in any external devices like USBs and Hard Drives unless I ask you to.
  • If you encounter any problems please stop and let me know.

:excl: When replying:
  • Please click the Add Reply button Posted Image so that my reply is not posted back to me. Thank you!
  • Please copy and paste your logs into your post unless I specifically ask you to attach one.
_________________________________________________________________________________________________________________________________


Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

Please include the C:\ComboFix.txt in your next reply for further review.
==========

Next, please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.


Finally, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe
http://download.blee...al/MBRCheck.exe
http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
=========

In your next post, please post the following:
  • ComboFix.txt.
  • TDSSKiller log.
  • MBRCheck log.
How is your computer running now?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#3 hylndr11

hylndr11

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 02 April 2012 - 12:16 PM

OK thanks for the quick reply - here we go !

ComboFix 12-04-01.01 - Matt 04/02/2012 12:12:16.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6091 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Install.exe
c:\programdata\C1X7BFyCZohH4R
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 16:41 . 2012-04-02 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-22 00:20 . 2012-03-22 00:20 -------- d-----w- c:\program files (x86)\Kudos Chat Search v2
2012-03-22 00:18 . 2012-03-22 00:21 -------- d-----w- c:\users\Matt\AppData\Roaming\KudosChatSearch
2012-03-22 00:18 . 2012-03-22 00:18 -------- d-----w- c:\program files (x86)\KudosChatSearchAgent
2012-03-19 14:02 . 2012-03-19 14:02 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 14:02 . 2012-03-19 14:02 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 14:02 . 2012-03-19 14:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-19 14:02 . 2012-03-19 14:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-19 14:02 . 2012-03-19 14:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\SysWow64\NV
2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\system32\NV
2012-03-10 21:05 . 2011-06-05 11:22 9832 ----a-w- c:\windows\system32\NVMUPEventMsg.dll
2012-03-10 21:01 . 2012-03-10 21:01 -------- d-----w- c:\users\UpdatusUser
2012-03-10 20:59 . 2011-08-01 04:09 1652840 ----a-w- c:\windows\system32\nvdispco6420141.dll
2012-03-10 20:59 . 2011-08-01 04:09 1398376 ----a-w- c:\windows\system32\nvgenco642061.dll
2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\windows\nvmup
2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\users\Matt\AppData\Local\Dell
2012-03-10 20:51 . 2012-03-10 20:51 -------- d-----w- c:\users\Matt\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2012-02-21 15:25 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB483A85-3094-4A95-94C0-F2457ADC0FA2}\mpengine.dll
2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 04:06 . 2012-02-21 15:16 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 10:44 . 2012-02-21 15:22 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-21 15:22 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.02.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-02 14:50 . 2012-04-02 14:50 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-04-02 16:43 . 2012-04-02 16:43 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-04-02 16:46 47492 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 16:44 . 2012-04-02 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-02 16:44 . 2012-04-02 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-02 16:43 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-02 14:50 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-30 14:38 . 2012-04-02 14:50 51390276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat
+ 2011-09-30 14:38 . 2012-04-02 16:43 51390276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [x]
R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]
R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]
R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.10
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 173.213.90.71
FF - prefs.js: network.proxy.http_port - 55555
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.txt=GetDiz.TextFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-combofix - c:\combofix\CF31767.3XE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Dell\Dell System Manager\PanelHelper32.exe
.
**************************************************************************
.
Completion time: 2012-04-02 13:04:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 17:04
.
Pre-Run: 396,490,240,000 bytes free
Post-Run: 396,437,528,576 bytes free
.
- - End Of File - - 94CFD1050708809B4D3F59DF7A8CDF58








--------------------------------------


13:08:41.0229 4356 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
13:08:41.0759 4356 ============================================================
13:08:41.0759 4356 Current date / time: 2012/04/02 13:08:41.0759
13:08:41.0759 4356 SystemInfo:
13:08:41.0759 4356
13:08:41.0759 4356 OS Version: 6.1.7601 ServicePack: 1.0
13:08:41.0759 4356 Product type: Workstation
13:08:41.0759 4356 ComputerName: MININT-AH1V0P8
13:08:41.0759 4356 UserName: Matt
13:08:41.0759 4356 Windows directory: C:\Windows
13:08:41.0759 4356 System windows directory: C:\Windows
13:08:41.0759 4356 Running under WOW64
13:08:41.0759 4356 Processor architecture: Intel x64
13:08:41.0759 4356 Number of processors: 8
13:08:41.0759 4356 Page size: 0x1000
13:08:41.0759 4356 Boot type: Normal boot
13:08:41.0759 4356 ============================================================
13:08:43.0787 4356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:08:43.0803 4356 \Device\Harddisk0\DR0:
13:08:43.0803 4356 MBR used
13:08:43.0803 4356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3882C800
13:08:43.0803 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3882D000, BlocksNum 0x1B54030
13:08:43.0865 4356 Initialize success
13:08:43.0865 4356 ============================================================
13:08:46.0002 4996 ============================================================
13:08:46.0002 4996 Scan started
13:08:46.0002 4996 Mode: Manual;
13:08:46.0002 4996 ============================================================
13:08:47.0843 4996 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
13:08:47.0843 4996 1394ohci - ok
13:08:47.0906 4996 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
13:08:47.0906 4996 Acceler - ok
13:08:47.0921 4996 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:08:47.0937 4996 ACPI - ok
13:08:47.0968 4996 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:08:47.0968 4996 AcpiPmi - ok
13:08:48.0093 4996 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:08:48.0108 4996 AdobeARMservice - ok
13:08:48.0233 4996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:08:48.0233 4996 adp94xx - ok
13:08:48.0280 4996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:08:48.0280 4996 adpahci - ok
13:08:48.0311 4996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:08:48.0311 4996 adpu320 - ok
13:08:48.0342 4996 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:08:48.0342 4996 AeLookupSvc - ok
13:08:48.0389 4996 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
13:08:48.0405 4996 AESTFilters - ok
13:08:48.0530 4996 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:08:48.0530 4996 AFD - ok
13:08:48.0576 4996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:08:48.0576 4996 agp440 - ok
13:08:48.0608 4996 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:08:48.0623 4996 ALG - ok
13:08:48.0639 4996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:08:48.0639 4996 aliide - ok
13:08:48.0654 4996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:08:48.0654 4996 amdide - ok
13:08:48.0686 4996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:08:48.0686 4996 AmdK8 - ok
13:08:48.0701 4996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:08:48.0701 4996 AmdPPM - ok
13:08:48.0717 4996 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:08:48.0717 4996 amdsata - ok
13:08:48.0732 4996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:08:48.0732 4996 amdsbs - ok
13:08:48.0748 4996 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:08:48.0748 4996 amdxata - ok
13:08:48.0795 4996 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
13:08:48.0795 4996 Andbus - ok
13:08:48.0842 4996 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
13:08:48.0842 4996 AndDiag - ok
13:08:48.0857 4996 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
13:08:48.0857 4996 AndGps - ok
13:08:48.0888 4996 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
13:08:48.0888 4996 ANDModem - ok
13:08:48.0935 4996 ApfiltrService (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:08:48.0951 4996 ApfiltrService - ok
13:08:48.0998 4996 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:08:48.0998 4996 AppID - ok
13:08:49.0029 4996 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:08:49.0029 4996 AppIDSvc - ok
13:08:49.0044 4996 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:08:49.0044 4996 Appinfo - ok
13:08:49.0122 4996 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:08:49.0122 4996 Apple Mobile Device - ok
13:08:49.0185 4996 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:08:49.0216 4996 AppMgmt - ok
13:08:49.0247 4996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:08:49.0247 4996 arc - ok
13:08:49.0263 4996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:08:49.0263 4996 arcsas - ok
13:08:49.0356 4996 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:08:49.0372 4996 aspnet_state - ok
13:08:49.0434 4996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:08:49.0434 4996 AsyncMac - ok
13:08:49.0497 4996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:08:49.0497 4996 atapi - ok
13:08:49.0559 4996 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:08:49.0559 4996 AudioEndpointBuilder - ok
13:08:49.0575 4996 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:08:49.0575 4996 AudioSrv - ok
13:08:49.0606 4996 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:08:49.0606 4996 AxInstSV - ok
13:08:49.0684 4996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:08:49.0684 4996 b06bdrv - ok
13:08:49.0715 4996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:08:49.0715 4996 b57nd60a - ok
13:08:49.0793 4996 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:08:49.0809 4996 BDESVC - ok
13:08:49.0824 4996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:08:49.0824 4996 Beep - ok
13:08:49.0887 4996 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:08:49.0902 4996 BFE - ok
13:08:49.0934 4996 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:08:49.0949 4996 BITS - ok
13:08:49.0965 4996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:08:49.0965 4996 blbdrive - ok
13:08:50.0027 4996 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:08:50.0043 4996 Bonjour Service - ok
13:08:50.0136 4996 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:08:50.0136 4996 bowser - ok
13:08:50.0183 4996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:08:50.0183 4996 BrFiltLo - ok
13:08:50.0214 4996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:08:50.0214 4996 BrFiltUp - ok
13:08:50.0246 4996 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:08:50.0246 4996 BridgeMP - ok
13:08:50.0292 4996 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:08:50.0292 4996 Browser - ok
13:08:50.0355 4996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:08:50.0355 4996 Brserid - ok
13:08:50.0402 4996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:08:50.0402 4996 BrSerWdm - ok
13:08:50.0417 4996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:08:50.0417 4996 BrUsbMdm - ok
13:08:50.0433 4996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:08:50.0433 4996 BrUsbSer - ok
13:08:50.0464 4996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:08:50.0464 4996 BTHMODEM - ok
13:08:50.0495 4996 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:08:50.0511 4996 bthserv - ok
13:08:50.0667 4996 catchme - ok
13:08:50.0776 4996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:08:50.0776 4996 cdfs - ok
13:08:50.0807 4996 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:08:50.0823 4996 cdrom - ok
13:08:50.0870 4996 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:08:50.0870 4996 CertPropSvc - ok
13:08:50.0885 4996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:08:50.0885 4996 circlass - ok
13:08:50.0916 4996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:08:50.0916 4996 CLFS - ok
13:08:51.0026 4996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:08:51.0041 4996 clr_optimization_v2.0.50727_32 - ok
13:08:51.0072 4996 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:08:51.0088 4996 clr_optimization_v2.0.50727_64 - ok
13:08:51.0135 4996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:08:51.0150 4996 clr_optimization_v4.0.30319_32 - ok
13:08:51.0166 4996 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:08:51.0166 4996 clr_optimization_v4.0.30319_64 - ok
13:08:51.0228 4996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:08:51.0228 4996 CmBatt - ok
13:08:51.0244 4996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:08:51.0244 4996 cmdide - ok
13:08:51.0306 4996 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:08:51.0306 4996 CNG - ok
13:08:51.0353 4996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:08:51.0369 4996 Compbatt - ok
13:08:51.0400 4996 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:08:51.0400 4996 CompositeBus - ok
13:08:51.0431 4996 COMSysApp - ok
13:08:51.0447 4996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:08:51.0447 4996 crcdisk - ok
13:08:51.0525 4996 Credential Vault Host Control Service (6e163faaf624a03a88dfd92e607de6e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
13:08:51.0556 4996 Credential Vault Host Control Service - ok
13:08:51.0587 4996 Credential Vault Host Storage (8884b4d345ddb029f43ad2e7add54a30) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
13:08:51.0603 4996 Credential Vault Host Storage - ok
13:08:51.0665 4996 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:08:51.0665 4996 CryptSvc - ok
13:08:51.0728 4996 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:08:51.0728 4996 CSC - ok
13:08:51.0759 4996 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:08:51.0774 4996 CscService - ok
13:08:51.0852 4996 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:08:51.0852 4996 CtClsFlt - ok
13:08:51.0946 4996 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:08:51.0962 4996 cvhsvc - ok
13:08:52.0055 4996 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
13:08:52.0055 4996 cvusbdrv - ok
13:08:52.0118 4996 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:08:52.0118 4996 DcomLaunch - ok
13:08:52.0180 4996 dcpsysmgrsvc (3562c84415080b8b0c4d695a43372e3e) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
13:08:52.0196 4996 dcpsysmgrsvc - ok
13:08:52.0211 4996 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:08:52.0227 4996 defragsvc - ok
13:08:52.0289 4996 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:08:52.0289 4996 DfsC - ok
13:08:52.0336 4996 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:08:52.0336 4996 Dhcp - ok
13:08:52.0367 4996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:08:52.0367 4996 discache - ok
13:08:52.0414 4996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:08:52.0414 4996 Disk - ok
13:08:52.0445 4996 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:08:52.0445 4996 dmvsc - ok
13:08:52.0476 4996 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:08:52.0492 4996 Dnscache - ok
13:08:52.0508 4996 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:08:52.0523 4996 dot3svc - ok
13:08:52.0554 4996 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:08:52.0554 4996 DPS - ok
13:08:52.0617 4996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:08:52.0617 4996 drmkaud - ok
13:08:52.0664 4996 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:08:52.0664 4996 DXGKrnl - ok
13:08:52.0710 4996 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
13:08:52.0710 4996 e1cexpress - ok
13:08:52.0757 4996 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:08:52.0773 4996 EapHost - ok
13:08:52.0851 4996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:08:52.0913 4996 ebdrv - ok
13:08:52.0991 4996 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:08:52.0991 4996 EFS - ok
13:08:53.0038 4996 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:08:53.0069 4996 ehRecvr - ok
13:08:53.0085 4996 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:08:53.0100 4996 ehSched - ok
13:08:53.0147 4996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:08:53.0147 4996 elxstor - ok
13:08:53.0163 4996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:08:53.0178 4996 ErrDev - ok
13:08:53.0210 4996 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:08:53.0210 4996 EventSystem - ok
13:08:53.0272 4996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:08:53.0272 4996 exfat - ok
13:08:53.0303 4996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:08:53.0303 4996 fastfat - ok
13:08:53.0350 4996 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:08:53.0366 4996 Fax - ok
13:08:53.0381 4996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:08:53.0381 4996 fdc - ok
13:08:53.0412 4996 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:08:53.0428 4996 fdPHost - ok
13:08:53.0444 4996 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:08:53.0444 4996 FDResPub - ok
13:08:53.0459 4996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:08:53.0459 4996 FileInfo - ok
13:08:53.0475 4996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:08:53.0475 4996 Filetrace - ok
13:08:53.0522 4996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:08:53.0522 4996 flpydisk - ok
13:08:53.0553 4996 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:08:53.0553 4996 FltMgr - ok
13:08:53.0584 4996 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:08:53.0600 4996 FontCache - ok
13:08:53.0646 4996 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:08:53.0662 4996 FontCache3.0.0.0 - ok
13:08:53.0693 4996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:08:53.0693 4996 FsDepends - ok
13:08:53.0724 4996 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:08:53.0740 4996 Fs_Rec - ok
13:08:53.0787 4996 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:08:53.0787 4996 fvevol - ok
13:08:53.0802 4996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:08:53.0802 4996 gagp30kx - ok
13:08:53.0865 4996 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:08:53.0865 4996 GEARAspiWDM - ok
13:08:53.0912 4996 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:08:53.0927 4996 gpsvc - ok
13:08:53.0958 4996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:08:53.0958 4996 hcw85cir - ok
13:08:54.0005 4996 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:08:54.0005 4996 HDAudBus - ok
13:08:54.0021 4996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:08:54.0021 4996 HidBatt - ok
13:08:54.0052 4996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:08:54.0052 4996 HidBth - ok
13:08:54.0068 4996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:08:54.0068 4996 HidIr - ok
13:08:54.0083 4996 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:08:54.0099 4996 hidserv - ok
13:08:54.0146 4996 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:08:54.0146 4996 HidUsb - ok
13:08:54.0177 4996 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:08:54.0192 4996 hkmsvc - ok
13:08:54.0208 4996 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:08:54.0224 4996 HomeGroupListener - ok
13:08:54.0255 4996 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:08:54.0255 4996 HomeGroupProvider - ok
13:08:54.0302 4996 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:08:54.0302 4996 HpSAMD - ok
13:08:54.0333 4996 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:08:54.0348 4996 HTTP - ok
13:08:54.0380 4996 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:08:54.0380 4996 hwpolicy - ok
13:08:54.0426 4996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:08:54.0426 4996 i8042prt - ok
13:08:54.0473 4996 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:08:54.0473 4996 iaStorV - ok
13:08:54.0536 4996 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:08:54.0567 4996 idsvc - ok
13:08:54.0785 4996 igfx (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:08:54.0972 4996 igfx - ok
13:08:55.0082 4996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:08:55.0082 4996 iirsp - ok
13:08:55.0128 4996 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:08:55.0160 4996 IKEEXT - ok
13:08:55.0206 4996 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
13:08:55.0206 4996 Impcd - ok
13:08:55.0222 4996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:08:55.0222 4996 intelide - ok
13:08:55.0269 4996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:08:55.0269 4996 intelppm - ok
13:08:55.0300 4996 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:08:55.0316 4996 IPBusEnum - ok
13:08:55.0331 4996 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:08:55.0331 4996 IpFilterDriver - ok
13:08:55.0362 4996 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:08:55.0362 4996 iphlpsvc - ok
13:08:55.0378 4996 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:08:55.0394 4996 IPMIDRV - ok
13:08:55.0409 4996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:08:55.0409 4996 IPNAT - ok
13:08:55.0503 4996 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
13:08:55.0518 4996 iPod Service - ok
13:08:55.0628 4996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:08:55.0628 4996 IRENUM - ok
13:08:55.0659 4996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:08:55.0659 4996 isapnp - ok
13:08:55.0690 4996 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:08:55.0706 4996 iScsiPrt - ok
13:08:55.0737 4996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:08:55.0737 4996 kbdclass - ok
13:08:55.0784 4996 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:08:55.0784 4996 kbdhid - ok
13:08:55.0815 4996 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:08:55.0815 4996 KeyIso - ok
13:08:55.0830 4996 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:08:55.0830 4996 KSecDD - ok
13:08:55.0862 4996 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:08:55.0862 4996 KSecPkg - ok
13:08:55.0908 4996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:08:55.0908 4996 ksthunk - ok
13:08:55.0940 4996 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:08:55.0955 4996 KtmRm - ok
13:08:56.0298 4996 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:08:56.0298 4996 LanmanServer - ok
13:08:56.0439 4996 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:08:56.0454 4996 LanmanWorkstation - ok
13:08:56.0517 4996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:08:56.0517 4996 lltdio - ok
13:08:56.0548 4996 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:08:56.0564 4996 lltdsvc - ok
13:08:56.0579 4996 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:08:56.0579 4996 lmhosts - ok
13:08:56.0626 4996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:08:56.0626 4996 LSI_FC - ok
13:08:56.0642 4996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:08:56.0642 4996 LSI_SAS - ok
13:08:56.0657 4996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:08:56.0673 4996 LSI_SAS2 - ok
13:08:56.0688 4996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:08:56.0688 4996 LSI_SCSI - ok
13:08:56.0735 4996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:08:56.0735 4996 luafv - ok
13:08:56.0782 4996 MBAMProtector - ok
13:08:56.0844 4996 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:08:56.0891 4996 MBAMService - ok
13:08:56.0938 4996 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:08:56.0954 4996 Mcx2Svc - ok
13:08:56.0969 4996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:08:56.0985 4996 megasas - ok
13:08:57.0016 4996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:08:57.0016 4996 MegaSR - ok
13:08:57.0063 4996 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:08:57.0063 4996 MEIx64 - ok
13:08:57.0094 4996 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:08:57.0094 4996 MMCSS - ok
13:08:57.0125 4996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:08:57.0125 4996 Modem - ok
13:08:57.0156 4996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:08:57.0156 4996 monitor - ok
13:08:57.0203 4996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:08:57.0203 4996 mouclass - ok
13:08:57.0219 4996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:08:57.0219 4996 mouhid - ok
13:08:57.0266 4996 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:08:57.0266 4996 mountmgr - ok
13:08:57.0297 4996 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:08:57.0297 4996 mpio - ok
13:08:57.0312 4996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:08:57.0312 4996 mpsdrv - ok
13:08:57.0359 4996 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:08:57.0375 4996 MpsSvc - ok
13:08:57.0390 4996 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:08:57.0390 4996 MRxDAV - ok
13:08:57.0422 4996 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:08:57.0422 4996 mrxsmb - ok
13:08:57.0453 4996 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:08:57.0453 4996 mrxsmb10 - ok
13:08:57.0484 4996 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:08:57.0484 4996 mrxsmb20 - ok
13:08:57.0515 4996 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:08:57.0515 4996 msahci - ok
13:08:57.0546 4996 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:08:57.0546 4996 msdsm - ok
13:08:57.0562 4996 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:08:57.0578 4996 MSDTC - ok
13:08:57.0624 4996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:08:57.0624 4996 Msfs - ok
13:08:57.0656 4996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:08:57.0656 4996 mshidkmdf - ok
13:08:57.0687 4996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:08:57.0687 4996 msisadrv - ok
13:08:57.0718 4996 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:08:57.0734 4996 MSiSCSI - ok
13:08:57.0734 4996 msiserver - ok
13:08:57.0796 4996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:08:57.0796 4996 MSKSSRV - ok
13:08:57.0812 4996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:08:57.0812 4996 MSPCLOCK - ok
13:08:57.0827 4996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:08:57.0827 4996 MSPQM - ok
13:08:57.0858 4996 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:08:57.0858 4996 MsRPC - ok
13:08:57.0874 4996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:08:57.0874 4996 mssmbios - ok
13:08:57.0905 4996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:08:57.0905 4996 MSTEE - ok
13:08:57.0921 4996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:08:57.0921 4996 MTConfig - ok
13:08:57.0936 4996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:08:57.0936 4996 Mup - ok
13:08:57.0983 4996 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:08:57.0983 4996 napagent - ok
13:08:58.0046 4996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:08:58.0046 4996 NativeWifiP - ok
13:08:58.0108 4996 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:08:58.0108 4996 NDIS - ok
13:08:58.0124 4996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:08:58.0124 4996 NdisCap - ok
13:08:58.0170 4996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:08:58.0170 4996 NdisTapi - ok
13:08:58.0202 4996 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:08:58.0202 4996 Ndisuio - ok
13:08:58.0233 4996 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:08:58.0233 4996 NdisWan - ok
13:08:58.0248 4996 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:08:58.0248 4996 NDProxy - ok
13:08:58.0264 4996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:08:58.0264 4996 NetBIOS - ok
13:08:58.0295 4996 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:08:58.0295 4996 NetBT - ok
13:08:58.0326 4996 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:08:58.0326 4996 Netlogon - ok
13:08:58.0358 4996 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:08:58.0373 4996 Netman - ok
13:08:58.0436 4996 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:58.0451 4996 NetMsmqActivator - ok
13:08:58.0467 4996 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:58.0467 4996 NetPipeActivator - ok
13:08:58.0498 4996 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:08:58.0498 4996 netprofm - ok
13:08:58.0514 4996 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:58.0514 4996 NetTcpActivator - ok
13:08:58.0514 4996 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:58.0514 4996 NetTcpPortSharing - ok
13:08:58.0701 4996 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
13:08:58.0810 4996 NETwNs64 - ok
13:08:58.0904 4996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:08:58.0904 4996 nfrd960 - ok
13:08:58.0950 4996 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:08:58.0950 4996 NlaSvc - ok
13:08:58.0966 4996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:08:58.0966 4996 Npfs - ok
13:08:58.0997 4996 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:08:59.0013 4996 nsi - ok
13:08:59.0028 4996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:08:59.0028 4996 nsiproxy - ok
13:08:59.0075 4996 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:08:59.0091 4996 Ntfs - ok
13:08:59.0200 4996 ntrtscan (4e6e6be52ef05e666cc7d6d99c2c426a) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
13:08:59.0231 4996 ntrtscan - ok
13:08:59.0309 4996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:08:59.0309 4996 Null - ok
13:08:59.0356 4996 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\drivers\nusb3hub.sys
13:08:59.0356 4996 nusb3hub - ok
13:08:59.0387 4996 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\drivers\nusb3xhc.sys
13:08:59.0387 4996 nusb3xhc - ok
13:08:59.0434 4996 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
13:08:59.0434 4996 NVHDA - ok
13:08:59.0481 4996 nvkflt - ok
13:08:59.0699 4996 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:08:59.0777 4996 nvlddmkm - ok
13:08:59.0824 4996 nvpciflt (4b9c0c2

#4 hylndr11

hylndr11

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 02 April 2012 - 12:22 PM

Computer is running the same pretty much - browser still hijacked sending me to online yellow pages etc. - I can type in direct sites in the url bar but not when I click on links - etc.

#5 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 03 April 2012 - 12:24 AM

Hello hylndr11. :)

Thank you for posting the requested logs. :thumbup:

Please run the below scans to see if we can find the cause of your email intrusion.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.


Please download to the Desktop RogueKiller (by tigzy).
  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.
==========

Next, please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    DDS::
    uInternet Settings,ProxyOverride = *.local

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    Posted Image
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.


Please post the ComboFix.txt in your next reply.
==========

Then, once you done all of the above, please re-run TDSSKiller.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip. Click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.


After you have run TDSSKiller, please re-run MBRCheck and post its log in your next post as well.
==========

In your next post I would like to see the following please:
  • ComboFix.txt.
  • TDSSKiller log.
  • MBRCheck log.
Are the redirects still occurring?

Edited by The Dark Knight, 03 April 2012 - 12:32 AM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#6 hylndr11

hylndr11

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 04 April 2012 - 08:42 PM

OK here we go................here is what happened, when I got to tddskiller - I could not get it to run, I ran tdsfix and it found a MBAR? then removed it, ran tdsskiller at that point and found nothing, also then ran MBRcheck and now it found mbr as well, but redirects seem to have been fixed so far, where do you think we are at??

ROKiller

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Matt [Admin rights]
Mode: Scan -- Date: 04/03/2012 16:29:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500423AS +++++
--- User ---
[MBR] 499a037b06e6d4eb68ad855b6217ef50
[BSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] d6e799130f0e2b7d8505a5f2ac618a39
[BSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976771072 | Size: 1 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] d6e799130f0e2b7d8505a5f2ac618a39
[BSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976771072 | Size: 1 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt






------




ComboFix 12-04-01.01 - Matt 04/03/2012 16:42:26.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5958 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFscript.txt
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 21:11 . 2012-04-03 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-22 00:20 . 2012-03-22 00:20 -------- d-----w- c:\program files (x86)\Kudos Chat Search v2
2012-03-22 00:18 . 2012-03-22 00:21 -------- d-----w- c:\users\Matt\AppData\Roaming\KudosChatSearch
2012-03-22 00:18 . 2012-03-22 00:18 -------- d-----w- c:\program files (x86)\KudosChatSearchAgent
2012-03-19 14:02 . 2012-03-19 14:02 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 14:02 . 2012-03-19 14:02 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 14:02 . 2012-03-19 14:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-19 14:02 . 2012-03-19 14:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-19 14:02 . 2012-03-19 14:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\SysWow64\NV
2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\system32\NV
2012-03-10 21:05 . 2011-06-05 11:22 9832 ----a-w- c:\windows\system32\NVMUPEventMsg.dll
2012-03-10 21:01 . 2012-03-10 21:01 -------- d-----w- c:\users\UpdatusUser
2012-03-10 20:59 . 2011-08-01 04:09 1652840 ----a-w- c:\windows\system32\nvdispco6420141.dll
2012-03-10 20:59 . 2011-08-01 04:09 1398376 ----a-w- c:\windows\system32\nvgenco642061.dll
2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\windows\nvmup
2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\users\Matt\AppData\Local\Dell
2012-03-10 20:51 . 2012-03-10 20:51 -------- d-----w- c:\users\Matt\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2012-02-21 15:25 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB483A85-3094-4A95-94C0-F2457ADC0FA2}\mpengine.dll
2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 04:06 . 2012-02-21 15:16 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.02.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 21:13 . 2012-04-03 21:13 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-02 14:50 . 2012-04-02 14:50 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-04-03 13:58 47572 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-09-30 13:08 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 13:08 . 2012-04-02 17:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 13:08 . 2012-04-02 17:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-30 13:08 . 2012-04-01 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 17:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 21:14 . 2012-04-03 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 21:14 . 2012-04-03 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-30 17:56 . 2012-04-03 19:40 245924 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-04-02 14:50 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-03 21:13 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-30 14:38 . 2012-04-03 21:13 51528338 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [x]
R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]
R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]
R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.10
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 173.213.90.71
FF - prefs.js: network.proxy.http_port - 55555
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Dell\Dell System Manager\PanelHelper32.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\bspatch.exe
.
**************************************************************************
.
Completion time: 2012-04-03 17:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 21:34
ComboFix2.txt 2012-04-02 17:05
.
Pre-Run: 396,076,597,248 bytes free
Post-Run: 396,240,576,512 bytes free
.
- - End Of File - - 97E3981D7D5F58F28E9C6C4ADDFAF216



--------



21:31:09.0009 4492 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
21:31:09.0509 4492 ============================================================
21:31:09.0509 4492 Current date / time: 2012/04/04 21:31:09.0509
21:31:09.0509 4492 SystemInfo:
21:31:09.0509 4492
21:31:09.0509 4492 OS Version: 6.1.7601 ServicePack: 1.0
21:31:09.0509 4492 Product type: Workstation
21:31:09.0509 4492 ComputerName: MININT-AH1V0P8
21:31:09.0509 4492 UserName: Matt
21:31:09.0509 4492 Windows directory: C:\Windows
21:31:09.0509 4492 System windows directory: C:\Windows
21:31:09.0509 4492 Running under WOW64
21:31:09.0509 4492 Processor architecture: Intel x64
21:31:09.0509 4492 Number of processors: 8
21:31:09.0509 4492 Page size: 0x1000
21:31:09.0509 4492 Boot type: Normal boot
21:31:09.0509 4492 ============================================================
21:31:12.0426 4492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:12.0441 4492 \Device\Harddisk0\DR0:
21:31:12.0441 4492 MBR used
21:31:12.0441 4492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3882C800
21:31:12.0441 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3882D000, BlocksNum 0x1B54030
21:31:12.0504 4492 Initialize success
21:31:12.0504 4492 ============================================================
21:31:14.0235 4240 ============================================================
21:31:14.0235 4240 Scan started
21:31:14.0235 4240 Mode: Manual;
21:31:14.0235 4240 ============================================================
21:31:16.0763 4240 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:31:16.0763 4240 1394ohci - ok
21:31:16.0810 4240 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
21:31:16.0825 4240 Acceler - ok
21:31:16.0841 4240 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:31:16.0841 4240 ACPI - ok
21:31:16.0872 4240 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:31:16.0888 4240 AcpiPmi - ok
21:31:16.0997 4240 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:31:17.0012 4240 AdobeARMservice - ok
21:31:17.0090 4240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:31:17.0106 4240 adp94xx - ok
21:31:17.0153 4240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:31:17.0168 4240 adpahci - ok
21:31:17.0184 4240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:31:17.0200 4240 adpu320 - ok
21:31:17.0231 4240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:31:17.0231 4240 AeLookupSvc - ok
21:31:17.0293 4240 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
21:31:17.0293 4240 AESTFilters - ok
21:31:17.0371 4240 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:31:17.0387 4240 AFD - ok
21:31:17.0418 4240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:31:17.0434 4240 agp440 - ok
21:31:17.0465 4240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:31:17.0465 4240 ALG - ok
21:31:17.0496 4240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:31:17.0512 4240 aliide - ok
21:31:17.0527 4240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:31:17.0527 4240 amdide - ok
21:31:17.0543 4240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:31:17.0558 4240 AmdK8 - ok
21:31:17.0574 4240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:31:17.0574 4240 AmdPPM - ok
21:31:17.0605 4240 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:31:17.0621 4240 amdsata - ok
21:31:17.0636 4240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:31:17.0652 4240 amdsbs - ok
21:31:17.0668 4240 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:31:17.0683 4240 amdxata - ok
21:31:17.0730 4240 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
21:31:17.0746 4240 Andbus - ok
21:31:17.0777 4240 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
21:31:17.0792 4240 AndDiag - ok
21:31:17.0824 4240 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
21:31:17.0839 4240 AndGps - ok
21:31:17.0855 4240 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
21:31:17.0870 4240 ANDModem - ok
21:31:17.0917 4240 ApfiltrService (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:31:17.0917 4240 ApfiltrService - ok
21:31:17.0964 4240 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:31:17.0980 4240 AppID - ok
21:31:18.0011 4240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:31:18.0011 4240 AppIDSvc - ok
21:31:18.0042 4240 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:31:18.0042 4240 Appinfo - ok
21:31:18.0104 4240 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:31:18.0120 4240 Apple Mobile Device - ok
21:31:18.0182 4240 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:31:18.0198 4240 AppMgmt - ok
21:31:18.0229 4240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:31:18.0245 4240 arc - ok
21:31:18.0260 4240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:31:18.0276 4240 arcsas - ok
21:31:18.0354 4240 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:31:18.0385 4240 aspnet_state - ok
21:31:18.0401 4240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:18.0416 4240 AsyncMac - ok
21:31:18.0463 4240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:31:18.0463 4240 atapi - ok
21:31:18.0510 4240 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:31:18.0526 4240 AudioEndpointBuilder - ok
21:31:18.0541 4240 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:31:18.0541 4240 AudioSrv - ok
21:31:18.0572 4240 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:31:18.0572 4240 AxInstSV - ok
21:31:18.0604 4240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:31:18.0635 4240 b06bdrv - ok
21:31:18.0650 4240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:31:18.0666 4240 b57nd60a - ok
21:31:18.0713 4240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:31:18.0713 4240 BDESVC - ok
21:31:18.0744 4240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:31:18.0760 4240 Beep - ok
21:31:18.0806 4240 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:31:18.0822 4240 BFE - ok
21:31:18.0853 4240 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:31:18.0884 4240 BITS - ok
21:31:18.0916 4240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:31:18.0931 4240 blbdrive - ok
21:31:19.0009 4240 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:31:19.0025 4240 Bonjour Service - ok
21:31:19.0056 4240 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:31:19.0072 4240 bowser - ok
21:31:19.0087 4240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:31:19.0103 4240 BrFiltLo - ok
21:31:19.0118 4240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:31:19.0118 4240 BrFiltUp - ok
21:31:19.0165 4240 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:31:19.0165 4240 BridgeMP - ok
21:31:19.0212 4240 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:31:19.0228 4240 Browser - ok
21:31:19.0259 4240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:31:19.0274 4240 Brserid - ok
21:31:19.0306 4240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:31:19.0321 4240 BrSerWdm - ok
21:31:19.0337 4240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:31:19.0337 4240 BrUsbMdm - ok
21:31:19.0368 4240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:31:19.0368 4240 BrUsbSer - ok
21:31:19.0399 4240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:31:19.0415 4240 BTHMODEM - ok
21:31:19.0430 4240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:31:19.0446 4240 bthserv - ok
21:31:19.0508 4240 catchme - ok
21:31:19.0540 4240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:31:19.0555 4240 cdfs - ok
21:31:19.0586 4240 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:31:19.0602 4240 cdrom - ok
21:31:19.0633 4240 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:31:19.0633 4240 CertPropSvc - ok
21:31:19.0664 4240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:31:19.0664 4240 circlass - ok
21:31:19.0696 4240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:31:19.0711 4240 CLFS - ok
21:31:19.0758 4240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:19.0774 4240 clr_optimization_v2.0.50727_32 - ok
21:31:19.0805 4240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:19.0820 4240 clr_optimization_v2.0.50727_64 - ok
21:31:19.0867 4240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:19.0945 4240 clr_optimization_v4.0.30319_32 - ok
21:31:19.0961 4240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:31:19.0992 4240 clr_optimization_v4.0.30319_64 - ok
21:31:20.0039 4240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:20.0039 4240 CmBatt - ok
21:31:20.0070 4240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:31:20.0086 4240 cmdide - ok
21:31:20.0132 4240 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:31:20.0164 4240 CNG - ok
21:31:20.0210 4240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:31:20.0210 4240 Compbatt - ok
21:31:20.0242 4240 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:31:20.0242 4240 CompositeBus - ok
21:31:20.0273 4240 COMSysApp - ok
21:31:20.0288 4240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:31:20.0288 4240 crcdisk - ok
21:31:20.0366 4240 Credential Vault Host Control Service (6e163faaf624a03a88dfd92e607de6e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
21:31:20.0366 4240 Credential Vault Host Control Service - ok
21:31:20.0398 4240 Credential Vault Host Storage (8884b4d345ddb029f43ad2e7add54a30) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
21:31:20.0398 4240 Credential Vault Host Storage - ok
21:31:20.0460 4240 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:31:20.0476 4240 CryptSvc - ok
21:31:20.0522 4240 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:31:20.0538 4240 CSC - ok
21:31:20.0569 4240 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:31:20.0585 4240 CscService - ok
21:31:20.0647 4240 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:31:20.0647 4240 CtClsFlt - ok
21:31:20.0741 4240 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:31:20.0741 4240 cvhsvc - ok
21:31:20.0772 4240 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
21:31:20.0772 4240 cvusbdrv - ok
21:31:20.0819 4240 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:31:20.0834 4240 DcomLaunch - ok
21:31:20.0881 4240 dcpsysmgrsvc (3562c84415080b8b0c4d695a43372e3e) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
21:31:20.0897 4240 dcpsysmgrsvc - ok
21:31:20.0928 4240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:31:20.0944 4240 defragsvc - ok
21:31:20.0975 4240 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:31:20.0990 4240 DfsC - ok
21:31:21.0022 4240 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:31:21.0037 4240 Dhcp - ok
21:31:21.0053 4240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:31:21.0068 4240 discache - ok
21:31:21.0115 4240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:31:21.0115 4240 Disk - ok
21:31:21.0146 4240 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:31:21.0162 4240 dmvsc - ok
21:31:21.0178 4240 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:31:21.0193 4240 Dnscache - ok
21:31:21.0209 4240 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:31:21.0224 4240 dot3svc - ok
21:31:21.0240 4240 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:31:21.0256 4240 DPS - ok
21:31:21.0287 4240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:31:21.0302 4240 drmkaud - ok
21:31:21.0349 4240 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:21.0365 4240 DXGKrnl - ok
21:31:21.0396 4240 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
21:31:21.0412 4240 e1cexpress - ok
21:31:21.0443 4240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:31:21.0443 4240 EapHost - ok
21:31:21.0536 4240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:31:21.0646 4240 ebdrv - ok
21:31:21.0692 4240 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:31:21.0692 4240 EFS - ok
21:31:21.0739 4240 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:31:21.0770 4240 ehRecvr - ok
21:31:21.0786 4240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:31:21.0786 4240 ehSched - ok
21:31:21.0833 4240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:31:21.0864 4240 elxstor - ok
21:31:21.0880 4240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:31:21.0895 4240 ErrDev - ok
21:31:21.0926 4240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:31:21.0926 4240 EventSystem - ok
21:31:21.0958 4240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:31:21.0973 4240 exfat - ok
21:31:21.0989 4240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:31:22.0004 4240 fastfat - ok
21:31:22.0067 4240 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:31:22.0067 4240 Fax - ok
21:31:22.0082 4240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:31:22.0098 4240 fdc - ok
21:31:22.0129 4240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:31:22.0129 4240 fdPHost - ok
21:31:22.0145 4240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:31:22.0160 4240 FDResPub - ok
21:31:22.0192 4240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:31:22.0192 4240 FileInfo - ok
21:31:22.0207 4240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:31:22.0223 4240 Filetrace - ok
21:31:22.0238 4240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:31:22.0238 4240 flpydisk - ok
21:31:22.0270 4240 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:31:22.0285 4240 FltMgr - ok
21:31:22.0316 4240 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:31:22.0363 4240 FontCache - ok
21:31:22.0426 4240 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:31:22.0441 4240 FontCache3.0.0.0 - ok
21:31:22.0472 4240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:31:22.0472 4240 FsDepends - ok
21:31:22.0504 4240 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:22.0519 4240 Fs_Rec - ok
21:31:22.0550 4240 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:31:22.0566 4240 fvevol - ok
21:31:22.0597 4240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:31:22.0613 4240 gagp30kx - ok
21:31:22.0644 4240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:31:22.0660 4240 GEARAspiWDM - ok
21:31:22.0691 4240 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:31:22.0706 4240 gpsvc - ok
21:31:22.0738 4240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:31:22.0738 4240 hcw85cir - ok
21:31:22.0769 4240 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:22.0769 4240 HDAudBus - ok
21:31:22.0784 4240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:31:22.0800 4240 HidBatt - ok
21:31:22.0816 4240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:31:22.0831 4240 HidBth - ok
21:31:22.0847 4240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:31:22.0862 4240 HidIr - ok
21:31:22.0878 4240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:31:22.0894 4240 hidserv - ok
21:31:22.0925 4240 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:22.0925 4240 HidUsb - ok
21:31:22.0956 4240 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:31:22.0956 4240 hkmsvc - ok
21:31:23.0003 4240 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:31:23.0018 4240 HomeGroupListener - ok
21:31:23.0050 4240 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:31:23.0050 4240 HomeGroupProvider - ok
21:31:23.0096 4240 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:31:23.0096 4240 HpSAMD - ok
21:31:23.0143 4240 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:31:23.0174 4240 HTTP - ok
21:31:23.0190 4240 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:31:23.0190 4240 hwpolicy - ok
21:31:23.0237 4240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:23.0252 4240 i8042prt - ok
21:31:23.0284 4240 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:31:23.0284 4240 iaStorV - ok
21:31:23.0362 4240 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:31:23.0377 4240 idsvc - ok
21:31:23.0596 4240 igfx (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:31:23.0845 4240 igfx - ok
21:31:23.0923 4240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:31:23.0939 4240 iirsp - ok
21:31:23.0970 4240 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:31:24.0001 4240 IKEEXT - ok
21:31:24.0048 4240 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
21:31:24.0064 4240 Impcd - ok
21:31:24.0079 4240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:31:24.0095 4240 intelide - ok
21:31:24.0126 4240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:24.0126 4240 intelppm - ok
21:31:24.0157 4240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:31:24.0157 4240 IPBusEnum - ok
21:31:24.0188 4240 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:24.0204 4240 IpFilterDriver - ok
21:31:24.0251 4240 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:31:24.0266 4240 iphlpsvc - ok
21:31:24.0282 4240 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:31:24.0298 4240 IPMIDRV - ok
21:31:24.0313 4240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:31:24.0329 4240 IPNAT - ok
21:31:24.0391 4240 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
21:31:24.0438 4240 iPod Service - ok
21:31:24.0454 4240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:31:24.0469 4240 IRENUM - ok
21:31:24.0500 4240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:31:24.0516 4240 isapnp - ok
21:31:24.0547 4240 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:31:24.0563 4240 iScsiPrt - ok
21:31:24.0578 4240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:24.0578 4240 kbdclass - ok
21:31:24.0594 4240 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:31:24.0610 4240 kbdhid - ok
21:31:24.0656 4240 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:24.0656 4240 KeyIso - ok
21:31:24.0672 4240 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:31:24.0688 4240 KSecDD - ok
21:31:24.0703 4240 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:31:24.0719 4240 KSecPkg - ok
21:31:24.0734 4240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:31:24.0750 4240 ksthunk - ok
21:31:24.0781 4240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:31:24.0797 4240 KtmRm - ok
21:31:24.0844 4240 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:31:24.0844 4240 LanmanServer - ok
21:31:24.0875 4240 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:31:24.0875 4240 LanmanWorkstation - ok
21:31:24.0937 4240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:24.0937 4240 lltdio - ok
21:31:24.0968 4240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:31:24.0984 4240 lltdsvc - ok
21:31:25.0015 4240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:31:25.0031 4240 lmhosts - ok
21:31:25.0046 4240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:31:25.0062 4240 LSI_FC - ok
21:31:25.0078 4240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:31:25.0093 4240 LSI_SAS - ok
21:31:25.0109 4240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:31:25.0124 4240 LSI_SAS2 - ok
21:31:25.0140 4240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:25.0156 4240 LSI_SCSI - ok
21:31:25.0171 4240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:31:25.0187 4240 luafv - ok
21:31:25.0234 4240 MBAMProtector - ok
21:31:25.0280 4240 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:31:25.0343 4240 MBAMService - ok
21:31:25.0374 4240 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:31:25.0390 4240 Mcx2Svc - ok
21:31:25.0421 4240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:31:25.0421 4240 megasas - ok
21:31:25.0452 4240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:31:25.0468 4240 MegaSR - ok
21:31:25.0499 4240 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:31:25.0514 4240 MEIx64 - ok
21:31:25.0546 4240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:31:25.0546 4240 MMCSS - ok
21:31:25.0561 4240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:31:25.0577 4240 Modem - ok
21:31:25.0608 4240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:31:25.0608 4240 monitor - ok
21:31:25.0624 4240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:25.0639 4240 mouclass - ok
21:31:25.0655 4240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:25.0670 4240 mouhid - ok
21:31:25.0686 4240 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:31:25.0702 4240 mountmgr - ok
21:31:25.0717 4240 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:31:25.0733 4240 mpio - ok
21:31:25.0748 4240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:31:25.0764 4240 mpsdrv - ok
21:31:25.0795 4240 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:31:25.0811 4240 MpsSvc - ok
21:31:25.0826 4240 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:31:25.0842 4240 MRxDAV - ok
21:31:25.0873 4240 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:25.0889 4240 mrxsmb - ok
21:31:25.0920 4240 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:25.0936 4240 mrxsmb10 - ok
21:31:25.0951 4240 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:25.0967 4240 mrxsmb20 - ok
21:31:25.0998 4240 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:31:25.0998 4240 msahci - ok
21:31:26.0029 4240 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:31:26.0029 4240 msdsm - ok
21:31:26.0060 4240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:31:26.0076 4240 MSDTC - ok
21:31:26.0107 4240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:31:26.0123 4240 Msfs - ok
21:31:26.0138 4240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:31:26.0138 4240 mshidkmdf - ok
21:31:26.0170 4240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:31:26.0170 4240 msisadrv - ok
21:31:26.0201 4240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:31:26.0216 4240 MSiSCSI - ok
21:31:26.0232 4240 msiserver - ok
21:31:26.0263 4240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:26.0263 4240 MSKSSRV - ok
21:31:26.0294 4240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:26.0294 4240 MSPCLOCK - ok
21:31:26.0310 4240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:31:26.0326 4240 MSPQM - ok
21:31:26.0341 4240 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:31:26.0357 4240 MsRPC - ok
21:31:26.0372 4240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:26.0372 4240 mssmbios - ok
21:31:26.0388 4240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:31:26.0404 4240 MSTEE - ok
21:31:26.0419 4240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:31:26.0419 4240 MTConfig - ok
21:31:26.0450 4240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:31:26.0450 4240 Mup - ok
21:31:26.0482 4240 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:31:26.0497 4240 napagent - ok
21:31:26.0575 4240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:26.0591 4240 NativeWifiP - ok
21:31:26.0622 4240 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:31:26.0638 4240 NDIS - ok
21:31:26.0653 4240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:26.0669 4240 NdisCap - ok
21:31:26.0684 4240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:26.0700 4240 NdisTapi - ok
21:31:26.0716 4240 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:26.0731 4240 Ndisuio - ok
21:31:26.0747 4240 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:26.0762 4240 NdisWan - ok
21:31:26.0778 4240 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:31:26.0

#7 hylndr11

hylndr11

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 04 April 2012 - 09:44 PM

ughh - just got a bsod :(

#8 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 05 April 2012 - 07:57 PM

Hello hylndr11. :)

Please delete your current copy of ComboFix. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

Please include the C:\ComboFix.txt in your next reply for further review.
==========

Next, please download MBRScan and save it to your Desktop.
  • Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on Run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your Desktop and post its content in your next reply.
==========

Finally, please download BlueScreenVew to your Desktop.

  • Unzip the downloaded file and double click on BlueScreenView.exe file to run the program.
  • When scanning is done, please go Edit>Select All.
  • Go File>Save Selected Items, and save the report as BSOD.txt.
  • Open BSOD.txt in Notepad, copy all the content, and paste it into your next reply.
===========

In your next post I would like to see the following please:
  • ComboFix.txt.
  • Log from MBRScan.
  • Log from BSOD.txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#9 hylndr11

hylndr11

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 06 April 2012 - 11:19 AM

Ugggh - combofix seems to have done something to registry files, the scan went really fast and when it was done, Illegal operation attempted on a registry key that has been marked for deletion on every program and cant do anything with the computer now. :( I make my living with this machine I run an SEO/webdev company and got to get this going so Im got to try and fix this right away




ComboFix 12-04-06.02 - Matt 04/06/2012 10:22:24.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6466 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 14:28 . 2012-04-06 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-22 00:20 . 2012-03-22 00:20 -------- d-----w- c:\program files (x86)\Kudos Chat Search v2
2012-03-22 00:18 . 2012-03-22 00:21 -------- d-----w- c:\users\Matt\AppData\Roaming\KudosChatSearch
2012-03-22 00:18 . 2012-03-22 00:18 -------- d-----w- c:\program files (x86)\KudosChatSearchAgent
2012-03-19 14:02 . 2012-03-19 14:02 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 14:02 . 2012-03-19 14:02 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 14:02 . 2012-03-19 14:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-19 14:02 . 2012-03-19 14:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-19 14:02 . 2012-03-19 14:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\SysWow64\NV
2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\system32\NV
2012-03-10 21:05 . 2011-06-05 11:22 9832 ----a-w- c:\windows\system32\NVMUPEventMsg.dll
2012-03-10 21:01 . 2012-03-10 21:01 -------- d-----w- c:\users\UpdatusUser
2012-03-10 20:59 . 2011-08-01 04:09 1652840 ----a-w- c:\windows\system32\nvdispco6420141.dll
2012-03-10 20:59 . 2011-08-01 04:09 1398376 ----a-w- c:\windows\system32\nvgenco642061.dll
2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\windows\nvmup
2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\users\Matt\AppData\Local\Dell
2012-03-10 20:51 . 2012-03-10 20:51 -------- d-----w- c:\users\Matt\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2012-02-21 15:25 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB483A85-3094-4A95-94C0-F2457ADC0FA2}\mpengine.dll
2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 04:06 . 2012-02-21 15:16 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.02.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-02 14:50 . 2012-04-02 14:50 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-04-06 14:29 . 2012-04-06 14:29 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-04-05 22:01 47798 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 13:54 30086 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-09-30 13:08 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 13:08 . 2012-04-05 14:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 13:08 . 2012-04-05 14:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-30 13:08 . 2012-04-01 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 14:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-30 14:42 . 2012-04-06 13:54 9540 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2675319862-669255112-2487870991-1001_UserData.bin
- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 14:30 . 2012-04-06 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 14:30 . 2012-04-06 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-15 20:10 . 2012-04-06 12:25 231134 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-09-30 17:56 . 2012-04-06 13:49 245964 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-06 01:34 671976 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-01 16:37 671976 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 01:34 125102 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-01 16:37 125102 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-06 14:29 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-02 14:50 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-30 16:52 . 2012-04-02 13:04 2174258 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-4096.dat
+ 2011-09-30 16:52 . 2012-04-06 13:50 2174258 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-4096.dat
+ 2011-09-30 14:38 . 2012-04-06 14:29 51633844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [x]
R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]
R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]
R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.10
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 173.213.90.71
FF - prefs.js: network.proxy.http_port - 55555
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.txt=GetDiz.TextFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-06 10:38:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 14:38
ComboFix2.txt 2012-04-02 17:05
.
Pre-Run: 395,841,413,120 bytes free
Post-Run: 395,909,681,152 bytes free
.
- - End Of File - - EE3A227302FEFDE02F90C00E63BA4A2F

#10 hylndr11

hylndr11

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 06 April 2012 - 12:00 PM

OK - just rebooted and hopefully were back on track here are the bsod and the MBRcheck files


MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/04/06 (ISO 8601) at 12:53:35
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST950042 3AS (0001)
BUS_TYPE       : (0x08)  RAID
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 499A037B06E6D4EB68AD855B6217EF50
MBR_SHA1  : 6C25E67CC28EA516057F358A515760E8512C664A

Device\Harddisk0\Partition1	452.1 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	13.66 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03201000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C88000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CEB000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00E73000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00F33000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00FD7000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00E57000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00E60000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00D49000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FE6000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00D7C000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FF3000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00D91000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00D9D000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00C5C000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\iaStorV.sys => Invisible on the disk
ADDRESS : 0x01079000
SIZE    : 1.12 Mo

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01197000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x011A2000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\PxHlpa64.sys => Invisible on the disk
ADDRESS : 0x01014000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01257000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x014D2000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01530000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0154B000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015BD000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015CE000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01606000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x016F9000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01759000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x0186F000
SIZE    : 2.02 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A73000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x01ABD000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01ACD000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stdcfltn.sys => Invisible on the disk
ADDRESS : 0x01B19000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01B22000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01B2A000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\PBADRV.sys => Invisible on the disk
ADDRESS : 0x01B64000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvpciflt.sys => Invisible on the disk
ADDRESS : 0x01B70000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B75000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B87000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B90000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01BCA000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x04013000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0403D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x04046000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x0404D000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x0405B000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x04080000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x04090000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x04099000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x040A2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x040AB000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x040B6000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x0183E000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x040C7000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01784000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x01860000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x040D4000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x017C9000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01BE0000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tmlwf.sys => Invisible on the disk
ADDRESS : 0x01489000
SIZE    : 208.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x017EF000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x015D8000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tmtdi.sys => Invisible on the disk
ADDRESS : 0x0121B000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x014BD000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01021000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x01238000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x015F5000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x01244000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x0307C000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x030FF000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x0311D000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x0312E000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x0F458000
SIZE    : 12.46 Mo

DRIVER  : C:\Windows\System32\Drivers\nvBridge.kmd => Invisible on the disk
ADDRESS : 0x100CF000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x100D1000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0F400000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04C36000
SIZE    : 11.70 Mo

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x057E8000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x04C00000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\e1c62x64.sys => Invisible on the disk
ADDRESS : 0x03154000
SIZE    : 320.0 Ko

DRIVER  : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x04C0C000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x031A4000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x101C5000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\NETwNs64.sys => Invisible on the disk
ADDRESS : 0x05AB0000
SIZE    : 8.42 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x0631B000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\1394ohci.sys => Invisible on the disk
ADDRESS : 0x06328000
SIZE    : 248.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\o2sdjxpx64.sys => Invisible on the disk
ADDRESS : 0x06366000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x06379000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\O2MDRxpx64.sys => Invisible on the disk
ADDRESS : 0x063A8000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x063B9000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x063D7000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x05A00000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Apfiltr.sys => Invisible on the disk
ADDRESS : 0x05A1D000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x05A77000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk
ADDRESS : 0x05A86000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Accelern.sys => Invisible on the disk
ADDRESS : 0x05A93000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x063E6000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x05AA3000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x04C1D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x04C26000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x101E9000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x03000000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x0F446000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x03024000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x03053000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x00DB2000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x00DD3000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x0306E000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x05AA8000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x06488000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x064CB000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x064DD000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x06537000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stwrt64.sys => Invisible on the disk
ADDRESS : 0x0654C000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\portcls.sys => Invisible on the disk
ADDRESS : 0x06400000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\drmk.sys => Invisible on the disk
ADDRESS : 0x0643D000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0645F000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x06465000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStorV.sys => Invisible on the disk
ADDRESS : 0x040DD000
SIZE    : 1.12 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x06473000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000A0000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x065CF000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x065DB000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x02822000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x0283F000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x02841000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CtClsFlt.sys => Invisible on the disk
ADDRESS : 0x0286F000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x028B5000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x028C3000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x028DC000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cvusbdrv.sys => Invisible on the disk
ADDRESS : 0x028E5000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x02935000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00580000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x006C0000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x02942000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftvollh.sys => Invisible on the disk
ADDRESS : 0x0A3ED000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x029D3000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WinUSB.sys => Invisible on the disk
ADDRESS : 0x02800000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x028F3000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\scfilter.sys => Invisible on the disk
ADDRESS : 0x02924000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x065E9000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x0AA55000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x0AAA8000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x0AABB000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x0AAD3000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x0AB09000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x0ABD2000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x0AA00000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x0AA18000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x0B490000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0B4DE000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x0B502000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0B5A8000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftfslh.sys => Invisible on the disk
ADDRESS : 0x0B60E000
SIZE    : 732.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftplaylh.sys => Invisible on the disk
ADDRESS : 0x0B6C5000
SIZE    : 308.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x0B712000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x0B743000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tmwfp.sys => Invisible on the disk
ADDRESS : 0x0BA3D000
SIZE    : 1.75 Mo

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0B755000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0BE21000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftredirlh.sys => Invisible on the disk
ADDRESS : 0x0BEB9000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\spsys.sys => Invisible on the disk
ADDRESS : 0x0BEC4000
SIZE    : 452.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47B50000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3.м.|..ؾ.|.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   ...Ph....
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ..~..|.......
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   ..V.UF..F..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   AU.]r..Uu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ..t.F.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..B.V...
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ........|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n..fas.
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~........
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2.V..]..>}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   un.v...u.d
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   ..`|..du
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   ...f#u;f.T
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2...r,fh..
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah....Z2.|..
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   .........2
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....<.t....
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .+d.$.
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.Invalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A A8 2E 33 D2 00 00 80 20   em...c{..3... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 C8 82 38 00 FE   !..........8.
0x000001D0   FF FF 07 FE FF FF 00 D0 82 38 30 40 B5 01 00 00   .......80@...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............U

---





==================================================
Dump File : 040412-16660-01.dmp
Crash Time : 4/4/2012 10:12:05 PM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`99165c3a
Parameter 2 : b3b7465e`eb949588
Parameter 3 : fffff800`00bd55cc
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+5cc
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\040412-16660-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

#11 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 06 April 2012 - 06:28 PM

Hey hylndr11. :)

Restarting your computer was the right move regarding the ComboFix issue. :thumbup:


Please download maxhandle.exe by noahdfear to your Desktop.
  • Double click and run the application.
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to C:\maxhandle.txt.
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
Please post the results for my review in your next post.
==========

Next, please follow these instructions to run the Farbar Recovery Scan Tool.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt.
[*]In the command window type in n\Notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer", find your flash drive letter and close the Notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.
[b]Note:
Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press [b]Scan
button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]==========

In your next post, please provide the following:
  • maxhandle.txt.
  • FRST.txt.
Are you still seeing BSODs?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#12 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 23 April 2012 - 09:18 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button