• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
hylndr11

SMART HDD removal issues

12 posts in this topic

Had the SMART HDD rogue on the computer - followed the directions to get rid of it with Malware bytes and rkill etc. Got rid of it it seems and used unhide to get icons back. It mostly worked but the computer is acting odd, seems my browser is hijacked by something - internet runs real slow and goes to other sites that I am not clicking on when I surf. For example click on something in google SERP it just goes to some other page. Here are the files malware bytes files first then after with the complete scan. Thank you guys for helping us out!!

 

 

 

 

 

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.04.01.03

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Matt :: MININT-AH1V0P8 [administrator]

 

Protection: Enabled

 

4/1/2012 12:14:27 PM

mbam-log-2012-04-01 (12-14-27).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211173

Time elapsed: 7 minute(s), 56 second(s)

 

Memory Processes Detected: 2

C:\ProgramData\FdrllxJJnSf.exe (Trojan.Agent) -> 3120 -> Delete on reboot.

C:\ProgramData\C1X7BFyCZohH4R.exe (Rogue.FakeHDD) -> 4696 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FdrllxJJnSf.exe (Trojan.Agent) -> Data: C:\ProgramData\FdrllxJJnSf.exe -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\ProgramData\FdrllxJJnSf.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\C1X7BFyCZohH4R.exe (Rogue.FakeHDD) -> Delete on reboot.

 

(end)

 

complete scan after removal and running rkill

 

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.04.01.03

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Matt :: MININT-AH1V0P8 [administrator]

 

Protection: Disabled

 

4/1/2012 12:45:52 PM

mbam-log-2012-04-01 (12-45-52).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 461893

Time elapsed: 1 hour(s), 27 minute(s), 26 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

DDS.txt ------------

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Matt at 16:28:21 on 2012-04-01

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.4766 [GMT -4:00]

.

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.dell.com

uDefault_Page_URL = www.dell.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

uRun: [Kudos Chat Search] C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\05F696E6475602F6660265965677 : DhcpNameServer = 4.2.2.2 4.2.2.1

TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\455402E65647 : DhcpNameServer = 192.168.1.10

TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\54E434F42554934434534443 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\66573686964716 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\A496D6D69702349707865627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\C696E6B6379737 : DhcpNameServer = 4.2.2.2 4.2.2.1 192.168.1.1 4.2.2.2 4.2.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\KudosChatSearchAgent\Skype4COM.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

LSA: Authentication Packages = msv1_0 wvauth

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.http - 173.213.90.71

FF - prefs.js: network.proxy.http_port - 55555

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]

S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]

S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]

S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]

.

=============== File Associations ===============

.

.txt=GetDiz.TextFile

.

=============== Created Last 30 ================

.

2012-04-01 16:13:46 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes

2012-04-01 16:13:29 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-01 16:13:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-22 00:20:24 -------- d-----w- C:\Program Files (x86)\Kudos Chat Search v2

2012-03-22 00:18:16 -------- d-----w- C:\Users\Matt\AppData\Roaming\KudosChatSearch

2012-03-22 00:18:12 -------- d-----w- C:\Program Files (x86)\KudosChatSearchAgent

2012-03-19 14:02:11 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-19 14:02:11 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-19 14:02:10 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-03-19 14:02:10 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-03-19 14:02:10 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-03-10 21:06:31 -------- d-----w- C:\Windows\SysWow64\NV

2012-03-10 21:06:31 -------- d-----w- C:\Windows\System32\NV

2012-03-10 21:05:24 9832 ----a-w- C:\Windows\System32\NVMUPEventMsg.dll

2012-03-10 20:59:35 1652840 ----a-w- C:\Windows\System32\nvdispco6420141.dll

2012-03-10 20:59:35 1398376 ----a-w- C:\Windows\System32\nvgenco642061.dll

2012-03-10 20:58:59 -------- d-----w- C:\Windows\nvmup

2012-03-10 20:58:29 -------- d-----w- C:\Users\Matt\AppData\Local\Dell

2012-03-10 20:51:34 -------- d-----w- C:\Users\Matt\AppData\Local\Deployment

.

==================== Find3M ====================

.

2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

.

============= FINISH: 16:36:43.95 ===============

 

 

 

Cannot get security check to pop up the notepad file - I have some trendmicro stuff that came on this lappy - its a dell e5620

Share this post


Link to post
Share on other sites

Welcome hylndr11 to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

 

Just a few things before we begin:

 

:excl:Before proceeding:

  • In the upper right hand corner of this topic there is a button labelled Watch this topic. Please click this button, select Immediate E-Mail notification and then click Proceed to ensure you are notified when I reply.
  • Please back up your personal documents and files by copying them to a location other than your system drive.
  • Please open Notepad>Format and if Word Wrap is ticked, please select it to untick it.

 

:excl:For the duration of this topic:

Please DO NOT run, install and/or uninstall/remove any tools/ programs other than those I suggest to you in order to avoid conflicts and/or additional problems on your system. :thumbup:

 

 

:excl:When you receive new instructions:

  • Please read the whole post before carrying out any of the instructions.
  • All our tools must be downloaded to the Desktop and launched from there (unless I specify otherwise).
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program unless I ask you to.
  • Please DO NOT plug in any external devices like USBs and Hard Drives unless I ask you to.
  • If you encounter any problems please stop and let me know.

 

:excl:When replying:

  • Please click the Add Reply button post-10-126012383895.gif so that my reply is not posted back to me. Thank you!
  • Please copy and paste your logs into your post unless I specifically ask you to attach one.

_________________________________________________________________________________________________________________________________

 

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

==========

 

Next, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

 

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
     
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
     
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

 

 

Finally, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

 

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

 

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

 

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

=========

 

In your next post, please post the following:

  • ComboFix.txt.
  • TDSSKiller log.
  • MBRCheck log.

How is your computer running now?

Share this post


Link to post
Share on other sites

OK thanks for the quick reply - here we go !

 

ComboFix 12-04-01.01 - Matt 04/02/2012 12:12:16.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6091 [GMT -4:00]

Running from: c:\users\Matt\Desktop\ComboFix.exe

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Install.exe

c:\programdata\C1X7BFyCZohH4R

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-04-02 16:41 . 2012-04-02 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\programdata\Malwarebytes

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-22 00:20 . 2012-03-22 00:20 -------- d-----w- c:\program files (x86)\Kudos Chat Search v2

2012-03-22 00:18 . 2012-03-22 00:21 -------- d-----w- c:\users\Matt\AppData\Roaming\KudosChatSearch

2012-03-22 00:18 . 2012-03-22 00:18 -------- d-----w- c:\program files (x86)\KudosChatSearchAgent

2012-03-19 14:02 . 2012-03-19 14:02 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-19 14:02 . 2012-03-19 14:02 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-19 14:02 . 2012-03-19 14:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-03-19 14:02 . 2012-03-19 14:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-03-19 14:02 . 2012-03-19 14:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\SysWow64\NV

2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\system32\NV

2012-03-10 21:05 . 2011-06-05 11:22 9832 ----a-w- c:\windows\system32\NVMUPEventMsg.dll

2012-03-10 21:01 . 2012-03-10 21:01 -------- d-----w- c:\users\UpdatusUser

2012-03-10 20:59 . 2011-08-01 04:09 1652840 ----a-w- c:\windows\system32\nvdispco6420141.dll

2012-03-10 20:59 . 2011-08-01 04:09 1398376 ----a-w- c:\windows\system32\nvgenco642061.dll

2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\windows\nvmup

2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\users\Matt\AppData\Local\Dell

2012-03-10 20:51 . 2012-03-10 20:51 -------- d-----w- c:\users\Matt\AppData\Local\Deployment

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 07:13 . 2012-02-21 15:25 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB483A85-3094-4A95-94C0-F2457ADC0FA2}\mpengine.dll

2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-14 04:06 . 2012-02-21 15:16 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-04 10:44 . 2012-02-21 15:22 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-21 15:22 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.02.23 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-04-02 14:50 . 2012-04-02 14:50 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2012-04-02 16:43 . 2012-04-02 16:43 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-11-21 03:09 . 2012-04-02 16:46 47492 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-02 16:44 . 2012-04-02 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-02 16:44 . 2012-04-02 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-04-02 16:43 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-02 14:50 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-09-30 14:38 . 2012-04-02 14:50 51390276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat

+ 2011-09-30 14:38 . 2012-04-02 16:43 51390276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [x]

R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys [x]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]

R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]

R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys [x]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.dell.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

TCP: DhcpNameServer = 192.168.1.10

FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.http - 173.213.90.71

FF - prefs.js: network.proxy.http_port - 55555

FF - prefs.js: network.proxy.type - 0

.

.

------- File Associations -------

.

.txt=GetDiz.TextFile

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-combofix - c:\combofix\CF31767.3XE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]

"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\Dell\Dell System Manager\PanelHelper32.exe

.

**************************************************************************

.

Completion time: 2012-04-02 13:04:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-02 17:04

.

Pre-Run: 396,490,240,000 bytes free

Post-Run: 396,437,528,576 bytes free

.

- - End Of File - - 94CFD1050708809B4D3F59DF7A8CDF58

 

 

 

 

 

 

 

 

--------------------------------------

 

 

13:08:41.0229 4356 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48

13:08:41.0759 4356 ============================================================

13:08:41.0759 4356 Current date / time: 2012/04/02 13:08:41.0759

13:08:41.0759 4356 SystemInfo:

13:08:41.0759 4356

13:08:41.0759 4356 OS Version: 6.1.7601 ServicePack: 1.0

13:08:41.0759 4356 Product type: Workstation

13:08:41.0759 4356 ComputerName: MININT-AH1V0P8

13:08:41.0759 4356 UserName: Matt

13:08:41.0759 4356 Windows directory: C:\Windows

13:08:41.0759 4356 System windows directory: C:\Windows

13:08:41.0759 4356 Running under WOW64

13:08:41.0759 4356 Processor architecture: Intel x64

13:08:41.0759 4356 Number of processors: 8

13:08:41.0759 4356 Page size: 0x1000

13:08:41.0759 4356 Boot type: Normal boot

13:08:41.0759 4356 ============================================================

13:08:43.0787 4356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:08:43.0803 4356 \Device\Harddisk0\DR0:

13:08:43.0803 4356 MBR used

13:08:43.0803 4356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3882C800

13:08:43.0803 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3882D000, BlocksNum 0x1B54030

13:08:43.0865 4356 Initialize success

13:08:43.0865 4356 ============================================================

13:08:46.0002 4996 ============================================================

13:08:46.0002 4996 Scan started

13:08:46.0002 4996 Mode: Manual;

13:08:46.0002 4996 ============================================================

13:08:47.0843 4996 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

13:08:47.0843 4996 1394ohci - ok

13:08:47.0906 4996 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys

13:08:47.0906 4996 Acceler - ok

13:08:47.0921 4996 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:08:47.0937 4996 ACPI - ok

13:08:47.0968 4996 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:08:47.0968 4996 AcpiPmi - ok

13:08:48.0093 4996 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:08:48.0108 4996 AdobeARMservice - ok

13:08:48.0233 4996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

13:08:48.0233 4996 adp94xx - ok

13:08:48.0280 4996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

13:08:48.0280 4996 adpahci - ok

13:08:48.0311 4996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

13:08:48.0311 4996 adpu320 - ok

13:08:48.0342 4996 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:08:48.0342 4996 AeLookupSvc - ok

13:08:48.0389 4996 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

13:08:48.0405 4996 AESTFilters - ok

13:08:48.0530 4996 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:08:48.0530 4996 AFD - ok

13:08:48.0576 4996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:08:48.0576 4996 agp440 - ok

13:08:48.0608 4996 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:08:48.0623 4996 ALG - ok

13:08:48.0639 4996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:08:48.0639 4996 aliide - ok

13:08:48.0654 4996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:08:48.0654 4996 amdide - ok

13:08:48.0686 4996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

13:08:48.0686 4996 AmdK8 - ok

13:08:48.0701 4996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

13:08:48.0701 4996 AmdPPM - ok

13:08:48.0717 4996 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:08:48.0717 4996 amdsata - ok

13:08:48.0732 4996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

13:08:48.0732 4996 amdsbs - ok

13:08:48.0748 4996 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:08:48.0748 4996 amdxata - ok

13:08:48.0795 4996 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys

13:08:48.0795 4996 Andbus - ok

13:08:48.0842 4996 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys

13:08:48.0842 4996 AndDiag - ok

13:08:48.0857 4996 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys

13:08:48.0857 4996 AndGps - ok

13:08:48.0888 4996 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys

13:08:48.0888 4996 ANDModem - ok

13:08:48.0935 4996 ApfiltrService (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys

13:08:48.0951 4996 ApfiltrService - ok

13:08:48.0998 4996 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:08:48.0998 4996 AppID - ok

13:08:49.0029 4996 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:08:49.0029 4996 AppIDSvc - ok

13:08:49.0044 4996 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:08:49.0044 4996 Appinfo - ok

13:08:49.0122 4996 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:08:49.0122 4996 Apple Mobile Device - ok

13:08:49.0185 4996 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

13:08:49.0216 4996 AppMgmt - ok

13:08:49.0247 4996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

13:08:49.0247 4996 arc - ok

13:08:49.0263 4996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

13:08:49.0263 4996 arcsas - ok

13:08:49.0356 4996 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:08:49.0372 4996 aspnet_state - ok

13:08:49.0434 4996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:08:49.0434 4996 AsyncMac - ok

13:08:49.0497 4996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:08:49.0497 4996 atapi - ok

13:08:49.0559 4996 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:08:49.0559 4996 AudioEndpointBuilder - ok

13:08:49.0575 4996 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:08:49.0575 4996 AudioSrv - ok

13:08:49.0606 4996 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:08:49.0606 4996 AxInstSV - ok

13:08:49.0684 4996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

13:08:49.0684 4996 b06bdrv - ok

13:08:49.0715 4996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:08:49.0715 4996 b57nd60a - ok

13:08:49.0793 4996 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:08:49.0809 4996 BDESVC - ok

13:08:49.0824 4996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:08:49.0824 4996 Beep - ok

13:08:49.0887 4996 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:08:49.0902 4996 BFE - ok

13:08:49.0934 4996 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

13:08:49.0949 4996 BITS - ok

13:08:49.0965 4996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:08:49.0965 4996 blbdrive - ok

13:08:50.0027 4996 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

13:08:50.0043 4996 Bonjour Service - ok

13:08:50.0136 4996 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:08:50.0136 4996 bowser - ok

13:08:50.0183 4996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

13:08:50.0183 4996 BrFiltLo - ok

13:08:50.0214 4996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

13:08:50.0214 4996 BrFiltUp - ok

13:08:50.0246 4996 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

13:08:50.0246 4996 BridgeMP - ok

13:08:50.0292 4996 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:08:50.0292 4996 Browser - ok

13:08:50.0355 4996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:08:50.0355 4996 Brserid - ok

13:08:50.0402 4996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:08:50.0402 4996 BrSerWdm - ok

13:08:50.0417 4996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:08:50.0417 4996 BrUsbMdm - ok

13:08:50.0433 4996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:08:50.0433 4996 BrUsbSer - ok

13:08:50.0464 4996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

13:08:50.0464 4996 BTHMODEM - ok

13:08:50.0495 4996 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:08:50.0511 4996 bthserv - ok

13:08:50.0667 4996 catchme - ok

13:08:50.0776 4996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:08:50.0776 4996 cdfs - ok

13:08:50.0807 4996 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

13:08:50.0823 4996 cdrom - ok

13:08:50.0870 4996 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:08:50.0870 4996 CertPropSvc - ok

13:08:50.0885 4996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

13:08:50.0885 4996 circlass - ok

13:08:50.0916 4996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:08:50.0916 4996 CLFS - ok

13:08:51.0026 4996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:08:51.0041 4996 clr_optimization_v2.0.50727_32 - ok

13:08:51.0072 4996 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:08:51.0088 4996 clr_optimization_v2.0.50727_64 - ok

13:08:51.0135 4996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:08:51.0150 4996 clr_optimization_v4.0.30319_32 - ok

13:08:51.0166 4996 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:08:51.0166 4996 clr_optimization_v4.0.30319_64 - ok

13:08:51.0228 4996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:08:51.0228 4996 CmBatt - ok

13:08:51.0244 4996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:08:51.0244 4996 cmdide - ok

13:08:51.0306 4996 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:08:51.0306 4996 CNG - ok

13:08:51.0353 4996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:08:51.0369 4996 Compbatt - ok

13:08:51.0400 4996 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:08:51.0400 4996 CompositeBus - ok

13:08:51.0431 4996 COMSysApp - ok

13:08:51.0447 4996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

13:08:51.0447 4996 crcdisk - ok

13:08:51.0525 4996 Credential Vault Host Control Service (6e163faaf624a03a88dfd92e607de6e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

13:08:51.0556 4996 Credential Vault Host Control Service - ok

13:08:51.0587 4996 Credential Vault Host Storage (8884b4d345ddb029f43ad2e7add54a30) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

13:08:51.0603 4996 Credential Vault Host Storage - ok

13:08:51.0665 4996 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

13:08:51.0665 4996 CryptSvc - ok

13:08:51.0728 4996 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

13:08:51.0728 4996 CSC - ok

13:08:51.0759 4996 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

13:08:51.0774 4996 CscService - ok

13:08:51.0852 4996 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

13:08:51.0852 4996 CtClsFlt - ok

13:08:51.0946 4996 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

13:08:51.0962 4996 cvhsvc - ok

13:08:52.0055 4996 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys

13:08:52.0055 4996 cvusbdrv - ok

13:08:52.0118 4996 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:08:52.0118 4996 DcomLaunch - ok

13:08:52.0180 4996 dcpsysmgrsvc (3562c84415080b8b0c4d695a43372e3e) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

13:08:52.0196 4996 dcpsysmgrsvc - ok

13:08:52.0211 4996 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:08:52.0227 4996 defragsvc - ok

13:08:52.0289 4996 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:08:52.0289 4996 DfsC - ok

13:08:52.0336 4996 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:08:52.0336 4996 Dhcp - ok

13:08:52.0367 4996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:08:52.0367 4996 discache - ok

13:08:52.0414 4996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

13:08:52.0414 4996 Disk - ok

13:08:52.0445 4996 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

13:08:52.0445 4996 dmvsc - ok

13:08:52.0476 4996 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:08:52.0492 4996 Dnscache - ok

13:08:52.0508 4996 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:08:52.0523 4996 dot3svc - ok

13:08:52.0554 4996 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:08:52.0554 4996 DPS - ok

13:08:52.0617 4996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:08:52.0617 4996 drmkaud - ok

13:08:52.0664 4996 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:08:52.0664 4996 DXGKrnl - ok

13:08:52.0710 4996 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys

13:08:52.0710 4996 e1cexpress - ok

13:08:52.0757 4996 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:08:52.0773 4996 EapHost - ok

13:08:52.0851 4996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

13:08:52.0913 4996 ebdrv - ok

13:08:52.0991 4996 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:08:52.0991 4996 EFS - ok

13:08:53.0038 4996 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:08:53.0069 4996 ehRecvr - ok

13:08:53.0085 4996 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:08:53.0100 4996 ehSched - ok

13:08:53.0147 4996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

13:08:53.0147 4996 elxstor - ok

13:08:53.0163 4996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:08:53.0178 4996 ErrDev - ok

13:08:53.0210 4996 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:08:53.0210 4996 EventSystem - ok

13:08:53.0272 4996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:08:53.0272 4996 exfat - ok

13:08:53.0303 4996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:08:53.0303 4996 fastfat - ok

13:08:53.0350 4996 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:08:53.0366 4996 Fax - ok

13:08:53.0381 4996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

13:08:53.0381 4996 fdc - ok

13:08:53.0412 4996 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:08:53.0428 4996 fdPHost - ok

13:08:53.0444 4996 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:08:53.0444 4996 FDResPub - ok

13:08:53.0459 4996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:08:53.0459 4996 FileInfo - ok

13:08:53.0475 4996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:08:53.0475 4996 Filetrace - ok

13:08:53.0522 4996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

13:08:53.0522 4996 flpydisk - ok

13:08:53.0553 4996 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:08:53.0553 4996 FltMgr - ok

13:08:53.0584 4996 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:08:53.0600 4996 FontCache - ok

13:08:53.0646 4996 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:08:53.0662 4996 FontCache3.0.0.0 - ok

13:08:53.0693 4996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:08:53.0693 4996 FsDepends - ok

13:08:53.0724 4996 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:08:53.0740 4996 Fs_Rec - ok

13:08:53.0787 4996 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:08:53.0787 4996 fvevol - ok

13:08:53.0802 4996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

13:08:53.0802 4996 gagp30kx - ok

13:08:53.0865 4996 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:08:53.0865 4996 GEARAspiWDM - ok

13:08:53.0912 4996 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:08:53.0927 4996 gpsvc - ok

13:08:53.0958 4996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:08:53.0958 4996 hcw85cir - ok

13:08:54.0005 4996 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:08:54.0005 4996 HDAudBus - ok

13:08:54.0021 4996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

13:08:54.0021 4996 HidBatt - ok

13:08:54.0052 4996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

13:08:54.0052 4996 HidBth - ok

13:08:54.0068 4996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

13:08:54.0068 4996 HidIr - ok

13:08:54.0083 4996 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

13:08:54.0099 4996 hidserv - ok

13:08:54.0146 4996 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:08:54.0146 4996 HidUsb - ok

13:08:54.0177 4996 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:08:54.0192 4996 hkmsvc - ok

13:08:54.0208 4996 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:08:54.0224 4996 HomeGroupListener - ok

13:08:54.0255 4996 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:08:54.0255 4996 HomeGroupProvider - ok

13:08:54.0302 4996 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:08:54.0302 4996 HpSAMD - ok

13:08:54.0333 4996 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:08:54.0348 4996 HTTP - ok

13:08:54.0380 4996 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:08:54.0380 4996 hwpolicy - ok

13:08:54.0426 4996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:08:54.0426 4996 i8042prt - ok

13:08:54.0473 4996 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:08:54.0473 4996 iaStorV - ok

13:08:54.0536 4996 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:08:54.0567 4996 idsvc - ok

13:08:54.0785 4996 igfx (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys

13:08:54.0972 4996 igfx - ok

13:08:55.0082 4996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

13:08:55.0082 4996 iirsp - ok

13:08:55.0128 4996 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:08:55.0160 4996 IKEEXT - ok

13:08:55.0206 4996 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

13:08:55.0206 4996 Impcd - ok

13:08:55.0222 4996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:08:55.0222 4996 intelide - ok

13:08:55.0269 4996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:08:55.0269 4996 intelppm - ok

13:08:55.0300 4996 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:08:55.0316 4996 IPBusEnum - ok

13:08:55.0331 4996 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:08:55.0331 4996 IpFilterDriver - ok

13:08:55.0362 4996 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:08:55.0362 4996 iphlpsvc - ok

13:08:55.0378 4996 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:08:55.0394 4996 IPMIDRV - ok

13:08:55.0409 4996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:08:55.0409 4996 IPNAT - ok

13:08:55.0503 4996 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

13:08:55.0518 4996 iPod Service - ok

13:08:55.0628 4996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:08:55.0628 4996 IRENUM - ok

13:08:55.0659 4996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:08:55.0659 4996 isapnp - ok

13:08:55.0690 4996 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:08:55.0706 4996 iScsiPrt - ok

13:08:55.0737 4996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:08:55.0737 4996 kbdclass - ok

13:08:55.0784 4996 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:08:55.0784 4996 kbdhid - ok

13:08:55.0815 4996 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:55.0815 4996 KeyIso - ok

13:08:55.0830 4996 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:08:55.0830 4996 KSecDD - ok

13:08:55.0862 4996 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:08:55.0862 4996 KSecPkg - ok

13:08:55.0908 4996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:08:55.0908 4996 ksthunk - ok

13:08:55.0940 4996 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:08:55.0955 4996 KtmRm - ok

13:08:56.0298 4996 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

13:08:56.0298 4996 LanmanServer - ok

13:08:56.0439 4996 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:08:56.0454 4996 LanmanWorkstation - ok

13:08:56.0517 4996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:08:56.0517 4996 lltdio - ok

13:08:56.0548 4996 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:08:56.0564 4996 lltdsvc - ok

13:08:56.0579 4996 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:08:56.0579 4996 lmhosts - ok

13:08:56.0626 4996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

13:08:56.0626 4996 LSI_FC - ok

13:08:56.0642 4996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

13:08:56.0642 4996 LSI_SAS - ok

13:08:56.0657 4996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

13:08:56.0673 4996 LSI_SAS2 - ok

13:08:56.0688 4996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

13:08:56.0688 4996 LSI_SCSI - ok

13:08:56.0735 4996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:08:56.0735 4996 luafv - ok

13:08:56.0782 4996 MBAMProtector - ok

13:08:56.0844 4996 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:08:56.0891 4996 MBAMService - ok

13:08:56.0938 4996 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:08:56.0954 4996 Mcx2Svc - ok

13:08:56.0969 4996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

13:08:56.0985 4996 megasas - ok

13:08:57.0016 4996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

13:08:57.0016 4996 MegaSR - ok

13:08:57.0063 4996 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

13:08:57.0063 4996 MEIx64 - ok

13:08:57.0094 4996 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:08:57.0094 4996 MMCSS - ok

13:08:57.0125 4996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:08:57.0125 4996 Modem - ok

13:08:57.0156 4996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:08:57.0156 4996 monitor - ok

13:08:57.0203 4996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:08:57.0203 4996 mouclass - ok

13:08:57.0219 4996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:08:57.0219 4996 mouhid - ok

13:08:57.0266 4996 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:08:57.0266 4996 mountmgr - ok

13:08:57.0297 4996 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:08:57.0297 4996 mpio - ok

13:08:57.0312 4996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:08:57.0312 4996 mpsdrv - ok

13:08:57.0359 4996 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:08:57.0375 4996 MpsSvc - ok

13:08:57.0390 4996 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:08:57.0390 4996 MRxDAV - ok

13:08:57.0422 4996 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:08:57.0422 4996 mrxsmb - ok

13:08:57.0453 4996 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:08:57.0453 4996 mrxsmb10 - ok

13:08:57.0484 4996 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:08:57.0484 4996 mrxsmb20 - ok

13:08:57.0515 4996 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:08:57.0515 4996 msahci - ok

13:08:57.0546 4996 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:08:57.0546 4996 msdsm - ok

13:08:57.0562 4996 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:08:57.0578 4996 MSDTC - ok

13:08:57.0624 4996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:08:57.0624 4996 Msfs - ok

13:08:57.0656 4996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:08:57.0656 4996 mshidkmdf - ok

13:08:57.0687 4996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:08:57.0687 4996 msisadrv - ok

13:08:57.0718 4996 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:08:57.0734 4996 MSiSCSI - ok

13:08:57.0734 4996 msiserver - ok

13:08:57.0796 4996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:08:57.0796 4996 MSKSSRV - ok

13:08:57.0812 4996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:08:57.0812 4996 MSPCLOCK - ok

13:08:57.0827 4996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:08:57.0827 4996 MSPQM - ok

13:08:57.0858 4996 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:08:57.0858 4996 MsRPC - ok

13:08:57.0874 4996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

13:08:57.0874 4996 mssmbios - ok

13:08:57.0905 4996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:08:57.0905 4996 MSTEE - ok

13:08:57.0921 4996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

13:08:57.0921 4996 MTConfig - ok

13:08:57.0936 4996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:08:57.0936 4996 Mup - ok

13:08:57.0983 4996 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:08:57.0983 4996 napagent - ok

13:08:58.0046 4996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:08:58.0046 4996 NativeWifiP - ok

13:08:58.0108 4996 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:08:58.0108 4996 NDIS - ok

13:08:58.0124 4996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:08:58.0124 4996 NdisCap - ok

13:08:58.0170 4996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:08:58.0170 4996 NdisTapi - ok

13:08:58.0202 4996 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:08:58.0202 4996 Ndisuio - ok

13:08:58.0233 4996 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:08:58.0233 4996 NdisWan - ok

13:08:58.0248 4996 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:08:58.0248 4996 NDProxy - ok

13:08:58.0264 4996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:08:58.0264 4996 NetBIOS - ok

13:08:58.0295 4996 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:08:58.0295 4996 NetBT - ok

13:08:58.0326 4996 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:08:58.0326 4996 Netlogon - ok

13:08:58.0358 4996 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:08:58.0373 4996 Netman - ok

13:08:58.0436 4996 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:58.0451 4996 NetMsmqActivator - ok

13:08:58.0467 4996 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:58.0467 4996 NetPipeActivator - ok

13:08:58.0498 4996 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:08:58.0498 4996 netprofm - ok

13:08:58.0514 4996 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:58.0514 4996 NetTcpActivator - ok

13:08:58.0514 4996 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:08:58.0514 4996 NetTcpPortSharing - ok

13:08:58.0701 4996 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys

13:08:58.0810 4996 NETwNs64 - ok

13:08:58.0904 4996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

13:08:58.0904 4996 nfrd960 - ok

13:08:58.0950 4996 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:08:58.0950 4996 NlaSvc - ok

13:08:58.0966 4996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:08:58.0966 4996 Npfs - ok

13:08:58.0997 4996 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:08:59.0013 4996 nsi - ok

13:08:59.0028 4996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:08:59.0028 4996 nsiproxy - ok

13:08:59.0075 4996 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:08:59.0091 4996 Ntfs - ok

13:08:59.0200 4996 ntrtscan (4e6e6be52ef05e666cc7d6d99c2c426a) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

13:08:59.0231 4996 ntrtscan - ok

13:08:59.0309 4996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:08:59.0309 4996 Null - ok

13:08:59.0356 4996 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\drivers\nusb3hub.sys

13:08:59.0356 4996 nusb3hub - ok

13:08:59.0387 4996 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\drivers\nusb3xhc.sys

13:08:59.0387 4996 nusb3xhc - ok

13:08:59.0434 4996 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys

13:08:59.0434 4996 NVHDA - ok

13:08:59.0481 4996 nvkflt - ok

13:08:59.0699 4996 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:08:59.0777 4996 nvlddmkm - ok

13:08:59.0824 4996 nvpciflt (4b9c0c2

Share this post


Link to post
Share on other sites

Computer is running the same pretty much - browser still hijacked sending me to online yellow pages etc. - I can type in direct sites in the url bar but not when I click on links - etc.

Share this post


Link to post
Share on other sites

Hello hylndr11. :)

 

Thank you for posting the requested logs. :thumbup:

 

Please run the below scans to see if we can find the cause of your email intrusion.

 

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

 

 

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

==========

 

Next, please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    DDS::
    uInternet Settings,ProxyOverride = *.local
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

 

 

Please post the ComboFix.txt in your next reply.

==========

 

Then, once you done all of the above, please re-run TDSSKiller.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
     
  • If an infected file is detected, the default action will be Cure. Click on Continue tdsskiller2.png
     
  • If a suspicious file is detected, the default action will be Skip. Click on Continue tdsskiller3.png
     
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

 

 

After you have run TDSSKiller, please re-run MBRCheck and post its log in your next post as well.

==========

 

In your next post I would like to see the following please:

  • ComboFix.txt.
  • TDSSKiller log.
  • MBRCheck log.

Are the redirects still occurring?

Edited by The Dark Knight

Share this post


Link to post
Share on other sites

OK here we go................here is what happened, when I got to tddskiller - I could not get it to run, I ran tdsfix and it found a MBAR? then removed it, ran tdsskiller at that point and found nothing, also then ran MBRcheck and now it found mbr as well, but redirects seem to have been fixed so far, where do you think we are at??

 

ROKiller

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Matt [Admin rights]

Mode: Scan -- Date: 04/03/2012 16:29:18

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 9 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : Root.MBR ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST9500423AS +++++

--- User ---

[MBR] 499a037b06e6d4eb68ad855b6217ef50

[bSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] d6e799130f0e2b7d8505a5f2ac618a39

[bSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo

2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976771072 | Size: 1 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] d6e799130f0e2b7d8505a5f2ac618a39

[bSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo

2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976771072 | Size: 1 Mo

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

 

 

 

------

 

 

 

 

ComboFix 12-04-01.01 - Matt 04/03/2012 16:42:26.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5958 [GMT -4:00]

Running from: c:\users\Matt\Desktop\ComboFix.exe

Command switches used :: c:\users\Matt\Desktop\CFscript.txt

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))

.

.

2012-04-03 21:11 . 2012-04-03 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\programdata\Malwarebytes

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-22 00:20 . 2012-03-22 00:20 -------- d-----w- c:\program files (x86)\Kudos Chat Search v2

2012-03-22 00:18 . 2012-03-22 00:21 -------- d-----w- c:\users\Matt\AppData\Roaming\KudosChatSearch

2012-03-22 00:18 . 2012-03-22 00:18 -------- d-----w- c:\program files (x86)\KudosChatSearchAgent

2012-03-19 14:02 . 2012-03-19 14:02 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-19 14:02 . 2012-03-19 14:02 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-19 14:02 . 2012-03-19 14:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-03-19 14:02 . 2012-03-19 14:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-03-19 14:02 . 2012-03-19 14:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\SysWow64\NV

2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\system32\NV

2012-03-10 21:05 . 2011-06-05 11:22 9832 ----a-w- c:\windows\system32\NVMUPEventMsg.dll

2012-03-10 21:01 . 2012-03-10 21:01 -------- d-----w- c:\users\UpdatusUser

2012-03-10 20:59 . 2011-08-01 04:09 1652840 ----a-w- c:\windows\system32\nvdispco6420141.dll

2012-03-10 20:59 . 2011-08-01 04:09 1398376 ----a-w- c:\windows\system32\nvgenco642061.dll

2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\windows\nvmup

2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\users\Matt\AppData\Local\Dell

2012-03-10 20:51 . 2012-03-10 20:51 -------- d-----w- c:\users\Matt\AppData\Local\Deployment

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 07:13 . 2012-02-21 15:25 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB483A85-3094-4A95-94C0-F2457ADC0FA2}\mpengine.dll

2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-14 04:06 . 2012-02-21 15:16 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.02.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-03 21:13 . 2012-04-03 21:13 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-04-02 14:50 . 2012-04-02 14:50 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-11-21 03:09 . 2012-04-03 13:58 47572 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2011-09-30 13:08 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-30 13:08 . 2012-04-02 17:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-30 13:08 . 2012-04-02 17:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-09-30 13:08 . 2012-04-01 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-02 17:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-03 21:14 . 2012-04-03 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-03 21:14 . 2012-04-03 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-30 17:56 . 2012-04-03 19:40 245924 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 05:01 . 2012-04-02 14:50 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-03 21:13 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-09-30 14:38 . 2012-04-03 21:13 51528338 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [x]

R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys [x]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]

R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]

R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys [x]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.dell.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

TCP: DhcpNameServer = 192.168.1.10

FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.http - 173.213.90.71

FF - prefs.js: network.proxy.http_port - 55555

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]

"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\Dell\Dell System Manager\PanelHelper32.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\bspatch.exe

.

**************************************************************************

.

Completion time: 2012-04-03 17:35:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-03 21:34

ComboFix2.txt 2012-04-02 17:05

.

Pre-Run: 396,076,597,248 bytes free

Post-Run: 396,240,576,512 bytes free

.

- - End Of File - - 97E3981D7D5F58F28E9C6C4ADDFAF216

 

 

 

--------

 

 

 

21:31:09.0009 4492 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32

21:31:09.0509 4492 ============================================================

21:31:09.0509 4492 Current date / time: 2012/04/04 21:31:09.0509

21:31:09.0509 4492 SystemInfo:

21:31:09.0509 4492

21:31:09.0509 4492 OS Version: 6.1.7601 ServicePack: 1.0

21:31:09.0509 4492 Product type: Workstation

21:31:09.0509 4492 ComputerName: MININT-AH1V0P8

21:31:09.0509 4492 UserName: Matt

21:31:09.0509 4492 Windows directory: C:\Windows

21:31:09.0509 4492 System windows directory: C:\Windows

21:31:09.0509 4492 Running under WOW64

21:31:09.0509 4492 Processor architecture: Intel x64

21:31:09.0509 4492 Number of processors: 8

21:31:09.0509 4492 Page size: 0x1000

21:31:09.0509 4492 Boot type: Normal boot

21:31:09.0509 4492 ============================================================

21:31:12.0426 4492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:31:12.0441 4492 \Device\Harddisk0\DR0:

21:31:12.0441 4492 MBR used

21:31:12.0441 4492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3882C800

21:31:12.0441 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3882D000, BlocksNum 0x1B54030

21:31:12.0504 4492 Initialize success

21:31:12.0504 4492 ============================================================

21:31:14.0235 4240 ============================================================

21:31:14.0235 4240 Scan started

21:31:14.0235 4240 Mode: Manual;

21:31:14.0235 4240 ============================================================

21:31:16.0763 4240 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

21:31:16.0763 4240 1394ohci - ok

21:31:16.0810 4240 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys

21:31:16.0825 4240 Acceler - ok

21:31:16.0841 4240 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:31:16.0841 4240 ACPI - ok

21:31:16.0872 4240 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:31:16.0888 4240 AcpiPmi - ok

21:31:16.0997 4240 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:31:17.0012 4240 AdobeARMservice - ok

21:31:17.0090 4240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

21:31:17.0106 4240 adp94xx - ok

21:31:17.0153 4240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

21:31:17.0168 4240 adpahci - ok

21:31:17.0184 4240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

21:31:17.0200 4240 adpu320 - ok

21:31:17.0231 4240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

21:31:17.0231 4240 AeLookupSvc - ok

21:31:17.0293 4240 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

21:31:17.0293 4240 AESTFilters - ok

21:31:17.0371 4240 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

21:31:17.0387 4240 AFD - ok

21:31:17.0418 4240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:31:17.0434 4240 agp440 - ok

21:31:17.0465 4240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

21:31:17.0465 4240 ALG - ok

21:31:17.0496 4240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:31:17.0512 4240 aliide - ok

21:31:17.0527 4240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:31:17.0527 4240 amdide - ok

21:31:17.0543 4240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

21:31:17.0558 4240 AmdK8 - ok

21:31:17.0574 4240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

21:31:17.0574 4240 AmdPPM - ok

21:31:17.0605 4240 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:31:17.0621 4240 amdsata - ok

21:31:17.0636 4240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

21:31:17.0652 4240 amdsbs - ok

21:31:17.0668 4240 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:31:17.0683 4240 amdxata - ok

21:31:17.0730 4240 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys

21:31:17.0746 4240 Andbus - ok

21:31:17.0777 4240 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys

21:31:17.0792 4240 AndDiag - ok

21:31:17.0824 4240 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys

21:31:17.0839 4240 AndGps - ok

21:31:17.0855 4240 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys

21:31:17.0870 4240 ANDModem - ok

21:31:17.0917 4240 ApfiltrService (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys

21:31:17.0917 4240 ApfiltrService - ok

21:31:17.0964 4240 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:31:17.0980 4240 AppID - ok

21:31:18.0011 4240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

21:31:18.0011 4240 AppIDSvc - ok

21:31:18.0042 4240 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

21:31:18.0042 4240 Appinfo - ok

21:31:18.0104 4240 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:31:18.0120 4240 Apple Mobile Device - ok

21:31:18.0182 4240 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

21:31:18.0198 4240 AppMgmt - ok

21:31:18.0229 4240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

21:31:18.0245 4240 arc - ok

21:31:18.0260 4240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

21:31:18.0276 4240 arcsas - ok

21:31:18.0354 4240 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:31:18.0385 4240 aspnet_state - ok

21:31:18.0401 4240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:31:18.0416 4240 AsyncMac - ok

21:31:18.0463 4240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:31:18.0463 4240 atapi - ok

21:31:18.0510 4240 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

21:31:18.0526 4240 AudioEndpointBuilder - ok

21:31:18.0541 4240 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

21:31:18.0541 4240 AudioSrv - ok

21:31:18.0572 4240 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

21:31:18.0572 4240 AxInstSV - ok

21:31:18.0604 4240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

21:31:18.0635 4240 b06bdrv - ok

21:31:18.0650 4240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:31:18.0666 4240 b57nd60a - ok

21:31:18.0713 4240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

21:31:18.0713 4240 BDESVC - ok

21:31:18.0744 4240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:31:18.0760 4240 Beep - ok

21:31:18.0806 4240 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

21:31:18.0822 4240 BFE - ok

21:31:18.0853 4240 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

21:31:18.0884 4240 BITS - ok

21:31:18.0916 4240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:31:18.0931 4240 blbdrive - ok

21:31:19.0009 4240 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

21:31:19.0025 4240 Bonjour Service - ok

21:31:19.0056 4240 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:31:19.0072 4240 bowser - ok

21:31:19.0087 4240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

21:31:19.0103 4240 BrFiltLo - ok

21:31:19.0118 4240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

21:31:19.0118 4240 BrFiltUp - ok

21:31:19.0165 4240 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

21:31:19.0165 4240 BridgeMP - ok

21:31:19.0212 4240 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

21:31:19.0228 4240 Browser - ok

21:31:19.0259 4240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:31:19.0274 4240 Brserid - ok

21:31:19.0306 4240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:31:19.0321 4240 BrSerWdm - ok

21:31:19.0337 4240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:31:19.0337 4240 BrUsbMdm - ok

21:31:19.0368 4240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:31:19.0368 4240 BrUsbSer - ok

21:31:19.0399 4240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

21:31:19.0415 4240 BTHMODEM - ok

21:31:19.0430 4240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

21:31:19.0446 4240 bthserv - ok

21:31:19.0508 4240 catchme - ok

21:31:19.0540 4240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:31:19.0555 4240 cdfs - ok

21:31:19.0586 4240 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:31:19.0602 4240 cdrom - ok

21:31:19.0633 4240 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

21:31:19.0633 4240 CertPropSvc - ok

21:31:19.0664 4240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

21:31:19.0664 4240 circlass - ok

21:31:19.0696 4240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:31:19.0711 4240 CLFS - ok

21:31:19.0758 4240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:31:19.0774 4240 clr_optimization_v2.0.50727_32 - ok

21:31:19.0805 4240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:31:19.0820 4240 clr_optimization_v2.0.50727_64 - ok

21:31:19.0867 4240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:31:19.0945 4240 clr_optimization_v4.0.30319_32 - ok

21:31:19.0961 4240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:31:19.0992 4240 clr_optimization_v4.0.30319_64 - ok

21:31:20.0039 4240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:31:20.0039 4240 CmBatt - ok

21:31:20.0070 4240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:31:20.0086 4240 cmdide - ok

21:31:20.0132 4240 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

21:31:20.0164 4240 CNG - ok

21:31:20.0210 4240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:31:20.0210 4240 Compbatt - ok

21:31:20.0242 4240 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

21:31:20.0242 4240 CompositeBus - ok

21:31:20.0273 4240 COMSysApp - ok

21:31:20.0288 4240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

21:31:20.0288 4240 crcdisk - ok

21:31:20.0366 4240 Credential Vault Host Control Service (6e163faaf624a03a88dfd92e607de6e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

21:31:20.0366 4240 Credential Vault Host Control Service - ok

21:31:20.0398 4240 Credential Vault Host Storage (8884b4d345ddb029f43ad2e7add54a30) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

21:31:20.0398 4240 Credential Vault Host Storage - ok

21:31:20.0460 4240 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

21:31:20.0476 4240 CryptSvc - ok

21:31:20.0522 4240 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

21:31:20.0538 4240 CSC - ok

21:31:20.0569 4240 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

21:31:20.0585 4240 CscService - ok

21:31:20.0647 4240 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

21:31:20.0647 4240 CtClsFlt - ok

21:31:20.0741 4240 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

21:31:20.0741 4240 cvhsvc - ok

21:31:20.0772 4240 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys

21:31:20.0772 4240 cvusbdrv - ok

21:31:20.0819 4240 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

21:31:20.0834 4240 DcomLaunch - ok

21:31:20.0881 4240 dcpsysmgrsvc (3562c84415080b8b0c4d695a43372e3e) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

21:31:20.0897 4240 dcpsysmgrsvc - ok

21:31:20.0928 4240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

21:31:20.0944 4240 defragsvc - ok

21:31:20.0975 4240 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:31:20.0990 4240 DfsC - ok

21:31:21.0022 4240 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

21:31:21.0037 4240 Dhcp - ok

21:31:21.0053 4240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:31:21.0068 4240 discache - ok

21:31:21.0115 4240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

21:31:21.0115 4240 Disk - ok

21:31:21.0146 4240 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

21:31:21.0162 4240 dmvsc - ok

21:31:21.0178 4240 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

21:31:21.0193 4240 Dnscache - ok

21:31:21.0209 4240 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

21:31:21.0224 4240 dot3svc - ok

21:31:21.0240 4240 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

21:31:21.0256 4240 DPS - ok

21:31:21.0287 4240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:31:21.0302 4240 drmkaud - ok

21:31:21.0349 4240 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:31:21.0365 4240 DXGKrnl - ok

21:31:21.0396 4240 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys

21:31:21.0412 4240 e1cexpress - ok

21:31:21.0443 4240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

21:31:21.0443 4240 EapHost - ok

21:31:21.0536 4240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

21:31:21.0646 4240 ebdrv - ok

21:31:21.0692 4240 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

21:31:21.0692 4240 EFS - ok

21:31:21.0739 4240 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

21:31:21.0770 4240 ehRecvr - ok

21:31:21.0786 4240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

21:31:21.0786 4240 ehSched - ok

21:31:21.0833 4240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

21:31:21.0864 4240 elxstor - ok

21:31:21.0880 4240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:31:21.0895 4240 ErrDev - ok

21:31:21.0926 4240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

21:31:21.0926 4240 EventSystem - ok

21:31:21.0958 4240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:31:21.0973 4240 exfat - ok

21:31:21.0989 4240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:31:22.0004 4240 fastfat - ok

21:31:22.0067 4240 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

21:31:22.0067 4240 Fax - ok

21:31:22.0082 4240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

21:31:22.0098 4240 fdc - ok

21:31:22.0129 4240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

21:31:22.0129 4240 fdPHost - ok

21:31:22.0145 4240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

21:31:22.0160 4240 FDResPub - ok

21:31:22.0192 4240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:31:22.0192 4240 FileInfo - ok

21:31:22.0207 4240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:31:22.0223 4240 Filetrace - ok

21:31:22.0238 4240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

21:31:22.0238 4240 flpydisk - ok

21:31:22.0270 4240 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:31:22.0285 4240 FltMgr - ok

21:31:22.0316 4240 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

21:31:22.0363 4240 FontCache - ok

21:31:22.0426 4240 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:31:22.0441 4240 FontCache3.0.0.0 - ok

21:31:22.0472 4240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:31:22.0472 4240 FsDepends - ok

21:31:22.0504 4240 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:31:22.0519 4240 Fs_Rec - ok

21:31:22.0550 4240 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:31:22.0566 4240 fvevol - ok

21:31:22.0597 4240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

21:31:22.0613 4240 gagp30kx - ok

21:31:22.0644 4240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:31:22.0660 4240 GEARAspiWDM - ok

21:31:22.0691 4240 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

21:31:22.0706 4240 gpsvc - ok

21:31:22.0738 4240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:31:22.0738 4240 hcw85cir - ok

21:31:22.0769 4240 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:31:22.0769 4240 HDAudBus - ok

21:31:22.0784 4240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

21:31:22.0800 4240 HidBatt - ok

21:31:22.0816 4240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

21:31:22.0831 4240 HidBth - ok

21:31:22.0847 4240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

21:31:22.0862 4240 HidIr - ok

21:31:22.0878 4240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

21:31:22.0894 4240 hidserv - ok

21:31:22.0925 4240 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

21:31:22.0925 4240 HidUsb - ok

21:31:22.0956 4240 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

21:31:22.0956 4240 hkmsvc - ok

21:31:23.0003 4240 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

21:31:23.0018 4240 HomeGroupListener - ok

21:31:23.0050 4240 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

21:31:23.0050 4240 HomeGroupProvider - ok

21:31:23.0096 4240 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:31:23.0096 4240 HpSAMD - ok

21:31:23.0143 4240 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:31:23.0174 4240 HTTP - ok

21:31:23.0190 4240 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:31:23.0190 4240 hwpolicy - ok

21:31:23.0237 4240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

21:31:23.0252 4240 i8042prt - ok

21:31:23.0284 4240 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:31:23.0284 4240 iaStorV - ok

21:31:23.0362 4240 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:31:23.0377 4240 idsvc - ok

21:31:23.0596 4240 igfx (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys

21:31:23.0845 4240 igfx - ok

21:31:23.0923 4240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

21:31:23.0939 4240 iirsp - ok

21:31:23.0970 4240 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

21:31:24.0001 4240 IKEEXT - ok

21:31:24.0048 4240 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

21:31:24.0064 4240 Impcd - ok

21:31:24.0079 4240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:31:24.0095 4240 intelide - ok

21:31:24.0126 4240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:31:24.0126 4240 intelppm - ok

21:31:24.0157 4240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

21:31:24.0157 4240 IPBusEnum - ok

21:31:24.0188 4240 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:31:24.0204 4240 IpFilterDriver - ok

21:31:24.0251 4240 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

21:31:24.0266 4240 iphlpsvc - ok

21:31:24.0282 4240 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:31:24.0298 4240 IPMIDRV - ok

21:31:24.0313 4240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:31:24.0329 4240 IPNAT - ok

21:31:24.0391 4240 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

21:31:24.0438 4240 iPod Service - ok

21:31:24.0454 4240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:31:24.0469 4240 IRENUM - ok

21:31:24.0500 4240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:31:24.0516 4240 isapnp - ok

21:31:24.0547 4240 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:31:24.0563 4240 iScsiPrt - ok

21:31:24.0578 4240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

21:31:24.0578 4240 kbdclass - ok

21:31:24.0594 4240 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

21:31:24.0610 4240 kbdhid - ok

21:31:24.0656 4240 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

21:31:24.0656 4240 KeyIso - ok

21:31:24.0672 4240 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

21:31:24.0688 4240 KSecDD - ok

21:31:24.0703 4240 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

21:31:24.0719 4240 KSecPkg - ok

21:31:24.0734 4240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:31:24.0750 4240 ksthunk - ok

21:31:24.0781 4240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

21:31:24.0797 4240 KtmRm - ok

21:31:24.0844 4240 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

21:31:24.0844 4240 LanmanServer - ok

21:31:24.0875 4240 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

21:31:24.0875 4240 LanmanWorkstation - ok

21:31:24.0937 4240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:31:24.0937 4240 lltdio - ok

21:31:24.0968 4240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

21:31:24.0984 4240 lltdsvc - ok

21:31:25.0015 4240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

21:31:25.0031 4240 lmhosts - ok

21:31:25.0046 4240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

21:31:25.0062 4240 LSI_FC - ok

21:31:25.0078 4240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

21:31:25.0093 4240 LSI_SAS - ok

21:31:25.0109 4240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

21:31:25.0124 4240 LSI_SAS2 - ok

21:31:25.0140 4240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

21:31:25.0156 4240 LSI_SCSI - ok

21:31:25.0171 4240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:31:25.0187 4240 luafv - ok

21:31:25.0234 4240 MBAMProtector - ok

21:31:25.0280 4240 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:31:25.0343 4240 MBAMService - ok

21:31:25.0374 4240 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

21:31:25.0390 4240 Mcx2Svc - ok

21:31:25.0421 4240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

21:31:25.0421 4240 megasas - ok

21:31:25.0452 4240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

21:31:25.0468 4240 MegaSR - ok

21:31:25.0499 4240 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

21:31:25.0514 4240 MEIx64 - ok

21:31:25.0546 4240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

21:31:25.0546 4240 MMCSS - ok

21:31:25.0561 4240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:31:25.0577 4240 Modem - ok

21:31:25.0608 4240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:31:25.0608 4240 monitor - ok

21:31:25.0624 4240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

21:31:25.0639 4240 mouclass - ok

21:31:25.0655 4240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:31:25.0670 4240 mouhid - ok

21:31:25.0686 4240 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:31:25.0702 4240 mountmgr - ok

21:31:25.0717 4240 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:31:25.0733 4240 mpio - ok

21:31:25.0748 4240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:31:25.0764 4240 mpsdrv - ok

21:31:25.0795 4240 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

21:31:25.0811 4240 MpsSvc - ok

21:31:25.0826 4240 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:31:25.0842 4240 MRxDAV - ok

21:31:25.0873 4240 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:31:25.0889 4240 mrxsmb - ok

21:31:25.0920 4240 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:31:25.0936 4240 mrxsmb10 - ok

21:31:25.0951 4240 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:31:25.0967 4240 mrxsmb20 - ok

21:31:25.0998 4240 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:31:25.0998 4240 msahci - ok

21:31:26.0029 4240 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:31:26.0029 4240 msdsm - ok

21:31:26.0060 4240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

21:31:26.0076 4240 MSDTC - ok

21:31:26.0107 4240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:31:26.0123 4240 Msfs - ok

21:31:26.0138 4240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:31:26.0138 4240 mshidkmdf - ok

21:31:26.0170 4240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:31:26.0170 4240 msisadrv - ok

21:31:26.0201 4240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

21:31:26.0216 4240 MSiSCSI - ok

21:31:26.0232 4240 msiserver - ok

21:31:26.0263 4240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:31:26.0263 4240 MSKSSRV - ok

21:31:26.0294 4240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:31:26.0294 4240 MSPCLOCK - ok

21:31:26.0310 4240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:31:26.0326 4240 MSPQM - ok

21:31:26.0341 4240 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:31:26.0357 4240 MsRPC - ok

21:31:26.0372 4240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

21:31:26.0372 4240 mssmbios - ok

21:31:26.0388 4240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:31:26.0404 4240 MSTEE - ok

21:31:26.0419 4240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

21:31:26.0419 4240 MTConfig - ok

21:31:26.0450 4240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:31:26.0450 4240 Mup - ok

21:31:26.0482 4240 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

21:31:26.0497 4240 napagent - ok

21:31:26.0575 4240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:31:26.0591 4240 NativeWifiP - ok

21:31:26.0622 4240 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:31:26.0638 4240 NDIS - ok

21:31:26.0653 4240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:31:26.0669 4240 NdisCap - ok

21:31:26.0684 4240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:31:26.0700 4240 NdisTapi - ok

21:31:26.0716 4240 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:31:26.0731 4240 Ndisuio - ok

21:31:26.0747 4240 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:31:26.0762 4240 NdisWan - ok

21:31:26.0778 4240 NDProxy (015c0d8e0e0421b4cfd48cf

Share this post


Link to post
Share on other sites

Hello hylndr11. :)

 

Please delete your current copy of ComboFix. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

==========

 

Next, please download MBRScan and save it to your Desktop.

  • Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on Run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your Desktop and post its content in your next reply.

==========

 

Finally, please download BlueScreenVew to your Desktop.

 

  • Unzip the downloaded file and double click on BlueScreenView.exe file to run the program.
  • When scanning is done, please go Edit>Select All.
  • Go File>Save Selected Items, and save the report as BSOD.txt.
  • Open BSOD.txt in Notepad, copy all the content, and paste it into your next reply.

===========

 

In your next post I would like to see the following please:

  • ComboFix.txt.
  • Log from MBRScan.
  • Log from BSOD.txt.

Share this post


Link to post
Share on other sites

Ugggh - combofix seems to have done something to registry files, the scan went really fast and when it was done, Illegal operation attempted on a registry key that has been marked for deletion on every program and cant do anything with the computer now. :( I make my living with this machine I run an SEO/webdev company and got to get this going so Im got to try and fix this right away

 

 

 

 

ComboFix 12-04-06.02 - Matt 04/06/2012 10:22:24.4.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6466 [GMT -4:00]

Running from: c:\users\Matt\Desktop\ComboFix.exe

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-06 14:28 . 2012-04-06 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\programdata\Malwarebytes

2012-04-01 16:13 . 2012-04-01 16:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-22 00:20 . 2012-03-22 00:20 -------- d-----w- c:\program files (x86)\Kudos Chat Search v2

2012-03-22 00:18 . 2012-03-22 00:21 -------- d-----w- c:\users\Matt\AppData\Roaming\KudosChatSearch

2012-03-22 00:18 . 2012-03-22 00:18 -------- d-----w- c:\program files (x86)\KudosChatSearchAgent

2012-03-19 14:02 . 2012-03-19 14:02 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-19 14:02 . 2012-03-19 14:02 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-19 14:02 . 2012-03-19 14:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-03-19 14:02 . 2012-03-19 14:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-03-19 14:02 . 2012-03-19 14:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\SysWow64\NV

2012-03-10 21:06 . 2012-03-12 13:22 -------- d-----w- c:\windows\system32\NV

2012-03-10 21:05 . 2011-06-05 11:22 9832 ----a-w- c:\windows\system32\NVMUPEventMsg.dll

2012-03-10 21:01 . 2012-03-10 21:01 -------- d-----w- c:\users\UpdatusUser

2012-03-10 20:59 . 2011-08-01 04:09 1652840 ----a-w- c:\windows\system32\nvdispco6420141.dll

2012-03-10 20:59 . 2011-08-01 04:09 1398376 ----a-w- c:\windows\system32\nvgenco642061.dll

2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\windows\nvmup

2012-03-10 20:58 . 2012-03-10 20:58 -------- d-----w- c:\users\Matt\AppData\Local\Dell

2012-03-10 20:51 . 2012-03-10 20:51 -------- d-----w- c:\users\Matt\AppData\Local\Deployment

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 07:13 . 2012-02-21 15:25 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB483A85-3094-4A95-94C0-F2457ADC0FA2}\mpengine.dll

2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-14 04:06 . 2012-02-21 15:16 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.02.23 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-04-02 14:50 . 2012-04-02 14:50 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2012-04-06 14:29 . 2012-04-06 14:29 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-11-21 03:09 . 2012-04-05 22:01 47798 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-06 13:54 30086 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-09-30 13:08 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-30 13:08 . 2012-04-05 14:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-30 13:08 . 2012-04-05 14:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-09-30 13:08 . 2012-04-01 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-01 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-05 14:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-30 14:42 . 2012-04-06 13:54 9540 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2675319862-669255112-2487870991-1001_UserData.bin

- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-06 14:30 . 2012-04-06 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-02 14:51 . 2012-04-02 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-06 14:30 . 2012-04-06 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-15 20:10 . 2012-04-06 12:25 231134 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-09-30 17:56 . 2012-04-06 13:49 245964 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-04-06 01:34 671976 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-01 16:37 671976 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-06 01:34 125102 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-04-01 16:37 125102 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-04-06 14:29 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-02 14:50 352228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-09-30 16:52 . 2012-04-02 13:04 2174258 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-4096.dat

+ 2011-09-30 16:52 . 2012-04-06 13:50 2174258 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-4096.dat

+ 2011-09-30 14:38 . 2012-04-06 14:29 51633844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675319862-669255112-2487870991-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [x]

R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys [x]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]

R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]

R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys [x]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.dell.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

TCP: DhcpNameServer = 192.168.1.10

FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.http - 173.213.90.71

FF - prefs.js: network.proxy.http_port - 55555

FF - prefs.js: network.proxy.type - 0

.

.

------- File Associations -------

.

.txt=GetDiz.TextFile

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]

"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-04-06 10:38:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-06 14:38

ComboFix2.txt 2012-04-02 17:05

.

Pre-Run: 395,841,413,120 bytes free

Post-Run: 395,909,681,152 bytes free

.

- - End Of File - - EE3A227302FEFDE02F90C00E63BA4A2F

Share this post


Link to post
Share on other sites

OK - just rebooted and hopefully were back on track here are the bsod and the MBRcheck files

 

 

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/04/06 (ISO 8601) at 12:53:35
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST950042 3AS (0001)
BUS_TYPE       : (0x08)  RAID
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 499A037B06E6D4EB68AD855B6217EF50
MBR_SHA1  : 6C25E67CC28EA516057F358A515760E8512C664A

Device\Harddisk0\Partition1	452.1 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	13.66 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03201000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C88000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CEB000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00E73000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00F33000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00FD7000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00E57000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00E60000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00D49000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FE6000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00D7C000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FF3000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00D91000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00D9D000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00C5C000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\iaStorV.sys => Invisible on the disk
ADDRESS : 0x01079000
SIZE    : 1.12 Mo

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01197000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x011A2000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\PxHlpa64.sys => Invisible on the disk
ADDRESS : 0x01014000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01257000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x014D2000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01530000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0154B000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015BD000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015CE000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01606000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x016F9000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01759000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x0186F000
SIZE    : 2.02 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A73000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x01ABD000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01ACD000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stdcfltn.sys => Invisible on the disk
ADDRESS : 0x01B19000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01B22000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01B2A000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\PBADRV.sys => Invisible on the disk
ADDRESS : 0x01B64000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvpciflt.sys => Invisible on the disk
ADDRESS : 0x01B70000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B75000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B87000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B90000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01BCA000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x04013000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0403D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x04046000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x0404D000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x0405B000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x04080000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x04090000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x04099000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x040A2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x040AB000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x040B6000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x0183E000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x040C7000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01784000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x01860000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x040D4000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x017C9000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01BE0000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tmlwf.sys => Invisible on the disk
ADDRESS : 0x01489000
SIZE    : 208.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x017EF000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x015D8000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tmtdi.sys => Invisible on the disk
ADDRESS : 0x0121B000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x014BD000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01021000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x01238000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x015F5000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x01244000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x0307C000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x030FF000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x0311D000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x0312E000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x0F458000
SIZE    : 12.46 Mo

DRIVER  : C:\Windows\System32\Drivers\nvBridge.kmd => Invisible on the disk
ADDRESS : 0x100CF000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x100D1000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0F400000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04C36000
SIZE    : 11.70 Mo

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x057E8000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x04C00000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\e1c62x64.sys => Invisible on the disk
ADDRESS : 0x03154000
SIZE    : 320.0 Ko

DRIVER  : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x04C0C000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x031A4000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x101C5000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\NETwNs64.sys => Invisible on the disk
ADDRESS : 0x05AB0000
SIZE    : 8.42 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x0631B000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\1394ohci.sys => Invisible on the disk
ADDRESS : 0x06328000
SIZE    : 248.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\o2sdjxpx64.sys => Invisible on the disk
ADDRESS : 0x06366000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x06379000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\O2MDRxpx64.sys => Invisible on the disk
ADDRESS : 0x063A8000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x063B9000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x063D7000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x05A00000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Apfiltr.sys => Invisible on the disk
ADDRESS : 0x05A1D000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x05A77000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk
ADDRESS : 0x05A86000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Accelern.sys => Invisible on the disk
ADDRESS : 0x05A93000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x063E6000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x05AA3000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x04C1D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x04C26000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x101E9000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x03000000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x0F446000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x03024000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x03053000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x00DB2000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x00DD3000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x0306E000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x05AA8000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x06488000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x064CB000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x064DD000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x06537000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stwrt64.sys => Invisible on the disk
ADDRESS : 0x0654C000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\portcls.sys => Invisible on the disk
ADDRESS : 0x06400000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\drmk.sys => Invisible on the disk
ADDRESS : 0x0643D000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0645F000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x06465000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStorV.sys => Invisible on the disk
ADDRESS : 0x040DD000
SIZE    : 1.12 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x06473000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000A0000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x065CF000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x065DB000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x02822000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x0283F000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x02841000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CtClsFlt.sys => Invisible on the disk
ADDRESS : 0x0286F000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x028B5000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x028C3000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x028DC000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cvusbdrv.sys => Invisible on the disk
ADDRESS : 0x028E5000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x02935000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00580000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x006C0000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x02942000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftvollh.sys => Invisible on the disk
ADDRESS : 0x0A3ED000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x029D3000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WinUSB.sys => Invisible on the disk
ADDRESS : 0x02800000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x028F3000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\scfilter.sys => Invisible on the disk
ADDRESS : 0x02924000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x065E9000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x0AA55000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x0AAA8000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x0AABB000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x0AAD3000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x0AB09000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x0ABD2000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x0AA00000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x0AA18000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x0B490000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0B4DE000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x0B502000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0B5A8000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftfslh.sys => Invisible on the disk
ADDRESS : 0x0B60E000
SIZE    : 732.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftplaylh.sys => Invisible on the disk
ADDRESS : 0x0B6C5000
SIZE    : 308.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x0B712000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x0B743000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tmwfp.sys => Invisible on the disk
ADDRESS : 0x0BA3D000
SIZE    : 1.75 Mo

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0B755000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0BE21000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftredirlh.sys => Invisible on the disk
ADDRESS : 0x0BEB9000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\spsys.sys => Invisible on the disk
ADDRESS : 0x0BEC4000
SIZE    : 452.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47B50000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A A8 2E 33 D2 00 00 80 20   em...c{.¨.3Ò... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 C8 82 38 00 FE   !..þ.......È.8.þ
0x000001D0   FF FF 07 FE FF FF 00 D0 82 38 30 40 B5 01 00 00   ...þ...Ð.80@µ...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

 

---

 

 

 

 

 

==================================================

Dump File : 040412-16660-01.dmp

Crash Time : 4/4/2012 10:12:05 PM

Bug Check String :

Bug Check Code : 0x00000109

Parameter 1 : a3a039d8`99165c3a

Parameter 2 : b3b7465e`eb949588

Parameter 3 : fffff800`00bd55cc

Parameter 4 : 00000000`00000001

Caused By Driver : kdcom.dll

Caused By Address : kdcom.dll+5cc

File Description :

Product Name :

Company :

File Version :

Processor : x64

Crash Address : ntoskrnl.exe+7cc40

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\040412-16660-01.dmp

Processors Count : 8

Major Version : 15

Minor Version : 7601

Dump File Size : 262,144

==================================================

Share this post


Link to post
Share on other sites

Hey hylndr11. :)

 

Restarting your computer was the right move regarding the ComboFix issue. :thumbup:

 

 

Please download maxhandle.exe by noahdfear to your Desktop.

  • Double click and run the application.
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to C:\maxhandle.txt.
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.

Please post the results for my review in your next post.

==========

 

Next, please follow these instructions to run the Farbar Recovery Scan Tool.

 

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt.

[*]In the command window type in n\Notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer", find your flash drive letter and close the Notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

==========

 

In your next post, please provide the following:

  • maxhandle.txt.
  • FRST.txt.

Are you still seeing BSODs?

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.