Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have Cycbot Trojan


  • Please log in to reply
19 replies to this topic

#1 Shellv5

Shellv5

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 01:42 PM

Hi all, pretty sure I managed to pick up this trojan the other night. Got a flurry of firewall/antivirus notifications then my browser stopped loading anything. Tried to run a virus scan (with AVG) and 2 minutes later realized AVG was completely missing from my laptop.

I've seen other threads on this forum concerning this virus, and I've tried the steps mentioned there..
  • Ran SecurityCheck
  • Ran MiniToolBox
  • Downloaded and scanned with MBAM
  • Ran GMER
  • Downloaded and scanned with SuperAntiSpyware in safe mode
  • Ran Temp File Cleaner

All these virus scans found was some adware and one Cycbot-related file (6B9.exe) which has since been removed.

However the problem still persists! - The only symptoms that are actually showing is that my laptop is a little bit slow and nothing will load on my browsers. It can connect to the Internet okay, but says about not being able to connect to proxy whenever I try to load anything with IE.

OS is Windows 7 Home 64-bit

I'm going to repeat all the previously mentioned steps and post the results once they're done.

Thanks in advance for any help :]

BC AdBot (Login to Remove)

 


#2 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 01:49 PM

Security Check results:


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````

#3 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 01:53 PM

MiniToolBox results:


MiniToolBox by Farbar Version: 18-01-2012
Ran by Shell (administrator) on 09-02-2012 at 18:51:19
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:50828

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 50828
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 applian.securesites.com
127.0.0.1 applian.securesites.com

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Roslin
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-B9-1C-E0-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-24-D6-20-CE-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E6006BCF-AF1A-481F-8BE0-FCAC08012C6C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=10ms TTL=128
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 10ms, Average = 10ms
===========================================================================
Interface List
12...00 26 b9 1c e0 83 ......Broadcom NetLink ™ Gigabit Ethernet
11...00 24 d6 20 ce 30 ......Intel® WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/08/2012 04:21:29 PM) (Source: Application Hang) (User: )
Description: The program vlc.exe version 1.0.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f4

Start Time: 01cce67d9e5e0833

Termination Time: 5

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: ec3d2fda-5270-11e1-bb93-0026b91ce083

Error: (02/08/2012 00:32:33 AM) (Source: Application Hang) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 140c

Start Time: 01cce5f8b9249092

Termination Time: 16

Application Path: C:\Users\Shell\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id:

Error: (02/07/2012 10:36:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: WLXQuickTimeControlHost.exe, version: 14.0.8117.416, time stamp: 0x4bc95684
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x4cf4536a
Exception code: 0xc0000005
Fault offset: 0x6083bb89
Faulting process id: 0x1520
Faulting application start time: 0xWLXQuickTimeControlHost.exe0
Faulting application path: WLXQuickTimeControlHost.exe1
Faulting module path: WLXQuickTimeControlHost.exe2
Report Id: WLXQuickTimeControlHost.exe3

Error: (02/07/2012 04:26:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/07/2012 00:21:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/05/2012 10:33:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: ImageReady.exe, version: 8.0.0.117, time stamp: 0x3f8d00bf
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x4cf4536a
Exception code: 0xc0000005
Fault offset: 0x61b0bb89
Faulting process id: 0x1620
Faulting application start time: 0xImageReady.exe0
Faulting application path: ImageReady.exe1
Faulting module path: ImageReady.exe2
Report Id: ImageReady.exe3

Error: (02/04/2012 09:10:55 PM) (Source: Application Hang) (User: )
Description: The program winamp.exe version 5.6.2.3189 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10b8

Start Time: 01cce3815fea1c72

Termination Time: 30

Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report Id: b332f5c5-4f74-11e1-b357-0026b91ce083

Error: (02/04/2012 09:09:31 PM) (Source: Application Hang) (User: )
Description: The program winamp.exe version 5.6.2.3189 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bc0

Start Time: 01cce3812c24b967

Termination Time: 46

Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report Id: 7edb3c0c-4f74-11e1-b357-0026b91ce083

Error: (02/04/2012 08:32:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: GameOverlayUI.exe, version: 1.28.5.86, time stamp: 0x4f024eb7
Faulting module name: Steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ee6928e
Exception code: 0xc0000005
Fault offset: 0x301c0990
Faulting process id: 0xfd0
Faulting application start time: 0xGameOverlayUI.exe0
Faulting application path: GameOverlayUI.exe1
Faulting module path: GameOverlayUI.exe2
Report Id: GameOverlayUI.exe3

Error: (02/04/2012 06:57:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: ImageReady.exe, version: 8.0.0.117, time stamp: 0x3f8d00bf
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x4cf4536a
Exception code: 0xc0000005
Fault offset: 0x6070bb89
Faulting process id: 0x1384
Faulting application start time: 0xImageReady.exe0
Faulting application path: ImageReady.exe1
Faulting module path: ImageReady.exe2
Report Id: ImageReady.exe3


System errors:
=============
Error: (02/09/2012 06:10:03 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (02/09/2012 06:10:03 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (02/09/2012 06:09:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
DwProt
RxFilter

Error: (02/09/2012 06:09:51 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (02/09/2012 06:07:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
DwProt
RxFilter

Error: (02/09/2012 06:06:50 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (02/09/2012 06:05:29 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%1

Error: (02/09/2012 06:05:29 PM) (Source: RasMan) (User: )
Description: Remote Access Connection Manager failed to start because it could not register with the local security authority. Try restarting the Remote Access Connection Manager service. If the problem persists, contact the system administrator. Incorrect function.

Error: (02/09/2012 06:05:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
DwProt
RxFilter

Error: (02/09/2012 06:04:56 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/08/2012 04:21:29 PM) (Source: Application Hang)(User: )
Description: vlc.exe1.0.5.05f401cce67d9e5e08335C:\Program Files (x86)\VideoLAN\VLC\vlc.exeec3d2fda-5270-11e1-bb93-0026b91ce083

Error: (02/08/2012 00:32:33 AM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.0140c01cce5f8b924909216C:\Users\Shell\AppData\Local\Temp\~nsu.tmp\Au_.exe

Error: (02/07/2012 10:36:31 PM) (Source: Application Error)(User: )
Description: WLXQuickTimeControlHost.exe14.0.8117.4164bc95684QuickTime.qts_unloaded0.0.0.04cf4536ac00000056083bb89152001cce5e8ebb91c0bC:\Program Files (x86)\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exeQuickTime.qts2e31c2b7-51dc-11e1-97bd-0026b91ce083

Error: (02/07/2012 04:26:23 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (02/07/2012 00:21:00 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (02/05/2012 10:33:23 PM) (Source: Application Error)(User: )
Description: ImageReady.exe8.0.0.1173f8d00bfQuickTime.qts_unloaded0.0.0.04cf4536ac000000561b0bb89162001cce455bea33df5C:\Program Files (x86)\Adobe\Photoshop CS\ImageReady.exeQuickTime.qts692aa3c8-5049-11e1-9726-0026b91ce083

Error: (02/04/2012 09:10:55 PM) (Source: Application Hang)(User: )
Description: winamp.exe5.6.2.318910b801cce3815fea1c7230C:\Program Files (x86)\Winamp\winamp.exeb332f5c5-4f74-11e1-b357-0026b91ce083

Error: (02/04/2012 09:09:31 PM) (Source: Application Hang)(User: )
Description: winamp.exe5.6.2.31891bc001cce3812c24b96746C:\Program Files (x86)\Winamp\winamp.exe7edb3c0c-4f74-11e1-b357-0026b91ce083

Error: (02/04/2012 08:32:22 PM) (Source: Application Error)(User: )
Description: GameOverlayUI.exe1.28.5.864f024eb7Steam.dll_unloaded0.0.0.04ee6928ec0000005301c0990fd001cce373e29a51f1C:\Program Files (x86)\Steam\GameOverlayUI.exeSteam.dll56bb0f17-4f6f-11e1-b357-0026b91ce083

Error: (02/04/2012 06:57:29 PM) (Source: Application Error)(User: )
Description: ImageReady.exe8.0.0.1173f8d00bfQuickTime.qts_unloaded0.0.0.04cf4536ac00000056070bb89138401cce36eacbd15c9C:\Program Files (x86)\Adobe\Photoshop CS\ImageReady.exeQuickTime.qts1571066c-4f62-11e1-b357-0026b91ce083


=========================== Installed Programs ============================

Adobe Acrobat 7.0 Professional (Version: 7.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Photoshop CS (Version: CS)
Adobe Reader 9.1.2 (Version: 9.1.2)
Advanced Audio FX Engine (Version: 1.12.05)
AIM 7
ATI Catalyst Control Center (Version: 2.009.0625.1811)
µTorrent (Version: 1.8.2)
µTorrent (Version: 2.2.1)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bamboo
BT Broadband Desktop Help
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full Existing (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full New (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Light (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Previews Common (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0625.1812.30825)
Catalyst Control Center InstallProxy (Version: 2009.0625.1812.30825)
Catalyst Control Center Localization All (Version: 2009.0625.1812.30825)
ccc-core-static (Version: 2009.0625.1812.30825)
ccc-utility64 (Version: 2009.0625.1812.30825)
CCC Help Chinese Standard (Version: 2009.0625.1811.30825)
CCC Help Chinese Traditional (Version: 2009.0625.1811.30825)
CCC Help Danish (Version: 2009.0625.1811.30825)
CCC Help Dutch (Version: 2009.0625.1811.30825)
CCC Help English (Version: 2009.0625.1811.30825)
CCC Help Finnish (Version: 2009.0625.1811.30825)
CCC Help French (Version: 2009.0625.1811.30825)
CCC Help German (Version: 2009.0625.1811.30825)
CCC Help Italian (Version: 2009.0625.1811.30825)
CCC Help Japanese (Version: 2009.0625.1811.30825)
CCC Help Korean (Version: 2009.0625.1811.30825)
CCC Help Norwegian (Version: 2009.0625.1811.30825)
CCC Help Portuguese (Version: 2009.0625.1811.30825)
CCC Help Russian (Version: 2009.0625.1811.30825)
CCC Help Spanish (Version: 2009.0625.1811.30825)
CCC Help Swedish (Version: 2009.0625.1811.30825)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CDisplay 1.8
ClassicPro© v1.15 (Version: 1.15)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell DataSafe Local Backup - Support Software (Version: 2.31)
Dell DataSafe Local Backup (Version: 9.4.48)
Dell DataSafe Online (Version: 1.2.0009)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.1.5907.16)
Dell Touchpad (Version: 13.2.2.2)
Dell Webcam Central (Version: 1.40.05)
Deus Ex: Game of the Year Edition
DirectXInstallService (Version: 9.0.2)
DivX Player (Version: 7.2.0)
DivX Setup (Version: 2.6.0.34)
DivX Version Checker (Version: 7.1.0.9)
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
EPSON Scan
Epson Stylus SX110_TX110 Manual
EPSON SX110 Series Printer Uninstall
Fallout Tactics
Fallout2
FastAccess (Version: 2.4.7.1)
GoToAssist Corporate (Version: 9.0.570)
Guild Wars
Hacker Evolution
Half-Life: Blue Shift
Half-Life: Opposing Force
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 23 (Version: 6.0.230)
Junk Mail filter update (Version: 14.0.8117.416)
Killing Floor
Killing Floor Mod: Defence Alliance 2
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Mobipocket Reader 6.2 (Version: 6.2.608)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero Suite
NVIDIA PhysX (Version: 9.10.0513)
Opera 11.61 (Version: 11.61.1250)
PaintTool SAI Ver.1
Portal
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.69.80.9)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.106)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
Skins (Version: 2009.0625.1812.30825)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Star Trek Online
Steam (Version: 1.0.0.0)
StreamTorrent 1.0
SUPERAntiSpyware (Version: 5.0.1144)
Team Fortress 2
TweetDeck (Version: 0.34.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VD64Inst (Version: 1.00.0000)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.0.5 (Version: 1.0.5)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Winamp (Version: 5.622 )
Winamp Application Detect (Version: 1.0.0.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
WinRAR archiver
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 6108.86 MB
Available physical RAM: 4220.76 MB
Total Pagefile: 12215.86 MB
Available Pagefile: 9921.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.44 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:257.71 GB) NTFS
3 Drive e: () (Removable) (Total:3.72 GB) (Free:3.28 GB) FAT32

========================= Users: ========================================

User accounts for \\ROSLIN

Administrator Guest Shell

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 01:59 PM

MBAM didn't find anything, but here are the results anyway:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Shell :: ROSLIN [administrator]

09/02/2012 18:54:33
mbam-log-2012-02-09 (18-54-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182215
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 03:10 PM

GMER scan results:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-09 20:06:51
Windows 6.1.7600
Running: 1yxbmxzs.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fa44de
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fa44de@0025e7be7a62 0x84 0xFC 0xCD 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fa44de@00106055900b 0x57 0x9D 0x07 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fa44de@001b98f4ce6f 0x35 0xA4 0x6D 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fa44de (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fa44de@0025e7be7a62 0x84 0xFC 0xCD 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fa44de@00106055900b 0x57 0x9D 0x07 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fa44de@001b98f4ce6f 0x35 0xA4 0x6D 0x78 ...

---- EOF - GMER 1.0.15 ----

#6 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 03:45 PM

Okay this has been ongoing since Tuesday night. I've performed multiple scans with multiple antivirus programs, none of which seem to have found anything related to this Trojan (except the 6B9.exe which I deleted manually) - now, after performing the above scans (and still finding nothing), it's decided to let my browsers work again. Out of nowhere, they just work.

However my laptop is still running slower than normal (isn't it a pain in the ass that you never really pay attention to how fast things are running until AFTER they screw up?) - If was wondering if there are any commonly known files relating to this Trojan I can search for that may still be on my system please? Whilst I'm over the moon that it seems to be working again, I'm still not completely trustful and I'm cautious to start entering passwords and such..

#7 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 04:52 PM

Okay I just noticed that none of the other laptops on the network are acknowledging that mine exists. Whereas mine is showing them on the sidebar of My Computer.. So I'm assuming all is still not well.

Any advice please guys? It would be greatly appreciated.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 09 February 2012 - 05:06 PM

I see errors in the MINI log related to a Game and Winamp. I would uninstall reboot and install those again,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 05:17 PM

Okay I've uninstalled Winamp, now for that Game file.. It seems to be a part of Steam, so would you say I should uninstall Steam and all the games..? Or just the games I've actually played in the last month or so?

Thank you for getting back to me on this, I really appreciate the help.

#10 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 09 February 2012 - 05:40 PM

I uninstalled Winamp, a bunch of (but not all) Steam games and a few programs I rarely use. Seems to be working a bit faster now, and other laptops on the network are now acknowledging that it's connected.. So I guess it's fixed? I don't know, it seems weird that I get these major "you have a virus" signs, which randomly disappear.. and then the lingering symptoms are down to something as random as Winamp.. Oh well.

If the problems resume/return/evolve I'm sure I'll be back with more questions.

Thank you for your help, I appreciate it :]

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 09 February 2012 - 08:45 PM

There may still be a malware on here so we'll still look. You probably had corrupted installs. It also possible that Steam did not install clean.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


All of these are old and exploitable and need to be removed and replaced. See below...

Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 23 (Version: 6.0.230)
Adobe Reader 9.1.2 (Version: 9.1.2)
µTorrent (Version: 1.8.2)

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

Edited by boopme, 09 February 2012 - 08:49 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 10 February 2012 - 08:14 AM

Thank you for getting back to me :] Just ran the TDSS scan, it found nothing suspicious but here is the log:

13:12:23.0674 0736 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:12:24.0131 0736 ============================================================
13:12:24.0131 0736 Current date / time: 2012/02/10 13:12:24.0131
13:12:24.0131 0736 SystemInfo:
13:12:24.0131 0736
13:12:24.0131 0736 OS Version: 6.1.7600 ServicePack: 0.0
13:12:24.0131 0736 Product type: Workstation
13:12:24.0134 0736 ComputerName: ROSLIN
13:12:24.0134 0736 UserName: Shell
13:12:24.0134 0736 Windows directory: C:\Windows
13:12:24.0134 0736 System windows directory: C:\Windows
13:12:24.0134 0736 Running under WOW64
13:12:24.0134 0736 Processor architecture: Intel x64
13:12:24.0134 0736 Number of processors: 2
13:12:24.0134 0736 Page size: 0x1000
13:12:24.0134 0736 Boot type: Normal boot
13:12:24.0134 0736 ============================================================
13:12:26.0501 0736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:12:26.0514 0736 \Device\Harddisk0\DR0:
13:12:26.0514 0736 MBR used
13:12:26.0514 0736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
13:12:26.0514 0736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
13:12:26.0551 0736 Initialize success
13:12:26.0551 0736 ============================================================
13:12:30.0456 4944 ============================================================
13:12:30.0456 4944 Scan started
13:12:30.0456 4944 Mode: Manual;
13:12:30.0456 4944 ============================================================
13:12:32.0721 4944 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:12:32.0726 4944 1394ohci - ok
13:12:32.0771 4944 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:12:32.0771 4944 ACPI - ok
13:12:32.0789 4944 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:12:32.0791 4944 AcpiPmi - ok
13:12:32.0849 4944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:12:32.0856 4944 adp94xx - ok
13:12:32.0901 4944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:12:32.0909 4944 adpahci - ok
13:12:32.0934 4944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:12:32.0936 4944 adpu320 - ok
13:12:33.0026 4944 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:12:33.0034 4944 AFD - ok
13:12:33.0071 4944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:12:33.0074 4944 agp440 - ok
13:12:33.0116 4944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:12:33.0116 4944 aliide - ok
13:12:33.0144 4944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:12:33.0144 4944 amdide - ok
13:12:33.0181 4944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:12:33.0184 4944 AmdK8 - ok
13:12:33.0206 4944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:12:33.0209 4944 AmdPPM - ok
13:12:33.0249 4944 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:12:33.0251 4944 amdsata - ok
13:12:33.0289 4944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:12:33.0294 4944 amdsbs - ok
13:12:33.0309 4944 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:12:33.0311 4944 amdxata - ok
13:12:33.0339 4944 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:12:33.0341 4944 AppID - ok
13:12:33.0379 4944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:12:33.0381 4944 arc - ok
13:12:33.0401 4944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:12:33.0404 4944 arcsas - ok
13:12:33.0439 4944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:12:33.0441 4944 AsyncMac - ok
13:12:33.0469 4944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:12:33.0469 4944 atapi - ok
13:12:33.0519 4944 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
13:12:33.0524 4944 AtiHdmiService - ok
13:12:33.0689 4944 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
13:12:33.0819 4944 atikmdag - ok
13:12:33.0961 4944 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:12:33.0966 4944 AVGIDSDriver - ok
13:12:34.0026 4944 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:12:34.0026 4944 AVGIDSEH - ok
13:12:34.0049 4944 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:12:34.0051 4944 AVGIDSFilter - ok
13:12:34.0136 4944 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
13:12:34.0141 4944 Avgldx64 - ok
13:12:34.0166 4944 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:12:34.0166 4944 Avgmfx64 - ok
13:12:34.0221 4944 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:12:34.0224 4944 Avgrkx64 - ok
13:12:34.0304 4944 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:12:34.0306 4944 Avgtdia - ok
13:12:34.0391 4944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:12:34.0399 4944 b06bdrv - ok
13:12:34.0469 4944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:12:34.0476 4944 b57nd60a - ok
13:12:34.0531 4944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:12:34.0534 4944 Beep - ok
13:12:34.0591 4944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:12:34.0599 4944 blbdrive - ok
13:12:34.0661 4944 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:12:34.0666 4944 bowser - ok
13:12:34.0684 4944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:12:34.0686 4944 BrFiltLo - ok
13:12:34.0714 4944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:12:34.0716 4944 BrFiltUp - ok
13:12:34.0746 4944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:12:34.0751 4944 Brserid - ok
13:12:34.0766 4944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:12:34.0766 4944 BrSerWdm - ok
13:12:34.0786 4944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:12:34.0786 4944 BrUsbMdm - ok
13:12:34.0796 4944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:12:34.0799 4944 BrUsbSer - ok
13:12:34.0859 4944 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:12:34.0861 4944 BthEnum - ok
13:12:34.0879 4944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:12:34.0884 4944 BTHMODEM - ok
13:12:34.0916 4944 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:12:34.0916 4944 BthPan - ok
13:12:34.0964 4944 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
13:12:34.0986 4944 BTHPORT - ok
13:12:35.0019 4944 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
13:12:35.0021 4944 BTHUSB - ok
13:12:35.0051 4944 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
13:12:35.0056 4944 btwaudio - ok
13:12:35.0101 4944 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
13:12:35.0106 4944 btwavdt - ok
13:12:35.0171 4944 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:12:35.0174 4944 btwl2cap - ok
13:12:35.0206 4944 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
13:12:35.0209 4944 btwrchid - ok
13:12:35.0289 4944 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
13:12:35.0294 4944 BVRPMPR5a64 - ok
13:12:35.0344 4944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:12:35.0344 4944 cdfs - ok
13:12:35.0391 4944 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:12:35.0396 4944 cdrom - ok
13:12:35.0451 4944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:12:35.0454 4944 circlass - ok
13:12:35.0486 4944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:12:35.0486 4944 CLFS - ok
13:12:35.0656 4944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:12:35.0659 4944 CmBatt - ok
13:12:35.0704 4944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:12:35.0706 4944 cmdide - ok
13:12:35.0764 4944 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:12:35.0771 4944 CNG - ok
13:12:35.0804 4944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:12:35.0806 4944 Compbatt - ok
13:12:35.0829 4944 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:12:35.0831 4944 CompositeBus - ok
13:12:35.0874 4944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:12:35.0876 4944 crcdisk - ok
13:12:35.0934 4944 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:12:35.0939 4944 CtClsFlt - ok
13:12:36.0021 4944 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:12:36.0024 4944 DfsC - ok
13:12:36.0066 4944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:12:36.0066 4944 discache - ok
13:12:36.0079 4944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:12:36.0079 4944 Disk - ok
13:12:36.0134 4944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:12:36.0136 4944 drmkaud - ok
13:12:36.0206 4944 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:12:36.0221 4944 DXGKrnl - ok
13:12:36.0354 4944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:12:36.0371 4944 ebdrv - ok
13:12:36.0566 4944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:12:36.0576 4944 elxstor - ok
13:12:36.0694 4944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:12:36.0694 4944 ErrDev - ok
13:12:36.0751 4944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:12:36.0754 4944 exfat - ok
13:12:36.0804 4944 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
13:12:36.0811 4944 FACAP - ok
13:12:36.0871 4944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:12:36.0874 4944 fastfat - ok
13:12:36.0906 4944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:12:36.0909 4944 fdc - ok
13:12:36.0936 4944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:12:36.0936 4944 FileInfo - ok
13:12:36.0954 4944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:12:36.0956 4944 Filetrace - ok
13:12:36.0976 4944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:36.0979 4944 flpydisk - ok
13:12:37.0019 4944 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:12:37.0024 4944 FltMgr - ok
13:12:37.0054 4944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:12:37.0056 4944 FsDepends - ok
13:12:37.0079 4944 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:12:37.0081 4944 Fs_Rec - ok
13:12:37.0156 4944 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:12:37.0161 4944 fvevol - ok
13:12:37.0204 4944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:12:37.0209 4944 gagp30kx - ok
13:12:37.0261 4944 hcw17bda (edab8aa9f2b68e52ad0ff26dc7ff8448) C:\Windows\system32\drivers\hcw17bda.sys
13:12:37.0264 4944 hcw17bda - ok
13:12:37.0286 4944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:12:37.0289 4944 hcw85cir - ok
13:12:37.0321 4944 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:12:37.0324 4944 HDAudBus - ok
13:12:37.0344 4944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:12:37.0346 4944 HidBatt - ok
13:12:37.0381 4944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:12:37.0391 4944 HidBth - ok
13:12:37.0416 4944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:12:37.0421 4944 HidIr - ok
13:12:37.0461 4944 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:12:37.0464 4944 HidUsb - ok
13:12:37.0506 4944 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:12:37.0506 4944 HpSAMD - ok
13:12:37.0559 4944 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:12:37.0591 4944 HTTP - ok
13:12:37.0611 4944 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:12:37.0614 4944 hwpolicy - ok
13:12:37.0651 4944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:37.0656 4944 i8042prt - ok
13:12:37.0719 4944 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:12:37.0726 4944 iaStorV - ok
13:12:37.0761 4944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:12:37.0761 4944 iirsp - ok
13:12:37.0784 4944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:12:37.0786 4944 intelide - ok
13:12:37.0811 4944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:12:37.0814 4944 intelppm - ok
13:12:37.0859 4944 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:37.0864 4944 IpFilterDriver - ok
13:12:37.0889 4944 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:12:37.0891 4944 IPMIDRV - ok
13:12:37.0946 4944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:12:37.0949 4944 IPNAT - ok
13:12:37.0989 4944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:12:37.0991 4944 IRENUM - ok
13:12:38.0029 4944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:12:38.0029 4944 isapnp - ok
13:12:38.0071 4944 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:12:38.0076 4944 iScsiPrt - ok
13:12:38.0211 4944 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:12:38.0214 4944 ISWKL - ok
13:12:38.0424 4944 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
13:12:38.0424 4944 itecir - ok
13:12:38.0559 4944 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:12:38.0561 4944 k57nd60a - ok
13:12:38.0709 4944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:38.0709 4944 kbdclass - ok
13:12:39.0109 4944 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:39.0111 4944 kbdhid - ok
13:12:39.0236 4944 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:12:39.0239 4944 KSecDD - ok
13:12:39.0281 4944 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:12:39.0286 4944 KSecPkg - ok
13:12:39.0501 4944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:12:39.0504 4944 ksthunk - ok
13:12:39.0796 4944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:12:39.0799 4944 lltdio - ok
13:12:39.0871 4944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:12:39.0874 4944 LSI_FC - ok
13:12:39.0949 4944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:12:39.0954 4944 LSI_SAS - ok
13:12:40.0051 4944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:12:40.0051 4944 LSI_SAS2 - ok
13:12:40.0109 4944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:12:40.0111 4944 LSI_SCSI - ok
13:12:40.0171 4944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:12:40.0174 4944 luafv - ok
13:12:40.0264 4944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:12:40.0266 4944 megasas - ok
13:12:40.0739 4944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:12:40.0744 4944 MegaSR - ok
13:12:40.0966 4944 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:12:40.0969 4944 Modem - ok
13:12:41.0071 4944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:12:41.0071 4944 monitor - ok
13:12:41.0151 4944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:12:41.0151 4944 mouclass - ok
13:12:41.0201 4944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:12:41.0201 4944 mouhid - ok
13:12:41.0229 4944 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:12:41.0231 4944 mountmgr - ok
13:12:41.0344 4944 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:12:41.0346 4944 mpio - ok
13:12:41.0391 4944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:12:41.0394 4944 mpsdrv - ok
13:12:41.0641 4944 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
13:12:41.0644 4944 MREMP50 - ok
13:12:41.0766 4944 MREMP50a64 - ok
13:12:41.0804 4944 MREMPR5 - ok
13:12:41.0814 4944 MRENDIS5 - ok
13:12:41.0924 4944 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
13:12:41.0926 4944 MRESP50 - ok
13:12:41.0944 4944 MRESP50a64 - ok
13:12:42.0074 4944 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:12:42.0076 4944 MRxDAV - ok
13:12:42.0144 4944 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:42.0146 4944 mrxsmb - ok
13:12:42.0239 4944 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:42.0246 4944 mrxsmb10 - ok
13:12:42.0359 4944 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:42.0361 4944 mrxsmb20 - ok
13:12:42.0521 4944 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:12:42.0524 4944 msahci - ok
13:12:42.0699 4944 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:12:42.0701 4944 msdsm - ok
13:12:42.0784 4944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:12:42.0786 4944 Msfs - ok
13:12:42.0839 4944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:12:42.0841 4944 mshidkmdf - ok
13:12:42.0911 4944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:12:42.0939 4944 msisadrv - ok
13:12:43.0141 4944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:12:43.0146 4944 MSKSSRV - ok
13:12:43.0244 4944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:43.0246 4944 MSPCLOCK - ok
13:12:43.0324 4944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:12:43.0326 4944 MSPQM - ok
13:12:43.0356 4944 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:12:43.0361 4944 MsRPC - ok
13:12:43.0391 4944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:12:43.0394 4944 mssmbios - ok
13:12:43.0426 4944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:12:43.0429 4944 MSTEE - ok
13:12:43.0449 4944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:12:43.0449 4944 MTConfig - ok
13:12:43.0481 4944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:12:43.0481 4944 Mup - ok
13:12:43.0549 4944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:12:43.0571 4944 NativeWifiP - ok
13:12:43.0659 4944 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:12:43.0671 4944 NDIS - ok
13:12:43.0709 4944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:12:43.0711 4944 NdisCap - ok
13:12:43.0761 4944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:43.0764 4944 NdisTapi - ok
13:12:43.0819 4944 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:43.0821 4944 Ndisuio - ok
13:12:43.0831 4944 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:43.0834 4944 NdisWan - ok
13:12:43.0841 4944 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:12:43.0841 4944 NDProxy - ok
13:12:43.0881 4944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:12:43.0884 4944 NetBIOS - ok
13:12:43.0904 4944 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:12:43.0911 4944 NetBT - ok
13:12:44.0101 4944 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
13:12:44.0226 4944 NETw5v64 - ok
13:12:44.0329 4944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:12:44.0329 4944 nfrd960 - ok
13:12:44.0444 4944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:12:44.0446 4944 Npfs - ok
13:12:44.0481 4944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:12:44.0481 4944 nsiproxy - ok
13:12:44.0544 4944 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:12:44.0596 4944 Ntfs - ok
13:12:44.0749 4944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:12:44.0751 4944 Null - ok
13:12:44.0826 4944 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:12:44.0826 4944 nvraid - ok
13:12:44.0901 4944 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:12:44.0904 4944 nvstor - ok
13:12:45.0079 4944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:12:45.0081 4944 nv_agp - ok
13:12:45.0304 4944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:12:45.0304 4944 ohci1394 - ok
13:12:45.0439 4944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:12:45.0439 4944 Parport - ok
13:12:45.0501 4944 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:12:45.0504 4944 partmgr - ok
13:12:45.0611 4944 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
13:12:45.0696 4944 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
13:12:45.0826 4944 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:12:45.0829 4944 pci - ok
13:12:45.0946 4944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:12:45.0949 4944 pciide - ok
13:12:46.0011 4944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:12:46.0011 4944 pcmcia - ok
13:12:46.0056 4944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:12:46.0059 4944 pcw - ok
13:12:46.0134 4944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:12:46.0141 4944 PEAUTH - ok
13:12:46.0261 4944 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:12:46.0264 4944 PptpMiniport - ok
13:12:46.0311 4944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:12:46.0314 4944 Processor - ok
13:12:46.0374 4944 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:12:46.0379 4944 Psched - ok
13:12:46.0414 4944 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:12:46.0416 4944 PxHlpa64 - ok
13:12:46.0481 4944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:12:46.0494 4944 ql2300 - ok
13:12:46.0534 4944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:12:46.0534 4944 ql40xx - ok
13:12:46.0566 4944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:12:46.0569 4944 QWAVEdrv - ok
13:12:46.0584 4944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:12:46.0586 4944 RasAcd - ok
13:12:46.0624 4944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:12:46.0624 4944 RasAgileVpn - ok
13:12:46.0646 4944 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:46.0646 4944 Rasl2tp - ok
13:12:46.0659 4944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:46.0661 4944 RasPppoe - ok
13:12:46.0671 4944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:12:46.0674 4944 RasSstp - ok
13:12:46.0704 4944 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:12:46.0709 4944 rdbss - ok
13:12:46.0749 4944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:12:46.0749 4944 rdpbus - ok
13:12:46.0794 4944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:46.0796 4944 RDPCDD - ok
13:12:46.0831 4944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:12:46.0834 4944 RDPENCDD - ok
13:12:46.0881 4944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:12:46.0884 4944 RDPREFMP - ok
13:12:46.0914 4944 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:12:46.0919 4944 RDPWD - ok
13:12:46.0944 4944 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:12:46.0946 4944 rdyboost - ok
13:12:46.0989 4944 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:12:46.0996 4944 RFCOMM - ok
13:12:47.0041 4944 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
13:12:47.0044 4944 rimmptsk - ok
13:12:47.0089 4944 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
13:12:47.0091 4944 rimsptsk - ok
13:12:47.0159 4944 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
13:12:47.0161 4944 rismxdp - ok
13:12:47.0236 4944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:12:47.0239 4944 rspndr - ok
13:12:47.0249 4944 RxFilter - ok
13:12:47.0466 4944 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:12:47.0466 4944 SASDIFSV - ok
13:12:47.0504 4944 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:12:47.0506 4944 SASKUTIL - ok
13:12:47.0604 4944 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:12:47.0606 4944 sbp2port - ok
13:12:47.0894 4944 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:12:47.0896 4944 scfilter - ok
13:12:48.0031 4944 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
13:12:48.0036 4944 sdbus - ok
13:12:48.0129 4944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:12:48.0131 4944 secdrv - ok
13:12:48.0191 4944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:12:48.0191 4944 Serenum - ok
13:12:48.0221 4944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:12:48.0226 4944 Serial - ok
13:12:48.0271 4944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:12:48.0271 4944 sermouse - ok
13:12:48.0426 4944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:12:48.0429 4944 sffdisk - ok
13:12:48.0526 4944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:12:48.0529 4944 sffp_mmc - ok
13:12:48.0621 4944 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:12:48.0624 4944 sffp_sd - ok
13:12:48.0739 4944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:12:48.0741 4944 sfloppy - ok
13:12:48.0979 4944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:12:48.0981 4944 SiSRaid2 - ok
13:12:49.0086 4944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:12:49.0089 4944 SiSRaid4 - ok
13:12:49.0161 4944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:12:49.0166 4944 Smb - ok
13:12:49.0294 4944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:12:49.0294 4944 spldr - ok
13:12:49.0354 4944 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:12:49.0356 4944 srv - ok
13:12:49.0391 4944 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:12:49.0406 4944 srv2 - ok
13:12:49.0521 4944 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:12:49.0524 4944 srvnet - ok
13:12:49.0689 4944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:12:49.0691 4944 stexstor - ok
13:12:49.0826 4944 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
13:12:49.0861 4944 STHDA - ok
13:12:49.0964 4944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:12:49.0964 4944 swenum - ok
13:12:50.0091 4944 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
13:12:50.0091 4944 SynTP - ok
13:12:50.0306 4944 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:12:50.0331 4944 Tcpip - ok
13:12:50.0526 4944 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:12:50.0546 4944 TCPIP6 - ok
13:12:50.0654 4944 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:12:50.0656 4944 tcpipreg - ok
13:12:50.0739 4944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:12:50.0744 4944 TDPIPE - ok
13:12:50.0851 4944 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:12:50.0854 4944 TDTCP - ok
13:12:50.0984 4944 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:12:50.0989 4944 tdx - ok
13:12:51.0081 4944 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:12:51.0081 4944 TermDD - ok
13:12:51.0251 4944 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:51.0254 4944 tssecsrv - ok
13:12:51.0324 4944 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:12:51.0326 4944 tunnel - ok
13:12:51.0409 4944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:12:51.0411 4944 uagp35 - ok
13:12:51.0631 4944 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:12:51.0651 4944 udfs - ok
13:12:51.0766 4944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:12:51.0769 4944 uliagpkx - ok
13:12:51.0866 4944 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:12:51.0871 4944 umbus - ok
13:12:51.0999 4944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:12:52.0001 4944 UmPass - ok
13:12:52.0079 4944 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:52.0081 4944 usbccgp - ok
13:12:52.0236 4944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:12:52.0241 4944 usbcir - ok
13:12:52.0329 4944 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:12:52.0331 4944 usbehci - ok
13:12:52.0461 4944 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:12:52.0469 4944 usbhub - ok
13:12:52.0592 4944 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:12:52.0592 4944 usbohci - ok
13:12:52.0702 4944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:12:52.0704 4944 usbprint - ok
13:12:52.0844 4944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:12:52.0847 4944 usbscan - ok
13:12:52.0949 4944 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:52.0954 4944 USBSTOR - ok
13:12:53.0097 4944 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:12:53.0099 4944 usbuhci - ok
13:12:53.0214 4944 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:12:53.0219 4944 usbvideo - ok
13:12:53.0332 4944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:12:53.0334 4944 vdrvroot - ok
13:12:53.0472 4944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:53.0477 4944 vga - ok
13:12:53.0574 4944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:12:53.0574 4944 VgaSave - ok
13:12:53.0687 4944 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:12:53.0692 4944 vhdmp - ok
13:12:53.0844 4944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:12:53.0844 4944 viaide - ok
13:12:53.0934 4944 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:12:53.0937 4944 volmgr - ok
13:12:54.0057 4944 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:12:54.0059 4944 volmgrx - ok
13:12:54.0187 4944 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:12:54.0192 4944 volsnap - ok
13:12:54.0342 4944 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
13:12:54.0349 4944 Vsdatant - ok
13:12:54.0487 4944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:12:54.0489 4944 vsmraid - ok
13:12:54.0587 4944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:12:54.0589 4944 vwifibus - ok
13:12:54.0719 4944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:12:54.0722 4944 WacomPen - ok
13:12:54.0849 4944 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:54.0854 4944 WANARP - ok
13:12:54.0917 4944 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:54.0919 4944 Wanarpv6 - ok
13:12:55.0094 4944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:12:55.0094 4944 Wd - ok
13:12:55.0209 4944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:12:55.0222 4944 Wdf01000 - ok
13:12:55.0337 4944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:12:55.0342 4944 WfpLwf - ok
13:12:55.0449 4944 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:12:55.0457 4944 WimFltr - ok
13:12:55.0572 4944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:12:55.0577 4944 WIMMount - ok
13:12:55.0762 4944 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:12:55.0764 4944 WinUsb - ok
13:12:55.0877 4944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:12:55.0879 4944 WmiAcpi - ok
13:12:55.0989 4944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:12:55.0992 4944 ws2ifsl - ok
13:12:56.0119 4944 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:12:56.0122 4944 WudfPf - ok
13:12:56.0229 4944 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:56.0234 4944 WUDFRd - ok
13:12:56.0412 4944 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:12:56.0479 4944 \Device\Harddisk0\DR0 - ok
13:12:56.0484 4944 Boot (0x1200) (3c9d1ab1271c15aada5e9dea1b8b82c4) \Device\Harddisk0\DR0\Partition0
13:12:56.0487 4944 \Device\Harddisk0\DR0\Partition0 - ok
13:12:56.0512 4944 Boot (0x1200) (adefe7a19a4823c01e31bbe507bce255) \Device\Harddisk0\DR0\Partition1
13:12:56.0512 4944 \Device\Harddisk0\DR0\Partition1 - ok
13:12:56.0512 4944 ============================================================
13:12:56.0512 4944 Scan finished
13:12:56.0512 4944 ============================================================
13:12:56.0522 3344 Detected object count: 0
13:12:56.0522 3344 Actual detected object count: 0

#13 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 10 February 2012 - 10:58 AM

Just finished the ESET scan with these results:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Winamp\winamp5622_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

#14 Shellv5

Shellv5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 10 February 2012 - 11:01 AM

Uninstalled Adobe Reader, uTorrent and Java. Now going to reboot and reinstall Java (the others can wait for a while)

Thank you for the help.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 10 February 2012 - 11:27 AM

Ok,great, These removals should fix the issues in your first post.
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users