How to remove Virus Win32/Small.Ca from my desktop

March 14, 2013 at 23:20:13
Specs: Windows 7, Phenom II x4 3.4ghz / 12 gigs
I just discovered I have Virus Win32/Small.Ca on my PC today and I have no idea how to remove.I may have had this virus for a few days which is why my PC has not been acting right.So can someone please help me? Action Center told me about the virus.

See More: How to remove Virus Win32/Small.Ca from my desktop

Report •

#1
March 15, 2013 at 02:50:04
One user just had their problem with this virus solved here

http://www.computing.net/answers/se...

Give it a shot


Report •

#2
March 15, 2013 at 03:55:32
Post your logs here please.

Report •

#3
March 15, 2013 at 08:57:10
Ok here are my logs.


Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256594
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

Related Solutions

#4
March 15, 2013 at 10:28:42
"Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> No action taken"

Your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.


Report •

#5
March 15, 2013 at 12:41:12
I did new scan and now it says this.Is my pc safe now?
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222223
Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#6
March 15, 2013 at 14:38:19
"Is my pc safe now?"
Doubt it, no one program can keep up with the thousands of new badies coming out every hour.

The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.

If any program won't run ( due to the infection ) let me know.

Copy & Paste the contents of the log/logs after running each program.


Report •

#7
March 15, 2013 at 14:42:08
1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.

2: Reboot

3: Run TDSSKiller & post the contents of the log.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...


Report •

#8
March 15, 2013 at 16:16:58
This is my log from TDSSKILLER Part 1
19:06:35.0848 0712 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:06:35.0877 0712 Drive \Device\Harddisk5\DR5 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:06:35.0878 0712 ============================================================
19:06:35.0878 0712 \Device\Harddisk0\DR0:
19:06:35.0878 0712 MBR partitions:
19:06:35.0878 0712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x8D800
19:06:35.0878 0712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8E000, BlocksNum 0x74678000
19:06:35.0878 0712 \Device\Harddisk5\DR5:
19:06:35.0878 0712 MBR partitions:
19:06:35.0878 0712 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0C72
19:06:35.0878 0712 ============================================================
19:06:35.0950 0712 C: <-> \Device\Harddisk0\DR0\Partition2
19:06:35.0963 0712 I: <-> \Device\Harddisk5\DR5\Partition1
19:06:35.0963 0712 ============================================================
19:06:35.0963 0712 Initialize success
19:06:35.0963 0712 ============================================================
19:07:01.0306 1384 ============================================================
19:07:01.0306 1384 Scan started
19:07:01.0306 1384 Mode: Manual;
19:07:01.0306 1384 ============================================================
19:07:01.0758 1384 ================ Scan system memory ========================
19:07:01.0758 1384 System memory - ok
19:07:01.0759 1384 ================ Scan services =============================
19:07:02.0160 1384 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:07:02.0166 1384 1394ohci - ok
19:07:02.0197 1384 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:07:02.0205 1384 ACPI - ok
19:07:02.0214 1384 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:07:02.0216 1384 AcpiPmi - ok
19:07:02.0244 1384 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:07:02.0249 1384 adp94xx - ok
19:07:02.0311 1384 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:07:02.0336 1384 adpahci - ok
19:07:02.0363 1384 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:07:02.0368 1384 adpu320 - ok
19:07:02.0404 1384 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:07:02.0406 1384 AeLookupSvc - ok
19:07:02.0449 1384 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
19:07:02.0453 1384 AFD - ok
19:07:02.0457 1384 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:07:02.0459 1384 agp440 - ok
19:07:02.0490 1384 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:07:02.0493 1384 ALG - ok
19:07:02.0508 1384 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:07:02.0509 1384 aliide - ok
19:07:02.0513 1384 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:07:02.0514 1384 amdide - ok
19:07:02.0520 1384 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:07:02.0529 1384 AmdK8 - ok
19:07:02.0536 1384 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:07:02.0537 1384 AmdPPM - ok
19:07:02.0541 1384 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:07:02.0543 1384 amdsata - ok
19:07:02.0548 1384 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:07:02.0551 1384 amdsbs - ok
19:07:02.0555 1384 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:07:02.0556 1384 amdxata - ok
19:07:02.0579 1384 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:07:02.0581 1384 AppID - ok
19:07:02.0600 1384 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:07:02.0602 1384 AppIDSvc - ok
19:07:02.0618 1384 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:07:02.0627 1384 Appinfo - ok
19:07:02.0647 1384 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:07:02.0649 1384 arc - ok
19:07:02.0657 1384 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:07:02.0658 1384 arcsas - ok
19:07:02.0691 1384 [ E1E75921E9EB025009696D4837F531FB ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
19:07:02.0692 1384 asmthub3 - ok
19:07:02.0702 1384 [ B0CF9AB16006B61634D4F955345CA5D2 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
19:07:02.0704 1384 asmtxhci - ok
19:07:02.0731 1384 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:02.0732 1384 AsyncMac - ok
19:07:02.0735 1384 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:07:02.0735 1384 atapi - ok
19:07:02.0769 1384 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:07:02.0769 1384 AtiPcie - ok
19:07:02.0796 1384 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:07:02.0809 1384 AudioEndpointBuilder - ok
19:07:02.0826 1384 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:07:02.0834 1384 AudioSrv - ok
19:07:02.0894 1384 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:07:02.0897 1384 AxInstSV - ok
19:07:02.0948 1384 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:07:02.0958 1384 b06bdrv - ok
19:07:03.0016 1384 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:03.0022 1384 b57nd60a - ok
19:07:03.0048 1384 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:07:03.0052 1384 BDESVC - ok
19:07:03.0062 1384 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:07:03.0064 1384 Beep - ok
19:07:03.0138 1384 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:07:03.0151 1384 BFE - ok
19:07:03.0221 1384 [ 00CADB1BC2D0030F0B2A1063618B6BD7 ] BIOS C:\Windows\system32\drivers\BIOS64.sys
19:07:03.0244 1384 BIOS - ok
19:07:03.0295 1384 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:07:03.0313 1384 BITS - ok
19:07:03.0317 1384 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:03.0318 1384 blbdrive - ok
19:07:03.0384 1384 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:07:03.0387 1384 bowser - ok
19:07:03.0396 1384 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:07:03.0398 1384 BrFiltLo - ok
19:07:03.0407 1384 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:07:03.0409 1384 BrFiltUp - ok
19:07:03.0429 1384 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
19:07:03.0433 1384 Browser - ok
19:07:03.0453 1384 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:07:03.0456 1384 Brserid - ok
19:07:03.0460 1384 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:03.0462 1384 BrSerWdm - ok
19:07:03.0465 1384 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:03.0466 1384 BrUsbMdm - ok
19:07:03.0469 1384 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:03.0470 1384 BrUsbSer - ok
19:07:03.0481 1384 [ 83601BBE5563D92C1FDB4E960D84DC77 ] BS_I2cIo C:\Windows\system32\drivers\BS_I2c64.sys
19:07:03.0490 1384 BS_I2cIo - ok
19:07:03.0494 1384 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:07:03.0496 1384 BTHMODEM - ok
19:07:03.0515 1384 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:07:03.0517 1384 bthserv - ok
19:07:03.0522 1384 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:07:03.0523 1384 cdfs - ok
19:07:03.0537 1384 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:07:03.0539 1384 cdrom - ok
19:07:03.0588 1384 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:07:03.0592 1384 CertPropSvc - ok
19:07:03.0601 1384 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:07:03.0603 1384 circlass - ok
19:07:03.0621 1384 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:07:03.0624 1384 CLFS - ok
19:07:03.0790 1384 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:03.0797 1384 clr_optimization_v2.0.50727_32 - ok
19:07:03.0923 1384 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:03.0929 1384 clr_optimization_v2.0.50727_64 - ok
19:07:03.0938 1384 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:07:03.0940 1384 CmBatt - ok
19:07:03.0949 1384 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:07:03.0951 1384 cmdide - ok
19:07:03.0974 1384 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
19:07:03.0978 1384 CNG - ok
19:07:03.0982 1384 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:07:03.0983 1384 Compbatt - ok
19:07:04.0001 1384 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:07:04.0002 1384 CompositeBus - ok
19:07:04.0012 1384 COMSysApp - ok
19:07:04.0017 1384 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:07:04.0018 1384 crcdisk - ok
19:07:04.0041 1384 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:07:04.0043 1384 CryptSvc - ok
19:07:04.0086 1384 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:07:04.0092 1384 DcomLaunch - ok
19:07:04.0113 1384 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:07:04.0116 1384 defragsvc - ok
19:07:04.0120 1384 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:07:04.0122 1384 DfsC - ok
19:07:04.0149 1384 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:07:04.0191 1384 Dhcp - ok
19:07:04.0196 1384 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:07:04.0196 1384 discache - ok
19:07:04.0200 1384 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:07:04.0201 1384 Disk - ok
19:07:04.0215 1384 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:07:04.0217 1384 Dnscache - ok
19:07:04.0230 1384 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:07:04.0233 1384 dot3svc - ok
19:07:04.0245 1384 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:07:04.0247 1384 DPS - ok
19:07:04.0289 1384 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:07:04.0291 1384 drmkaud - ok
19:07:04.0332 1384 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:07:04.0347 1384 DXGKrnl - ok
19:07:04.0373 1384 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:07:04.0376 1384 EapHost - ok
19:07:04.0454 1384 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:07:04.0495 1384 ebdrv - ok
19:07:04.0527 1384 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
19:07:04.0528 1384 EFS - ok
19:07:04.0605 1384 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:07:04.0661 1384 ehRecvr - ok
19:07:04.0709 1384 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:07:04.0788 1384 ehSched - ok
19:07:04.0824 1384 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:07:04.0829 1384 elxstor - ok
19:07:04.0832 1384 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:07:04.0833 1384 ErrDev - ok
19:07:04.0873 1384 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:07:04.0876 1384 EventSystem - ok
19:07:04.0882 1384 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:07:04.0885 1384 exfat - ok
19:07:04.0890 1384 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:07:04.0892 1384 fastfat - ok
19:07:04.0920 1384 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:07:04.0926 1384 Fax - ok
19:07:04.0930 1384 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:07:04.0931 1384 fdc - ok
19:07:04.0942 1384 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:07:04.0944 1384 fdPHost - ok
19:07:04.0953 1384 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:07:04.0955 1384 FDResPub - ok
19:07:04.0959 1384 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:07:04.0960 1384 FileInfo - ok
19:07:04.0963 1384 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:07:04.0964 1384 Filetrace - ok
19:07:04.0968 1384 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:07:04.0969 1384 flpydisk - ok
19:07:04.0996 1384 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:07:04.0999 1384 FltMgr - ok
19:07:05.0029 1384 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
19:07:05.0047 1384 FontCache - ok
19:07:05.0081 1384 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:05.0083 1384 FontCache3.0.0.0 - ok
19:07:05.0092 1384 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:07:05.0095 1384 FsDepends - ok
19:07:05.0103 1384 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:07:05.0104 1384 Fs_Rec - ok
19:07:05.0134 1384 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:07:05.0136 1384 fvevol - ok
19:07:05.0152 1384 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:07:05.0153 1384 gagp30kx - ok
19:07:05.0182 1384 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:07:05.0197 1384 gpsvc - ok
19:07:05.0300 1384 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:05.0304 1384 gupdate - ok
19:07:05.0328 1384 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:05.0330 1384 gupdatem - ok
19:07:05.0360 1384 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:07:05.0363 1384 hcw85cir - ok
19:07:05.0405 1384 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:07:05.0413 1384 HdAudAddService - ok
19:07:05.0431 1384 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:07:05.0434 1384 HDAudBus - ok
19:07:05.0443 1384 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:07:05.0444 1384 HidBatt - ok
19:07:05.0471 1384 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:07:05.0474 1384 HidBth - ok
19:07:05.0498 1384 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:07:05.0499 1384 HidIr - ok
19:07:05.0518 1384 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:07:05.0520 1384 hidserv - ok
19:07:05.0535 1384 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:07:05.0537 1384 HidUsb - ok
19:07:05.0559 1384 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:07:05.0564 1384 hkmsvc - ok
19:07:05.0604 1384 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:07:05.0611 1384 HomeGroupListener - ok
19:07:05.0652 1384 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:07:05.0658 1384 HomeGroupProvider - ok
19:07:05.0676 1384 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:07:05.0680 1384 HpSAMD - ok
19:07:05.0718 1384 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:07:05.0738 1384 HTTP - ok
19:07:05.0745 1384 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:07:05.0746 1384 hwpolicy - ok
19:07:05.0750 1384 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:07:05.0752 1384 i8042prt - ok
19:07:05.0758 1384 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:07:05.0762 1384 iaStorV - ok
19:07:05.0814 1384 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:05.0831 1384 idsvc - ok
19:07:05.0837 1384 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:07:05.0838 1384 iirsp - ok
19:07:05.0868 1384 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:07:05.0876 1384 IKEEXT - ok
19:07:05.0957 1384 [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:07:05.0983 1384 IntcAzAudAddService - ok
19:07:05.0988 1384 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:07:05.0989 1384 intelide - ok
19:07:06.0001 1384 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:07:06.0003 1384 intelppm - ok
19:07:06.0011 1384 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:07:06.0013 1384 IPBusEnum - ok
19:07:06.0017 1384 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:06.0019 1384 IpFilterDriver - ok
19:07:06.0030 1384 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:07:06.0035 1384 iphlpsvc - ok
19:07:06.0040 1384 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:07:06.0041 1384 IPMIDRV - ok
19:07:06.0045 1384 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:07:06.0047 1384 IPNAT - ok
19:07:06.0057 1384 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:07:06.0058 1384 IRENUM - ok
19:07:06.0062 1384 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:07:06.0062 1384 isapnp - ok
19:07:06.0084 1384 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:07:06.0087 1384 iScsiPrt - ok
19:07:06.0090 1384 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:06.0090 1384 kbdclass - ok
19:07:06.0110 1384 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:07:06.0111 1384 kbdhid - ok
19:07:06.0126 1384 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
19:07:06.0127 1384 KeyIso - ok
19:07:06.0131 1384 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:07:06.0132 1384 KSecDD - ok
19:07:06.0135 1384 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:07:06.0136 1384 KSecPkg - ok
19:07:06.0139 1384 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:07:06.0140 1384 ksthunk - ok
19:07:06.0154 1384 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:07:06.0158 1384 KtmRm - ok
19:07:06.0204 1384 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:07:06.0212 1384 LanmanServer - ok
19:07:06.0267 1384 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:07:06.0274 1384 LanmanWorkstation - ok
19:07:06.0323 1384 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:07:06.0324 1384 lltdio - ok
19:07:06.0331 1384 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:07:06.0335 1384 lltdsvc - ok
19:07:06.0359 1384 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:07:06.0360 1384 lmhosts - ok
19:07:06.0383 1384 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:07:06.0385 1384 LSI_FC - ok
19:07:06.0390 1384 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:07:06.0391 1384 LSI_SAS - ok
19:07:06.0401 1384 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:07:06.0403 1384 LSI_SAS2 - ok
19:07:06.0411 1384 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:07:06.0413 1384 LSI_SCSI - ok
19:07:06.0418 1384 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:07:06.0419 1384 luafv - ok
19:07:06.0447 1384 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:07:06.0450 1384 Mcx2Svc - ok
19:07:06.0471 1384 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:07:06.0473 1384 megasas - ok
19:07:06.0484 1384 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:07:06.0487 1384 MegaSR - ok
19:07:06.0519 1384 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:07:06.0521 1384 MMCSS - ok
19:07:06.0525 1384 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:07:06.0526 1384 Modem - ok
19:07:06.0536 1384 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:07:06.0537 1384 monitor - ok
19:07:06.0542 1384 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:07:06.0543 1384 mouclass - ok
19:07:06.0560 1384 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:07:06.0568 1384 mouhid - ok
19:07:06.0572 1384 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:07:06.0573 1384 mountmgr - ok
19:07:06.0600 1384 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:07:06.0602 1384 MpFilter - ok
19:07:06.0606 1384 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:07:06.0608 1384 mpio - ok
19:07:06.0612 1384 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:07:06.0612 1384 mpsdrv - ok
19:07:06.0630 1384 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:07:06.0636 1384 MpsSvc - ok
19:07:06.0657 1384 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:07:06.0659 1384 MRxDAV - ok
19:07:06.0664 1384 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:06.0665 1384 mrxsmb - ok
19:07:06.0670 1384 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:06.0672 1384 mrxsmb10 - ok
19:07:06.0677 1384 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:06.0678 1384 mrxsmb20 - ok
19:07:06.0682 1384 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:07:06.0683 1384 msahci - ok
19:07:06.0687 1384 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:07:06.0689 1384 msdsm - ok
19:07:06.0692 1384 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:07:06.0694 1384 MSDTC - ok
19:07:06.0699 1384 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:07:06.0705 1384 Msfs - ok
19:07:06.0708 1384 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:07:06.0709 1384 mshidkmdf - ok
19:07:06.0711 1384 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:07:06.0712 1384 msisadrv - ok
19:07:06.0748 1384 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:07:06.0750 1384 MSiSCSI - ok
19:07:06.0753 1384 msiserver - ok
19:07:06.0757 1384 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:07:06.0757 1384 MSKSSRV - ok
19:07:06.0844 1384 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:07:06.0844 1384 MsMpSvc - ok
19:07:06.0848 1384 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:06.0848 1384 MSPCLOCK - ok
19:07:06.0851 1384 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:07:06.0851 1384 MSPQM - ok
19:07:06.0872 1384 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:07:06.0875 1384 MsRPC - ok
19:07:06.0880 1384 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:07:06.0881 1384 mssmbios - ok
19:07:06.0883 1384 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:07:06.0884 1384 MSTEE - ok
19:07:06.0887 1384 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:07:06.0888 1384 MTConfig - ok
19:07:06.0891 1384 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:07:06.0892 1384 Mup - ok
19:07:06.0908 1384 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:07:06.0912 1384 napagent - ok
19:07:06.0925 1384 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:07:06.0928 1384 NativeWifiP - ok
19:07:06.0971 1384 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:07:06.0977 1384 NDIS - ok
19:07:06.0981 1384 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:06.0982 1384 NdisCap - ok
19:07:07.0001 1384 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:07.0001 1384 NdisTapi - ok
19:07:07.0008 1384 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:07.0009 1384 Ndisuio - ok
19:07:07.0013 1384 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:07.0015 1384 NdisWan - ok
19:07:07.0018 1384 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:07:07.0018 1384 NDProxy - ok
19:07:07.0028 1384 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:07:07.0028 1384 NetBIOS - ok
19:07:07.0051 1384 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:07:07.0053 1384 NetBT - ok
19:07:07.0057 1384 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
19:07:07.0057 1384 Netlogon - ok
19:07:07.0107 1384 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:07:07.0116 1384 Netman - ok
19:07:07.0128 1384 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:07:07.0133 1384 netprofm - ok
19:07:07.0161 1384 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:07:07.0163 1384 NetTcpPortSharing - ok
19:07:07.0168 1384 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:07:07.0169 1384 nfrd960 - ok
19:07:07.0196 1384 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:07:07.0197 1384 NisDrv - ok
19:07:07.0227 1384 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:07:07.0234 1384 NisSrv - ok
19:07:07.0292 1384 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:07:07.0300 1384 NlaSvc - ok
19:07:07.0310 1384 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:07:07.0312 1384 Npfs - ok
19:07:07.0341 1384 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:07:07.0345 1384 nsi - ok
19:07:07.0354 1384 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:07:07.0355 1384 nsiproxy - ok
19:07:07.0411 1384 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:07:07.0434 1384 Ntfs - ok
19:07:07.0438 1384 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:07:07.0439 1384 Null - ok
19:07:07.0500 1384 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:07:07.0503 1384 NVHDA - ok
19:07:07.0701 1384 [ 72FE63F6217DCEDF278084998B9546C1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

Report •

#9
March 15, 2013 at 16:17:50
Part 2
19:07:07.0747 1384 nvlddmkm - ok
19:07:07.0753 1384 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:07:07.0755 1384 nvraid - ok
19:07:07.0759 1384 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:07:07.0761 1384 nvstor - ok
19:07:07.0812 1384 [ BD0762F934B869FB069811E230DB901D ] nvsvc C:\Windows\system32\nvvsvc.exe
19:07:07.0830 1384 nvsvc - ok
19:07:07.0953 1384 [ EC3EF0B716516E703BD5B7BC990322D0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:07:07.0988 1384 nvUpdatusService - ok
19:07:07.0997 1384 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:07:07.0999 1384 nv_agp - ok
19:07:08.0003 1384 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:07:08.0004 1384 ohci1394 - ok
19:07:08.0028 1384 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:07:08.0032 1384 p2pimsvc - ok
19:07:08.0043 1384 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:07:08.0048 1384 p2psvc - ok
19:07:08.0072 1384 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:07:08.0073 1384 Parport - ok
19:07:08.0077 1384 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:07:08.0078 1384 partmgr - ok
19:07:08.0083 1384 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:07:08.0086 1384 PcaSvc - ok
19:07:08.0107 1384 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:07:08.0109 1384 pci - ok
19:07:08.0113 1384 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:07:08.0113 1384 pciide - ok
19:07:08.0119 1384 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:07:08.0121 1384 pcmcia - ok
19:07:08.0125 1384 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:07:08.0126 1384 pcw - ok
19:07:08.0134 1384 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:07:08.0139 1384 PEAUTH - ok
19:07:08.0349 1384 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:07:08.0353 1384 PerfHost - ok
19:07:08.0407 1384 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:07:08.0433 1384 pla - ok
19:07:08.0478 1384 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:07:08.0488 1384 PlugPlay - ok
19:07:08.0499 1384 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:07:08.0503 1384 PNRPAutoReg - ok
19:07:08.0509 1384 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:07:08.0512 1384 PNRPsvc - ok
19:07:08.0536 1384 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:07:08.0541 1384 PolicyAgent - ok
19:07:08.0559 1384 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:07:08.0562 1384 Power - ok
19:07:08.0590 1384 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:07:08.0592 1384 PptpMiniport - ok
19:07:08.0600 1384 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:07:08.0603 1384 Processor - ok
19:07:08.0643 1384 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
19:07:08.0649 1384 ProfSvc - ok
19:07:08.0677 1384 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
19:07:08.0680 1384 ProtectedStorage - ok
19:07:08.0701 1384 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:07:08.0704 1384 Psched - ok
19:07:08.0760 1384 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:07:08.0783 1384 ql2300 - ok
19:07:08.0788 1384 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:07:08.0790 1384 ql40xx - ok
19:07:08.0803 1384 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:07:08.0806 1384 QWAVE - ok
19:07:08.0811 1384 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:07:08.0812 1384 QWAVEdrv - ok
19:07:08.0815 1384 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:07:08.0816 1384 RasAcd - ok
19:07:08.0897 1384 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:08.0900 1384 RasAgileVpn - ok
19:07:08.0918 1384 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:07:08.0924 1384 RasAuto - ok
19:07:08.0947 1384 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:08.0951 1384 Rasl2tp - ok
19:07:08.0987 1384 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:07:08.0997 1384 RasMan - ok
19:07:09.0020 1384 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:09.0023 1384 RasPppoe - ok
19:07:09.0038 1384 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:07:09.0041 1384 RasSstp - ok
19:07:09.0048 1384 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:07:09.0051 1384 rdbss - ok
19:07:09.0055 1384 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:07:09.0056 1384 rdpbus - ok
19:07:09.0060 1384 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:09.0061 1384 RDPCDD - ok
19:07:09.0066 1384 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:07:09.0067 1384 RDPENCDD - ok
19:07:09.0072 1384 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:07:09.0073 1384 RDPREFMP - ok
19:07:09.0127 1384 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:07:09.0159 1384 RDPWD - ok
19:07:09.0177 1384 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:07:09.0180 1384 rdyboost - ok
19:07:09.0191 1384 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:07:09.0197 1384 RemoteAccess - ok
19:07:09.0230 1384 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:07:09.0236 1384 RemoteRegistry - ok
19:07:09.0279 1384 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:07:09.0285 1384 RpcEptMapper - ok
19:07:09.0319 1384 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:07:09.0323 1384 RpcLocator - ok
19:07:09.0356 1384 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:07:09.0366 1384 RpcSs - ok
19:07:09.0389 1384 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:07:09.0392 1384 rspndr - ok
19:07:09.0473 1384 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:07:09.0479 1384 RTL8167 - ok
19:07:09.0488 1384 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
19:07:09.0491 1384 SamSs - ok
19:07:09.0496 1384 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:07:09.0498 1384 sbp2port - ok
19:07:09.0551 1384 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:07:09.0573 1384 SCardSvr - ok
19:07:09.0582 1384 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:07:09.0601 1384 scfilter - ok
19:07:09.0763 1384 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:07:09.0789 1384 Schedule - ok
19:07:09.0812 1384 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:07:09.0813 1384 SCPolicySvc - ok
19:07:09.0877 1384 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:07:09.0892 1384 SDRSVC - ok
19:07:09.0933 1384 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:07:09.0950 1384 secdrv - ok
19:07:09.0998 1384 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:07:10.0012 1384 seclogon - ok
19:07:10.0065 1384 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:07:10.0070 1384 SENS - ok
19:07:10.0204 1384 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:07:10.0221 1384 SensrSvc - ok
19:07:10.0265 1384 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:07:10.0266 1384 Serenum - ok
19:07:10.0296 1384 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:07:10.0299 1384 Serial - ok
19:07:10.0306 1384 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:07:10.0307 1384 sermouse - ok
19:07:10.0337 1384 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:07:10.0355 1384 SessionEnv - ok
19:07:10.0365 1384 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:07:10.0366 1384 sffdisk - ok
19:07:10.0377 1384 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:07:10.0381 1384 sffp_mmc - ok
19:07:10.0391 1384 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:07:10.0392 1384 sffp_sd - ok
19:07:10.0399 1384 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:07:10.0400 1384 sfloppy - ok
19:07:10.0423 1384 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:07:10.0428 1384 SharedAccess - ok
19:07:10.0454 1384 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:07:10.0458 1384 ShellHWDetection - ok
19:07:10.0513 1384 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:07:10.0515 1384 SiSRaid2 - ok
19:07:10.0525 1384 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:07:10.0528 1384 SiSRaid4 - ok
19:07:10.0579 1384 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:07:10.0581 1384 Smb - ok
19:07:10.0618 1384 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:07:10.0634 1384 SNMPTRAP - ok
19:07:10.0643 1384 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:07:10.0644 1384 spldr - ok
19:07:10.0738 1384 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
19:07:10.0762 1384 Spooler - ok
19:07:10.0827 1384 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:07:10.0912 1384 sppsvc - ok
19:07:10.0917 1384 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:07:10.0920 1384 sppuinotify - ok
19:07:10.0945 1384 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:07:10.0950 1384 srv - ok
19:07:10.0957 1384 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:07:10.0961 1384 srv2 - ok
19:07:10.0965 1384 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:07:10.0967 1384 srvnet - ok
19:07:11.0004 1384 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:07:11.0006 1384 SSDPSRV - ok
19:07:11.0010 1384 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:07:11.0012 1384 SstpSvc - ok
19:07:11.0142 1384 [ 5B88F25C65FFA399FF91D9595A274255 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:07:11.0171 1384 Stereo Service - ok
19:07:11.0181 1384 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:07:11.0183 1384 stexstor - ok
19:07:11.0216 1384 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:07:11.0230 1384 stisvc - ok
19:07:11.0237 1384 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:07:11.0238 1384 swenum - ok
19:07:11.0279 1384 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:07:11.0285 1384 swprv - ok
19:07:11.0313 1384 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:07:11.0339 1384 SysMain - ok
19:07:11.0349 1384 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:07:11.0352 1384 TabletInputService - ok
19:07:11.0360 1384 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:07:11.0364 1384 TapiSrv - ok
19:07:11.0372 1384 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:07:11.0375 1384 TBS - ok
19:07:11.0405 1384 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:07:11.0431 1384 Tcpip - ok
19:07:11.0503 1384 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:07:11.0514 1384 TCPIP6 - ok
19:07:11.0522 1384 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:07:11.0522 1384 tcpipreg - ok
19:07:11.0527 1384 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:07:11.0536 1384 TDPIPE - ok
19:07:11.0565 1384 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:07:11.0585 1384 TDTCP - ok
19:07:11.0610 1384 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:07:11.0613 1384 tdx - ok
19:07:11.0622 1384 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:07:11.0624 1384 TermDD - ok
19:07:11.0664 1384 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:07:11.0680 1384 TermService - ok
19:07:11.0695 1384 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:07:11.0698 1384 Themes - ok
19:07:11.0719 1384 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:07:11.0721 1384 THREADORDER - ok
19:07:11.0738 1384 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:07:11.0741 1384 TrkWks - ok
19:07:11.0798 1384 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:07:11.0846 1384 TrustedInstaller - ok
19:07:11.0852 1384 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:11.0853 1384 tssecsrv - ok
19:07:11.0870 1384 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:07:11.0871 1384 TsUsbFlt - ok
19:07:11.0875 1384 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:07:11.0876 1384 TsUsbGD - ok
19:07:11.0886 1384 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:07:11.0888 1384 tunnel - ok
19:07:11.0903 1384 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:07:11.0912 1384 uagp35 - ok
19:07:11.0918 1384 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:07:11.0922 1384 udfs - ok
19:07:11.0937 1384 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:07:11.0940 1384 UI0Detect - ok
19:07:11.0944 1384 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:07:11.0946 1384 uliagpkx - ok
19:07:11.0983 1384 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:07:11.0986 1384 umbus - ok
19:07:11.0995 1384 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:07:11.0997 1384 UmPass - ok
19:07:12.0015 1384 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:07:12.0019 1384 upnphost - ok
19:07:12.0028 1384 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:12.0029 1384 usbccgp - ok
19:07:12.0034 1384 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:07:12.0035 1384 usbcir - ok
19:07:12.0046 1384 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:07:12.0047 1384 usbehci - ok
19:07:12.0126 1384 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:07:12.0127 1384 usbfilter - ok
19:07:12.0164 1384 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:07:12.0171 1384 usbhub - ok
19:07:12.0180 1384 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:07:12.0182 1384 usbohci - ok
19:07:12.0191 1384 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:07:12.0194 1384 usbprint - ok
19:07:12.0198 1384 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:12.0200 1384 USBSTOR - ok
19:07:12.0204 1384 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:07:12.0205 1384 usbuhci - ok
19:07:12.0211 1384 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:07:12.0213 1384 UxSms - ok
19:07:12.0235 1384 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
19:07:12.0236 1384 VaultSvc - ok
19:07:12.0251 1384 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:07:12.0252 1384 vdrvroot - ok
19:07:12.0278 1384 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:07:12.0292 1384 vds - ok
19:07:12.0315 1384 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:12.0318 1384 vga - ok
19:07:12.0327 1384 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:07:12.0329 1384 VgaSave - ok
19:07:12.0340 1384 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:07:12.0345 1384 vhdmp - ok
19:07:12.0348 1384 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:07:12.0349 1384 viaide - ok
19:07:12.0365 1384 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:07:12.0366 1384 volmgr - ok
19:07:12.0373 1384 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:07:12.0376 1384 volmgrx - ok
19:07:12.0382 1384 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:07:12.0385 1384 volsnap - ok
19:07:12.0407 1384 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:07:12.0409 1384 vsmraid - ok
19:07:12.0444 1384 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:07:12.0470 1384 VSS - ok
19:07:12.0474 1384 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:07:12.0476 1384 vwifibus - ok
19:07:12.0482 1384 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:07:12.0487 1384 W32Time - ok
19:07:12.0507 1384 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:07:12.0508 1384 WacomPen - ok
19:07:12.0518 1384 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:07:12.0519 1384 WANARP - ok
19:07:12.0529 1384 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:07:12.0531 1384 Wanarpv6 - ok
19:07:12.0590 1384 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:07:12.0619 1384 wbengine - ok
19:07:12.0624 1384 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:07:12.0628 1384 WbioSrvc - ok
19:07:12.0634 1384 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:07:12.0638 1384 wcncsvc - ok
19:07:12.0651 1384 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:07:12.0653 1384 WcsPlugInService - ok
19:07:12.0656 1384 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:07:12.0657 1384 Wd - ok
19:07:12.0675 1384 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:07:12.0680 1384 Wdf01000 - ok
19:07:12.0693 1384 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:07:12.0695 1384 WdiServiceHost - ok
19:07:12.0698 1384 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:07:12.0699 1384 WdiSystemHost - ok
19:07:12.0710 1384 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:07:12.0713 1384 WebClient - ok
19:07:12.0727 1384 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:07:12.0730 1384 Wecsvc - ok
19:07:12.0740 1384 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:07:12.0743 1384 wercplsupport - ok
19:07:12.0753 1384 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:07:12.0756 1384 WerSvc - ok
19:07:12.0787 1384 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:12.0788 1384 WfpLwf - ok
19:07:12.0797 1384 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:07:12.0799 1384 WIMMount - ok
19:07:12.0828 1384 WinDefend - ok
19:07:12.0833 1384 WinHttpAutoProxySvc - ok
19:07:12.0964 1384 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:07:13.0013 1384 Winmgmt - ok
19:07:13.0089 1384 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:07:13.0125 1384 WinRM - ok
19:07:13.0173 1384 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:07:13.0181 1384 Wlansvc - ok
19:07:13.0185 1384 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:07:13.0186 1384 WmiAcpi - ok
19:07:13.0234 1384 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:07:13.0255 1384 wmiApSrv - ok
19:07:13.0284 1384 WMPNetworkSvc - ok
19:07:13.0305 1384 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:07:13.0310 1384 WPCSvc - ok
19:07:13.0324 1384 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:07:13.0330 1384 WPDBusEnum - ok
19:07:13.0336 1384 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:07:13.0337 1384 ws2ifsl - ok
19:07:13.0355 1384 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:07:13.0358 1384 wscsvc - ok
19:07:13.0361 1384 WSearch - ok
19:07:13.0437 1384 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:07:13.0470 1384 wuauserv - ok
19:07:13.0475 1384 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:07:13.0477 1384 WudfPf - ok
19:07:13.0482 1384 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:13.0484 1384 WUDFRd - ok
19:07:13.0500 1384 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:07:13.0502 1384 wudfsvc - ok
19:07:13.0515 1384 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:07:13.0518 1384 WwanSvc - ok
19:07:13.0521 1384 ================ Scan global ===============================
19:07:13.0552 1384 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:07:13.0579 1384 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
19:07:13.0595 1384 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
19:07:13.0641 1384 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:07:13.0662 1384 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:07:13.0672 1384 [Global] - ok
19:07:13.0672 1384 ================ Scan MBR ==================================
19:07:13.0697 1384 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:07:13.0842 1384 \Device\Harddisk0\DR0 - ok
19:07:13.0846 1384 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
19:07:13.0849 1384 \Device\Harddisk5\DR5 - ok
19:07:13.0850 1384 ================ Scan VBR ==================================
19:07:13.0852 1384 [ 626FB57474F8A3F02233215853C116BD ] \Device\Harddisk0\DR0\Partition1
19:07:13.0853 1384 \Device\Harddisk0\DR0\Partition1 - ok
19:07:13.0861 1384 [ 5EA29FB23E4F1DA0BD89506AA3AD7E02 ] \Device\Harddisk0\DR0\Partition2
19:07:13.0863 1384 \Device\Harddisk0\DR0\Partition2 - ok
19:07:13.0865 1384 [ C78C303F8F343B16D40114714FACB2A5 ] \Device\Harddisk5\DR5\Partition1
19:07:13.0866 1384 \Device\Harddisk5\DR5\Partition1 - ok
19:07:13.0866 1384 ============================================================
19:07:13.0866 1384 Scan finished
19:07:13.0866 1384 ============================================================
19:07:13.0871 1356 Detected object count: 0
19:07:13.0871 1356 Actual detected object count: 0

Report •

#10
March 15, 2013 at 16:23:20
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.

Report •

#11
March 15, 2013 at 16:34:32
So i should delete those 2 bad processes right?
¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] e25d94c61c6b68128bbac3beef5beff8
[BSP] 37db5269868e5c1eed3cc987e0c961d7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 283 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581632 | Size: 953584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!


Report •

#12
March 15, 2013 at 16:35:30
Oh wait you said press delete on that post so ok

Report •

#13
March 15, 2013 at 16:36:42
New log after delete
¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] e25d94c61c6b68128bbac3beef5beff8
[BSP] 37db5269868e5c1eed3cc987e0c961d7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 283 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581632 | Size: 953584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03152013_02d1936.txt >>
RKreport[1]_S_03152013_02d1932.txt ; RKreport[2]_D_03152013_02d1936.txt


Report •

#14
March 15, 2013 at 16:56:55
Run ComboFix & post the contents of the log please.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#15
March 15, 2013 at 22:25:47
I'm having trouble with combofix.I first tried it in normal mode left it there for a good while and it just hangs at stage 49 and i have disabled my antivirus and firewall.So I tried in safe mode and also tried the renaming method,but it was constantly hanging on stage 49.I tried it again but for some reason even though i disabled my antivirus the message popped up telling me to disable it even though i did,this didn't happen in my other tries.I use Microsoft Security Essentials just to let you know.I decided to uninstall my antivirus and rebooted my PC,but it still brought the disable MSE pop up.I then booted it in safe mode and it said the same thing.Now its telling me there's a new version.I do not trust that pop up.Oh and I do have Recovery Console just in case your wondering and I never even touched my pc during scans.I made a restore point before doing anyting with Combofix just in case so I went to recover and none of the Combofix restore points were there so I just used the one I made.I'm gonna try again sometime tomorrow.

Report •

#16
March 15, 2013 at 23:06:03
"Stage 49"
One possible solution is to press ctrl+alt+del when you see it hangs on stage 49
then find in the task manger a procces that start name with "CFXXXX" (THE XXX ARE NUMBERS) CLOSE/END THIS PROCCES.

ComboFix should continue to stage 50.


Report •

#17
March 15, 2013 at 23:11:26
Another possible, look for folders on the desktop with a long file name.

Move those folders/directories to c:

Put them back to your desktop later.


Report •

#18
March 16, 2013 at 19:57:09
I really don't have anything on my desktop besides the programs for the virus so I guess I'll move those.I really don't have time to do a scan today I'm pretty busy so I'm gonna have to do it first thing tomorrow.Is there a chance that the virus maybe removed using combofix?

Report •

#19
March 17, 2013 at 12:45:13
Ok here's the log from combofix
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section - STAGE 49
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
I:\Autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-17 to 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-17 22:38 . 2013-03-17 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 21:56 . 2013-03-17 21:56 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-17 21:56 . 2013-03-17 21:56 -------- d-----w- c:\windows\system32\Wat
2013-03-17 11:04 . 2013-03-17 11:04 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0747CF8A-FF55-4009-A6F0-26953709A8D4}\offreg.dll
2013-03-17 06:43 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-17 06:43 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-17 06:43 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-17 06:43 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-17 06:34 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-17 06:34 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-17 06:34 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-17 06:34 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-17 06:34 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-03-17 06:34 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-03-17 06:33 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-17 06:33 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-17 06:33 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-17 06:33 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-17 06:33 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-17 06:33 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-17 06:33 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-17 06:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-17 06:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-17 06:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-17 06:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-17 06:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-16 08:33 . 2013-02-07 23:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0747CF8A-FF55-4009-A6F0-26953709A8D4}\mpengine.dll
2013-03-16 01:39 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-03-16 01:38 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-16 01:38 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-16 01:38 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-16 01:38 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-16 01:38 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-16 01:38 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-16 01:35 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-03-16 01:34 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2013-03-16 01:33 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-16 01:33 . 2013-03-16 01:33 -------- d-----w- c:\program files\Realtek
2013-03-16 01:33 . 2013-03-16 01:33 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-03-16 01:19 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-03-16 01:19 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-03-16 01:18 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2013-03-16 01:18 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2013-03-16 01:10 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-16 01:10 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-16 01:10 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-03-16 01:10 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-03-16 01:10 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-03-16 01:10 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-03-16 01:10 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-03-16 01:10 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-03-16 01:08 . 2013-03-16 01:10 -------- d-----w- c:\program files (x86)\Origin Games
2013-03-16 01:07 . 2013-03-16 01:09 -------- d-----w- c:\programdata\Origin
2013-03-16 01:07 . 2013-03-16 01:07 -------- d-----w- c:\programdata\Electronic Arts
2013-03-16 01:07 . 2013-03-16 01:08 -------- d-----w- c:\program files (x86)\Origin
2013-03-16 00:37 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-03-16 00:37 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-03-16 00:37 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-03-16 00:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-16 00:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-16 00:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-03-16 00:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-03-16 00:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-03-16 00:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-03-16 00:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-03-16 00:34 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-16 00:34 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-03-16 00:24 . 2013-03-16 00:24 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41C22397-0657-402E-8994-06B92D2EA85E}\gapaengine.dll
2013-03-16 00:23 . 2013-03-16 08:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-16 00:23 . 2013-03-16 08:30 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-15 22:34 . 2013-03-15 22:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-15 22:34 . 2013-03-15 22:34 -------- d-----w- c:\programdata\Malwarebytes
2013-03-15 22:34 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-15 22:32 . 2013-03-15 22:32 -------- d-----w- c:\program files (x86)\Google
2013-03-15 22:24 . 2013-03-15 22:24 -------- d-----w- c:\program files (x86)\NVIDIA 3D Vision driver
2013-03-15 22:24 . 2013-03-15 22:24 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-15 22:22 . 2012-11-18 16:26 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 22:21 . 2013-03-15 22:24 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-15 22:12 . 2013-03-15 21:35 -------- d-----w- c:\windows\Panther
2013-03-15 21:57 . 2013-03-16 01:33 -------- d--h--w- c:\program files (x86)\Temp
2013-03-15 21:57 . 2010-09-29 20:11 1251944 ----a-w- c:\windows\RtlExUpd.dll
2013-03-15 21:56 . 2010-12-29 10:45 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-03-15 21:56 . 2010-12-29 10:45 412776 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-03-15 21:56 . 2010-12-29 10:45 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-03-15 21:56 . 2013-03-15 21:57 -------- d-----w- c:\program files (x86)\Realtek
2013-03-15 21:55 . 2013-03-15 21:55 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2013-03-15 21:54 . 2013-03-15 21:54 -------- d-----w- c:\program files\DIFX
2013-03-15 21:54 . 2013-03-15 21:54 -------- dc----w- c:\windows\system32\DRVSTORE
2013-03-15 21:54 . 2013-03-15 21:54 -------- d-----w- c:\program files (x86)\AMD
2013-03-15 21:54 . 2009-12-22 09:26 38456 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-03-15 21:54 . 2010-11-08 03:57 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2013-03-15 21:54 . 2013-03-16 08:30 -------- d-sh--w- c:\windows\Installer
2013-03-15 21:53 . 2013-03-15 21:53 -------- d-----w- c:\program files\ATI Technologies
2013-03-15 21:53 . 2013-03-15 21:53 -------- d-----w- c:\program files\ATI
2013-03-15 21:52 . 2013-03-15 21:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-03-15 21:52 . 2013-03-15 21:52 -------- d-----w- c:\program files (x86)\BIOSTAR
2013-03-15 21:52 . 2010-05-18 00:11 15408 ----a-w- c:\windows\system32\drivers\BS_I2c64.sys
2013-03-15 21:52 . 2013-03-15 21:57 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-03-15 21:52 . 2010-02-11 07:35 14136 ----a-r- c:\windows\SysWow64\drivers\BIOS64.sys
2013-03-15 21:35 . 2013-03-16 08:32 -------- d-----w- c:\users\Crysta
2013-03-15 21:22 . 2013-03-15 21:22 -------- d-----w- C:\Windows.old
2013-03-15 09:40 . 2013-03-15 09:40 -------- d-----w- C:\GBE GAMES
2013-03-09 03:37 . 2013-03-09 03:37 -------- d-----w- C:\AeriaGames
2013-02-18 12:40 . 2013-02-18 12:40 -------- d-----w- C:\Webzen
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 05:45 . 2013-03-16 01:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 01:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 01:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 01:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 01:39 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 01:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-03-16 01:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2010-02-11 14136]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-18 15408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-18 382824]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-17 1255736]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-09 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-09 369640]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 22:32 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 22:32]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 22:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-17 15:40:19
ComboFix-quarantined-files.txt 2013-03-17 22:40

Report •

#20
March 17, 2013 at 12:57:10
"Ok here's the log from combofix"
The trojan is doing a good job, it is stopping Combofix from working properly, we shall now have to run ESET.

Run ESET Online Scanner, Copy & Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a thumb drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#21
March 17, 2013 at 13:56:26
Since the scan finished pretty fast i could have done something wrong,but here's the log
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46904b3d22ae9a4ab7219f04fcbbb84d
# engine=13409
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-17 11:52:09
# local_time=2013-03-17 04:52:09 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 60046456 115107779 0 0
# scanned=95357
# found=0
# cleaned=0
# scan_time=700

Report •

#22
March 17, 2013 at 14:05:22
Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.


Report •

#23
March 17, 2013 at 17:57:19
AdwCleaner log
# User : Crysta - CRYSTA-PC
# Boot Mode : Normal
# Running from : C:\Users\Crysta\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1228 octets] - [17/03/2013 20:51:49]
AdwCleaner[S1].txt - [321 octets] - [17/03/2013 20:51:07]
AdwCleaner[S2].txt - [1167 octets] - [17/03/2013 20:52:56]

########## EOF - C:\AdwCleaner[S2].txt - [1227 octets] ##########


Report •

#24
March 17, 2013 at 18:07:36
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Crysta on Sun 03/17/2013 at 21:01:44.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/17/2013 at 21:05:45.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#25
March 17, 2013 at 18:09:38
Uninstall Combofix & download the latest version.

Lets see if it will run & finish in Normal mode first, if not, try Safe mode.

Uninstall ComboFix. The other tools you can keep, particually ESET, just update before using. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please copy and past the following into the box ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.
Qoobox is a folder created by Combofix to quarantine any infected files.
http://www.bleepingcomputer.com/com...


Report •

#26
March 17, 2013 at 18:29:41
Here's log from Combofix
ComboFix 13-03-17.01 - Crysta 03/17/2013 21:19:55.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12287.10847 [GMT -7:00]
Running from: c:\users\Crysta\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 49
.
.
((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 )))))))))))))))))))))))))))))))
.
.
2013-03-18 04:26 . 2013-03-18 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 21:56 . 2013-03-17 21:56 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-17 21:56 . 2013-03-17 21:56 -------- d-----w- c:\windows\system32\Wat
2013-03-17 06:43 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-17 06:43 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-17 06:43 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-17 06:43 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-17 06:34 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-17 06:34 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-17 06:34 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-17 06:34 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-17 06:34 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-03-17 06:34 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-03-17 06:33 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-17 06:33 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-17 06:33 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-17 06:33 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-17 06:33 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-17 06:33 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-17 06:33 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-17 06:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-17 06:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-17 06:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-17 06:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-17 06:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-16 08:33 . 2013-02-07 23:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-16 01:39 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-03-16 01:38 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-16 01:38 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-16 01:38 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-16 01:38 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-16 01:38 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-16 01:38 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-16 01:35 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-03-16 01:34 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2013-03-16 01:33 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-16 01:33 . 2013-03-16 01:33 -------- d-----w- c:\program files\Realtek
2013-03-16 01:33 . 2013-03-16 01:33 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-03-16 01:19 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-03-16 01:19 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-03-16 01:18 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2013-03-16 01:18 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2013-03-16 01:10 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-16 01:10 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-16 01:10 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-03-16 01:10 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-03-16 01:10 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-03-16 01:10 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-03-16 01:10 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-03-16 01:10 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-03-16 01:08 . 2013-03-16 01:10 -------- d-----w- c:\program files (x86)\Origin Games
2013-03-16 01:07 . 2013-03-16 01:09 -------- d-----w- c:\programdata\Origin
2013-03-16 01:07 . 2013-03-16 01:07 -------- d-----w- c:\programdata\Electronic Arts
2013-03-16 01:07 . 2013-03-16 01:08 -------- d-----w- c:\program files (x86)\Origin
2013-03-16 00:37 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-03-16 00:37 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-03-16 00:37 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-03-16 00:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-16 00:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-16 00:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-03-16 00:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-03-16 00:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-03-16 00:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-03-16 00:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-03-16 00:34 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-16 00:34 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-03-16 00:24 . 2013-03-16 00:24 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41C22397-0657-402E-8994-06B92D2EA85E}\gapaengine.dll
2013-03-16 00:23 . 2013-03-16 08:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-16 00:23 . 2013-03-16 08:30 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-15 22:34 . 2013-03-15 22:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-15 22:34 . 2013-03-15 22:34 -------- d-----w- c:\programdata\Malwarebytes
2013-03-15 22:34 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-15 22:32 . 2013-03-15 22:32 -------- d-----w- c:\program files (x86)\Google
2013-03-15 22:24 . 2013-03-15 22:24 -------- d-----w- c:\program files (x86)\NVIDIA 3D Vision driver
2013-03-15 22:24 . 2013-03-15 22:24 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-15 22:22 . 2012-11-18 16:26 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 22:21 . 2013-03-15 22:24 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-15 22:12 . 2013-03-15 21:35 -------- d-----w- c:\windows\Panther
2013-03-15 21:57 . 2013-03-16 01:33 -------- d--h--w- c:\program files (x86)\Temp
2013-03-15 21:57 . 2010-09-29 20:11 1251944 ----a-w- c:\windows\RtlExUpd.dll
2013-03-15 21:56 . 2010-12-29 10:45 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-03-15 21:56 . 2010-12-29 10:45 412776 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-03-15 21:56 . 2010-12-29 10:45 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-03-15 21:56 . 2013-03-15 21:57 -------- d-----w- c:\program files (x86)\Realtek
2013-03-15 21:55 . 2013-03-15 21:55 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2013-03-15 21:54 . 2013-03-15 21:54 -------- d-----w- c:\program files\DIFX
2013-03-15 21:54 . 2013-03-15 21:54 -------- dc----w- c:\windows\system32\DRVSTORE
2013-03-15 21:54 . 2013-03-15 21:54 -------- d-----w- c:\program files (x86)\AMD
2013-03-15 21:54 . 2009-12-22 09:26 38456 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-03-15 21:54 . 2010-11-08 03:57 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2013-03-15 21:54 . 2013-03-16 08:30 -------- d-sh--w- c:\windows\Installer
2013-03-15 21:53 . 2013-03-15 21:53 -------- d-----w- c:\program files\ATI Technologies
2013-03-15 21:53 . 2013-03-15 21:53 -------- d-----w- c:\program files\ATI
2013-03-15 21:52 . 2013-03-15 21:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-03-15 21:52 . 2013-03-15 21:52 -------- d-----w- c:\program files (x86)\BIOSTAR
2013-03-15 21:52 . 2010-05-18 00:11 15408 ----a-w- c:\windows\system32\drivers\BS_I2c64.sys
2013-03-15 21:52 . 2013-03-15 21:57 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-03-15 21:52 . 2010-02-11 07:35 14136 ----a-r- c:\windows\SysWow64\drivers\BIOS64.sys
2013-03-15 21:35 . 2013-03-16 08:32 -------- d-----w- c:\users\Crysta
2013-03-15 21:22 . 2013-03-15 21:22 -------- d-----w- C:\Windows.old
2013-03-15 09:40 . 2013-03-15 09:40 -------- d-----w- C:\GBE GAMES
2013-03-09 03:37 . 2013-03-09 03:37 -------- d-----w- C:\AeriaGames
2013-02-18 12:40 . 2013-02-18 12:40 -------- d-----w- C:\Webzen
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 05:45 . 2013-03-16 01:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 01:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 01:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 01:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 01:39 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 01:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-03-16 01:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-17 1255736]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2010-02-11 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-18 15408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-18 382824]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-09 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-09 369640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 22:32 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 22:32]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 22:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-17 21:27:37
ComboFix-quarantined-files.txt 2013-03-18 04:27
ComboFix2.txt 2013-03-17 22:40
.
Pre-Run: 146,539,274,240 bytes free
Post-Run: 146,472,509,440 bytes free
.
- - End Of File - - AF4D5DECBE625085BE20ACE935E2186D

Report •

#27
March 17, 2013 at 18:34:38
"Here's log from Combofix"

Need a completely new one please, uninstall the old version.


Report •

#28
March 17, 2013 at 18:36:32
I did uninstall combofix and then went to re download and this is what i got

Report •

#29
March 17, 2013 at 18:39:42
"So can someone please help me? Action Center told me about the virus"
Are you still getting this message?

Report •

#30
March 17, 2013 at 18:43:24
No.So does that mean the virus is gone?

Report •

#31
March 17, 2013 at 18:45:22
I can't find any sign of it, fingers crossed.

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#32
March 17, 2013 at 18:49:25
It says "UNSUPPORTED OPERATING SYSTEM! ABORTED!"

Report •

#33
March 17, 2013 at 18:59:09
Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Post those contents in your next reply.

Report •

#34
March 17, 2013 at 19:03:03
ListParts by Farbar Version: 10-03-2013
Ran by Crysta (administrator) on 17-03-2013 at 22:00:59
Windows 7 (X64)
Running From: C:\Users\Crysta\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 12287.3 MB
Available physical RAM: 10108.97 MB
Total Pagefile: 24572.8 MB
Available Pagefile: 22278.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.23 GB) (Free:136.49 GB) NTFS
2 Drive d: (RT506B_ARS880G_0127) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
7 Drive i: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:2132.46 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 2794 GB 7168 KB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: ECEAAEDB

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 283 MB 1024 KB
Partition 2 Primary 931 GB 284 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 283 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 9352EC4F

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 2794 GB 8 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I Seagate Exp NTFS Partition 2794 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: ECEAAEDB

Partition 1:
===========
Hex: 80202100073410240008000000D80800
Active: YES
Type: 07 (NTFS)
Size: 283 MB

Partition 2:
===========
Hex: 0034112407FEFFFF00E0080000806774
Active: NO
Type: 07 (NTFS)
Size: 931 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 0

Partition 1:
===========
Hex: 0
Active: NO
Type: 0
Size: 0 byte

Partition 2:
===========
Hex: 0
Active: NO
Type: 0
Size: 0 byte

Partition 3:
===========
Hex: 0
Active: NO
Type: 0
Size: 0 byte

Partition 4:
===========
Hex: 0
Active: NO
Type: 0
Size: 0 byte


****** End Of Log ******


Report •

#35
March 17, 2013 at 19:13:00
Thanks, no active hidden partition.

Try Combofix in Safe mode please, I am trying to get it past the 49 Stage.


Report •

#36
March 17, 2013 at 19:35:10
Just thinking, maybe you used the trick in my post #16 to get past the hanging.

Be aware, some stages do hang for a long, long time.

I get the feeling the CF is going to find things, which to date it hasn't.


Report •

#37
March 17, 2013 at 19:58:58
At the moment its hanging on stage 49.How long may it take to finally get to stage 50?

Report •

#38
March 17, 2013 at 20:06:55
"How long may it take to finally get to stage 50?"

Give it a couple of hours.


Report •

#39
March 18, 2013 at 00:38:27
Its been like 5 hours and its still hanging at 49.

Report •

#40
March 18, 2013 at 01:05:01
Best if you now try Safe mode.

Report •

#41
March 18, 2013 at 01:33:14
It is in safe mode though...

Report •

#42
March 18, 2013 at 03:11:05
Something is stopping programs from running.

Try Malwarebytes Anti-Rootkit ( MBAR )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/product...
How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer
http://www.bleepingcomputer.com/vir...


Report •

#43
March 18, 2013 at 03:28:05
More thoughts.

1: Uninstall Combofix & download again using this renaming trick.

Rename Combofix.exe as you download it to winlogon.exe or Combo-Fix.exe or anything you like.
Notes:
It is very important that save the newly renamed EXE file to your desktop.
You must rename Combofixe.exe as you download it and not after it is on your computer.
You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
Open Firefox
Click Tools -> Options -> Main
Under the downloads section check the button that says "Always ask me where to save files".
Click OK
For Internet Explorer:
Choose to save, not open the file
When prompted - save the file to your desktop, and rename it winlogon.exe.


Report •

#44
March 18, 2013 at 03:43:44
I have scanned with Malwarebytes Anti-Rootkit and it says no threats found.I will try Combofix again.

Report •

#45
March 18, 2013 at 03:52:43
"I have scanned with Malwarebytes Anti-Rootkit"
Double check that please, we have scanned with MBAM not MBAR.

Report •

#46
March 18, 2013 at 10:27:37
I really did scanned with Malwarebytes Anti-Rootkit right after post 42 not that other program.I even have the log.Combofic still hanged at 49 for 5-6 hours with safe mode and I did the method you mentioned,but it did not work.Here is the log

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Crysta :: CRYSTA-PC [administrator]

3/18/2013 6:40:24 AM
mbar-log-2013-03-18 (06-40-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27531
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#47
March 18, 2013 at 10:42:50
"I really did scanned with Malwarebytes Anti-Rootkit"
Thanks.

"I even have the log.Combofic still hanged at 49 for 5-6 hours with safe mode and I did the method you mentioned,but it did not work"

Download Rkill from any one of these links and save it to your desktop.
http://www.technibble.com/rkill-rep...
Rkill.com
http://download.bleepingcomputer.co...
Rkill.scr
http://download.bleepingcomputer.co...
Rkill.pif
http://download.bleepingcomputer.co...
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Now try Combofix again in Normal mode.


Report •

#48
March 18, 2013 at 23:32:01
Since rkill doesn't find anything combofix just keeps on hanging on both normal and safe for hours and never gets to 50.

Report •

#49
March 19, 2013 at 00:33:56
Run Hitman Pro, then Copy & Paste the contents of the log please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
Review
http://www.youtube.com/watch?v=WmPQ...

Report •

#50
March 19, 2013 at 00:46:36

Scan date . . . . . . : 2013-03-19 03:39:58
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 17s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 17

Objects scanned . . . : 1,907,193
Files scanned . . . . : 16,581
Remnants scanned . . : 909,338 files / 981,274 keys

Cookies _____________________________________________________________________

C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:canwestglobal.112.2o7.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:eset.122.2o7.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Crysta\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru


[/code]


Report •

#51
Report •

#52
March 19, 2013 at 03:51:16
Ran scan and this is the log I got
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.5.2615. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 6:47:35 AM 19 Mar 2013
Using Database v8071
Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Crysta\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Crysta\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
6:47:35 AM: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected

************************************************************
6:47:35 AM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
6:47:35 AM: Scanning ----- WINDOWS REGISTRY -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2872320 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [BiosNotice]
Value Data: [C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe]
C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
1003008 bytes
Created: 3/15/2013 2:52 PM
Modified: 10/13/2010 4:05 PM
Company:
--------------------
Value Name: [SunJavaUpdateSched]
Value Data: ["C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
252848 bytes
Created: 7/3/2012 9:04 AM
Modified: 7/3/2012 9:04 AM
Company: Sun Microsystems, Inc.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
1608464 bytes
Created: 3/19/2013 6:46 AM
Modified: 2/6/2013 7:49 PM
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry key appears to be empty

************************************************************
6:47:36 AM: Scanning ----- WINDOWS 64 Bit REGISTRY -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [MSC]
Value Data: ["C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey]
C:\Program Files\Microsoft Security Client\msseces.exe
1281512 bytes
Created: 1/27/2013 11:34 AM
Modified: 1/27/2013 11:34 AM
Company: Microsoft Corporation
--------------------
Value Name: [RtHDVCpl]
Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11474024 bytes
Created: 3/15/2013 6:32 PM
Modified: 10/5/2010 7:59 PM
Company: Realtek Semiconductor
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
6:47:37 AM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
6:47:37 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
6:47:37 AM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
6:47:37 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created: 3/16/2013 11:39 PM
Modified: 3/16/2013 11:39 PM
Company: Microsoft Corporation
----------
Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
C:\Windows\SysWOW64\iedkcs32.dll
353584 bytes
Created: 3/16/2013 11:39 PM
Modified: 3/16/2013 11:39 PM
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files (x86)\Windows Mail\WinMail.exe
Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created: 3/16/2013 11:39 PM
Modified: 3/16/2013 11:39 PM
Company: Microsoft Corporation
----------
Key: {8A69D345-D564-463c-AFF1-A69D9E530F96}
Path: "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
1629648 bytes
Created: 3/15/2013 3:33 PM
Modified: 3/15/2013 3:32 PM
Company: Google Inc.
----------

************************************************************
6:47:38 AM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
Path: %SystemRoot%\System32\appmgmts.dll
C:\Windows\System32\appmgmts.dll - [file not found to scan]
--------------------

************************************************************
6:47:40 AM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AmdPPM
ImagePath: system32\DRIVERS\amdppm.sys
C:\Windows\System32\DRIVERS\amdppm.sys
60928 bytes
Created: 7/13/2009 4:19 PM
Modified: 7/13/2009 4:19 PM
Company: Microsoft Corporation
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\System32\drivers\amdsata.sys
107904 bytes
Created: 11/20/2010 8:23 PM
Modified: 11/20/2010 8:23 PM
Company: Advanced Micro Devices
----------
Key: asmthub3
ImagePath: system32\DRIVERS\asmthub3.sys
C:\Windows\System32\DRIVERS\asmthub3.sys
122856 bytes
Created: 12/8/2010 6:17 PM
Modified: 12/8/2010 6:17 PM
Company: ASMedia Technology Inc
----------
Key: asmtxhci
ImagePath: system32\DRIVERS\asmtxhci.sys
C:\Windows\System32\DRIVERS\asmtxhci.sys
369640 bytes
Created: 12/8/2010 6:17 PM
Modified: 12/8/2010 6:17 PM
Company: ASMedia Technology Inc
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\System32\drivers\atapi.sys
24128 bytes
Created: 7/13/2009 4:19 PM
Modified: 7/13/2009 6:52 PM
Company: Microsoft Corporation
----------
Key: AtiPcie
ImagePath: system32\DRIVERS\AtiPcie.sys
C:\Windows\System32\DRIVERS\AtiPcie.sys
16440 bytes
Created: 3/15/2013 2:54 PM
Modified: 11/7/2010 8:57 PM
Company: Advanced Micro Devices Inc.
----------
Key: b06bdrv
ImagePath: \SystemRoot\system32\drivers\bxvbda.sys
C:\Windows\System32\drivers\bxvbda.sys
468480 bytes
Created: 6/10/2009 1:34 PM
Modified: 6/10/2009 1:34 PM
Company: Broadcom Corporation
----------
Key: b57nd60a
ImagePath: system32\DRIVERS\b57nd60a.sys
C:\Windows\System32\DRIVERS\b57nd60a.sys
270848 bytes
Created: 6/10/2009 1:34 PM
Modified: 6/10/2009 1:34 PM
Company: Broadcom Corporation
----------
Key: BIOS
ImagePath: \??\C:\Windows\system32\drivers\BIOS64.sys
C:\Windows\System32\drivers\BIOS64.sys
-R- 14136 bytes
Created: 2/11/2010 12:35 AM
Modified: 2/11/2010 12:35 AM
Company: BIOSTAR Group
----------
Key: BS_I2cIo
ImagePath: \??\C:\Windows\system32\drivers\BS_I2c64.sys
C:\Windows\System32\drivers\BS_I2c64.sys
15408 bytes
Created: 3/15/2013 2:52 PM
Modified: 5/17/2010 5:11 PM
Company: BIOSTAR Group
----------
Key: catchme
ImagePath: \??\C:\ffe\catchme.sys - this file is globally excluded
----------
Key: clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
89920 bytes
Created: 7/13/2009 1:37 PM
Modified: 6/10/2009 1:39 PM
Company: Microsoft Corporation
----------
Key: ebdrv
ImagePath: \SystemRoot\system32\drivers\evbda.sys
C:\Windows\System32\drivers\evbda.sys
3286016 bytes
Created: 6/10/2009 1:34 PM
Modified: 6/10/2009 1:34 PM
Company: Broadcom Corporation
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
----------
Key: gupdate
ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 3/15/2013 3:32 PM
Modified: 3/15/2013 3:32 PM
Company: Google Inc.
----------
Key: gupdatem
ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 3/15/2013 3:32 PM
Modified: 3/15/2013 3:32 PM
Company: Google Inc.
----------
Key: HitmanProScheduler
ImagePath: C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\HitmanPro\hmpsched.exe
108904 bytes
Created: 3/19/2013 3:39 AM
Modified: 3/19/2013 3:39 AM
Company: SurfRight B.V.
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\Windows\System32\drivers\iaStorV.sys
410496 bytes
Created: 11/20/2010 8:23 PM
Modified: 11/20/2010 8:23 PM
Company: Intel Corporation
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\Windows\System32\drivers\RTKVHD64.sys
2511464 bytes
Created: 3/15/2013 6:32 PM
Modified: 10/5/2010 8:00 PM
Company: Realtek Semiconductor Corp.
----------
Key: ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\Windows\System32\drivers\ksthunk.sys
20992 bytes
Created: 7/13/2009 5:00 PM
Modified: 7/13/2009 5:00 PM
Company: Microsoft Corporation
----------
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\Windows\System32\DRIVERS\MpFilter.sys
230320 bytes
Created: 1/20/2013 3:59 PM
Modified: 1/20/2013 3:59 PM
Company: Microsoft Corporation
----------
Key: MsMpSvc
ImagePath: "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Program Files\Microsoft Security Client\MsMpEng.exe
22056 bytes
Created: 1/27/2013 11:34 AM
Modified: 1/27/2013 11:34 AM
Company: Microsoft Corporation
----------
Key: NisDrv
ImagePath: system32\DRIVERS\NisDrvWFP.sys
C:\Windows\System32\DRIVERS\NisDrvWFP.sys
130008 bytes
Created: 1/20/2013 3:59 PM
Modified: 1/20/2013 3:59 PM
Company: Microsoft Corporation
----------
Key: NisSrv
ImagePath: "C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Program Files\Microsoft Security Client\NisSrv.exe
379360 bytes
Created: 1/27/2013 11:34 AM
Modified: 1/27/2013 11:34 AM
Company: Microsoft Corporation
----------
Key: NVHDA
ImagePath: system32\drivers\nvhda64v.sys
C:\Windows\System32\drivers\nvhda64v.sys
189288 bytes
Created: 3/15/2013 3:22 PM
Modified: 7/3/2012 8:25 AM
Company: NVIDIA Corporation
----------
Key: nvsvc
ImagePath: C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\nvvsvc.exe
890216 bytes
Created: 3/15/2013 3:23 PM
Modified: 11/18/2012 6:09 AM
Company: NVIDIA Corporation
----------
Key: nvUpdatusService
ImagePath: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1259880 bytes
Created: 3/15/2013 3:24 PM
Modified: 11/18/2012 9:26 AM
Company: NVIDIA Corporation
----------
Key: PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
20992 bytes
Created: 7/13/2009 4:11 PM
Modified: 7/13/2009 6:14 PM
Company: Microsoft Corporation
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\drivers\rdpbus.sys
C:\Windows\System32\drivers\rdpbus.sys
24064 bytes
Created: 7/13/2009 5:17 PM
Modified: 7/13/2009 5:17 PM
Company: Microsoft Corporation
----------
Key: RTL8167
ImagePath: system32\DRIVERS\Rt64win7.sys
C:\Windows\System32\DRIVERS\Rt64win7.sys
412776 bytes
Created: 3/15/2013 2:56 PM
Modified: 12/29/2010 3:45 AM
Company: Realtek
----------
Key: Serial
ImagePath: system32\DRIVERS\serial.sys
C:\Windows\System32\DRIVERS\serial.sys
94208 bytes
Created: 7/13/2009 5:00 PM
Modified: 7/13/2009 5:00 PM
Company: Brother Industries Ltd.
----------
Key: Stereo Service
ImagePath: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
382824 bytes
Created: 11/18/2012 5:49 AM
Modified: 11/18/2012 5:49 AM
Company: NVIDIA Corporation
----------
Key: TsUsbFlt
ImagePath: system32\drivers\tsusbflt.sys
C:\Windows\System32\drivers\tsusbflt.sys
59392 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
----------
Key: TsUsbGD
ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys
C:\Windows\System32\drivers\TsUsbGD.sys
31232 bytes
Created: 11/20/2010 8:23 PM
Modified: 11/20/2010 8:23 PM
Company: Microsoft Corporation
----------
Key: usbfilter
ImagePath: system32\DRIVERS\usbfilter.sys
C:\Windows\System32\DRIVERS\usbfilter.sys
38456 bytes
Created: 3/15/2013 2:54 PM
Modified: 12/22/2009 2:26 AM
Company: Advanced Micro Devices
----------
Key: WatAdminSvc
ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.exe
C:\Windows\System32\Wat\WatAdminSvc.exe
1255736 bytes
Created: 3/17/2013 2:56 PM
Modified: 3/16/2013 11:37 PM
Company: Microsoft Corporation
----------

************************************************************
6:47:54 AM: Scanning -----VXD ENTRIES-----

************************************************************
6:47:54 AM: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]

************************************************************
6:47:54 AM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
6:47:54 AM: Scanning ----- FOLDER\COLUMNHANDLERS -----
No Folder\ColumnHandler entries found to scan

************************************************************
6:47:54 AM: Scanning ----- 64 Bit CONTEXTMENUHANDLERS -----
Key: EPP
CLSID: {09A47860-11B0-4DA5-AFA5-26D86198A780}
Path: C:\PROGRA~1\MICROS~2\shellext.dll
C:\PROGRA~1\MICROS~2\shellext.dll
344144 bytes
Created: 1/27/2013 11:35 AM
Modified: 1/27/2013 11:35 AM
Company: Microsoft Corporation
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
6:47:54 AM: Scanning ----- 64 Bit FOLDER\COLUMNHANDLERS -----
No Folder\ColumnHandler entries found to scan

************************************************************
6:47:54 AM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files (x86)\Java\jre7\bin\ssv.dll
C:\Program Files (x86)\Java\jre7\bin\ssv.dll
461216 bytes
Created: 3/18/2013 6:17 PM
Modified: 3/18/2013 6:17 PM
Company: Oracle Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
170912 bytes
Created: 3/18/2013 6:17 PM
Modified: 3/18/2013 6:17 PM
Company: Oracle Corporation
----------

************************************************************
6:47:54 AM: Scanning ----- 64 Bit BROWSER HELPER OBJECTS -----
No 64 Bit Browser Helper Objects found to scan

************************************************************
6:47:54 AM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
6:47:54 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
6:47:55 AM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
6:47:55 AM: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
6:47:55 AM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
6:47:55 AM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 7/13/2009 9:54 PM
Modified: 7/13/2009 9:54 PM
Company: [no info]
--------------------

************************************************************
6:47:55 AM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Crysta
[C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 3/15/2013 2:35 PM
Modified: 3/17/2013 3:00 PM
Company: [no info]
----------
--------------------

************************************************************
6:47:55 AM: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 3/15/2013 3:32 PM
Modified: 3/15/2013 3:32 PM
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 3/19/2013 3:37:00 PM
Status: Ready
Creator: Crysta
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 3/15/2013 3:32 PM
Modified: 3/15/2013 3:32 PM
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 3:37:00 PM every day
Next Run Time: 3/19/2013 7:37:00 AM
Status: Ready
Creator: Crysta
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------

************************************************************
6:47:55 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\System32\ntshrui.dll
509952 bytes
Created: 11/20/2010 8:23 PM
Modified: 11/20/2010 8:23 PM
Company: Microsoft Corporation
----------

************************************************************
6:47:55 AM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 7/13/2009 5:07 PM
Modified: 7/13/2009 6:14 PM
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.cvid
File: iccvid.dll
iccvid.dll - [file not found to scan]
----------

************************************************************
6:47:56 AM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
642987 bytes
Created: 3/15/2013 2:35 PM
Modified: 3/15/2013 2:35 PM
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Additional checks completed

************************************************************
6:47:56 AM: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created: 7/13/2009 4:19 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 7/13/2009 4:19 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 7/13/2009 4:52 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 7/13/2009 4:19 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created: 3/15/2013 6:40 PM
Modified: 11/16/2011 11:33 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 11/20/2010 8:23 PM
Modified: 11/20/2010 8:23 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
390656 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 7/13/2009 4:31 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created: 3/15/2013 6:34 PM
Modified: 2/10/2012 11:36 PM
Company: Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1126248 bytes
Created: 3/15/2013 3:23 PM
Modified: 11/18/2012 6:09 AM
Company: NVIDIA Corporation
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created: 3/16/2013 11:33 PM
Modified: 7/25/2012 8:08 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created: 3/15/2013 6:33 PM
Modified: 11/22/2012 8:13 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created: 7/13/2009 4:37 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2449256 bytes
Created: 3/15/2013 3:23 PM
Modified: 11/18/2012 6:09 AM
Company: NVIDIA Corporation
--------------------
C:\Windows\System32\SearchIndexer.exe
593408 bytes
Created: 7/13/2009 5:32 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1274320 bytes
Created: 3/15/2013 3:33 PM
Modified: 3/10/2013 5:22 PM
Company: Google Inc.
--------------------
C:\Windows\servicing\TrustedInstaller.exe
194048 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wuauclt.exe
57880 bytes
Created: 3/15/2013 5:34 PM
Modified: 6/2/2012 3:19 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 7/13/2009 5:30 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize: 4775160
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created: 11/20/2010 8:24 PM
Modified: 11/20/2010 8:24 PM
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created: 7/13/2009 5:29 PM
Modified: 7/13/2009 6:39 PM
Company: Microsoft Corporation
--------------------

************************************************************
6:47:58 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?Lin...
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?Lin...
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?Lin...
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?Lin...
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?Lin...
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redi...

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 6:47:58 AM 19 Mar 2013
Total Scan time: 00:00:23
************************************************************


Report •

#53
March 19, 2013 at 03:55:47
Time to change tact. I use these on every comp I work on.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...

Run TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Report •

#54
March 19, 2013 at 05:44:56
My current thinking is aimed at correcting any file problems, corruption rather than infection. Don't want to be left wondering, why 2 programs won't run, that is not normal. Infection is usually the cause, but it is still coming up clean.

Let me know when you are finished #53.


Report •

#55
March 19, 2013 at 12:24:17
I have finished #53 so what do I do now? Try to run combofix again?

Report •

#56
March 19, 2013 at 12:37:52
"Thanks, few more things to do first, I will let you know when.

How to Run Disk Check in Vista & Windows 7 (W7) Run this, it will fix file errors.
http://www.winvistaclub.com/f20.html
http://www.sevenforums.com/tutorial...
http://www.howtogeek.com/howto/wind...
Viewing your chkdsk report Windows Vista & Windows 7 (W7)
http://janetalkstech.com/2009/windo...
Viewing the system log for the scan results of Check Disk (Wininit)
http://www.sevenforums.com/tutorial...
Administrative tools - Event viewer - Windows logs - Application - Click on 'source' at the middle top to sort by ascending/ descending order. Locate 'wininit' and click on it to view.


Report •

#57
March 20, 2013 at 13:34:00
After doing a 2 hour disk check i went to view the log but the log is not there.

Report •

#58
March 20, 2013 at 14:34:02
Ok, shall google that & get back to you.

Want to see if this program works.

Run Kaspersky Security Scan
http://www.kaspersky.com/security-scan


Report •

#59
March 20, 2013 at 15:09:17
I ran check disk again and now there's a log! And ok I'll run Kaspersky Security Scan

Report •

#60
March 20, 2013 at 15:14:56
"I ran check disk again and now there's a log!"
Beautiful, contents of the log please.

"And ok I'll run Kaspersky Security Scan"
Good, I am building up a picture of what will run & what will not, so I know what may need repairing after being infected.


Report •

#61
March 20, 2013 at 15:15:48
Kaspersky Security Scan runs perfectly fine

Report •

#62
March 20, 2013 at 15:16:25
Here's log
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
849152 file records processed. File verification completed.
1521 large file records processed. 0 bad file records processed. 0 EA records processed. 135 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
989674 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
849152 file SDs/SIDs processed. Cleaning up 171 unused index entries from index $SII of file 0x9.
Cleaning up 171 unused index entries from index $SDH of file 0x9.
Cleaning up 171 unused security descriptors.
Security descriptor verification completed.
70262 data files processed. CHKDSK is verifying Usn Journal...
34706128 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
849136 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
35832159 free clusters processed. Free space verification is complete.
Windows has checked the file system and found no problems.

976470015 KB total disk space.
831810604 KB in 729810 files.
347844 KB in 70263 indexes.
0 KB in bad sectors.
982931 KB in use by the system.
65536 KB occupied by the log file.
143328636 KB available on disk.

4096 bytes in each allocation unit.
244117503 total allocation units on disk.
35832159 allocation units available on disk.

Internal Info:
00 f5 0c 00 54 35 0c 00 eb 5b 15 00 00 00 00 00 ....T5...[......
3e 09 00 00 87 00 00 00 00 00 00 00 00 00 00 00 >...............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.


Report •

#63
March 20, 2013 at 15:19:37
What time is it where you are please.

I'm here.

http://www.timeanddate.com/worldclo...


Report •

#64
March 20, 2013 at 15:25:53
And I am here
http://www.timeanddate.com/worldclo...

Report •

#65
March 20, 2013 at 15:32:27
Thanks for the time info.

"Kaspersky Security Scan runs perfectly fine"
I guess it is clean?

Try Security Check by screen317 again.


Report •

#66
March 20, 2013 at 15:41:49
It runs fine now and here's the log
Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Trojan Remover 6.8.5
Malwarebytes Anti-Malware version 1.70.0.1100
Wise Disk Cleaner 7.78
Wise Registry Cleaner 7.66
Java 7 Update 17
Google Chrome 25.0.1364.172
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 8%
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#67
March 20, 2013 at 15:46:59
We are looking good now, hopefully our next test will be Ok, if not I shall give you the instructions on how to fix.

Uninstall Combofix, download the new version & try again.


Report •

#68
March 20, 2013 at 16:39:17
Its still hanging on 49 at the moment.

Report •

#69
March 20, 2013 at 16:48:48
If it stays at 49, do this.

Run Tweaking.com - Windows Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...
Malware and installed programs can modify your default settings. Tweaking.com - Windows Repair is the tool you need to restore Windows original settings.

Check the following.

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Remove Policies Set By Infections


Report •

#70
March 21, 2013 at 16:22:00
I must be blind,but I don't see where to check all those things in the program.I'll keep looking.

Report •

#71
March 21, 2013 at 16:26:58
Good timing, I have just woken up, give me a minute & I will send a screenshot ( SS )

Report •

#72
Report •

#73
March 21, 2013 at 17:03:15
This is gonna take a while i started the repair and didn't notice the turn off antivirus part,so gotta start all over.And thanks for the screenshots.

Report •

#74
March 21, 2013 at 17:16:14
"didn't notice the turn off antivirus part"

Well picked up, It is the most important part in running a lot of programs, including Combofix.


Report •

#75
March 21, 2013 at 18:49:22
Ok Its done and I restarted my PC.What should I do now?

Report •

#76
March 21, 2013 at 18:57:17
Lets see if combofix will finish.

Report •

#77
March 22, 2013 at 20:03:51
Combofix still keeps hanging on stage 49

Report •

#78
March 22, 2013 at 21:01:44
Googling the 49/50 problem, I got the info below from Malware forums, one moderator had comments & the other site, insisted on running Defogger before scans.

"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

Run Defogger
http://majorgeeks.com/Defogger_d708...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.

Uninstall Combofix, download the new version & try again.

Another bit of info I picked up from googling.
This time, if you think it's frozen, look at the computer clock.
If it's running, Combofix is still working. In other words, at the 49/50 stage, if the clock is still running, combofix is still working & is not frozen.


Report •

#79
March 23, 2013 at 23:03:42
Good to know so at least now I know it never froze.Also its still hanging at 49 even though I used defogger.

Report •

#80
March 24, 2013 at 14:32:59
I don't think there is much more we can do, to get Combofix to finish, your comp has fallen into the category of "While that is not normal behavior, it is not unusual"

I use the same security as you, MSE & Windows firewall.

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"
What's that message mean? click, click.

To improve your security, I would use Firefox, Opera or Chrome browsers ( I have all installed & many versions of Mozilla & Chrome )

Here is how to block tracking cookies.

Mozilla Labs: Prospector - about:trackers
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
https://blog.mozilla.org/labs/2012/...
Mozilla Labs: Prospector - about:trackers is a handy and reliable Firefox extension designed to block known trackers.

Opera
https://addons.opera.com/addons/ext...

Chrome
https://chrome.google.com/extension...

Mozilla Firefox
http://www.mozilla.org/products/fir...
Simple Adblock
https://addons.mozilla.org/en-us/fi...

Opera
http://www.opera.com/
http://www.opera.com/download/
Opera AdBlock
https://addons.opera.com/en/addons/...

Google Chrome
http://www.google.com/chrome
http://www.google.com/chrome/intl/e...
AdBlock for Chrome!
https://chrome.google.com/extension...

If you do change browsers & use a blocker, when you have finished, run SUPERAntiSpyware & delete all it finds.

http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.superantispyware.com/ind...


Report •

#81
March 26, 2013 at 19:19:23
Sorry for late reply I have some health issues.I always use chrome with a blocker since I used to get viruses from ads even on youtube.Can problem with memory cause combofix to hang at 49? Cause i ran memtest86 and it seems there's a lot of errors with my memory so I assume it's a hardware issue.

Report •

#82
March 26, 2013 at 19:30:29
"Cause i ran memtest86 and it seems there's a lot of errors with my memory"
That could well be the clue we need, I assumed because you had plenty of ram, it wouldn't be an issue.

Take all ram out & run/test one stick at a time until the culprit is found.


Report •

#83
March 26, 2013 at 22:01:53
I've never really opened my PC cause it seems intimidating.Is there a possibility that I can mess up my computer if I make a mistake? I also took a picture of the memtest when it was done.

Report •

#84
March 26, 2013 at 22:19:22
"I've never really opened my PC cause it seems intimidating"
They are scary when you first look.

Refresh me please, is it a PC or laptop?

Is it a brand name?

If so, EXACT model number, please.


Report •

#85
March 26, 2013 at 22:39:19
It's a desktop made by Microtel.Model number? I have no idea where to look for that.

Report •

#86
March 26, 2013 at 22:51:34
Had to ask re type of comp again, even though you were calling it a PC, people give comps all sorts of description.

"I have no idea where to look for that"
Owners manual or outside of the case, front, sides, rear.

"


Report •

#87
March 26, 2013 at 23:05:45
All I see is a sticker on top of my computer that just tells me the serial of windows 7, I don't see see model number.I may have lost the manual.Though my primary concern of opening my computer is static electricity, so how do I ground myself?

Report •

#88
March 26, 2013 at 23:25:57
Here is some extra basic essential work, whilst you have the cover off, dust is one of your biggest enemies, causes overheating, which in turn, destroys the comp.

Do this before we tackle the memory. Turn the power off & pull the plug out before you take the cover off.
To stop static electricity, touch the inside metal frame of the comp with both hands.

Information about cleaning computer components
http://www.computerhope.com/cleanin...
http://www.wiscocomputing.com/artic...
http://www.librarysupportstaff.com/...
http://www.bleepingcomputer.com/tut...
http://pcgyaan.wordpress.com/2009/0...
Getting The Grunge Out Of Your PC, Fred Langa cleans the dirtiest PC he can find, and along the way shows you how you can easily tackle yours. There are 7 pages.
http://www.informationweek.com/news...


Report •

#89
March 27, 2013 at 00:10:20
Clean the contacts with an pencil eraser & try it again. May need cleaning or reseating. If multi sticks, try just one stick to test. Touching an unpainted part of the case will dissipate any static electricity.
Trick To Clean Pins Of Physical Memory ( RAM ) From Dirt
http://h0w2.blogspot.com.au/2011/05...

How to Install RAM
http://www.wikihow.com/Install-RAM
Installing a DIMM memory module in your desktop computer
http://www.crucial.com/install/dimm...
Installing Desktop Memory Modules
http://compreviews.about.com/od/tut...


Report •

Ask Question