Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost my Start Menu!


  • This topic is locked This topic is locked
13 replies to this topic

#1 silath44

silath44

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 02 December 2011 - 12:25 PM

The other day, I got a fake antivirus, which I managed to get rid of with a combination of a few anti-virus/malware systems like clamwin, and malwarebytes. Then last night while browsing the internet with Stumble, I got a Hardware issues virus claiming my HD had gone bad. It has hidden my start menu, and while I believe I have gotten rid of that I don't think my computer is clean at this point, so I am coming to you.

I am using a Sony VGN-FW550F, running Windows 7 64bit.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Christopher at 10:52:24 on 2011-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2446 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [LaunchUserRequestedPrograms] "C:\Program Files\Sony\First Experience\Miniprogram.exe"
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{716BEAE8-4755-483F-9843-73666E1942BE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{716BEAE8-4755-483F-9843-73666E1942BE}\14053555 : DhcpNameServer = 10.2.100.112 10.2.100.33
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [LaunchUserRequestedPrograms] "C:\Program Files\Sony\First Experience\Miniprogram.exe"
mRun-x64: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2be6c1ak.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-9-4 189984]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-9-27 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-9-27 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2011-9-27 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-9-27 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2011-9-27 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2011-9-27 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-9-27 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2011-9-27 91432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-9-27 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-9-27 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-9-27 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-12 366152]
.
=============== Created Last 30 ================
.
2011-11-28 08:24:47 115712 ----a-w- C:\Windows\SysWow64\AB8I1o2t.com_
2011-11-27 18:04:48 98816 ----a-w- C:\Windows\sed.exe
2011-11-27 18:04:48 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-27 18:04:48 256000 ----a-w- C:\Windows\PEV.exe
2011-11-27 18:04:48 208896 ----a-w- C:\Windows\MBR.exe
2011-11-26 19:49:57 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\offreg.dll
2011-11-26 19:49:55 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\mpengine.dll
2011-11-24 15:27:09 -------- d-----w- C:\Users\Christopher\AppData\Roaming\gsssWKK7fEL9TZ
2011-11-24 15:26:59 -------- d-----w- C:\Users\Christopher\AppData\Roaming\OCCeekIIVr
2011-11-24 15:26:59 -------- d-----w- C:\Users\Christopher\AppData\Roaming\hTTZZqjYYCkIVlN
2011-11-24 15:26:58 -------- d-----w- C:\Users\Christopher\AppData\Roaming\ySSS2iibF3pn5aH
2011-11-24 15:26:48 -------- d-----w- C:\Users\Christopher\AppData\Roaming\AfffRZZ9hTXjUel
2011-11-24 15:26:47 -------- d-----w- C:\Users\Christopher\AppData\Roaming\H55ssQJ77dK8gZh
2011-11-17 07:36:32 -------- d-----w- C:\Users\Christopher\riotsGamesLogs
2011-11-17 07:36:05 -------- d-----w- C:\Users\Christopher\AppData\Roaming\LolClient
2011-11-17 07:03:12 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-11-17 07:03:12 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-11-17 07:03:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-11-17 07:03:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-11-17 07:03:10 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-11-17 07:03:07 -------- d-----w- C:\Riot Games
2011-11-09 20:28:27 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 20:28:27 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 20:28:26 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 20:28:25 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-10-26 01:15:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-28 05:56:36 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-28 05:56:36 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-28 02:57:15 455680 ----a-w- C:\Windows\System32\deploytk.dll
2011-09-28 02:14:13 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-28 02:14:11 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-28 02:14:11 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-28 02:14:06 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-28 02:14:05 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-28 02:14:03 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
============= FINISH: 10:52:42.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 07 December 2011 - 12:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430400 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 silath44

silath44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 07 December 2011 - 02:35 PM

As per HelpBot's Request new DDS report, I am skipping GMER this time as I am running Win 7 64bit premium.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Christopher at 13:31:21 on 2011-12-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2827 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Users\Christopher\AppData\Local\mcs.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Users\Christopher\AppData\Local\mcs.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [LaunchUserRequestedPrograms] "C:\Program Files\Sony\First Experience\Miniprogram.exe"
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{716BEAE8-4755-483F-9843-73666E1942BE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{716BEAE8-4755-483F-9843-73666E1942BE}\14053555 : DhcpNameServer = 10.2.100.112 10.2.100.33
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [LaunchUserRequestedPrograms] "C:\Program Files\Sony\First Experience\Miniprogram.exe"
mRun-x64: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2be6c1ak.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-9-4 189984]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-9-27 104960]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-9-27 411496]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2011-9-27 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-9-27 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2011-9-27 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2011-9-27 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-9-27 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2011-9-27 91432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-9-27 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-9-27 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-9-27 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-12 366152]
.
=============== File Associations ===============
.
.exe=ah
.
=============== Created Last 30 ================
.
2011-12-02 18:35:55 272896 ----a-w- C:\Users\Christopher\AppData\Local\mcs.exe
2011-12-02 17:17:19 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-28 08:24:47 115712 ----a-w- C:\Windows\SysWow64\AB8I1o2t.com_
2011-11-27 18:04:48 98816 ----a-w- C:\Windows\sed.exe
2011-11-27 18:04:48 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-27 18:04:48 256000 ----a-w- C:\Windows\PEV.exe
2011-11-27 18:04:48 208896 ----a-w- C:\Windows\MBR.exe
2011-11-26 19:49:57 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\offreg.dll
2011-11-26 19:49:55 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\mpengine.dll
2011-11-24 15:27:09 -------- d-----w- C:\Users\Christopher\AppData\Roaming\gsssWKK7fEL9TZ
2011-11-24 15:26:59 -------- d-----w- C:\Users\Christopher\AppData\Roaming\OCCeekIIVr
2011-11-24 15:26:59 -------- d-----w- C:\Users\Christopher\AppData\Roaming\hTTZZqjYYCkIVlN
2011-11-24 15:26:58 -------- d-----w- C:\Users\Christopher\AppData\Roaming\ySSS2iibF3pn5aH
2011-11-24 15:26:48 -------- d-----w- C:\Users\Christopher\AppData\Roaming\AfffRZZ9hTXjUel
2011-11-24 15:26:47 -------- d-----w- C:\Users\Christopher\AppData\Roaming\H55ssQJ77dK8gZh
2011-11-17 07:36:32 -------- d-----w- C:\Users\Christopher\riotsGamesLogs
2011-11-17 07:36:05 -------- d-----w- C:\Users\Christopher\AppData\Roaming\LolClient
2011-11-17 07:03:12 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-11-17 07:03:12 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-11-17 07:03:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-11-17 07:03:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-11-17 07:03:10 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-11-17 07:03:07 -------- d-----w- C:\Riot Games
2011-11-09 20:28:27 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 20:28:27 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 20:28:26 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 20:28:25 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-10-26 01:15:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-28 05:56:36 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-28 05:56:36 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-28 02:57:15 455680 ----a-w- C:\Windows\System32\deploytk.dll
2011-09-28 02:14:13 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-28 02:14:11 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-28 02:14:11 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-28 02:14:06 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-28 02:14:05 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-28 02:14:03 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
============= FINISH: 13:32:16.66 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:07 AM

Posted 07 December 2011 - 03:18 PM

Hello, first of all download and run unhide.exe

Let me know if that makes your files visible.

I see you also ran combofix. Please post me the log at c:\combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 silath44

silath44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 07 December 2011 - 04:35 PM

I have not been on the windows install since I have been having issues other then to post the logs, However it appears the rootkit is back. With everything that I open the top frame (status bar toolbar etc) Blinks. This also make it impossible to right click run items. (Essentially it is losing focus and regaining it constantly (2-3 times a second).)

Unhide did return my start menu.

ComboFix Log:

ComboFix 11-12-01.03 - Christopher 12/02/2011 2:26.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2690 [GMT -6:00]
Running from: c:\users\Christopher\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dBx5UAZsd9vqip.exe
c:\programdata\NaAlgcphpofdVU.exe
c:\users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Christopher\Desktop\System Fix.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 08:29 . 2011-12-02 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 19:49 . 2011-11-26 19:49 69000 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\offreg.dll
2011-11-26 19:49 . 2011-10-07 04:16 8570192 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\mpengine.dll
2011-11-24 15:27 . 2011-11-24 15:27 -------- d--h--w- c:\users\Christopher\AppData\Roaming\gsssWKK7fEL9TZ
2011-11-24 15:26 . 2011-11-26 06:14 -------- d--h--w- c:\users\Christopher\AppData\Roaming\OCCeekIIVr
2011-11-24 15:26 . 2011-11-24 15:26 -------- d--h--w- c:\users\Christopher\AppData\Roaming\hTTZZqjYYCkIVlN
2011-11-24 15:26 . 2011-11-24 15:26 -------- d--h--w- c:\users\Christopher\AppData\Roaming\ySSS2iibF3pn5aH
2011-11-24 15:26 . 2011-11-24 15:26 -------- d--h--w- c:\users\Christopher\AppData\Roaming\AfffRZZ9hTXjUel
2011-11-24 15:26 . 2011-11-24 15:26 -------- d--h--w- c:\users\Christopher\AppData\Roaming\H55ssQJ77dK8gZh
2011-11-17 07:36 . 2011-11-19 00:39 -------- d--h--w- c:\users\Christopher\riotsGamesLogs
2011-11-17 07:36 . 2011-11-17 07:36 -------- d--h--w- c:\users\Christopher\AppData\Roaming\LolClient
2011-11-17 07:03 . 2008-07-31 16:41 68616 ---ha-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-11-17 07:03 . 2008-07-31 16:40 509448 ---ha-w- c:\windows\SysWow64\XAudio2_2.dll
2011-11-17 07:03 . 2008-07-12 14:18 467984 ---ha-w- c:\windows\SysWow64\d3dx10_39.dll
2011-11-17 07:03 . 2008-07-12 14:18 1493528 ---ha-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-11-17 07:03 . 2008-07-12 14:18 3851784 ---ha-w- c:\windows\SysWow64\D3DX9_39.dll
2011-11-17 07:03 . 2011-11-17 07:03 -------- d-----w- C:\Riot Games
2011-11-09 20:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 20:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 20:28 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:28 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 17:40 . 2011-11-06 17:40 -------- d--h--w- c:\windows\Sun
2011-11-02 14:43 . 2011-11-02 14:43 -------- d--h--w- c:\program files (x86)\UOCartographer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 01:15 . 2011-10-16 19:52 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 06:26 . 2011-10-11 06:27 917840 ---h--w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20D54659-7D36-4EA1-97B1-B465728E51BB}\gapaengine.dll
2011-10-07 04:16 . 2011-09-29 06:27 8570192 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 06:22 . 2011-10-11 06:27 601424 ---h--w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-28 06:16 . 2011-09-28 06:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-28 06:16 . 2011-09-28 06:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-28 06:16 . 2011-09-28 06:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-28 06:16 . 2011-09-28 06:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-28 06:16 . 2011-09-28 06:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-28 06:16 . 2011-09-28 06:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-28 06:16 . 2011-09-28 06:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-28 06:16 . 2011-09-28 06:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-28 06:16 . 2011-09-28 06:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-28 06:16 . 2011-09-28 06:16 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-28 06:16 . 2011-09-28 06:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-28 06:16 . 2011-09-28 06:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-28 06:16 . 2011-09-28 06:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-28 06:16 . 2011-09-28 06:16 448512 ----a-w- c:\windows\system32\html.iec
2011-09-28 06:16 . 2011-09-28 06:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-28 06:16 . 2011-09-28 06:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-28 06:16 . 2011-09-28 06:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-28 06:16 . 2011-09-28 06:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-28 06:16 . 2011-09-28 06:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-28 06:16 . 2011-09-28 06:16 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-28 06:16 . 2011-09-28 06:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-28 06:16 . 2011-09-28 06:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-28 06:16 . 2011-09-28 06:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-28 06:16 . 2011-09-28 06:16 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-28 06:16 . 2011-09-28 06:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-28 06:16 . 2011-09-28 06:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-28 06:16 . 2011-09-28 06:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-28 06:16 . 2011-09-28 06:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-28 06:16 . 2011-09-28 06:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-28 06:16 . 2011-09-28 06:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-28 06:16 . 2011-09-28 06:16 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-28 06:16 . 2011-09-28 06:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-28 06:16 . 2011-09-28 06:16 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-28 06:16 . 2011-09-28 06:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-28 06:16 . 2011-09-28 06:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-28 06:16 . 2011-09-28 06:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-28 05:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-28 05:56 . 2009-07-14 02:36 152576 ---ha-w- c:\windows\SysWow64\msclmd.dll
2011-09-28 02:57 . 2011-09-28 02:57 455680 ----a-w- c:\windows\system32\deploytk.dll
2011-09-28 02:14 . 2011-09-28 02:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-28 02:14 . 2011-09-28 02:14 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-09-21 16:00 . 2011-09-28 06:40 9049936 ---h--w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{132EB25B-B38A-436D-B271-7F6E9B11761B}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-27_18.21.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-28 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-27 18:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-27 18:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 08:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-27 18:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-04 17:57 . 2011-12-01 15:47 33584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-01 15:47 35520 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-09-28 07:20 . 2011-11-27 17:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-28 07:20 . 2011-12-02 08:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-28 07:20 . 2011-11-27 17:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-28 07:20 . 2011-12-02 08:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-02 08:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-27 17:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-28 06:11 . 2011-12-01 15:47 5074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2218769774-3839423579-1219232469-1000_UserData.bin
- 2009-09-04 17:55 . 2011-11-27 18:16 1829 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-09-04 17:55 . 2011-12-01 15:45 1829 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-12-01 15:46 . 2011-12-01 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-27 18:21 . 2011-11-27 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-01 15:46 . 2011-12-01 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-27 18:21 . 2011-11-27 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-27 23:47 . 2011-12-01 18:51 252688 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-27 18:07 626278 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-02 01:11 626278 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-02 01:11 107522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-27 18:07 107522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-12-01 15:45 325664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-27 18:16 325664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-27 17:32 . 2011-11-28 08:24 223744 c:\windows\assembly\temp\kwrd.dll
- 2011-11-27 17:32 . 2011-11-27 17:59 223744 c:\windows\assembly\temp\kwrd.dll
- 2011-10-14 08:22 . 2011-11-27 18:16 1025208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2218769774-3839423579-1219232469-1000-12288.dat
+ 2011-10-14 08:22 . 2011-12-01 15:45 1025208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2218769774-3839423579-1219232469-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LaunchUserRequestedPrograms"="c:\program files\Sony\First Experience\Miniprogram.exe" [2009-08-26 68608]
"RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-07-14 268288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
.
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ---h--w- c:\windows\System32\VESWinlogon.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\At10.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At12.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At14.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At16.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At18.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At2.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At20.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At22.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At24.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At26.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At28.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At30.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At32.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At34.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At36.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At38.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At4.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At40.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At42.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At44.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At46.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\At48.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At6.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-01 c:\windows\Tasks\At8.job
- c:\windows\system32\AB8I1o2t.com_ [2011-11-28 08:27]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 01:15]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 01:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-09-28 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2be6c1ak.default\
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NaAlgcphpofdVU.exe - c:\programdata\NaAlgcphpofdVU.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-02 02:32:24
ComboFix-quarantined-files.txt 2011-12-02 08:32
ComboFix2.txt 2011-11-27 18:32
.
.
Post-Run: 142,055,444,480 bytes free
.
- - End Of File - - A5EB9D1A58EDF9A40B1C0B56FA7415B0

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:07 AM

Posted 08 December 2011 - 02:51 AM

Hello again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
AtJob::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 silath44

silath44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 08 December 2011 - 12:55 PM

TDSS:

11:39:00.0382 6676 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
11:39:00.0834 6676 ============================================================
11:39:00.0834 6676 Current date / time: 2011/12/08 11:39:00.0834
11:39:00.0834 6676 SystemInfo:
11:39:00.0834 6676
11:39:00.0834 6676 OS Version: 6.1.7601 ServicePack: 1.0
11:39:00.0834 6676 Product type: Workstation
11:39:00.0834 6676 ComputerName: CCOOK
11:39:00.0834 6676 UserName: Christopher
11:39:00.0834 6676 Windows directory: C:\Windows
11:39:00.0834 6676 System windows directory: C:\Windows
11:39:00.0834 6676 Running under WOW64
11:39:00.0834 6676 Processor architecture: Intel x64
11:39:00.0834 6676 Number of processors: 2
11:39:00.0834 6676 Page size: 0x1000
11:39:00.0834 6676 Boot type: Normal boot
11:39:00.0834 6676 ============================================================
11:39:02.0020 6676 Initialize success
11:39:05.0499 3468 ============================================================
11:39:05.0499 3468 Scan started
11:39:05.0499 3468 Mode: Manual;
11:39:05.0499 3468 ============================================================
11:39:06.0201 3468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:39:06.0201 3468 1394ohci - ok
11:39:06.0263 3468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:39:06.0263 3468 ACPI - ok
11:39:06.0279 3468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:39:06.0279 3468 AcpiPmi - ok
11:39:06.0372 3468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:39:06.0372 3468 adp94xx - ok
11:39:06.0403 3468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:39:06.0419 3468 adpahci - ok
11:39:06.0435 3468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:39:06.0435 3468 adpu320 - ok
11:39:06.0513 3468 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:39:06.0528 3468 AFD - ok
11:39:06.0559 3468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:39:06.0559 3468 agp440 - ok
11:39:06.0606 3468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:39:06.0606 3468 aliide - ok
11:39:06.0747 3468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:39:06.0747 3468 amdide - ok
11:39:06.0809 3468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:39:06.0825 3468 AmdK8 - ok
11:39:06.0856 3468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:39:06.0856 3468 AmdPPM - ok
11:39:06.0887 3468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:39:06.0887 3468 amdsata - ok
11:39:06.0918 3468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:39:06.0918 3468 amdsbs - ok
11:39:06.0949 3468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:39:06.0965 3468 amdxata - ok
11:39:07.0012 3468 ApfiltrService (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:39:07.0012 3468 ApfiltrService - ok
11:39:07.0074 3468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:39:07.0074 3468 AppID - ok
11:39:07.0090 3468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:39:07.0090 3468 arc - ok
11:39:07.0121 3468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:39:07.0121 3468 arcsas - ok
11:39:07.0137 3468 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:39:07.0137 3468 ArcSoftKsUFilter - ok
11:39:07.0199 3468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:39:07.0199 3468 AsyncMac - ok
11:39:07.0215 3468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:39:07.0215 3468 atapi - ok
11:39:07.0339 3468 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
11:39:07.0417 3468 atikmdag - ok
11:39:07.0527 3468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:39:07.0542 3468 b06bdrv - ok
11:39:07.0573 3468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:39:07.0573 3468 b57nd60a - ok
11:39:07.0589 3468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:39:07.0589 3468 Beep - ok
11:39:07.0651 3468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:39:07.0651 3468 blbdrive - ok
11:39:07.0683 3468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:39:07.0683 3468 bowser - ok
11:39:07.0698 3468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:39:07.0698 3468 BrFiltLo - ok
11:39:07.0714 3468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:39:07.0714 3468 BrFiltUp - ok
11:39:07.0729 3468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:39:07.0745 3468 Brserid - ok
11:39:07.0745 3468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:39:07.0745 3468 BrSerWdm - ok
11:39:07.0776 3468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:39:07.0776 3468 BrUsbMdm - ok
11:39:07.0776 3468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:39:07.0776 3468 BrUsbSer - ok
11:39:07.0854 3468 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:39:07.0854 3468 BthEnum - ok
11:39:07.0885 3468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:39:07.0885 3468 BTHMODEM - ok
11:39:07.0885 3468 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:39:07.0885 3468 BthPan - ok
11:39:07.0932 3468 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:39:07.0932 3468 BTHPORT - ok
11:39:07.0963 3468 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:39:07.0963 3468 BTHUSB - ok
11:39:07.0995 3468 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
11:39:07.0995 3468 btwaudio - ok
11:39:08.0010 3468 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
11:39:08.0010 3468 btwavdt - ok
11:39:08.0057 3468 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:39:08.0057 3468 btwl2cap - ok
11:39:08.0073 3468 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
11:39:08.0073 3468 btwrchid - ok
11:39:08.0073 3468 catchme - ok
11:39:08.0104 3468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:39:08.0104 3468 cdfs - ok
11:39:08.0197 3468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:39:08.0197 3468 cdrom - ok
11:39:08.0229 3468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:39:08.0229 3468 circlass - ok
11:39:08.0260 3468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:39:08.0260 3468 CLFS - ok
11:39:08.0307 3468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:39:08.0307 3468 CmBatt - ok
11:39:08.0322 3468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:39:08.0322 3468 cmdide - ok
11:39:08.0369 3468 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:39:08.0369 3468 CNG - ok
11:39:08.0400 3468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:39:08.0400 3468 Compbatt - ok
11:39:08.0416 3468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:39:08.0431 3468 CompositeBus - ok
11:39:08.0447 3468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:39:08.0447 3468 crcdisk - ok
11:39:08.0556 3468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:39:08.0556 3468 DfsC - ok
11:39:08.0587 3468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:39:08.0587 3468 discache - ok
11:39:08.0603 3468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:39:08.0603 3468 Disk - ok
11:39:08.0665 3468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:39:08.0665 3468 drmkaud - ok
11:39:08.0712 3468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:39:08.0712 3468 DXGKrnl - ok
11:39:08.0806 3468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:39:08.0837 3468 ebdrv - ok
11:39:08.0915 3468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:39:08.0931 3468 elxstor - ok
11:39:08.0962 3468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:39:08.0962 3468 ErrDev - ok
11:39:08.0993 3468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:39:08.0993 3468 exfat - ok
11:39:09.0009 3468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:39:09.0009 3468 fastfat - ok
11:39:09.0040 3468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:39:09.0040 3468 fdc - ok
11:39:09.0055 3468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:39:09.0055 3468 FileInfo - ok
11:39:09.0055 3468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:39:09.0071 3468 Filetrace - ok
11:39:09.0071 3468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:39:09.0071 3468 flpydisk - ok
11:39:09.0102 3468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:39:09.0102 3468 FltMgr - ok
11:39:09.0118 3468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:39:09.0133 3468 FsDepends - ok
11:39:09.0133 3468 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:39:09.0133 3468 Fs_Rec - ok
11:39:09.0180 3468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:39:09.0180 3468 fvevol - ok
11:39:09.0196 3468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:39:09.0196 3468 gagp30kx - ok
11:39:09.0227 3468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:39:09.0243 3468 hcw85cir - ok
11:39:09.0336 3468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:39:09.0336 3468 HdAudAddService - ok
11:39:09.0367 3468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:39:09.0367 3468 HDAudBus - ok
11:39:09.0399 3468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:39:09.0399 3468 HidBatt - ok
11:39:09.0430 3468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:39:09.0430 3468 HidBth - ok
11:39:09.0445 3468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:39:09.0445 3468 HidIr - ok
11:39:09.0492 3468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:39:09.0492 3468 HidUsb - ok
11:39:09.0539 3468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:39:09.0539 3468 HpSAMD - ok
11:39:09.0586 3468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:39:09.0601 3468 HTTP - ok
11:39:09.0664 3468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:39:09.0664 3468 hwpolicy - ok
11:39:09.0711 3468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:39:09.0711 3468 i8042prt - ok
11:39:09.0742 3468 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:39:09.0757 3468 iaStor - ok
11:39:09.0773 3468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:39:09.0789 3468 iaStorV - ok
11:39:09.0835 3468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:39:09.0835 3468 iirsp - ok
11:39:09.0913 3468 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
11:39:09.0929 3468 IntcAzAudAddService - ok
11:39:10.0038 3468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:39:10.0054 3468 intelide - ok
11:39:10.0085 3468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:39:10.0085 3468 intelppm - ok
11:39:10.0132 3468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:39:10.0132 3468 IpFilterDriver - ok
11:39:10.0179 3468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:39:10.0179 3468 IPMIDRV - ok
11:39:10.0210 3468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:39:10.0210 3468 IPNAT - ok
11:39:10.0241 3468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:39:10.0241 3468 IRENUM - ok
11:39:10.0272 3468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:39:10.0272 3468 isapnp - ok
11:39:10.0288 3468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:39:10.0288 3468 iScsiPrt - ok
11:39:10.0335 3468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:39:10.0335 3468 kbdclass - ok
11:39:10.0397 3468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:39:10.0397 3468 kbdhid - ok
11:39:10.0413 3468 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:39:10.0413 3468 KSecDD - ok
11:39:10.0444 3468 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:39:10.0444 3468 KSecPkg - ok
11:39:10.0459 3468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:39:10.0459 3468 ksthunk - ok
11:39:10.0491 3468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:39:10.0491 3468 lltdio - ok
11:39:10.0553 3468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:39:10.0553 3468 LSI_FC - ok
11:39:10.0569 3468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:39:10.0584 3468 LSI_SAS - ok
11:39:10.0584 3468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:39:10.0584 3468 LSI_SAS2 - ok
11:39:10.0631 3468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:39:10.0631 3468 LSI_SCSI - ok
11:39:10.0662 3468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:39:10.0678 3468 luafv - ok
11:39:10.0725 3468 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:39:10.0725 3468 MBAMProtector - ok
11:39:10.0740 3468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:39:10.0740 3468 megasas - ok
11:39:10.0818 3468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:39:10.0818 3468 MegaSR - ok
11:39:10.0849 3468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:39:10.0849 3468 Modem - ok
11:39:10.0865 3468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:39:10.0865 3468 monitor - ok
11:39:10.0896 3468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:39:10.0896 3468 mouclass - ok
11:39:10.0896 3468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:39:10.0896 3468 mouhid - ok
11:39:10.0927 3468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:39:10.0927 3468 mountmgr - ok
11:39:10.0974 3468 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:39:10.0974 3468 MpFilter - ok
11:39:10.0990 3468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:39:10.0990 3468 mpio - ok
11:39:11.0021 3468 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:39:11.0021 3468 MpNWMon - ok
11:39:11.0037 3468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:39:11.0052 3468 mpsdrv - ok
11:39:11.0115 3468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:39:11.0130 3468 MRxDAV - ok
11:39:11.0208 3468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:39:11.0208 3468 mrxsmb - ok
11:39:11.0224 3468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:39:11.0239 3468 mrxsmb10 - ok
11:39:11.0255 3468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:39:11.0255 3468 mrxsmb20 - ok
11:39:11.0286 3468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:39:11.0286 3468 msahci - ok
11:39:11.0317 3468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:39:11.0317 3468 msdsm - ok
11:39:11.0333 3468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:39:11.0333 3468 Msfs - ok
11:39:11.0364 3468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:39:11.0364 3468 mshidkmdf - ok
11:39:11.0380 3468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:39:11.0380 3468 msisadrv - ok
11:39:11.0411 3468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:39:11.0411 3468 MSKSSRV - ok
11:39:11.0427 3468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:39:11.0427 3468 MSPCLOCK - ok
11:39:11.0442 3468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:39:11.0458 3468 MSPQM - ok
11:39:11.0473 3468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:39:11.0489 3468 MsRPC - ok
11:39:11.0505 3468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:39:11.0505 3468 mssmbios - ok
11:39:11.0536 3468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:39:11.0536 3468 MSTEE - ok
11:39:11.0583 3468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:39:11.0583 3468 MTConfig - ok
11:39:11.0614 3468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:39:11.0614 3468 Mup - ok
11:39:11.0676 3468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:39:11.0676 3468 NativeWifiP - ok
11:39:11.0723 3468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:39:11.0739 3468 NDIS - ok
11:39:11.0754 3468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:39:11.0754 3468 NdisCap - ok
11:39:11.0785 3468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:39:11.0785 3468 NdisTapi - ok
11:39:11.0801 3468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:39:11.0817 3468 Ndisuio - ok
11:39:11.0848 3468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:39:11.0848 3468 NdisWan - ok
11:39:11.0895 3468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:39:11.0895 3468 NDProxy - ok
11:39:11.0973 3468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:39:11.0973 3468 NetBIOS - ok
11:39:12.0004 3468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:39:12.0004 3468 NetBT - ok
11:39:12.0160 3468 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
11:39:12.0222 3468 netw5v64 - ok
11:39:12.0300 3468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:39:12.0300 3468 nfrd960 - ok
11:39:12.0331 3468 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:39:12.0347 3468 NisDrv - ok
11:39:12.0378 3468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:39:12.0378 3468 Npfs - ok
11:39:12.0394 3468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:39:12.0394 3468 nsiproxy - ok
11:39:12.0456 3468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:39:12.0487 3468 Ntfs - ok
11:39:12.0503 3468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:39:12.0503 3468 Null - ok
11:39:12.0550 3468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:39:12.0550 3468 nvraid - ok
11:39:12.0581 3468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:39:12.0581 3468 nvstor - ok
11:39:12.0659 3468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:39:12.0659 3468 nv_agp - ok
11:39:12.0706 3468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:39:12.0706 3468 ohci1394 - ok
11:39:12.0737 3468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:39:12.0737 3468 Parport - ok
11:39:12.0784 3468 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:39:12.0784 3468 partmgr - ok
11:39:12.0815 3468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:39:12.0815 3468 pci - ok
11:39:12.0831 3468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:39:12.0846 3468 pciide - ok
11:39:12.0862 3468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:39:12.0877 3468 pcmcia - ok
11:39:12.0893 3468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:39:12.0893 3468 pcw - ok
11:39:12.0909 3468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:39:12.0924 3468 PEAUTH - ok
11:39:12.0987 3468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:39:12.0987 3468 PptpMiniport - ok
11:39:13.0049 3468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:39:13.0049 3468 Processor - ok
11:39:13.0111 3468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:39:13.0111 3468 Psched - ok
11:39:13.0127 3468 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
11:39:13.0127 3468 PxHlpa64 - ok
11:39:13.0189 3468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:39:13.0205 3468 ql2300 - ok
11:39:13.0283 3468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:39:13.0283 3468 ql40xx - ok
11:39:13.0299 3468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:39:13.0299 3468 QWAVEdrv - ok
11:39:13.0314 3468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:39:13.0314 3468 RasAcd - ok
11:39:13.0345 3468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:39:13.0345 3468 RasAgileVpn - ok
11:39:13.0377 3468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:39:13.0377 3468 Rasl2tp - ok
11:39:13.0408 3468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:39:13.0408 3468 RasPppoe - ok
11:39:13.0455 3468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:39:13.0455 3468 RasSstp - ok
11:39:13.0486 3468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:39:13.0486 3468 rdbss - ok
11:39:13.0501 3468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:39:13.0501 3468 rdpbus - ok
11:39:13.0533 3468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:39:13.0533 3468 RDPCDD - ok
11:39:13.0533 3468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:39:13.0548 3468 RDPENCDD - ok
11:39:13.0564 3468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:39:13.0564 3468 RDPREFMP - ok
11:39:13.0611 3468 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:39:13.0611 3468 RDPWD - ok
11:39:13.0642 3468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:39:13.0642 3468 rdyboost - ok
11:39:13.0689 3468 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
11:39:13.0689 3468 regi - ok
11:39:13.0704 3468 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:39:13.0704 3468 RFCOMM - ok
11:39:13.0751 3468 rimsptsk (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys
11:39:13.0751 3468 rimsptsk - ok
11:39:13.0767 3468 risdptsk (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys
11:39:13.0767 3468 risdptsk - ok
11:39:13.0860 3468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:39:13.0860 3468 rspndr - ok
11:39:13.0907 3468 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
11:39:13.0907 3468 RTHDMIAzAudService - ok
11:39:13.0985 3468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:39:13.0985 3468 sbp2port - ok
11:39:14.0016 3468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:39:14.0016 3468 scfilter - ok
11:39:14.0063 3468 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:39:14.0079 3468 sdbus - ok
11:39:14.0110 3468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:39:14.0110 3468 secdrv - ok
11:39:14.0141 3468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:39:14.0141 3468 Serenum - ok
11:39:14.0157 3468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:39:14.0157 3468 Serial - ok
11:39:14.0172 3468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:39:14.0172 3468 sermouse - ok
11:39:14.0203 3468 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
11:39:14.0203 3468 SFEP - ok
11:39:14.0297 3468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:39:14.0297 3468 sffdisk - ok
11:39:14.0313 3468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:39:14.0313 3468 sffp_mmc - ok
11:39:14.0328 3468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:39:14.0328 3468 sffp_sd - ok
11:39:14.0344 3468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:39:14.0344 3468 sfloppy - ok
11:39:14.0375 3468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:39:14.0375 3468 SiSRaid2 - ok
11:39:14.0391 3468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:39:14.0391 3468 SiSRaid4 - ok
11:39:14.0391 3468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:39:14.0406 3468 Smb - ok
11:39:14.0453 3468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:39:14.0453 3468 spldr - ok
11:39:14.0500 3468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:39:14.0500 3468 srv - ok
11:39:14.0531 3468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:39:14.0531 3468 srv2 - ok
11:39:14.0547 3468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:39:14.0562 3468 srvnet - ok
11:39:14.0625 3468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:39:14.0625 3468 stexstor - ok
11:39:14.0656 3468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:39:14.0656 3468 swenum - ok
11:39:14.0734 3468 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:39:14.0749 3468 Tcpip - ok
11:39:14.0827 3468 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:39:14.0843 3468 TCPIP6 - ok
11:39:14.0874 3468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:39:14.0874 3468 tcpipreg - ok
11:39:14.0890 3468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:39:14.0890 3468 TDPIPE - ok
11:39:14.0921 3468 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:39:14.0921 3468 TDTCP - ok
11:39:14.0968 3468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:39:14.0968 3468 tdx - ok
11:39:14.0983 3468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:39:14.0983 3468 TermDD - ok
11:39:15.0030 3468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:39:15.0030 3468 tssecsrv - ok
11:39:15.0124 3468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:39:15.0124 3468 TsUsbFlt - ok
11:39:15.0155 3468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:39:15.0155 3468 tunnel - ok
11:39:15.0186 3468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:39:15.0186 3468 uagp35 - ok
11:39:15.0217 3468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:39:15.0233 3468 udfs - ok
11:39:15.0264 3468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:39:15.0264 3468 uliagpkx - ok
11:39:15.0295 3468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:39:15.0295 3468 umbus - ok
11:39:15.0311 3468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:39:15.0311 3468 UmPass - ok
11:39:15.0358 3468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:39:15.0358 3468 usbccgp - ok
11:39:15.0405 3468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:39:15.0405 3468 usbcir - ok
11:39:15.0467 3468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:39:15.0467 3468 usbehci - ok
11:39:15.0483 3468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:39:15.0483 3468 usbhub - ok
11:39:15.0514 3468 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:39:15.0514 3468 usbohci - ok
11:39:15.0545 3468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:39:15.0545 3468 usbprint - ok
11:39:15.0561 3468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:39:15.0561 3468 USBSTOR - ok
11:39:15.0592 3468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:39:15.0592 3468 usbuhci - ok
11:39:15.0607 3468 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:39:15.0623 3468 usbvideo - ok
11:39:15.0685 3468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:39:15.0685 3468 vdrvroot - ok
11:39:15.0748 3468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:39:15.0748 3468 vga - ok
11:39:15.0795 3468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:39:15.0795 3468 VgaSave - ok
11:39:15.0841 3468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:39:15.0841 3468 vhdmp - ok
11:39:15.0857 3468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:39:15.0857 3468 viaide - ok
11:39:15.0888 3468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:39:15.0888 3468 volmgr - ok
11:39:15.0919 3468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:39:15.0935 3468 volmgrx - ok
11:39:15.0951 3468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:39:15.0951 3468 volsnap - ok
11:39:15.0982 3468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:39:15.0982 3468 vsmraid - ok
11:39:15.0997 3468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:39:15.0997 3468 vwifibus - ok
11:39:16.0029 3468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:39:16.0029 3468 WacomPen - ok
11:39:16.0060 3468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:16.0060 3468 WANARP - ok
11:39:16.0075 3468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:16.0075 3468 Wanarpv6 - ok
11:39:16.0122 3468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:39:16.0122 3468 Wd - ok
11:39:16.0169 3468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:39:16.0185 3468 Wdf01000 - ok
11:39:16.0216 3468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:39:16.0216 3468 WfpLwf - ok
11:39:16.0231 3468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:39:16.0231 3468 WIMMount - ok
11:39:16.0294 3468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:39:16.0294 3468 WmiAcpi - ok
11:39:16.0309 3468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:39:16.0325 3468 ws2ifsl - ok
11:39:16.0356 3468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:39:16.0356 3468 WudfPf - ok
11:39:16.0372 3468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:39:16.0372 3468 WUDFRd - ok
11:39:16.0419 3468 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:39:16.0434 3468 yukonw7 - ok
11:39:16.0465 3468 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0
11:39:16.0465 3468 \Device\Harddisk0\DR0 - ok
11:39:16.0481 3468 Boot (0x1200) (29891fcca256cb5387671bc449f8f1a7) \Device\Harddisk0\DR0\Partition0
11:39:16.0481 3468 \Device\Harddisk0\DR0\Partition0 - ok
11:39:16.0497 3468 Boot (0x1200) (6f6463a8ed0a20c5b34f0adcb6b140d3) \Device\Harddisk0\DR0\Partition1
11:39:16.0497 3468 \Device\Harddisk0\DR0\Partition1 - ok
11:39:16.0497 3468 ============================================================
11:39:16.0497 3468 Scan finished
11:39:16.0497 3468 ============================================================
11:39:16.0497 6404 Detected object count: 0
11:39:16.0497 6404 Actual detected object count: 0
11:39:37.0385 5588 ============================================================
11:39:37.0385 5588 Scan started
11:39:37.0385 5588 Mode: Manual; SigCheck; TDLFS;
11:39:37.0385 5588 ============================================================
11:39:37.0572 5588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:39:37.0759 5588 1394ohci - ok
11:39:37.0806 5588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:39:37.0822 5588 ACPI - ok
11:39:37.0853 5588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:39:37.0993 5588 AcpiPmi - ok
11:39:38.0040 5588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:39:38.0071 5588 adp94xx - ok
11:39:38.0087 5588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:39:38.0134 5588 adpahci - ok
11:39:38.0181 5588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:39:38.0196 5588 adpu320 - ok
11:39:38.0259 5588 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:39:38.0321 5588 AFD - ok
11:39:38.0352 5588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:39:38.0352 5588 agp440 - ok
11:39:38.0383 5588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:39:38.0383 5588 aliide - ok
11:39:38.0415 5588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:39:38.0430 5588 amdide - ok
11:39:38.0446 5588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:39:38.0617 5588 AmdK8 - ok
11:39:38.0633 5588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:39:38.0680 5588 AmdPPM - ok
11:39:38.0758 5588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:39:38.0773 5588 amdsata - ok
11:39:38.0805 5588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:39:38.0805 5588 amdsbs - ok
11:39:38.0836 5588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:39:38.0851 5588 amdxata - ok
11:39:38.0883 5588 ApfiltrService (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:39:39.0413 5588 ApfiltrService - ok
11:39:39.0507 5588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:39:39.0756 5588 AppID - ok
11:39:39.0819 5588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:39:39.0819 5588 arc - ok
11:39:39.0834 5588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:39:39.0850 5588 arcsas - ok
11:39:39.0881 5588 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:39:39.0897 5588 ArcSoftKsUFilter - ok
11:39:39.0959 5588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:39:40.0193 5588 AsyncMac - ok
11:39:40.0224 5588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:39:40.0224 5588 atapi - ok
11:39:40.0365 5588 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
11:39:40.0474 5588 atikmdag - ok
11:39:40.0567 5588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:39:40.0630 5588 b06bdrv - ok
11:39:40.0677 5588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:39:40.0786 5588 b57nd60a - ok
11:39:40.0817 5588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:39:41.0020 5588 Beep - ok
11:39:41.0051 5588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:39:41.0082 5588 blbdrive - ok
11:39:41.0129 5588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:39:41.0238 5588 bowser - ok
11:39:41.0301 5588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:39:41.0410 5588 BrFiltLo - ok
11:39:41.0441 5588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:39:41.0488 5588 BrFiltUp - ok
11:39:41.0519 5588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:39:41.0597 5588 Brserid - ok
11:39:41.0613 5588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:39:41.0745 5588 BrSerWdm - ok
11:39:41.0765 5588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:39:41.0846 5588 BrUsbMdm - ok
11:39:41.0858 5588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:39:41.0918 5588 BrUsbSer - ok
11:39:42.0010 5588 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:39:42.0136 5588 BthEnum - ok
11:39:42.0160 5588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:39:42.0327 5588 BTHMODEM - ok
11:39:42.0351 5588 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:39:42.0411 5588 BthPan - ok
11:39:42.0458 5588 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:39:42.0500 5588 BTHPORT - ok
11:39:42.0526 5588 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:39:42.0602 5588 BTHUSB - ok
11:39:42.0634 5588 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
11:39:42.0649 5588 btwaudio - ok
11:39:42.0727 5588 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
11:39:42.0743 5588 btwavdt - ok
11:39:42.0774 5588 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:39:42.0790 5588 btwl2cap - ok
11:39:42.0805 5588 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
11:39:42.0821 5588 btwrchid - ok
11:39:42.0821 5588 catchme - ok
11:39:42.0852 5588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:39:42.0946 5588 cdfs - ok
11:39:42.0993 5588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:39:43.0039 5588 cdrom - ok
11:39:43.0071 5588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:39:43.0117 5588 circlass - ok
11:39:43.0164 5588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:39:43.0180 5588 CLFS - ok
11:39:43.0211 5588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:39:43.0258 5588 CmBatt - ok
11:39:43.0289 5588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:39:43.0289 5588 cmdide - ok
11:39:43.0336 5588 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:39:43.0383 5588 CNG - ok
11:39:43.0461 5588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:39:43.0476 5588 Compbatt - ok
11:39:43.0539 5588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:39:43.0585 5588 CompositeBus - ok
11:39:43.0617 5588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:39:43.0632 5588 crcdisk - ok
11:39:43.0679 5588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:39:43.0757 5588 DfsC - ok
11:39:43.0788 5588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:39:43.0975 5588 discache - ok
11:39:43.0991 5588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:39:44.0007 5588 Disk - ok
11:39:44.0038 5588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:39:44.0116 5588 drmkaud - ok
11:39:44.0178 5588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:39:44.0194 5588 DXGKrnl - ok
11:39:44.0381 5588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:39:44.0443 5588 ebdrv - ok
11:39:44.0490 5588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:39:44.0506 5588 elxstor - ok
11:39:44.0553 5588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:39:44.0631 5588 ErrDev - ok
11:39:44.0662 5588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:39:44.0802 5588 exfat - ok
11:39:44.0833 5588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:39:44.0896 5588 fastfat - ok
11:39:44.0974 5588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:39:45.0036 5588 fdc - ok
11:39:45.0067 5588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:39:45.0083 5588 FileInfo - ok
11:39:45.0099 5588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:39:45.0239 5588 Filetrace - ok
11:39:45.0255 5588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:39:45.0286 5588 flpydisk - ok
11:39:45.0333 5588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:39:45.0348 5588 FltMgr - ok
11:39:45.0379 5588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:39:45.0379 5588 FsDepends - ok
11:39:45.0395 5588 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:39:45.0411 5588 Fs_Rec - ok
11:39:45.0457 5588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:39:45.0457 5588 fvevol - ok
11:39:45.0489 5588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:39:45.0504 5588 gagp30kx - ok
11:39:45.0535 5588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:39:45.0567 5588 hcw85cir - ok
11:39:45.0613 5588 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:39:45.0645 5588 HdAudAddService - ok
11:39:45.0738 5588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:39:45.0785 5588 HDAudBus - ok
11:39:45.0816 5588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:39:45.0847 5588 HidBatt - ok
11:39:45.0879 5588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:39:45.0988 5588 HidBth - ok
11:39:46.0019 5588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:39:46.0066 5588 HidIr - ok
11:39:46.0097 5588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:39:46.0191 5588 HidUsb - ok
11:39:46.0237 5588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:39:46.0237 5588 HpSAMD - ok
11:39:46.0284 5588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:39:46.0440 5588 HTTP - ok
11:39:46.0518 5588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:39:46.0518 5588 hwpolicy - ok
11:39:46.0565 5588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:39:46.0581 5588 i8042prt - ok
11:39:46.0627 5588 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:39:46.0659 5588 iaStor - ok
11:39:46.0690 5588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:39:46.0705 5588 iaStorV - ok
11:39:46.0737 5588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:39:46.0752 5588 iirsp - ok
11:39:46.0830 5588 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
11:39:46.0861 5588 IntcAzAudAddService - ok
11:39:46.0877 5588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:39:46.0893 5588 intelide - ok
11:39:46.0955 5588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:39:47.0049 5588 intelppm - ok
11:39:47.0111 5588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:39:47.0251 5588 IpFilterDriver - ok
11:39:47.0298 5588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:39:47.0345 5588 IPMIDRV - ok
11:39:47.0376 5588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:39:47.0454 5588 IPNAT - ok
11:39:47.0470 5588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:39:47.0563 5588 IRENUM - ok
11:39:47.0641 5588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:39:47.0641 5588 isapnp - ok
11:39:47.0673 5588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:39:47.0688 5588 iScsiPrt - ok
11:39:47.0719 5588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:39:47.0735 5588 kbdclass - ok
11:39:47.0766 5588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:39:47.0829 5588 kbdhid - ok
11:39:47.0875 5588 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:39:47.0891 5588 KSecDD - ok
11:39:47.0922 5588 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:39:47.0938 5588 KSecPkg - ok
11:39:47.0969 5588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:39:48.0078 5588 ksthunk - ok
11:39:48.0109 5588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:39:48.0187 5588 lltdio - ok
11:39:48.0219 5588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:39:48.0234 5588 LSI_FC - ok
11:39:48.0312 5588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:39:48.0328 5588 LSI_SAS - ok
11:39:48.0343 5588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:39:48.0343 5588 LSI_SAS2 - ok
11:39:48.0375 5588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:39:48.0390 5588 LSI_SCSI - ok
11:39:48.0406 5588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:39:48.0531 5588 luafv - ok
11:39:48.0562 5588 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:39:48.0577 5588 MBAMProtector - ok
11:39:48.0609 5588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:39:48.0624 5588 megasas - ok
11:39:48.0655 5588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:39:48.0655 5588 MegaSR - ok
11:39:48.0671 5588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:39:48.0843 5588 Modem - ok
11:39:48.0858 5588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:39:48.0921 5588 monitor - ok
11:39:48.0952 5588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:39:48.0967 5588 mouclass - ok
11:39:48.0999 5588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:39:49.0061 5588 mouhid - ok
11:39:49.0108 5588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:39:49.0108 5588 mountmgr - ok
11:39:49.0201 5588 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:39:49.0201 5588 MpFilter - ok
11:39:49.0248 5588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:39:49.0248 5588 mpio - ok
11:39:49.0279 5588 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:39:49.0279 5588 MpNWMon - ok
11:39:49.0311 5588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:39:49.0420 5588 mpsdrv - ok
11:39:49.0451 5588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:39:49.0607 5588 MRxDAV - ok
11:39:49.0654 5588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:39:49.0732 5588 mrxsmb - ok
11:39:49.0794 5588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:39:49.0825 5588 mrxsmb10 - ok
11:39:49.0857 5588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:39:49.0872 5588 mrxsmb20 - ok
11:39:49.0903 5588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:39:49.0919 5588 msahci - ok
11:39:49.0950 5588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:39:49.0966 5588 msdsm - ok
11:39:50.0013 5588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:39:50.0059 5588 Msfs - ok
11:39:50.0075 5588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:39:50.0200 5588 mshidkmdf - ok
11:39:50.0231 5588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:39:50.0247 5588 msisadrv - ok
11:39:50.0278 5588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:39:50.0325 5588 MSKSSRV - ok
11:39:50.0387 5588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:39:50.0465 5588 MSPCLOCK - ok
11:39:50.0496 5588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:39:50.0668 5588 MSPQM - ok
11:39:50.0699 5588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:39:50.0715 5588 MsRPC - ok
11:39:50.0746 5588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:39:50.0761 5588 mssmbios - ok
11:39:50.0793 5588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:39:50.0886 5588 MSTEE - ok
11:39:50.0902 5588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:39:50.0949 5588 MTConfig - ok
11:39:50.0980 5588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:39:50.0980 5588 Mup - ok
11:39:51.0011 5588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:39:51.0058 5588 NativeWifiP - ok
11:39:51.0105 5588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:39:51.0136 5588 NDIS - ok
11:39:51.0214 5588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:39:51.0276 5588 NdisCap - ok
11:39:51.0292 5588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:39:51.0354 5588 NdisTapi - ok
11:39:51.0385 5588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:39:51.0432 5588 Ndisuio - ok
11:39:51.0463 5588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:39:51.0588 5588 NdisWan - ok
11:39:51.0619 5588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:39:51.0651 5588 NDProxy - ok
11:39:51.0666 5588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:39:51.0760 5588 NetBIOS - ok
11:39:51.0822 5588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:39:51.0853 5588 NetBT - ok
11:39:51.0994 5588 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
11:39:52.0150 5588 netw5v64 - ok
11:39:52.0228 5588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:39:52.0228 5588 nfrd960 - ok
11:39:52.0259 5588 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:39:52.0275 5588 NisDrv - ok
11:39:52.0306 5588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:39:52.0384 5588 Npfs - ok
11:39:52.0399 5588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:39:52.0462 5588 nsiproxy - ok
11:39:52.0524 5588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:39:52.0555 5588 Ntfs - ok
11:39:52.0571 5588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:39:52.0649 5588 Null - ok
11:39:52.0696 5588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:39:52.0711 5588 nvraid - ok
11:39:52.0727 5588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:39:52.0743 5588 nvstor - ok
11:39:52.0821 5588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:39:52.0836 5588 nv_agp - ok
11:39:52.0899 5588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:39:52.0977 5588 ohci1394 - ok
11:39:53.0023 5588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:39:53.0055 5588 Parport - ok
11:39:53.0086 5588 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:39:53.0086 5588 partmgr - ok
11:39:53.0117 5588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:39:53.0133 5588 pci - ok
11:39:53.0148 5588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:39:53.0164 5588 pciide - ok
11:39:53.0179 5588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:39:53.0195 5588 pcmcia - ok
11:39:53.0226 5588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:39:53.0242 5588 pcw - ok
11:39:53.0320 5588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:39:53.0460 5588 PEAUTH - ok
11:39:53.0585 5588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:39:53.0647 5588 PptpMiniport - ok
11:39:53.0679 5588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:39:53.0741 5588 Processor - ok
11:39:53.0788 5588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:39:53.0881 5588 Psched - ok
11:39:53.0913 5588 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
11:39:53.0944 5588 PxHlpa64 - ok
11:39:54.0006 5588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:39:54.0037 5588 ql2300 - ok
11:39:54.0100 5588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:39:54.0115 5588 ql40xx - ok
11:39:54.0131 5588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:39:54.0162 5588 QWAVEdrv - ok
11:39:54.0178 5588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:39:54.0225 5588 RasAcd - ok
11:39:54.0240 5588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:39:54.0318 5588 RasAgileVpn - ok
11:39:54.0365 5588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:39:54.0427 5588 Rasl2tp - ok
11:39:54.0459 5588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:39:54.0505 5588 RasPppoe - ok
11:39:54.0521 5588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:39:54.0599 5588 RasSstp - ok
11:39:54.0630 5588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:39:54.0677 5588 rdbss - ok
11:39:54.0708 5588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:39:54.0739 5588 rdpbus - ok
11:39:54.0771 5588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:39:54.0817 5588 RDPCDD - ok
11:39:54.0849 5588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:39:54.0942 5588 RDPENCDD - ok
11:39:54.0989 5588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:39:55.0020 5588 RDPREFMP - ok
11:39:55.0067 5588 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:39:55.0129 5588 RDPWD - ok
11:39:55.0207 5588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:39:55.0223 5588 rdyboost - ok
11:39:55.0254 5588 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
11:39:55.0270 5588 regi - ok
11:39:55.0285 5588 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:39:55.0332 5588 RFCOMM - ok
11:39:55.0363 5588 rimsptsk (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys
11:39:55.0441 5588 rimsptsk - ok
11:39:55.0457 5588 risdptsk (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys
11:39:55.0519 5588 risdptsk - ok
11:39:55.0566 5588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:39:55.0738 5588 rspndr - ok
11:39:55.0816 5588 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
11:39:55.0972 5588 RTHDMIAzAudService - ok
11:39:56.0019 5588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:39:56.0034 5588 sbp2port - ok
11:39:56.0065 5588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:39:56.0128 5588 scfilter - ok
11:39:56.0175 5588 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:39:56.0268 5588 sdbus - ok
11:39:56.0299 5588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:39:56.0440 5588 secdrv - ok
11:39:56.0487 5588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:39:56.0533 5588 Serenum - ok
11:39:56.0549 5588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:39:56.0580 5588 Serial - ok
11:39:56.0611 5588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:39:56.0643 5588 sermouse - ok
11:39:56.0705 5588 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
11:39:56.0752 5588 SFEP - ok
11:39:56.0814 5588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:39:56.0861 5588 sffdisk - ok
11:39:56.0877 5588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:39:56.0908 5588 sffp_mmc - ok
11:39:56.0939 5588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:39:56.0970 5588 sffp_sd - ok
11:39:56.0986 5588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:39:57.0017 5588 sfloppy - ok
11:39:57.0048 5588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:39:57.0048 5588 SiSRaid2 - ok
11:39:57.0064 5588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:39:57.0079 5588 SiSRaid4 - ok
11:39:57.0095 5588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:39:57.0157 5588 Smb - ok
11:39:57.0204 5588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:39:57.0220 5588 spldr - ok
11:39:57.0267 5588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:39:57.0345 5588 srv - ok
11:39:57.0376 5588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:39:57.0469 5588 srv2 - ok
11:39:57.0516 5588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:39:57.0563 5588 srvnet - ok
11:39:57.0625 5588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:39:57.0641 5588 stexstor - ok
11:39:57.0672 5588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:39:57.0688 5588 swenum - ok
11:39:57.0766 5588 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:39:57.0813 5588 Tcpip - ok
11:39:57.0859 5588 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:39:57.0891 5588 TCPIP6 - ok
11:39:57.0922 5588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:39:58.0000 5588 tcpipreg - ok
11:39:58.0031 5588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:39:58.0109 5588 TDPIPE - ok
11:39:58.0125 5588 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:39:58.0156 5588 TDTCP - ok
11:39:58.0218 5588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:39:58.0281 5588 tdx - ok
11:39:58.0343 5588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:39:58.0343 5588 TermDD - ok
11:39:58.0390 5588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:39:58.0499 5588 tssecsrv - ok
11:39:58.0546 5588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:39:58.0624 5588 TsUsbFlt - ok
11:39:58.0639 5588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:39:58.0717 5588 tunnel - ok
11:39:58.0764 5588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:39:58.0764 5588 uagp35 - ok
11:39:58.0827 5588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:39:58.0905 5588 udfs - ok
11:39:58.0998 5588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:39:58.0998 5588 uliagpkx - ok
11:39:59.0029 5588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:39:59.0123 5588 umbus - ok
11:39:59.0154 5588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:39:59.0185 5588 UmPass - ok
11:39:59.0217 5588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:39:59.0232 5588 usbccgp - ok
11:39:59.0279 5588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:39:59.0451 5588 usbcir - ok
11:39:59.0466 5588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:39:59.0497 5588 usbehci - ok
11:39:59.0529 5588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:39:59.0560 5588 usbhub - ok
11:39:59.0575 5588 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:39:59.0669 5588 usbohci - ok
11:39:59.0747 5588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:39:59.0778 5588 usbprint - ok
11:39:59.0794 5588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:39:59.0872 5588 USBSTOR - ok
11:39:59.0903 5588 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:39:59.0981 5588 usbuhci - ok
11:40:00.0012 5588 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:40:00.0043 5588 usbvideo - ok
11:40:00.0106 5588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:40:00.0121 5588 vdrvroot - ok
11:40:00.0153 5588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:40:00.0231 5588 vga - ok
11:40:00.0262 5588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:40:00.0340 5588 VgaSave - ok
11:40:00.0387 5588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:40:00.0387 5588 vhdmp - ok
11:40:00.0465 5588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:40:00.0480 5588 viaide - ok
11:40:00.0496 5588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:40:00.0511 5588 volmgr - ok
11:40:00.0558 5588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:40:00.0558 5588 volmgrx - ok
11:40:00.0589 5588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:40:00.0605 5588 volsnap - ok
11:40:00.0652 5588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:40:00.0667 5588 vsmraid - ok
11:40:00.0683 5588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:40:00.0714 5588 vwifibus - ok
11:40:00.0730 5588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:40:00.0792 5588 WacomPen - ok
11:40:00.0823 5588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:40:00.0901 5588 WANARP - ok
11:40:00.0917 5588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:40:00.0948 5588 Wanarpv6 - ok
11:40:00.0995 5588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:40:01.0011 5588 Wd - ok
11:40:01.0042 5588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:40:01.0057 5588 Wdf01000 - ok
11:40:01.0151 5588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:40:01.0182 5588 WfpLwf - ok
11:40:01.0213 5588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:40:01.0213 5588 WIMMount - ok
11:40:01.0276 5588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:40:01.0291 5588 WmiAcpi - ok
11:40:01.0323 5588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:40:01.0401 5588 ws2ifsl - ok
11:40:01.0447 5588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:40:01.0494 5588 WudfPf - ok
11:40:01.0541 5588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:40:01.0572 5588 WUDFRd - ok
11:40:01.0635 5588 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:40:01.0728 5588 yukonw7 - ok
11:40:01.0759 5588 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0
11:40:01.0791 5588 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:40:01.0791 5588 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:40:01.0822 5588 Boot (0x1200) (29891fcca256cb5387671bc449f8f1a7) \Device\Harddisk0\DR0\Partition0
11:40:01.0822 5588 \Device\Harddisk0\DR0\Partition0 - ok
11:40:01.0837 5588 Boot (0x1200) (6f6463a8ed0a20c5b34f0adcb6b140d3) \Device\Harddisk0\DR0\Partition1
11:40:01.0837 5588 \Device\Harddisk0\DR0\Partition1 - ok
11:40:01.0837 5588 ============================================================
11:40:01.0837 5588 Scan finished
11:40:01.0837 5588 ============================================================
11:40:01.0853 5396 Detected object count: 1
11:40:01.0853 5396 Actual detected object count: 1
11:40:19.0013 5396 \Device\Harddisk0\DR0\TDLFS - deleted
11:40:19.0013 5396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete





ComboFixer:

ComboFix 11-12-08.01 - Christopher 12/08/2011 11:48:06.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2819 [GMT -6:00]
Running from: c:\users\Christopher\Downloads\ComboFix.exe
Command switches used :: c:\users\Christopher\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christopher\AppData\Local\mcs.exe
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 17:51 . 2011-12-08 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 08:24 . 2011-11-28 08:27 115712 ----a-w- c:\windows\SysWow64\AB8I1o2t.com_
2011-11-26 19:49 . 2011-11-26 19:49 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\offreg.dll
2011-11-26 19:49 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B7CCB-EFE5-4007-AA62-159168B0B915}\mpengine.dll
2011-11-24 15:27 . 2011-11-24 15:27 -------- d-----w- c:\users\Christopher\AppData\Roaming\gsssWKK7fEL9TZ
2011-11-24 15:26 . 2011-11-26 06:14 -------- d-----w- c:\users\Christopher\AppData\Roaming\OCCeekIIVr
2011-11-24 15:26 . 2011-11-24 15:26 -------- d-----w- c:\users\Christopher\AppData\Roaming\hTTZZqjYYCkIVlN
2011-11-24 15:26 . 2011-11-24 15:26 -------- d-----w- c:\users\Christopher\AppData\Roaming\ySSS2iibF3pn5aH
2011-11-24 15:26 . 2011-11-24 15:26 -------- d-----w- c:\users\Christopher\AppData\Roaming\AfffRZZ9hTXjUel
2011-11-24 15:26 . 2011-11-24 15:26 -------- d-----w- c:\users\Christopher\AppData\Roaming\H55ssQJ77dK8gZh
2011-11-17 07:36 . 2011-11-19 00:39 -------- d-----w- c:\users\Christopher\riotsGamesLogs
2011-11-17 07:36 . 2011-11-17 07:36 -------- d-----w- c:\users\Christopher\AppData\Roaming\LolClient
2011-11-17 07:03 . 2008-07-31 16:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-11-17 07:03 . 2008-07-31 16:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-11-17 07:03 . 2008-07-12 14:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-11-17 07:03 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-11-17 07:03 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-11-17 07:03 . 2011-11-17 07:03 -------- d-----w- C:\Riot Games
2011-11-09 20:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 20:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 20:28 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:28 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 01:15 . 2011-10-16 19:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 06:26 . 2011-10-11 06:27 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20D54659-7D36-4EA1-97B1-B465728E51BB}\gapaengine.dll
2011-10-07 04:16 . 2011-09-29 06:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 06:22 . 2011-10-11 06:27 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-28 06:16 . 2011-09-28 06:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-28 06:16 . 2011-09-28 06:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-28 06:16 . 2011-09-28 06:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-28 06:16 . 2011-09-28 06:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-28 06:16 . 2011-09-28 06:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-28 06:16 . 2011-09-28 06:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-28 06:16 . 2011-09-28 06:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-28 06:16 . 2011-09-28 06:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-28 06:16 . 2011-09-28 06:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-28 06:16 . 2011-09-28 06:16 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-28 06:16 . 2011-09-28 06:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-28 06:16 . 2011-09-28 06:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-28 06:16 . 2011-09-28 06:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-28 06:16 . 2011-09-28 06:16 448512 ----a-w- c:\windows\system32\html.iec
2011-09-28 06:16 . 2011-09-28 06:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-28 06:16 . 2011-09-28 06:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-28 06:16 . 2011-09-28 06:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-28 06:16 . 2011-09-28 06:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-28 06:16 . 2011-09-28 06:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-28 06:16 . 2011-09-28 06:16 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-28 06:16 . 2011-09-28 06:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-28 06:16 . 2011-09-28 06:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-28 06:16 . 2011-09-28 06:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-28 06:16 . 2011-09-28 06:16 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-28 06:16 . 2011-09-28 06:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-28 06:16 . 2011-09-28 06:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-28 06:16 . 2011-09-28 06:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-28 06:16 . 2011-09-28 06:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-28 06:16 . 2011-09-28 06:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-28 06:16 . 2011-09-28 06:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-28 06:16 . 2011-09-28 06:16 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-28 06:16 . 2011-09-28 06:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-28 06:16 . 2011-09-28 06:16 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-28 06:16 . 2011-09-28 06:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-28 06:16 . 2011-09-28 06:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-28 06:16 . 2011-09-28 06:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-28 05:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-28 05:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-28 02:57 . 2011-09-28 02:57 455680 ----a-w- c:\windows\system32\deploytk.dll
2011-09-28 02:14 . 2011-09-28 02:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-28 02:14 . 2011-09-28 02:14 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-28 02:14 . 2011-09-28 02:14 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-09-21 16:00 . 2011-09-28 06:40 9049936 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{132EB25B-B38A-436D-B271-7F6E9B11761B}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-27_18.21.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-28 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-27 18:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-27 18:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 08:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-27 18:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-04 17:57 . 2011-12-08 17:36 33988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-08 17:36 35576 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-09-28 07:20 . 2011-11-27 17:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-28 07:20 . 2011-12-02 08:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-28 07:20 . 2011-11-27 17:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-28 07:20 . 2011-12-02 08:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-02 08:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-27 17:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-28 06:11 . 2011-12-08 17:36 5090 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2218769774-3839423579-1219232469-1000_UserData.bin
- 2009-09-04 17:55 . 2011-11-27 18:16 1829 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-09-04 17:55 . 2011-12-07 21:35 1829 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-12-08 17:34 . 2011-12-08 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-27 18:21 . 2011-11-27 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-08 17:34 . 2011-12-08 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-27 18:21 . 2011-11-27 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-27 23:47 . 2011-12-02 14:47 253124 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-27 18:07 626278 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-08 17:42 626278 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-08 17:42 107522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-27 18:07 107522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-12-07 21:35 325664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-27 18:16 325664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-27 17:32 . 2011-11-28 08:24 223744 c:\windows\assembly\temp\kwrd.dll
- 2011-11-27 17:32 . 2011-11-27 17:59 223744 c:\windows\assembly\temp\kwrd.dll
- 2011-10-14 08:22 . 2011-11-27 18:16 1025208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2218769774-3839423579-1219232469-1000-12288.dat
+ 2011-10-14 08:22 . 2011-12-07 21:35 1025208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2218769774-3839423579-1219232469-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LaunchUserRequestedPrograms"="c:\program files\Sony\First Experience\Miniprogram.exe" [2009-08-26 68608]
"RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-07-14 268288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
.
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 44365790
*Deregistered* - 44365790
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 01:15]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 01:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-09-28 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2be6c1ak.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-08 11:53:01
ComboFix-quarantined-files.txt 2011-12-08 17:53
ComboFix2.txt 2011-12-02 08:32
ComboFix3.txt 2011-11-27 18:32
.
Pre-Run: 142,927,908,864 bytes free
Post-Run: 142,742,999,040 bytes free
.
- - End Of File - - 9DAF01CB2AD97257285D15F215E6F051

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:07 AM

Posted 08 December 2011 - 01:15 PM

That looks a lot better already! How are things running now?

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u1.
  • Look for "JDK 7u1 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


Finally, please launch MBAM, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 silath44

silath44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 08 December 2011 - 02:41 PM

Running much better.

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8336

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/8/2011 1:40:03 PM
mbam-log-2011-12-08 (13-40-03).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 285111
Time elapsed: 22 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Christopher\AppData\Local\mcs.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Users\christopher\AppData\Local\mcs.exe.vir (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\christopher\AppData\Local\tdf.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\christopher\AppData\LocalLow\Sun\Java\deployment\cache\6.0\45\510b712d-6713307d (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\christopher\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53\69829835-7412c487 (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:07 AM

Posted 08 December 2011 - 02:51 PM

That looks excellent. Lets run one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 silath44

silath44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 08 December 2011 - 03:38 PM

Eset Scan:

C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\dBx5UAZsd9vqip.exe.vir a variant of Win32/Kryptik.WMF trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\NaAlgcphpofdVU.exe.vir a variant of Win32/Kryptik.WMF trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Christopher\AppData\Local\ywy.exe.vir a variant of Win32/Kryptik.WDX trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan cleaned by deleting - quarantined
C:\Users\Christopher\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d49789c-30e887ef a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
C:\Users\Christopher\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\25ceb71-6a12c070 a variant of Win32/Kryptik.WDX trojan cleaned by deleting - quarantined
C:\Windows\System32\AB8I1o2t.com_ a variant of Win32/Kryptik.VRX trojan cleaned by deleting - quarantined

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:07 AM

Posted 08 December 2011 - 03:53 PM

These were mostly remnants/quarantined items, nothing to worry about. :)

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 silath44

silath44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 08 December 2011 - 04:01 PM

Thank you very much for your time and help!

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:07 AM

Posted 08 December 2011 - 04:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users