Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

find answers fast redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 AndrewstheMAN

AndrewstheMAN

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 28 September 2011 - 01:25 PM

like many on here as of late i've been redirect by find answers fast. i've run malwarebytes a couple of times and nothing has been removed at this point as it still redirects. can anyone on here help me out?

andrew

logs as requested

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Andrew Kilzer at 13:37:11 on 2011-09-28
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4086.821 [GMT -5:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe
C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [AdobeBridge]
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
StartupFolder: C:\Users\ANDREW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andrew Kilzer\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{405BC80E-AD2A-4AE2-8C50-83036A535015} : DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{69235995-4E9C-4E30-AEC8-7D6F9EB737E1} : NameServer = 192.168.100.60
TCP: Interfaces\{FE0B7A95-8AC7-4962-AD66-AF01216DA3D6} : DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{FE0B7A95-8AC7-4962-AD66-AF01216DA3D6}\3324738575 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE0B7A95-8AC7-4962-AD66-AF01216DA3D6}\34570716B6E45647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE0B7A95-8AC7-4962-AD66-AF01216DA3D6}\7556374796E6027416C6C656279616024416C6C61637 : DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
TCP: Interfaces\{FE0B7A95-8AC7-4962-AD66-AF01216DA3D6}\86F65737561427F636B696E6 : DhcpNameServer = 208.180.42.100 208.180.42.68
TCP: Interfaces\{FE0B7A95-8AC7-4962-AD66-AF01216DA3D6}\972756C6C696470313 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{FE0B7A95-8AC7-4962-AD66-AF01216DA3D6}\C696E6B6379737 : DhcpNameServer = 68.87.85.102 68.87.69.150
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 wvauth
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew Kilzer\AppData\Roaming\Mozilla\Firefox\Profiles\1x8x14w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdfltn.sys --> C:\Windows\system32\DRIVERS\stdfltn.sys [?]
R1 DVMIO;DVMIO;D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-5-4 20624]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-13 89600]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-8-24 517488]
R2 DvmMDES;DeviceVM Meta Data Export Service;D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-13 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2011-3-13 60928]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 SamsungAllShare;Samsung AllShare PC Service;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [2011-5-24 7237024]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-7-5 45056]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-5-10 265744]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2010-5-10 42000]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-22 1038088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2009-7-15 595960]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-7-15 917768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-17 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-5-24 22464]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-17 136176]
S3 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
S3 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-27 19:45:18 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-27 19:45:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-25 15:37:10 -------- d-----we C:\Windows\system64
2011-09-22 20:40:44 -------- d-----w- C:\Users\Andrew Kilzer\AppData\Roaming\Dropbox
2011-09-09 16:10:49 -------- d-----w- C:\Program Files (x86)\Coupons
.
==================== Find3M ====================
.
2011-09-28 11:38:39 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 13:37:52.33 ===============

here's the attach file as requested, didn't read the posting instructions at first. sorry guys.

Attached Files


Edited by boopme, 28 September 2011 - 02:18 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 03 October 2011 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs and let me know if the problem persists.

#3 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 03 October 2011 - 06:51 PM

aswMBR report:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-03 17:09:30
-----------------------------
17:09:30.955 OS Version: Windows x64 6.1.7600
17:09:30.957 Number of processors: 8 586 0x1E05
17:09:30.958 ComputerName: ANDREWKILZER-PC UserName: Andrew Kilzer
17:09:36.144 Initialize success
17:10:44.044 AVAST engine defs: 11100301
17:10:51.063 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:10:51.069 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 8
17:10:51.076 Disk 1 \Device\Harddisk1\DR28 -> \Device\00000117
17:10:51.081 Disk 1 Vendor: RICOH 01 Size: 7636MB BusType: 0
17:10:51.099 Disk 0 MBR read successfully
17:10:51.106 Disk 0 MBR scan
17:10:51.115 Disk 0 Windows VISTA default MBR code
17:10:51.125 Service scanning
17:10:52.495 Modules scanning
17:10:52.505 Disk 0 trace - called modules:
17:10:52.549 ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys iaStor.sys hal.dll
17:10:52.561 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b30060]
17:10:52.571 3 CLASSPNP.SYS[fffff88001a7043f] -> nt!IofCallDriver -> [0xfffffa80049b6c90]
17:10:52.584 5 stdfltn.sys[fffff88001611af2] -> nt!IofCallDriver -> [0xfffffa8004437ab0]
17:10:52.595 7 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004436050]
17:10:55.858 AVAST engine scan C:\Windows
17:11:00.056 AVAST engine scan C:\Windows\system32
17:12:41.575 AVAST engine scan C:\Windows\system32\drivers
17:12:54.171 AVAST engine scan C:\Users\Andrew Kilzer
17:23:40.470 AVAST engine scan C:\ProgramData
17:24:48.231 Scan finished successfully
17:25:02.273 Disk 0 MBR has been saved successfully to "C:\Users\Andrew Kilzer\Desktop\MBR.dat"
17:25:02.285 The log file has been saved successfully to "C:\Users\Andrew Kilzer\Desktop\aswMBR.txt"



TDSSKiller Report:

18:49:39.0275 17952 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
18:49:39.0601 17952 ============================================================
18:49:39.0601 17952 Current date / time: 2011/10/03 18:49:39.0601
18:49:39.0601 17952 SystemInfo:
18:49:39.0601 17952
18:49:39.0601 17952 OS Version: 6.1.7600 ServicePack: 0.0
18:49:39.0601 17952 Product type: Workstation
18:49:39.0601 17952 ComputerName: ANDREWKILZER-PC
18:49:39.0602 17952 UserName: Andrew Kilzer
18:49:39.0602 17952 Windows directory: C:\Windows
18:49:39.0602 17952 System windows directory: C:\Windows
18:49:39.0602 17952 Running under WOW64
18:49:39.0602 17952 Processor architecture: Intel x64
18:49:39.0602 17952 Number of processors: 8
18:49:39.0602 17952 Page size: 0x1000
18:49:39.0602 17952 Boot type: Normal boot
18:49:39.0602 17952 ============================================================
18:49:40.0039 17952 Initialize success
18:49:42.0593 18492 ============================================================
18:49:42.0593 18492 Scan started
18:49:42.0593 18492 Mode: Manual;
18:49:42.0593 18492 ============================================================
18:49:43.0854 18492 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
18:49:43.0856 18492 1394ohci - ok
18:49:43.0920 18492 Acceler (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys
18:49:43.0921 18492 Acceler - ok
18:49:43.0972 18492 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:49:43.0977 18492 ACPI - ok
18:49:44.0030 18492 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:49:44.0031 18492 AcpiPmi - ok
18:49:44.0115 18492 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
18:49:44.0116 18492 adfs - ok
18:49:44.0208 18492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:49:44.0214 18492 adp94xx - ok
18:49:44.0316 18492 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:49:44.0319 18492 adpahci - ok
18:49:44.0356 18492 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:49:44.0359 18492 adpu320 - ok
18:49:44.0441 18492 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
18:49:44.0446 18492 AFD - ok
18:49:44.0481 18492 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:49:44.0483 18492 agp440 - ok
18:49:44.0538 18492 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:49:44.0539 18492 aliide - ok
18:49:44.0611 18492 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:49:44.0613 18492 amdide - ok
18:49:44.0649 18492 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:49:44.0650 18492 AmdK8 - ok
18:49:44.0679 18492 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:49:44.0680 18492 AmdPPM - ok
18:49:44.0736 18492 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:49:44.0738 18492 amdsata - ok
18:49:44.0852 18492 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:49:44.0855 18492 amdsbs - ok
18:49:44.0882 18492 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:49:44.0884 18492 amdxata - ok
18:49:44.0963 18492 ApfiltrService (4b92f0063c633bd4fdbd7d76977f65b3) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:49:44.0968 18492 ApfiltrService - ok
18:49:45.0050 18492 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:49:45.0052 18492 AppID - ok
18:49:45.0123 18492 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:49:45.0124 18492 arc - ok
18:49:45.0165 18492 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:49:45.0167 18492 arcsas - ok
18:49:45.0218 18492 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:49:45.0219 18492 AsyncMac - ok
18:49:45.0317 18492 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:49:45.0319 18492 atapi - ok
18:49:45.0379 18492 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:49:45.0384 18492 b06bdrv - ok
18:49:45.0420 18492 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:49:45.0423 18492 b57nd60a - ok
18:49:45.0501 18492 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
18:49:45.0503 18492 BCM42RLY - ok
18:49:45.0636 18492 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:49:45.0664 18492 BCM43XX - ok
18:49:46.0047 18492 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:49:46.0048 18492 Beep - ok
18:49:46.0416 18492 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:49:46.0417 18492 blbdrive - ok
18:49:46.0501 18492 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:49:46.0503 18492 bowser - ok
18:49:46.0529 18492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:49:46.0530 18492 BrFiltLo - ok
18:49:46.0546 18492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:49:46.0547 18492 BrFiltUp - ok
18:49:46.0580 18492 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:49:46.0584 18492 Brserid - ok
18:49:46.0610 18492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:49:46.0611 18492 BrSerWdm - ok
18:49:46.0628 18492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:49:46.0629 18492 BrUsbMdm - ok
18:49:46.0643 18492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:49:46.0645 18492 BrUsbSer - ok
18:49:46.0711 18492 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:49:46.0713 18492 BthEnum - ok
18:49:46.0753 18492 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:49:46.0754 18492 BTHMODEM - ok
18:49:46.0802 18492 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:49:46.0804 18492 BthPan - ok
18:49:46.0847 18492 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
18:49:46.0852 18492 BTHPORT - ok
18:49:46.0885 18492 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
18:49:46.0887 18492 BTHUSB - ok
18:49:46.0932 18492 BTWAMPFL (72cc5dcc4e67e7927f94801166cfdcda) C:\Windows\system32\DRIVERS\btwampfl.sys
18:49:46.0936 18492 BTWAMPFL - ok
18:49:46.0983 18492 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\Windows\system32\drivers\btwaudio.sys
18:49:46.0985 18492 btwaudio - ok
18:49:47.0019 18492 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\drivers\btwavdt.sys
18:49:47.0021 18492 btwavdt - ok
18:49:47.0071 18492 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:49:47.0072 18492 btwl2cap - ok
18:49:47.0089 18492 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
18:49:47.0090 18492 btwrchid - ok
18:49:47.0130 18492 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:49:47.0132 18492 cdfs - ok
18:49:47.0173 18492 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:49:47.0176 18492 cdrom - ok
18:49:47.0214 18492 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:49:47.0216 18492 circlass - ok
18:49:47.0278 18492 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:49:47.0282 18492 CLFS - ok
18:49:47.0351 18492 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:49:47.0352 18492 CmBatt - ok
18:49:47.0379 18492 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:49:47.0380 18492 cmdide - ok
18:49:47.0410 18492 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:49:47.0415 18492 CNG - ok
18:49:47.0444 18492 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:49:47.0446 18492 Compbatt - ok
18:49:47.0483 18492 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:49:47.0485 18492 CompositeBus - ok
18:49:47.0533 18492 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:49:47.0534 18492 crcdisk - ok
18:49:47.0587 18492 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
18:49:47.0593 18492 CSC - ok
18:49:47.0661 18492 CtClsFlt (8ce04a5bdd2ce6e62ce02a1c27093104) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:49:47.0664 18492 CtClsFlt - ok
18:49:47.0706 18492 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
18:49:47.0707 18492 cvusbdrv - ok
18:49:47.0775 18492 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:49:47.0777 18492 DfsC - ok
18:49:47.0832 18492 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:49:47.0833 18492 discache - ok
18:49:47.0875 18492 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:49:47.0877 18492 Disk - ok
18:49:47.0940 18492 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:49:47.0941 18492 drmkaud - ok
18:49:47.0990 18492 DVMIO (ad00375d9aba8db72d0e38129af0277a) D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys
18:49:47.0992 18492 DVMIO - ok
18:49:48.0072 18492 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:49:48.0081 18492 DXGKrnl - ok
18:49:48.0137 18492 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys
18:49:48.0141 18492 e1kexpress - ok
18:49:48.0217 18492 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:49:48.0245 18492 ebdrv - ok
18:49:48.0342 18492 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:49:48.0347 18492 elxstor - ok
18:49:48.0388 18492 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:49:48.0389 18492 ErrDev - ok
18:49:48.0432 18492 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:49:48.0436 18492 exfat - ok
18:49:48.0466 18492 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:49:48.0469 18492 fastfat - ok
18:49:48.0502 18492 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:49:48.0503 18492 fdc - ok
18:49:48.0526 18492 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:49:48.0528 18492 FileInfo - ok
18:49:48.0543 18492 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:49:48.0544 18492 Filetrace - ok
18:49:48.0572 18492 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:49:48.0573 18492 flpydisk - ok
18:49:48.0635 18492 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:49:48.0639 18492 FltMgr - ok
18:49:48.0685 18492 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:49:48.0686 18492 FsDepends - ok
18:49:48.0708 18492 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:49:48.0710 18492 Fs_Rec - ok
18:49:48.0752 18492 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:49:48.0754 18492 fvevol - ok
18:49:48.0792 18492 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:49:48.0794 18492 gagp30kx - ok
18:49:48.0834 18492 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:49:48.0835 18492 GEARAspiWDM - ok
18:49:48.0878 18492 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:49:48.0879 18492 hcw85cir - ok
18:49:48.0943 18492 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:49:48.0945 18492 HDAudBus - ok
18:49:48.0962 18492 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:49:48.0963 18492 HidBatt - ok
18:49:49.0003 18492 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:49:49.0005 18492 HidBth - ok
18:49:49.0039 18492 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:49:49.0040 18492 HidIr - ok
18:49:49.0081 18492 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:49:49.0082 18492 HidUsb - ok
18:49:49.0127 18492 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:49:49.0129 18492 HpSAMD - ok
18:49:49.0165 18492 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:49:49.0172 18492 HTTP - ok
18:49:49.0232 18492 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:49:49.0233 18492 hwpolicy - ok
18:49:49.0294 18492 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:49:49.0296 18492 i8042prt - ok
18:49:49.0331 18492 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
18:49:49.0333 18492 iaStor - ok
18:49:49.0406 18492 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:49:49.0411 18492 iaStorV - ok
18:49:49.0440 18492 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:49:49.0442 18492 iirsp - ok
18:49:49.0500 18492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:49:49.0501 18492 intelide - ok
18:49:49.0561 18492 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:49:49.0563 18492 intelppm - ok
18:49:49.0603 18492 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:49:49.0604 18492 IpFilterDriver - ok
18:49:49.0643 18492 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:49:49.0644 18492 IPMIDRV - ok
18:49:49.0657 18492 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:49:49.0659 18492 IPNAT - ok
18:49:49.0714 18492 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:49:49.0715 18492 IRENUM - ok
18:49:49.0748 18492 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:49:49.0749 18492 isapnp - ok
18:49:49.0778 18492 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:49:49.0781 18492 iScsiPrt - ok
18:49:49.0853 18492 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:49:49.0855 18492 kbdclass - ok
18:49:49.0912 18492 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:49:49.0914 18492 kbdhid - ok
18:49:49.0945 18492 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:49:49.0947 18492 KSecDD - ok
18:49:49.0975 18492 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
18:49:49.0978 18492 KSecPkg - ok
18:49:50.0001 18492 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:49:50.0003 18492 ksthunk - ok
18:49:50.0047 18492 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:49:50.0048 18492 lltdio - ok
18:49:50.0086 18492 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:49:50.0088 18492 LSI_FC - ok
18:49:50.0143 18492 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:49:50.0145 18492 LSI_SAS - ok
18:49:50.0162 18492 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:49:50.0164 18492 LSI_SAS2 - ok
18:49:50.0218 18492 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:49:50.0220 18492 LSI_SCSI - ok
18:49:50.0245 18492 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:49:50.0247 18492 luafv - ok
18:49:50.0266 18492 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:49:50.0267 18492 megasas - ok
18:49:50.0291 18492 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:49:50.0294 18492 MegaSR - ok
18:49:50.0316 18492 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:49:50.0317 18492 Modem - ok
18:49:50.0348 18492 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:49:50.0348 18492 monitor - ok
18:49:50.0384 18492 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:49:50.0385 18492 mouclass - ok
18:49:50.0420 18492 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:49:50.0422 18492 mouhid - ok
18:49:50.0456 18492 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:49:50.0458 18492 mountmgr - ok
18:49:50.0509 18492 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:49:50.0512 18492 mpio - ok
18:49:50.0537 18492 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:49:50.0539 18492 mpsdrv - ok
18:49:50.0570 18492 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:49:50.0572 18492 MRxDAV - ok
18:49:50.0618 18492 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:49:50.0621 18492 mrxsmb - ok
18:49:50.0663 18492 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:49:50.0666 18492 mrxsmb10 - ok
18:49:50.0703 18492 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:49:50.0705 18492 mrxsmb20 - ok
18:49:50.0764 18492 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
18:49:50.0765 18492 msahci - ok
18:49:50.0777 18492 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:49:50.0779 18492 msdsm - ok
18:49:50.0847 18492 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:49:50.0848 18492 Msfs - ok
18:49:50.0878 18492 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:49:50.0879 18492 mshidkmdf - ok
18:49:50.0909 18492 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:49:50.0910 18492 msisadrv - ok
18:49:50.0940 18492 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:49:50.0941 18492 MSKSSRV - ok
18:49:50.0958 18492 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:49:50.0959 18492 MSPCLOCK - ok
18:49:50.0975 18492 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:49:50.0976 18492 MSPQM - ok
18:49:51.0001 18492 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:49:51.0005 18492 MsRPC - ok
18:49:51.0061 18492 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:49:51.0062 18492 mssmbios - ok
18:49:51.0073 18492 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:49:51.0073 18492 MSTEE - ok
18:49:51.0096 18492 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:49:51.0097 18492 MTConfig - ok
18:49:51.0113 18492 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:49:51.0115 18492 Mup - ok
18:49:51.0183 18492 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:49:51.0187 18492 NativeWifiP - ok
18:49:51.0230 18492 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:49:51.0238 18492 NDIS - ok
18:49:51.0255 18492 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:49:51.0257 18492 NdisCap - ok
18:49:51.0282 18492 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:49:51.0283 18492 NdisTapi - ok
18:49:51.0302 18492 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:49:51.0303 18492 Ndisuio - ok
18:49:51.0322 18492 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:49:51.0324 18492 NdisWan - ok
18:49:51.0380 18492 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:49:51.0381 18492 NDProxy - ok
18:49:51.0400 18492 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:49:51.0402 18492 NetBIOS - ok
18:49:51.0424 18492 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:49:51.0427 18492 NetBT - ok
18:49:51.0495 18492 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:49:51.0496 18492 nfrd960 - ok
18:49:51.0530 18492 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:49:51.0531 18492 Npfs - ok
18:49:51.0548 18492 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:49:51.0549 18492 nsiproxy - ok
18:49:51.0620 18492 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:49:51.0634 18492 Ntfs - ok
18:49:51.0679 18492 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:49:51.0680 18492 Null - ok
18:49:51.0721 18492 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
18:49:51.0729 18492 NVHDA - ok
18:49:51.0995 18492 nvlddmkm (53d3dd6a066de2ec13b954b500970d14) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:49:52.0169 18492 nvlddmkm - ok
18:49:52.0250 18492 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:49:52.0252 18492 nvraid - ok
18:49:52.0273 18492 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:49:52.0275 18492 nvstor - ok
18:49:52.0338 18492 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:49:52.0340 18492 nv_agp - ok
18:49:52.0383 18492 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:49:52.0385 18492 ohci1394 - ok
18:49:52.0434 18492 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:49:52.0436 18492 Parport - ok
18:49:52.0454 18492 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:49:52.0456 18492 partmgr - ok
18:49:52.0531 18492 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
18:49:52.0533 18492 PBADRV - ok
18:49:52.0564 18492 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:49:52.0566 18492 pci - ok
18:49:52.0595 18492 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:49:52.0596 18492 pciide - ok
18:49:52.0627 18492 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:49:52.0630 18492 pcmcia - ok
18:49:52.0646 18492 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:49:52.0648 18492 pcw - ok
18:49:52.0682 18492 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:49:52.0688 18492 PEAUTH - ok
18:49:52.0758 18492 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:49:52.0760 18492 PptpMiniport - ok
18:49:52.0815 18492 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:49:52.0816 18492 Processor - ok
18:49:52.0852 18492 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:49:52.0854 18492 Psched - ok
18:49:52.0908 18492 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:49:52.0910 18492 PxHlpa64 - ok
18:49:52.0974 18492 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:49:52.0986 18492 ql2300 - ok
18:49:53.0007 18492 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:49:53.0009 18492 ql40xx - ok
18:49:53.0035 18492 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:49:53.0037 18492 QWAVEdrv - ok
18:49:53.0055 18492 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:49:53.0056 18492 RasAcd - ok
18:49:53.0128 18492 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:49:53.0130 18492 RasAgileVpn - ok
18:49:53.0148 18492 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:49:53.0149 18492 Rasl2tp - ok
18:49:53.0168 18492 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:49:53.0169 18492 RasPppoe - ok
18:49:53.0185 18492 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:49:53.0187 18492 RasSstp - ok
18:49:53.0213 18492 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:49:53.0217 18492 rdbss - ok
18:49:53.0238 18492 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:49:53.0239 18492 rdpbus - ok
18:49:53.0269 18492 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:49:53.0270 18492 RDPCDD - ok
18:49:53.0303 18492 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
18:49:53.0305 18492 RDPDR - ok
18:49:53.0331 18492 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:49:53.0332 18492 RDPENCDD - ok
18:49:53.0351 18492 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:49:53.0352 18492 RDPREFMP - ok
18:49:53.0413 18492 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:49:53.0416 18492 RDPWD - ok
18:49:53.0465 18492 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:49:53.0468 18492 rdyboost - ok
18:49:53.0528 18492 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:49:53.0530 18492 RFCOMM - ok
18:49:53.0567 18492 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
18:49:53.0568 18492 rimspci - ok
18:49:53.0597 18492 risdpcie (91c2ae052652e7abd88155f11d667ed2) C:\Windows\system32\DRIVERS\risdpe64.sys
18:49:53.0598 18492 risdpcie - ok
18:49:53.0619 18492 rixdpcie (a4579105a3c5b6290701ead0c153e07a) C:\Windows\system32\DRIVERS\rixdpe64.sys
18:49:53.0620 18492 rixdpcie - ok
18:49:53.0712 18492 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:49:53.0713 18492 rspndr - ok
18:49:53.0756 18492 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
18:49:53.0757 18492 s3cap - ok
18:49:53.0812 18492 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:49:53.0814 18492 sbp2port - ok
18:49:53.0837 18492 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:49:53.0839 18492 scfilter - ok
18:49:53.0872 18492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:49:53.0873 18492 secdrv - ok
18:49:53.0910 18492 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:49:53.0911 18492 Serenum - ok
18:49:53.0940 18492 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:49:53.0941 18492 Serial - ok
18:49:53.0968 18492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:49:53.0970 18492 sermouse - ok
18:49:54.0031 18492 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:49:54.0032 18492 sffdisk - ok
18:49:54.0049 18492 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:49:54.0050 18492 sffp_mmc - ok
18:49:54.0064 18492 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:49:54.0065 18492 sffp_sd - ok
18:49:54.0085 18492 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:49:54.0087 18492 sfloppy - ok
18:49:54.0145 18492 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:49:54.0147 18492 SiSRaid2 - ok
18:49:54.0170 18492 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:49:54.0172 18492 SiSRaid4 - ok
18:49:54.0214 18492 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:49:54.0216 18492 Smb - ok
18:49:54.0299 18492 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:49:54.0300 18492 spldr - ok
18:49:54.0357 18492 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:49:54.0362 18492 srv - ok
18:49:54.0389 18492 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:49:54.0393 18492 srv2 - ok
18:49:54.0434 18492 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:49:54.0437 18492 srvnet - ok
18:49:54.0496 18492 stdflt (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys
18:49:54.0497 18492 stdflt - ok
18:49:54.0527 18492 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:49:54.0528 18492 stexstor - ok
18:49:54.0598 18492 STHDA (7f43422bee65cd1284fed6c4fa577d5e) C:\Windows\system32\DRIVERS\stwrt64.sys
18:49:54.0604 18492 STHDA - ok
18:49:54.0648 18492 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:49:54.0650 18492 storflt - ok
18:49:54.0673 18492 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
18:49:54.0674 18492 storvsc - ok
18:49:54.0699 18492 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:49:54.0700 18492 swenum - ok
18:49:54.0790 18492 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
18:49:54.0806 18492 Tcpip - ok
18:49:54.0885 18492 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
18:49:54.0893 18492 TCPIP6 - ok
18:49:54.0922 18492 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:49:54.0923 18492 tcpipreg - ok
18:49:54.0961 18492 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:49:54.0963 18492 TDPIPE - ok
18:49:54.0978 18492 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:49:54.0980 18492 TDTCP - ok
18:49:54.0999 18492 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:49:55.0001 18492 tdx - ok
18:49:55.0028 18492 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:49:55.0029 18492 TermDD - ok
18:49:55.0106 18492 TmFilter (2d5adaf5bf9f3eb97bda7c250a638ebf) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
18:49:55.0109 18492 TmFilter - ok
18:49:55.0184 18492 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
18:49:55.0186 18492 tmlwf - ok
18:49:55.0214 18492 TmPreFilter (3dc786f0a14a6262c3f0f366b34f687f) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
18:49:55.0216 18492 TmPreFilter - ok
18:49:55.0241 18492 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
18:49:55.0244 18492 tmtdi - ok
18:49:55.0265 18492 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
18:49:55.0269 18492 tmwfp - ok
18:49:55.0303 18492 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:49:55.0304 18492 tssecsrv - ok
18:49:55.0354 18492 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:49:55.0356 18492 tunnel - ok
18:49:55.0374 18492 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:49:55.0376 18492 uagp35 - ok
18:49:55.0416 18492 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
18:49:55.0420 18492 udfs - ok
18:49:55.0500 18492 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:49:55.0501 18492 uliagpkx - ok
18:49:55.0535 18492 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:49:55.0536 18492 umbus - ok
18:49:55.0559 18492 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:49:55.0560 18492 UmPass - ok
18:49:55.0614 18492 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
18:49:55.0616 18492 usbccgp - ok
18:49:55.0665 18492 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:49:55.0666 18492 usbcir - ok
18:49:55.0706 18492 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
18:49:55.0707 18492 usbehci - ok
18:49:55.0733 18492 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
18:49:55.0737 18492 usbhub - ok
18:49:55.0772 18492 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
18:49:55.0773 18492 usbohci - ok
18:49:55.0806 18492 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:49:55.0808 18492 usbprint - ok
18:49:55.0836 18492 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:49:55.0838 18492 USBSTOR - ok
18:49:55.0874 18492 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
18:49:55.0875 18492 usbuhci - ok
18:49:55.0913 18492 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
18:49:55.0916 18492 usbvideo - ok
18:49:55.0946 18492 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:49:55.0948 18492 vdrvroot - ok
18:49:55.0985 18492 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:49:55.0986 18492 vga - ok
18:49:56.0015 18492 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:49:56.0016 18492 VgaSave - ok
18:49:56.0365 18492 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:49:56.0368 18492 vhdmp - ok
18:49:56.0743 18492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:49:56.0744 18492 viaide - ok
18:49:56.0800 18492 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
18:49:56.0803 18492 vmbus - ok
18:49:56.0825 18492 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:49:56.0827 18492 VMBusHID - ok
18:49:56.0863 18492 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:49:56.0865 18492 volmgr - ok
18:49:56.0888 18492 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:49:56.0892 18492 volmgrx - ok
18:49:56.0906 18492 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:49:56.0909 18492 volsnap - ok
18:49:56.0988 18492 VSApiNt (742421e475fed2b000efb5bdad9cfeae) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
18:49:57.0005 18492 VSApiNt - ok
18:49:57.0080 18492 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:49:57.0082 18492 vsmraid - ok
18:49:57.0119 18492 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:49:57.0120 18492 vwifibus - ok
18:49:57.0135 18492 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:49:57.0137 18492 vwififlt - ok
18:49:57.0181 18492 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:49:57.0182 18492 vwifimp - ok
18:49:57.0209 18492 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:49:57.0210 18492 WacomPen - ok
18:49:57.0248 18492 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:57.0250 18492 WANARP - ok
18:49:57.0253 18492 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:57.0254 18492 Wanarpv6 - ok
18:49:57.0286 18492 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:49:57.0287 18492 Wd - ok
18:49:57.0316 18492 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:49:57.0321 18492 Wdf01000 - ok
18:49:57.0386 18492 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:49:57.0387 18492 WfpLwf - ok
18:49:57.0416 18492 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:49:57.0417 18492 WIMMount - ok
18:49:57.0467 18492 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys
18:49:57.0468 18492 WinUsb - ok
18:49:57.0508 18492 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:49:57.0509 18492 WmiAcpi - ok
18:49:57.0532 18492 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:49:57.0534 18492 ws2ifsl - ok
18:49:57.0566 18492 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
18:49:57.0568 18492 WudfPf - ok
18:49:57.0587 18492 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:49:57.0589 18492 WUDFRd - ok
18:49:57.0618 18492 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:49:57.0628 18492 \Device\Harddisk0\DR0 - ok
18:49:57.0633 18492 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR28
18:49:57.0638 18492 \Device\Harddisk1\DR28 - ok
18:49:57.0640 18492 Boot (0x1200) (c89c8b8bbb1666e2ca64d6fac3eccfeb) \Device\Harddisk0\DR0\Partition0
18:49:57.0641 18492 \Device\Harddisk0\DR0\Partition0 - ok
18:49:57.0647 18492 Boot (0x1200) (76834a8d884ad59af1fe954514d3680a) \Device\Harddisk0\DR0\Partition1
18:49:57.0649 18492 \Device\Harddisk0\DR0\Partition1 - ok
18:49:57.0671 18492 Boot (0x1200) (ec1cd9b6208af2283c281c2ffec0465b) \Device\Harddisk0\DR0\Partition2
18:49:57.0673 18492 \Device\Harddisk0\DR0\Partition2 - ok
18:49:57.0676 18492 Boot (0x1200) (267dc50b6362ae0b4fadcd0b36d6baed) \Device\Harddisk1\DR28\Partition0
18:49:57.0677 18492 \Device\Harddisk1\DR28\Partition0 - ok
18:49:57.0677 18492 ============================================================
18:49:57.0677 18492 Scan finished
18:49:57.0677 18492 ============================================================
18:49:57.0684 18484 Detected object count: 0
18:49:57.0684 18484 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   619bytes   0 downloads


#4 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 04 October 2011 - 08:13 AM

i've been using google this morning and nothing so far. i dont think anything is fixed, but will update if i get redirected again.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 04 October 2011 - 09:10 AM

Your last logs are clean.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#6 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 04 October 2011 - 11:04 AM

Well if it's fixed that's great. Thanks for taking a look into this for me. Love that there's a community like this to help out with these problems.

Here's the log, hopefully the problem is fixed.

Andrew

Results of screen317's Security Check version 0.99.20
Windows 7 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Trend Micro Client/Server Security Agent
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.3.183.10
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
Mozilla Firefox (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro OfficeScan Client pccntmon.exe
Trend Micro Client Server Security Agent ntrtscan.exe
Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe
Trend Micro Client Server Security Agent TmProxy.exe
Trend Micro Client Server Security Agent TmPfw.exe
Trend Micro Client Server Security Agent CNTAoSMgr.exe
``````````End of Log````````````

#7 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 04 October 2011 - 12:15 PM

OK, the problem just happened again. Crud.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 04 October 2011 - 01:16 PM

Please run the aswMBR tool again and post the log.

Look like your MBR is still infected and the problem returned when you booted this morning.

Do not restart the computer until I reply.

#9 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 04 October 2011 - 03:52 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-04 14:09:19
-----------------------------
14:09:19.368 OS Version: Windows x64 6.1.7600
14:09:19.368 Number of processors: 8 586 0x1E05
14:09:19.369 ComputerName: ANDREWKILZER-PC UserName: Andrew Kilzer
14:09:22.250 Initialize success
14:09:27.743 AVAST engine defs: 11100301
14:09:28.901 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:09:28.907 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 8
14:09:28.913 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000085
14:09:28.919 Disk 1 Vendor: RICOH 01 Size: 7636MB BusType: 0
14:09:28.937 Disk 0 MBR read successfully
14:09:28.945 Disk 0 MBR scan
14:09:28.955 Disk 0 Windows VISTA default MBR code
14:09:28.963 Service scanning
14:09:30.997 Modules scanning
14:09:31.007 Disk 0 trace - called modules:
14:09:31.045 ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys iaStor.sys hal.dll
14:09:31.056 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b10060]
14:09:31.067 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa8004996ad0]
14:09:31.403 5 stdfltn.sys[fffff8800189caf2] -> nt!IofCallDriver -> [0xfffffa8004414800]
14:09:31.415 7 ACPI.sys[fffff88000ef9781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004419050]
14:09:33.961 AVAST engine scan C:\Windows
14:09:37.735 AVAST engine scan C:\Windows\system32
14:13:18.970 AVAST engine scan C:\Windows\system32\drivers
14:13:37.009 AVAST engine scan C:\Users\Andrew Kilzer
14:28:06.539 AVAST engine scan C:\ProgramData
14:29:01.613 Scan finished successfully
15:51:38.222 Disk 0 MBR has been saved successfully to "C:\Users\Andrew Kilzer\Desktop\MBR.dat"
15:51:38.228 The log file has been saved successfully to "C:\Users\Andrew Kilzer\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   619bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 04 October 2011 - 07:49 PM

Your Master Boor Record is clean.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23

===

Click the Start button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

OR if this fails.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If still being redirected please download and ru this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the log and let me know what problem persists.

#11 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 05 October 2011 - 06:02 PM

i tried running the program and it stalled out saying 'unexpected MicroLab\SearchEngin\' not sure where to go from here.

#12 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 06 October 2011 - 07:51 AM

Hope this is correct.

ComboFix 11-10-06.02 - Andrew Kilzer 10/06/2011 7:12:19.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4086.1395 [GMT -5:00]
Running from: C:\Users\Andrew Kilzer\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Install.exe
C:\Users\Andrew Kilzer\AppData\Local\nvi.exe
C:\Users\Andrew Kilzer\AppData\Local\qhc.exe
C:\Windows\assembly\tmp\U
C:\Windows\assembly\tmp\U\00000001.@
C:\Windows\assembly\tmp\U\00000002.@
C:\Windows\assembly\tmp\U\000000c0.@
C:\Windows\assembly\tmp\U\000000cb.@
C:\Windows\assembly\tmp\U\000000cf.@
C:\Windows\assembly\tmp\U\80000000.@
C:\Windows\assembly\tmp\U\80000032.@
C:\Windows\assembly\tmp\U\80000064.@
C:\Windows\assembly\tmp\U\800000c0.@
C:\Windows\assembly\tmp\U\800000cb.@
C:\Windows\assembly\tmp\U\800000cf.@
C:\Windows\system32\consrv.dll
C:\Windows\System64
C:\Windows\SysWow64\comct332.ocx
C:\Windows\SysWow64\sqlite3.dll


((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))


2011-10-06 12:19:10 . 2011-10-06 12:19:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-09-27 19:45:18 . 2010-12-20 23:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-27 19:45:14 . 2011-09-27 19:45:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-22 20:40:44 . 2011-10-04 19:05:00 -------- d-----w- C:\Users\Andrew Kilzer\AppData\Roaming\Dropbox
2011-09-09 16:10:49 . 2011-09-09 16:10:50 -------- d-----w- C:\Program Files (x86)\Coupons
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-05 13:20:03 . 2011-03-13 10:01:55 525544 ----a-w- C:\Windows\system32\deployJava1.dll
2011-09-28 11:38:39 . 2011-05-22 16:31:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 20:51:50 . 2011-07-22 20:51:50 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-07-22 05:42:23 . 2011-08-11 08:02:05 2303488 ----a-w- C:\Windows\system32\jscript9.dll
2011-07-22 05:36:16 . 2011-08-11 08:02:04 1389056 ----a-w- C:\Windows\system32\wininet.dll
2011-07-22 05:32:40 . 2011-08-11 08:02:07 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-07-22 02:54:43 . 2011-08-11 08:02:05 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 . 2011-08-11 08:02:04 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 . 2011-08-11 08:02:07 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 . 2011-08-11 01:24:47 362496 ----a-w- C:\Windows\system32\wow64win.dll
2011-07-16 05:26:53 . 2011-08-11 01:24:47 243200 ----a-w- C:\Windows\system32\wow64.dll
2011-07-16 05:26:53 . 2011-08-11 01:24:47 13312 ----a-w- C:\Windows\system32\wow64cpu.dll
2011-07-16 05:26:18 . 2011-08-11 01:24:47 214528 ----a-w- C:\Windows\system32\winsrv.dll
2011-07-16 05:24:09 . 2011-08-11 01:24:47 16384 ----a-w- C:\Windows\system32\ntvdm64.dll
2011-07-16 05:21:32 . 2011-08-11 01:24:47 422400 ----a-w- C:\Windows\system32\KernelBase.dll
2011-07-16 05:17:46 . 2011-08-11 01:24:47 338432 ----a-w- C:\Windows\system32\conhost.exe
2011-07-16 05:04:54 . 2011-08-11 01:24:46 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04:54 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36:09 . 2011-08-11 01:24:47 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 . 2011-08-11 01:24:47 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 . 2011-08-11 01:24:47 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 . 2011-08-11 01:24:46 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 . 2011-08-11 01:24:46 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:46 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:45 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19:58 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26:12 . 2011-08-11 01:24:45 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 . 2011-08-11 01:24:45 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 . 2011-08-11 01:24:45 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 . 2011-08-11 01:24:45 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 . 2011-08-11 01:24:45 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 . 2011-08-11 01:24:45 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 . 2011-08-23 18:15:34 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-07-09 04:30:52 . 2011-08-23 18:15:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 . 2011-08-11 01:24:52 287744 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 06 October 2011 - 01:38 PM

The log is not complete.

Can you post the complete log and let me know if the problem persists.

#14 AndrewstheMAN

AndrewstheMAN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 06 October 2011 - 02:02 PM

running that program seemed pretty rough on my computer. it turned the screen black for quite some time, and it ended up just shutting itself down. did i do something wrong when i ran the program?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 07 October 2011 - 06:52 AM

Please run ComboFix again.

Let me know what issues persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users