Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some affiliate redirect virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 bbroski69

bbroski69

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 11 February 2012 - 01:26 PM

hey guys. I have scanned my pc many times with trend micro as well as malwarebytes, and I still can't figure out what's going on. For any google search I do in firefox, about 60% of the time the results i click on go to some marketers sales page, or some fake yellow pages site, or some fake parked page looking site. Some sort of malware issue I think..

some example sites it sends me to is happili.com, gimmeanswers.org, etc...

This is getting pretty annoying and I hope you guys can help. I saw another thread on here: http://www.bleepingcomputer.com/forums/topic177396.html

which was about the same type of problem, but it didnt match mine exactly. i downloaded Hijackthis, but haven't done anything since I don't know a whole lot and don't want to mess up anything even worse than it is. Let me know what to do. please help!

thanks so much guys!

Edited by bbroski69, 11 February 2012 - 03:08 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 12 February 2012 - 12:32 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Any underlined text in my posts indicates a clickable link.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.com
DDS.pif
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • DDS.txt and Attach.txt logs
  • GMER log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 bbroski69

bbroski69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 12 February 2012 - 02:53 AM

here is my DDS.txt (Note: the GMER log showed nothing at all...)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ben at 2:20:17 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.6441 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\consent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
TCP: Interfaces\{271B2F73-E724-4481-B86B-9E7250A22753} : DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
TCP: Interfaces\{C3B1304F-5258-417B-B8AF-C79E78772CE7} : DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\
FF - prefs.js: browser.search.selectedEngine - Twitter
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-20 92216]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-5 1119768]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-6-8 256336]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 135664]
S3 SIVDRIVER;SIV Kernel Driver;\??\C:\Windows\system32\Drivers\SIVX64.sys --> C:\Windows\system32\Drivers\SIVX64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-11 18:09:54 388096 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-11 18:09:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-10 17:01:08 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C80415AC-BEC0-4DD2-A842-11F58F54F0A5}\offreg.dll
2012-02-10 15:35:00 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C80415AC-BEC0-4DD2-A842-11F58F54F0A5}\mpengine.dll
2012-02-08 23:10:29 -------- d-----w- C:\Users\Ben\AppData\Local\TechSmith
2012-02-08 23:07:45 -------- d-----w- C:\Windows\SysWow64\QuickTime
2012-02-08 23:07:11 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-02-02 20:50:00 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-01-18 04:12:11 -------- d-----w- C:\Users\Ben\AppData\Roaming\ValuSoft
.
==================== Find3M ====================
.
2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-09-02 17:03:28 730192 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
.
============= FINISH: 2:20:34.57 ===============

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 12 February 2012 - 09:28 AM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 bbroski69

bbroski69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 12 February 2012 - 04:33 PM

TDSSKiller didn't show anything at all.

Here is the combofix log:

ComboFix 12-02-12.01 - Ben 02/12/2012 16:11:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.6092 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
C:\Thumbs.db
c:\users\Ben\AppData\Local\Microsoft\sett.dat
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{106265e9-d7b3-4f79-9890-829bcc81929b}
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{106265e9-d7b3-4f79-9890-829bcc81929b}\chrome.manifest
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{106265e9-d7b3-4f79-9890-829bcc81929b}\chrome\xulcache.jar
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{106265e9-d7b3-4f79-9890-829bcc81929b}\defaults\preferences\xulcache.js
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{106265e9-d7b3-4f79-9890-829bcc81929b}\install.rdf
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{b9dc590d-3338-4c4e-907f-61e11711bb10}
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{b9dc590d-3338-4c4e-907f-61e11711bb10}\chrome.manifest
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{b9dc590d-3338-4c4e-907f-61e11711bb10}\chrome\xulcache.jar
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{b9dc590d-3338-4c4e-907f-61e11711bb10}\defaults\preferences\xulcache.js
c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{b9dc590d-3338-4c4e-907f-61e11711bb10}\install.rdf
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 21:16 . 2012-02-12 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 18:09 . 2012-02-11 18:09 388096 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-11 18:09 . 2012-02-11 18:09 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-08 23:10 . 2012-02-08 23:10 -------- d-----w- c:\users\Ben\AppData\Local\TechSmith
2012-02-08 23:07 . 2012-02-08 23:07 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-02-08 23:07 . 2012-02-08 23:07 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-08 23:07 . 2012-02-08 23:07 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-02-08 23:07 . 2012-02-08 23:07 -------- d-----w- c:\programdata\TechSmith
2012-02-08 23:07 . 2012-02-08 23:07 -------- d-----w- c:\program files (x86)\TechSmith
2012-02-02 20:50 . 2011-11-17 07:10 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 04:12 . 2012-01-18 04:12 -------- d-----w- c:\users\Ben\AppData\Roaming\ValuSoft
2012-01-15 19:16 . 2012-01-15 19:16 -------- d-----w- c:\users\Ben\AppData\Roaming\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 05:52 . 2012-01-08 17:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2012-02-10 15:35 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C80415AC-BEC0-4DD2-A842-11F58F54F0A5}\mpengine.dll
2011-12-10 20:24 . 2011-11-20 02:03 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-15 00:18 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-11 02:46 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 02:46 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 07:14 . 2012-01-11 02:46 1739160 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:41 . 2012-01-11 02:46 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-09-02 17:03 . 2011-09-20 22:29 730192 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-23 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 135664]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-16 122880]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 19:48]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 19:48]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731050783-696343576-4118419875-1001Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 21:07]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731050783-696343576-4118419875-1001UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 21:07]
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForBEN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"combofix"="c:\combofix\CF32170.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\
FF - prefs.js: browser.search.selectedEngine - Twitter
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-02-12 16:25:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 21:25
.
Pre-Run: 1,408,523,735,040 bytes free
Post-Run: 1,408,587,722,752 bytes free
.
- - End Of File - - 9A8E05FB1EF6AC6B443E261630EC128A

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 12 February 2012 - 04:44 PM

When you say TDSSKiller didn't show anything do you mean no log was produced at all? Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 bbroski69

bbroski69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 12 February 2012 - 08:14 PM

correct, no log was produced.

here is MBAM log:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ben :: BEN-HP [administrator]

Protection: Disabled

2/12/2012 7:04:24 PM
mbam-log-2012-02-12 (19-04-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 427530
Time elapsed: 42 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 12 February 2012 - 09:59 PM

How is your computer running now? Please do this next:

Posted Image Look in c:\ for a text file that looks like this: TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt If you find it, please post it.

Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • TDSSKiller log (if you locate it)
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 bbroski69

bbroski69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 13 February 2012 - 12:53 PM

Looks like it's working again. When i click on Google search results now, it goes to the correct site.

Here is the TDSSKiller log:

15:45:57.0336 5420 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
15:45:57.0609 5420 ============================================================
15:45:57.0609 5420 Current date / time: 2012/02/12 15:45:57.0609
15:45:57.0609 5420 SystemInfo:
15:45:57.0609 5420
15:45:57.0609 5420 OS Version: 6.1.7600 ServicePack: 0.0
15:45:57.0609 5420 Product type: Workstation
15:45:57.0610 5420 ComputerName: BEN-HP
15:45:57.0610 5420 UserName: Ben
15:45:57.0610 5420 Windows directory: C:\Windows
15:45:57.0610 5420 System windows directory: C:\Windows
15:45:57.0610 5420 Running under WOW64
15:45:57.0610 5420 Processor architecture: Intel x64
15:45:57.0610 5420 Number of processors: 4
15:45:57.0610 5420 Page size: 0x1000
15:45:57.0610 5420 Boot type: Normal boot
15:45:57.0610 5420 ============================================================
15:45:58.0226 5420 Drive \Device\Harddisk0\DR0 - Size: 0x15D3EF70000 (1396.98 Gb), SectorSize: 0x200, Cylinders: 0x2C85C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:45:58.0246 5420 Drive \Device\Harddisk2\DR2 - Size: 0x3B2C00000 (14.79 Gb), SectorSize: 0x200, Cylinders: 0x78B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:45:58.0263 5420 \Device\Harddisk0\DR0:
15:45:58.0263 5420 MBR used
15:45:58.0263 5420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:45:58.0263 5420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0xACE074FD
15:45:58.0263 5420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xACE3A800, BlocksNum 0x1BBD800
15:45:58.0263 5420 \Device\Harddisk2\DR2:
15:45:58.0265 5420 MBR used
15:45:58.0265 5420 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1D94000
15:45:58.0412 5420 Initialize success
15:45:58.0412 5420 ============================================================
15:46:22.0313 6560 ============================================================
15:46:22.0313 6560 Scan started
15:46:22.0314 6560 Mode: Manual; TDLFS;
15:46:22.0314 6560 ============================================================
15:46:23.0372 6560 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:46:23.0376 6560 1394ohci - ok
15:46:23.0464 6560 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:46:23.0471 6560 ACPI - ok
15:46:23.0518 6560 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:46:23.0520 6560 AcpiPmi - ok
15:46:23.0598 6560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:46:23.0608 6560 adp94xx - ok
15:46:23.0627 6560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:46:23.0635 6560 adpahci - ok
15:46:23.0669 6560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:46:23.0672 6560 adpu320 - ok
15:46:23.0761 6560 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:46:23.0772 6560 AFD - ok
15:46:23.0813 6560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:46:23.0814 6560 agp440 - ok
15:46:23.0840 6560 ahcix64s (abba12382e6eea8e8510ad235b768ce5) C:\Windows\system32\DRIVERS\ahcix64s.sys
15:46:23.0842 6560 ahcix64s - ok
15:46:23.0855 6560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:46:23.0856 6560 aliide - ok
15:46:23.0904 6560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:46:23.0905 6560 amdide - ok
15:46:23.0926 6560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:46:23.0929 6560 AmdK8 - ok
15:46:24.0125 6560 amdkmdag (600c89344a1dc910e5af3852a0bc86f4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:46:24.0297 6560 amdkmdag - ok
15:46:24.0370 6560 amdkmdap (b191851b6fbf30532470d3541a104eef) C:\Windows\system32\DRIVERS\atikmpag.sys
15:46:24.0377 6560 amdkmdap - ok
15:46:24.0417 6560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:46:24.0419 6560 AmdPPM - ok
15:46:24.0447 6560 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
15:46:24.0450 6560 amdsata - ok
15:46:24.0472 6560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:46:24.0477 6560 amdsbs - ok
15:46:24.0495 6560 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
15:46:24.0495 6560 amdxata - ok
15:46:24.0623 6560 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:46:24.0625 6560 AppID - ok
15:46:24.0680 6560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:46:24.0683 6560 arc - ok
15:46:24.0704 6560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:46:24.0707 6560 arcsas - ok
15:46:24.0738 6560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:24.0739 6560 AsyncMac - ok
15:46:24.0753 6560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:46:24.0753 6560 atapi - ok
15:46:24.0797 6560 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
15:46:24.0799 6560 AtiHDAudioService - ok
15:46:24.0830 6560 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:46:24.0831 6560 AtiPcie - ok
15:46:24.0876 6560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:46:24.0882 6560 b06bdrv - ok
15:46:24.0905 6560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:46:24.0909 6560 b57nd60a - ok
15:46:24.0997 6560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:46:24.0999 6560 Beep - ok
15:46:25.0040 6560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:46:25.0043 6560 blbdrive - ok
15:46:25.0084 6560 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:46:25.0086 6560 bowser - ok
15:46:25.0120 6560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:46:25.0122 6560 BrFiltLo - ok
15:46:25.0142 6560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:46:25.0144 6560 BrFiltUp - ok
15:46:25.0165 6560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:46:25.0171 6560 Brserid - ok
15:46:25.0204 6560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:46:25.0205 6560 BrSerWdm - ok
15:46:25.0215 6560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:46:25.0215 6560 BrUsbMdm - ok
15:46:25.0226 6560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:46:25.0227 6560 BrUsbSer - ok
15:46:25.0259 6560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:46:25.0261 6560 BTHMODEM - ok
15:46:25.0287 6560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:46:25.0289 6560 cdfs - ok
15:46:25.0310 6560 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:46:25.0312 6560 cdrom - ok
15:46:25.0325 6560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:46:25.0327 6560 circlass - ok
15:46:25.0361 6560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:46:25.0367 6560 CLFS - ok
15:46:25.0382 6560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:25.0383 6560 CmBatt - ok
15:46:25.0394 6560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:46:25.0394 6560 cmdide - ok
15:46:25.0449 6560 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:46:25.0458 6560 CNG - ok
15:46:25.0470 6560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:46:25.0471 6560 Compbatt - ok
15:46:25.0490 6560 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:46:25.0492 6560 CompositeBus - ok
15:46:25.0504 6560 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
15:46:25.0505 6560 CpqDfw - ok
15:46:25.0516 6560 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys
15:46:25.0517 6560 cqcpu - ok
15:46:25.0528 6560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:46:25.0529 6560 crcdisk - ok
15:46:25.0588 6560 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:46:25.0589 6560 DfsC - ok
15:46:25.0609 6560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:46:25.0610 6560 discache - ok
15:46:25.0630 6560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:46:25.0631 6560 Disk - ok
15:46:25.0656 6560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:46:25.0657 6560 drmkaud - ok
15:46:25.0714 6560 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:46:25.0734 6560 DXGKrnl - ok
15:46:25.0802 6560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:46:25.0861 6560 ebdrv - ok
15:46:25.0893 6560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:46:25.0899 6560 elxstor - ok
15:46:25.0907 6560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:46:25.0908 6560 ErrDev - ok
15:46:25.0934 6560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:46:25.0936 6560 exfat - ok
15:46:25.0954 6560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:46:25.0956 6560 fastfat - ok
15:46:25.0967 6560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:46:25.0968 6560 fdc - ok
15:46:25.0993 6560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:46:25.0994 6560 FileInfo - ok
15:46:26.0025 6560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:46:26.0027 6560 Filetrace - ok
15:46:26.0040 6560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:26.0041 6560 flpydisk - ok
15:46:26.0091 6560 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:46:26.0094 6560 FltMgr - ok
15:46:26.0125 6560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:46:26.0127 6560 FsDepends - ok
15:46:26.0151 6560 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:46:26.0153 6560 Fs_Rec - ok
15:46:26.0174 6560 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
15:46:26.0177 6560 fvevol - ok
15:46:26.0196 6560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:46:26.0198 6560 gagp30kx - ok
15:46:26.0261 6560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:46:26.0263 6560 hcw85cir - ok
15:46:26.0291 6560 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:46:26.0296 6560 HdAudAddService - ok
15:46:26.0372 6560 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:46:26.0374 6560 HDAudBus - ok
15:46:26.0398 6560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:46:26.0399 6560 HidBatt - ok
15:46:26.0410 6560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:46:26.0412 6560 HidBth - ok
15:46:26.0422 6560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:46:26.0423 6560 HidIr - ok
15:46:26.0458 6560 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:46:26.0459 6560 HidUsb - ok
15:46:26.0498 6560 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:46:26.0499 6560 HpSAMD - ok
15:46:26.0532 6560 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:46:26.0539 6560 HTTP - ok
15:46:26.0562 6560 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:46:26.0562 6560 hwpolicy - ok
15:46:26.0588 6560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:46:26.0590 6560 i8042prt - ok
15:46:26.0616 6560 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
15:46:26.0620 6560 iaStorV - ok
15:46:26.0631 6560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:46:26.0632 6560 iirsp - ok
15:46:26.0727 6560 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
15:46:26.0789 6560 IntcAzAudAddService - ok
15:46:26.0798 6560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:46:26.0799 6560 intelide - ok
15:46:26.0808 6560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:46:26.0809 6560 intelppm - ok
15:46:26.0829 6560 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:26.0830 6560 IpFilterDriver - ok
15:46:26.0841 6560 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:46:26.0842 6560 IPMIDRV - ok
15:46:26.0852 6560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:46:26.0854 6560 IPNAT - ok
15:46:26.0868 6560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:46:26.0869 6560 IRENUM - ok
15:46:26.0878 6560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:46:26.0878 6560 isapnp - ok
15:46:26.0905 6560 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:46:26.0908 6560 iScsiPrt - ok
15:46:26.0935 6560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:26.0936 6560 kbdclass - ok
15:46:26.0952 6560 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:46:26.0954 6560 kbdhid - ok
15:46:26.0992 6560 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:46:26.0993 6560 KSecDD - ok
15:46:27.0020 6560 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:46:27.0022 6560 KSecPkg - ok
15:46:27.0030 6560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:46:27.0031 6560 ksthunk - ok
15:46:27.0076 6560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:46:27.0078 6560 lltdio - ok
15:46:27.0106 6560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:46:27.0108 6560 LSI_FC - ok
15:46:27.0124 6560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:46:27.0125 6560 LSI_SAS - ok
15:46:27.0135 6560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:46:27.0136 6560 LSI_SAS2 - ok
15:46:27.0146 6560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:46:27.0147 6560 LSI_SCSI - ok
15:46:27.0197 6560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:46:27.0199 6560 luafv - ok
15:46:27.0262 6560 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:46:27.0264 6560 LVPr2M64 - ok
15:46:27.0271 6560 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:46:27.0272 6560 LVPr2Mon - ok
15:46:27.0488 6560 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:46:27.0611 6560 LVUVC64 - ok
15:46:27.0633 6560 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
15:46:27.0634 6560 ManyCam - ok
15:46:27.0675 6560 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:46:27.0676 6560 MBAMProtector - ok
15:46:27.0697 6560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:46:27.0698 6560 megasas - ok
15:46:27.0716 6560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:46:27.0720 6560 MegaSR - ok
15:46:27.0730 6560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:46:27.0731 6560 Modem - ok
15:46:27.0744 6560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:46:27.0744 6560 monitor - ok
15:46:27.0758 6560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:46:27.0759 6560 mouclass - ok
15:46:27.0773 6560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:46:27.0774 6560 mouhid - ok
15:46:27.0788 6560 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:46:27.0789 6560 mountmgr - ok
15:46:27.0828 6560 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:46:27.0830 6560 mpio - ok
15:46:27.0854 6560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:46:27.0856 6560 mpsdrv - ok
15:46:27.0880 6560 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:46:27.0882 6560 MRxDAV - ok
15:46:27.0921 6560 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:27.0924 6560 mrxsmb - ok
15:46:27.0964 6560 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:27.0968 6560 mrxsmb10 - ok
15:46:27.0983 6560 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:27.0985 6560 mrxsmb20 - ok
15:46:28.0009 6560 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
15:46:28.0010 6560 msahci - ok
15:46:28.0033 6560 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:46:28.0035 6560 msdsm - ok
15:46:28.0064 6560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:46:28.0065 6560 Msfs - ok
15:46:28.0077 6560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:46:28.0078 6560 mshidkmdf - ok
15:46:28.0095 6560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:46:28.0096 6560 msisadrv - ok
15:46:28.0121 6560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:28.0122 6560 MSKSSRV - ok
15:46:28.0140 6560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:28.0141 6560 MSPCLOCK - ok
15:46:28.0153 6560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:46:28.0154 6560 MSPQM - ok
15:46:28.0180 6560 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:46:28.0185 6560 MsRPC - ok
15:46:28.0202 6560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:46:28.0202 6560 mssmbios - ok
15:46:28.0212 6560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:46:28.0213 6560 MSTEE - ok
15:46:28.0233 6560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:46:28.0234 6560 MTConfig - ok
15:46:28.0253 6560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:46:28.0254 6560 Mup - ok
15:46:28.0295 6560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:28.0300 6560 NativeWifiP - ok
15:46:28.0340 6560 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:46:28.0353 6560 NDIS - ok
15:46:28.0363 6560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:28.0364 6560 NdisCap - ok
15:46:28.0378 6560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:28.0379 6560 NdisTapi - ok
15:46:28.0403 6560 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:28.0405 6560 Ndisuio - ok
15:46:28.0425 6560 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:28.0428 6560 NdisWan - ok
15:46:28.0455 6560 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:46:28.0456 6560 NDProxy - ok
15:46:28.0477 6560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:46:28.0477 6560 NetBIOS - ok
15:46:28.0503 6560 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:46:28.0505 6560 NetBT - ok
15:46:28.0582 6560 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
15:46:28.0641 6560 netr28x - ok
15:46:28.0675 6560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:46:28.0677 6560 nfrd960 - ok
15:46:28.0697 6560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:46:28.0698 6560 Npfs - ok
15:46:28.0713 6560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:46:28.0714 6560 nsiproxy - ok
15:46:28.0764 6560 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
15:46:28.0798 6560 Ntfs - ok
15:46:28.0815 6560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:46:28.0817 6560 Null - ok
15:46:28.0865 6560 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
15:46:28.0869 6560 nvraid - ok
15:46:28.0886 6560 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
15:46:28.0889 6560 nvstor - ok
15:46:28.0914 6560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:46:28.0916 6560 nv_agp - ok
15:46:28.0931 6560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:46:28.0932 6560 ohci1394 - ok
15:46:28.0969 6560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:46:28.0970 6560 Parport - ok
15:46:28.0979 6560 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:46:28.0980 6560 partmgr - ok
15:46:29.0005 6560 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:46:29.0007 6560 pci - ok
15:46:29.0015 6560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:46:29.0016 6560 pciide - ok
15:46:29.0037 6560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:29.0040 6560 pcmcia - ok
15:46:29.0049 6560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:46:29.0050 6560 pcw - ok
15:46:29.0077 6560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:46:29.0084 6560 PEAUTH - ok
15:46:29.0127 6560 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:29.0128 6560 PptpMiniport - ok
15:46:29.0147 6560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:46:29.0148 6560 Processor - ok
15:46:29.0162 6560 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:46:29.0164 6560 Psched - ok
15:46:29.0245 6560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:46:29.0287 6560 ql2300 - ok
15:46:29.0313 6560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:46:29.0316 6560 ql40xx - ok
15:46:29.0342 6560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:46:29.0344 6560 QWAVEdrv - ok
15:46:29.0354 6560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:29.0355 6560 RasAcd - ok
15:46:29.0415 6560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:29.0418 6560 RasAgileVpn - ok
15:46:29.0444 6560 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:29.0446 6560 Rasl2tp - ok
15:46:29.0464 6560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:29.0466 6560 RasPppoe - ok
15:46:29.0486 6560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:46:29.0488 6560 RasSstp - ok
15:46:29.0517 6560 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:46:29.0521 6560 rdbss - ok
15:46:29.0542 6560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:46:29.0544 6560 rdpbus - ok
15:46:29.0557 6560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:29.0558 6560 RDPCDD - ok
15:46:29.0597 6560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:46:29.0597 6560 RDPENCDD - ok
15:46:29.0612 6560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:46:29.0612 6560 RDPREFMP - ok
15:46:29.0630 6560 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:46:29.0634 6560 RDPWD - ok
15:46:29.0652 6560 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:46:29.0655 6560 rdyboost - ok
15:46:29.0703 6560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:46:29.0704 6560 rspndr - ok
15:46:29.0741 6560 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:46:29.0744 6560 RTL8167 - ok
15:46:29.0764 6560 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:46:29.0765 6560 sbp2port - ok
15:46:29.0776 6560 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:46:29.0777 6560 scfilter - ok
15:46:29.0800 6560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:46:29.0801 6560 secdrv - ok
15:46:29.0835 6560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:46:29.0835 6560 Serenum - ok
15:46:29.0846 6560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:46:29.0847 6560 Serial - ok
15:46:29.0867 6560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:46:29.0868 6560 sermouse - ok
15:46:29.0884 6560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:46:29.0885 6560 sffdisk - ok
15:46:29.0895 6560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:46:29.0896 6560 sffp_mmc - ok
15:46:29.0906 6560 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:46:29.0907 6560 sffp_sd - ok
15:46:29.0917 6560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:46:29.0917 6560 sfloppy - ok
15:46:29.0943 6560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:46:29.0944 6560 SiSRaid2 - ok
15:46:29.0966 6560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:46:29.0968 6560 SiSRaid4 - ok
15:46:29.0981 6560 SIVDRIVER (a0fd911feea045d4a4f5154666c76ec7) C:\Windows\system32\Drivers\SIVX64.sys
15:46:29.0983 6560 SIVDRIVER - ok
15:46:29.0992 6560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:46:29.0994 6560 Smb - ok
15:46:30.0016 6560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:46:30.0017 6560 spldr - ok
15:46:30.0054 6560 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:46:30.0063 6560 srv - ok
15:46:30.0091 6560 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:46:30.0095 6560 srv2 - ok
15:46:30.0140 6560 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:46:30.0142 6560 srvnet - ok
15:46:30.0155 6560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:46:30.0156 6560 stexstor - ok
15:46:30.0172 6560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:46:30.0173 6560 swenum - ok
15:46:30.0264 6560 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:46:30.0299 6560 Tcpip - ok
15:46:30.0348 6560 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:46:30.0359 6560 TCPIP6 - ok
15:46:30.0375 6560 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:46:30.0376 6560 tcpipreg - ok
15:46:30.0387 6560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:46:30.0388 6560 TDPIPE - ok
15:46:30.0398 6560 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:46:30.0399 6560 TDTCP - ok
15:46:30.0432 6560 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:46:30.0433 6560 tdx - ok
15:46:30.0447 6560 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:46:30.0450 6560 TermDD - ok
15:46:30.0516 6560 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
15:46:30.0519 6560 tmactmon - ok
15:46:30.0553 6560 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
15:46:30.0556 6560 tmcomm - ok
15:46:30.0588 6560 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
15:46:30.0589 6560 tmevtmgr - ok
15:46:30.0612 6560 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
15:46:30.0613 6560 tmtdi - ok
15:46:30.0636 6560 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:30.0637 6560 tssecsrv - ok
15:46:30.0658 6560 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:46:30.0660 6560 tunnel - ok
15:46:30.0675 6560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:46:30.0677 6560 uagp35 - ok
15:46:30.0702 6560 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:46:30.0707 6560 udfs - ok
15:46:30.0728 6560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:46:30.0730 6560 uliagpkx - ok
15:46:30.0753 6560 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:46:30.0755 6560 umbus - ok
15:46:30.0769 6560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:46:30.0770 6560 UmPass - ok
15:46:30.0811 6560 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
15:46:30.0813 6560 usbaudio - ok
15:46:30.0830 6560 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:30.0832 6560 usbccgp - ok
15:46:30.0853 6560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:46:30.0855 6560 usbcir - ok
15:46:30.0876 6560 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
15:46:30.0878 6560 usbehci - ok
15:46:30.0908 6560 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
15:46:30.0909 6560 usbfilter - ok
15:46:30.0937 6560 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
15:46:30.0942 6560 usbhub - ok
15:46:30.0961 6560 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:46:30.0962 6560 usbohci - ok
15:46:30.0974 6560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:46:30.0976 6560 usbprint - ok
15:46:30.0992 6560 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:46:30.0994 6560 usbscan - ok
15:46:31.0013 6560 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:31.0015 6560 USBSTOR - ok
15:46:31.0033 6560 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:46:31.0034 6560 usbuhci - ok
15:46:31.0069 6560 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
15:46:31.0072 6560 usbvideo - ok
15:46:31.0093 6560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:46:31.0093 6560 vdrvroot - ok
15:46:31.0129 6560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:31.0131 6560 vga - ok
15:46:31.0152 6560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:46:31.0153 6560 VgaSave - ok
15:46:31.0180 6560 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:46:31.0184 6560 vhdmp - ok
15:46:31.0203 6560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:46:31.0204 6560 viaide - ok
15:46:31.0219 6560 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:46:31.0221 6560 volmgr - ok
15:46:31.0251 6560 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:46:31.0255 6560 volmgrx - ok
15:46:31.0284 6560 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:46:31.0287 6560 volsnap - ok
15:46:31.0344 6560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:46:31.0348 6560 vsmraid - ok
15:46:31.0375 6560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:46:31.0376 6560 vwifibus - ok
15:46:31.0398 6560 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:46:31.0399 6560 vwififlt - ok
15:46:31.0430 6560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:46:31.0431 6560 WacomPen - ok
15:46:31.0457 6560 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:31.0459 6560 WANARP - ok
15:46:31.0464 6560 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:31.0465 6560 Wanarpv6 - ok
15:46:31.0489 6560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:46:31.0490 6560 Wd - ok
15:46:31.0518 6560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:46:31.0527 6560 Wdf01000 - ok
15:46:31.0557 6560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:46:31.0557 6560 WfpLwf - ok
15:46:31.0568 6560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:46:31.0569 6560 WIMMount - ok
15:46:31.0598 6560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:46:31.0599 6560 WmiAcpi - ok
15:46:31.0618 6560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:46:31.0619 6560 ws2ifsl - ok
15:46:31.0641 6560 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:46:31.0643 6560 WudfPf - ok
15:46:31.0665 6560 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:31.0667 6560 WUDFRd - ok
15:46:31.0705 6560 MBR (0x1B8) (3ca12b05b2a320bd5380b2ef06c7180d) \Device\Harddisk0\DR0
15:46:31.0917 6560 \Device\Harddisk0\DR0 - ok
15:46:31.0927 6560 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
15:46:32.0326 6560 \Device\Harddisk2\DR2 - ok
15:46:32.0330 6560 Boot (0x1200) (3b4824418ba5d28ad17cdbdd17af8cbc) \Device\Harddisk0\DR0\Partition0
15:46:32.0331 6560 \Device\Harddisk0\DR0\Partition0 - ok
15:46:32.0349 6560 Boot (0x1200) (33552a13864427cd6dba4bf74ab42602) \Device\Harddisk0\DR0\Partition1
15:46:32.0350 6560 \Device\Harddisk0\DR0\Partition1 - ok
15:46:32.0389 6560 Boot (0x1200) (1c2737f9e61bb2c9d061a7ff53402d02) \Device\Harddisk0\DR0\Partition2
15:46:32.0390 6560 \Device\Harddisk0\DR0\Partition2 - ok
15:46:32.0396 6560 Boot (0x1200) (af3a8b238049335b4a0cd0644d997ff7) \Device\Harddisk2\DR2\Partition0
15:46:32.0398 6560 \Device\Harddisk2\DR2\Partition0 - ok
15:46:32.0399 6560 ============================================================
15:46:32.0399 6560 Scan finished
15:46:32.0399 6560 ============================================================
15:46:32.0494 4116 Detected object count: 0
15:46:32.0494 4116 Actual detected object count: 0
16:01:22.0519 7932 ============================================================
16:01:22.0519 7932 Scan started
16:01:22.0519 7932 Mode: Manual; TDLFS;
16:01:22.0519 7932 ============================================================
16:01:23.0031 7932 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:01:23.0035 7932 1394ohci - ok
16:01:23.0061 7932 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:01:23.0064 7932 ACPI - ok
16:01:23.0081 7932 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:01:23.0081 7932 AcpiPmi - ok
16:01:23.0110 7932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:01:23.0114 7932 adp94xx - ok
16:01:23.0128 7932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:01:23.0130 7932 adpahci - ok
16:01:23.0147 7932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:01:23.0149 7932 adpu320 - ok
16:01:23.0201 7932 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
16:01:23.0206 7932 AFD - ok
16:01:23.0243 7932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:01:23.0244 7932 agp440 - ok
16:01:23.0272 7932 ahcix64s (abba12382e6eea8e8510ad235b768ce5) C:\Windows\system32\DRIVERS\ahcix64s.sys
16:01:23.0276 7932 ahcix64s - ok
16:01:23.0293 7932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:01:23.0294 7932 aliide - ok
16:01:23.0311 7932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:01:23.0312 7932 amdide - ok
16:01:23.0344 7932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:01:23.0345 7932 AmdK8 - ok
16:01:23.0510 7932 amdkmdag (600c89344a1dc910e5af3852a0bc86f4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:01:23.0547 7932 amdkmdag - ok
16:01:23.0569 7932 amdkmdap (b191851b6fbf30532470d3541a104eef) C:\Windows\system32\DRIVERS\atikmpag.sys
16:01:23.0570 7932 amdkmdap - ok
16:01:23.0582 7932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:01:23.0583 7932 AmdPPM - ok
16:01:23.0600 7932 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
16:01:23.0601 7932 amdsata - ok
16:01:23.0624 7932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:01:23.0625 7932 amdsbs - ok
16:01:23.0648 7932 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
16:01:23.0649 7932 amdxata - ok
16:01:23.0667 7932 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:01:23.0668 7932 AppID - ok
16:01:23.0689 7932 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:01:23.0689 7932 arc - ok
16:01:23.0700 7932 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:01:23.0701 7932 arcsas - ok
16:01:23.0711 7932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:23.0712 7932 AsyncMac - ok
16:01:23.0720 7932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:01:23.0721 7932 atapi - ok
16:01:23.0759 7932 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
16:01:23.0761 7932 AtiHDAudioService - ok
16:01:23.0792 7932 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
16:01:23.0792 7932 AtiPcie - ok
16:01:23.0825 7932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:01:23.0829 7932 b06bdrv - ok
16:01:23.0854 7932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:01:23.0857 7932 b57nd60a - ok
16:01:23.0875 7932 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:01:23.0875 7932 Beep - ok
16:01:23.0894 7932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:01:23.0894 7932 blbdrive - ok
16:01:23.0920 7932 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:01:23.0922 7932 bowser - ok
16:01:23.0950 7932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:01:23.0950 7932 BrFiltLo - ok
16:01:23.0972 7932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:01:23.0972 7932 BrFiltUp - ok
16:01:23.0987 7932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:01:23.0990 7932 Brserid - ok
16:01:24.0010 7932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:01:24.0010 7932 BrSerWdm - ok
16:01:24.0020 7932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:01:24.0020 7932 BrUsbMdm - ok
16:01:24.0031 7932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:01:24.0031 7932 BrUsbSer - ok
16:01:24.0053 7932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:01:24.0054 7932 BTHMODEM - ok
16:01:24.0081 7932 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:01:24.0082 7932 cdfs - ok
16:01:24.0103 7932 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:01:24.0105 7932 cdrom - ok
16:01:24.0117 7932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:01:24.0118 7932 circlass - ok
16:01:24.0155 7932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:01:24.0158 7932 CLFS - ok
16:01:24.0173 7932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:24.0174 7932 CmBatt - ok
16:01:24.0185 7932 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:01:24.0185 7932 cmdide - ok
16:01:24.0228 7932 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:01:24.0232 7932 CNG - ok
16:01:24.0242 7932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:01:24.0242 7932 Compbatt - ok
16:01:24.0260 7932 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:01:24.0260 7932 CompositeBus - ok
16:01:24.0273 7932 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
16:01:24.0273 7932 CpqDfw - ok
16:01:24.0284 7932 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys
16:01:24.0285 7932 cqcpu - ok
16:01:24.0295 7932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:01:24.0296 7932 crcdisk - ok
16:01:24.0345 7932 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:01:24.0346 7932 DfsC - ok
16:01:24.0367 7932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:01:24.0368 7932 discache - ok
16:01:24.0376 7932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:01:24.0377 7932 Disk - ok
16:01:24.0402 7932 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:01:24.0403 7932 drmkaud - ok
16:01:24.0462 7932 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:01:24.0476 7932 DXGKrnl - ok
16:01:24.0544 7932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:01:24.0558 7932 ebdrv - ok
16:01:24.0590 7932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:01:24.0592 7932 elxstor - ok
16:01:24.0600 7932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:01:24.0601 7932 ErrDev - ok
16:01:24.0631 7932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:01:24.0632 7932 exfat - ok
16:01:24.0652 7932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:01:24.0653 7932 fastfat - ok
16:01:24.0663 7932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:01:24.0663 7932 fdc - ok
16:01:24.0679 7932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:01:24.0679 7932 FileInfo - ok
16:01:24.0687 7932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:01:24.0687 7932 Filetrace - ok
16:01:24.0697 7932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:24.0697 7932 flpydisk - ok
16:01:24.0716 7932 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:01:24.0718 7932 FltMgr - ok
16:01:24.0738 7932 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:01:24.0739 7932 FsDepends - ok
16:01:24.0753 7932 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:01:24.0753 7932 Fs_Rec - ok
16:01:24.0775 7932 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:01:24.0776 7932 fvevol - ok
16:01:24.0785 7932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:01:24.0786 7932 gagp30kx - ok
16:01:24.0802 7932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:01:24.0803 7932 hcw85cir - ok
16:01:24.0820 7932 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:01:24.0822 7932 HdAudAddService - ok
16:01:24.0841 7932 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:01:24.0842 7932 HDAudBus - ok
16:01:24.0850 7932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:01:24.0851 7932 HidBatt - ok
16:01:24.0880 7932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:01:24.0881 7932 HidBth - ok
16:01:24.0890 7932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:01:24.0890 7932 HidIr - ok
16:01:24.0964 7932 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:01:24.0965 7932 HidUsb - ok
16:01:25.0027 7932 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:01:25.0028 7932 HpSAMD - ok
16:01:25.0050 7932 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:01:25.0055 7932 HTTP - ok
16:01:25.0067 7932 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:01:25.0067 7932 hwpolicy - ok
16:01:25.0076 7932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:01:25.0077 7932 i8042prt - ok
16:01:25.0089 7932 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
16:01:25.0092 7932 iaStorV - ok
16:01:25.0102 7932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:01:25.0102 7932 iirsp - ok
16:01:25.0170 7932 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
16:01:25.0185 7932 IntcAzAudAddService - ok
16:01:25.0194 7932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:01:25.0194 7932 intelide - ok
16:01:25.0204 7932 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:01:25.0204 7932 intelppm - ok
16:01:25.0216 7932 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:25.0216 7932 IpFilterDriver - ok
16:01:25.0227 7932 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:01:25.0228 7932 IPMIDRV - ok
16:01:25.0237 7932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:01:25.0237 7932 IPNAT - ok
16:01:25.0254 7932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:01:25.0254 7932 IRENUM - ok
16:01:25.0263 7932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:01:25.0263 7932 isapnp - ok
16:01:25.0278 7932 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:01:25.0279 7932 iScsiPrt - ok
16:01:25.0289 7932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:01:25.0289 7932 kbdclass - ok
16:01:25.0302 7932 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:01:25.0302 7932 kbdhid - ok
16:01:25.0330 7932 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:01:25.0331 7932 KSecDD - ok
16:01:25.0346 7932 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:01:25.0346 7932 KSecPkg - ok
16:01:25.0355 7932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:01:25.0355 7932 ksthunk - ok
16:01:25.0373 7932 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:01:25.0373 7932 lltdio - ok
16:01:25.0396 7932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:01:25.0396 7932 LSI_FC - ok
16:01:25.0414 7932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:01:25.0414 7932 LSI_SAS - ok
16:01:25.0423 7932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:01:25.0424 7932 LSI_SAS2 - ok
16:01:25.0438 7932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:01:25.0439 7932 LSI_SCSI - ok
16:01:25.0463 7932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:01:25.0464 7932 luafv - ok
16:01:25.0491 7932 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:01:25.0492 7932 LVPr2M64 - ok
16:01:25.0495 7932 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:01:25.0495 7932 LVPr2Mon - ok
16:01:25.0663 7932 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:01:25.0694 7932 LVUVC64 - ok
16:01:25.0718 7932 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
16:01:25.0719 7932 ManyCam - ok
16:01:25.0737 7932 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:01:25.0737 7932 MBAMProtector - ok
16:01:25.0764 7932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:01:25.0765 7932 megasas - ok
16:01:25.0790 7932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:01:25.0791 7932 MegaSR - ok
16:01:25.0803 7932 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:01:25.0803 7932 Modem - ok
16:01:25.0818 7932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:01:25.0818 7932 monitor - ok
16:01:25.0826 7932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:01:25.0827 7932 mouclass - ok
16:01:25.0847 7932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:01:25.0847 7932 mouhid - ok
16:01:25.0862 7932 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:01:25.0863 7932 mountmgr - ok
16:01:25.0873 7932 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:01:25.0874 7932 mpio - ok
16:01:25.0891 7932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:01:25.0891 7932 mpsdrv - ok
16:01:25.0905 7932 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:01:25.0906 7932 MRxDAV - ok
16:01:25.0948 7932 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:01:25.0951 7932 mrxsmb - ok
16:01:25.0991 7932 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:01:25.0996 7932 mrxsmb10 - ok
16:01:26.0022 7932 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:01:26.0024 7932 mrxsmb20 - ok
16:01:26.0046 7932 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
16:01:26.0047 7932 msahci - ok
16:01:26.0070 7932 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:01:26.0072 7932 msdsm - ok
16:01:26.0087 7932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:01:26.0088 7932 Msfs - ok
16:01:26.0103 7932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:01:26.0103 7932 mshidkmdf - ok
16:01:26.0121 7932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:01:26.0121 7932 msisadrv - ok
16:01:26.0147 7932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:01:26.0148 7932 MSKSSRV - ok
16:01:26.0166 7932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:01:26.0166 7932 MSPCLOCK - ok
16:01:26.0190 7932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:01:26.0191 7932 MSPQM - ok
16:01:26.0217 7932 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:01:26.0221 7932 MsRPC - ok
16:01:26.0239 7932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:01:26.0240 7932 mssmbios - ok
16:01:26.0249 7932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:01:26.0250 7932 MSTEE - ok
16:01:26.0270 7932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:01:26.0271 7932 MTConfig - ok
16:01:26.0290 7932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:01:26.0291 7932 Mup - ok
16:01:26.0320 7932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:01:26.0324 7932 NativeWifiP - ok
16:01:26.0354 7932 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:01:26.0362 7932 NDIS - ok
16:01:26.0372 7932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:01:26.0373 7932 NdisCap - ok
16:01:26.0392 7932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:01:26.0392 7932 NdisTapi - ok
16:01:26.0405 7932 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:01:26.0406 7932 Ndisuio - ok
16:01:26.0427 7932 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:01:26.0428 7932 NdisWan - ok
16:01:26.0444 7932 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:01:26.0445 7932 NDProxy - ok
16:01:26.0467 7932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:01:26.0467 7932 NetBIOS - ok
16:01:26.0493 7932 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:01:26.0495 7932 NetBT - ok
16:01:26.0555 7932 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
16:01:26.0563 7932 netr28x - ok
16:01:26.0576 7932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:01:26.0576 7932 nfrd960 - ok
16:01:26.0591 7932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:01:26.0591 7932 Npfs - ok
16:01:26.0607 7932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:01:26.0608 7932 nsiproxy - ok
16:01:26.0653 7932 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
16:01:26.0661 7932 Ntfs - ok
16:01:26.0685 7932 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:01:26.0686 7932 Null - ok
16:01:26.0721 7932 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
16:01:26.0722 7932 nvraid - ok
16:01:26.0744 7932 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
16:01:26.0745 7932 nvstor - ok
16:01:26.0760 7932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:01:26.0760 7932 nv_agp - ok
16:01:26.0777 7932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:01:26.0777 7932 ohci1394 - ok
16:01:26.0814 7932 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:01:26.0815 7932 Parport - ok
16:01:26.0823 7932 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:01:26.0824 7932 partmgr - ok
16:01:26.0838 7932 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:01:26.0839 7932 pci - ok
16:01:26.0859 7932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:01:26.0859 7932 pciide - ok
16:01:26.0884 7932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:01:26.0885 7932 pcmcia - ok
16:01:26.0893 7932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:01:26.0894 7932 pcw - ok
16:01:26.0922 7932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:01:26.0926 7932 PEAUTH - ok
16:01:26.0972 7932 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:01:26.0973 7932 PptpMiniport - ok
16:01:26.0992 7932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:01:26.0993 7932 Processor - ok
16:01:27.0006 7932 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:01:27.0007 7932 Psched - ok
16:01:27.0054 7932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:01:27.0061 7932 ql2300 - ok
16:01:27.0087 7932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:01:27.0088 7932 ql40xx - ok
16:01:27.0104 7932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:01:27.0104 7932 QWAVEdrv - ok
16:01:27.0114 7932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:01:27.0114 7932 RasAcd - ok
16:01:27.0189 7932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:01:27.0190 7932 RasAgileVpn - ok
16:01:27.0217 7932 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:01:27.0219 7932 Rasl2tp - ok
16:01:27.0237 7932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:01:27.0238 7932 RasPppoe - ok
16:01:27.0260 7932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:01:27.0261 7932 RasSstp - ok
16:01:27.0279 7932 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:01:27.0282 7932 rdbss - ok
16:01:27.0304 7932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:01:27.0305 7932 rdpbus - ok
16:01:27.0319 7932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:01:27.0320 7932 RDPCDD - ok
16:01:27.0334 7932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:01:27.0335 7932 RDPENCDD - ok
16:01:27.0350 7932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:01:27.0350 7932 RDPREFMP - ok
16:01:27.0368 7932 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:01:27.0370 7932 RDPWD - ok
16:01:27.0389 7932 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:01:27.0391 7932 rdyboost - ok
16:01:27.0429 7932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:01:27.0430 7932 rspndr - ok
16:01:27.0466 7932 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:01:27.0468 7932 RTL8167 - ok
16:01:27.0489 7932 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:01:27.0490 7932 sbp2port - ok
16:01:27.0500 7932 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:01:27.0501 7932 scfilter - ok
16:01:27.0562 7932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:01:27.0563 7932 secdrv - ok
16:01:27.0597 7932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:01:27.0598 7932 Serenum - ok
16:01:27.0612 7932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:01:27.0614 7932 Serial - ok
16:01:27.0640 7932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:01:27.0641 7932 sermouse - ok
16:01:27.0658 7932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:01:27.0659 7932 sffdisk - ok
16:01:27.0668 7932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:01:27.0669 7932 sffp_mmc - ok
16:01:27.0679 7932 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:01:27.0679 7932 sffp_sd - ok
16:01:27.0690 7932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:01:27.0690 7932 sfloppy - ok
16:01:27.0704 7932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:01:27.0704 7932 SiSRaid2 - ok
16:01:27.0728 7932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:01:27.0729 7932 SiSRaid4 - ok
16:01:27.0743 7932 SIVDRIVER (a0fd911feea045d4a4f5154666c76ec7) C:\Windows\system32\Drivers\SIVX64.sys
16:01:27.0744 7932 SIVDRIVER - ok
16:01:27.0753 7932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:01:27.0754 7932 Smb - ok
16:01:27.0778 7932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:01:27.0778 7932 spldr - ok
16:01:27.0816 7932 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:01:27.0819 7932 srv - ok
16:01:27.0840 7932 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:01:27.0843 7932 srv2 - ok
16:01:27.0889 7932 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:01:27.0890 7932 srvnet - ok
16:01:27.0903 7932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:01:27.0904 7932 stexstor - ok
16:01:27.0921 7932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:01:27.0922 7932 swenum - ok
16:01:28.0014 7932 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:01:28.0024 7932 Tcpip - ok
16:01:28.0069 7932 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:01:28.0078 7932 TCPIP6 - ok
16:01:28.0101 7932 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:01:28.0102 7932 tcpipreg - ok
16:01:28.0114 7932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:01:28.0114 7932 TDPIPE - ok
16:01:28.0124 7932 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:01:28.0124 7932 TDTCP - ok
16:01:28.0146 7932 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:01:28.0146 7932 tdx - ok
16:01:28.0161 7932 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:01:28.0161 7932 TermDD - ok
16:01:28.0205 7932 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
16:01:28.0206 7932 tmactmon - ok
16:01:28.0243 7932 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
16:01:28.0243 7932 tmcomm - ok
16:01:28.0266 7932 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
16:01:28.0266 7932 tmevtmgr - ok
16:01:28.0289 7932 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
16:01:28.0290 7932 tmtdi - ok
16:01:28.0314 7932 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:01:28.0314 7932 tssecsrv - ok
16:01:28.0336 7932 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:01:28.0337 7932 tunnel - ok
16:01:28.0353 7932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:01:28.0354 7932 uagp35 - ok
16:01:28.0379 7932 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:01:28.0381 7932 udfs - ok
16:01:28.0405 7932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:01:28.0406 7932 uliagpkx - ok
16:01:28.0419 7932 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:01:28.0419 7932 umbus - ok
16:01:28.0435 7932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:01:28.0435 7932 UmPass - ok
16:01:28.0464 7932 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:01:28.0465 7932 usbaudio - ok
16:01:28.0484 7932 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:01:28.0485 7932 usbccgp - ok
16:01:28.0507 7932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:01:28.0507 7932 usbcir - ok
16:01:28.0530 7932 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
16:01:28.0530 7932 usbehci - ok
16:01:28.0549 7932 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
16:01:28.0550 7932 usbfilter - ok
16:01:28.0578 7932 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
16:01:28.0580 7932 usbhub - ok
16:01:28.0602 7932 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:01:28.0603 7932 usbohci - ok
16:01:28.0614 7932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:01:28.0615 7932 usbprint - ok
16:01:28.0633 7932 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:01:28.0634 7932 usbscan - ok
16:01:28.0654 7932 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:01:28.0655 7932 USBSTOR - ok
16:01:28.0664 7932 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:01:28.0664 7932 usbuhci - ok
16:01:28.0698 7932 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
16:01:28.0699 7932 usbvideo - ok
16:01:28.0712 7932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:01:28.0712 7932 vdrvroot - ok
16:01:28.0735 7932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:01:28.0735 7932 vga - ok
16:01:28.0757 7932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:01:28.0758 7932 VgaSave - ok
16:01:28.0774 7932 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:01:28.0775 7932 vhdmp - ok
16:01:28.0797 7932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:01:28.0797 7932 viaide - ok
16:01:28.0813 7932 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:01:28.0814 7932 volmgr - ok
16:01:28.0832 7932 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:01:28.0834 7932 volmgrx - ok
16:01:28.0853 7932 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:01:28.0855 7932 volsnap - ok
16:01:28.0877 7932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:01:28.0878 7932 vsmraid - ok
16:01:28.0896 7932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:01:28.0897 7932 vwifibus - ok
16:01:28.0919 7932 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:01:28.0920 7932 vwififlt - ok
16:01:28.0935 7932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:01:28.0936 7932 WacomPen - ok
16:01:28.0955 7932 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:01:28.0955 7932 WANARP - ok
16:01:28.0959 7932 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:01:28.0960 7932 Wanarpv6 - ok
16:01:28.0978 7932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:01:28.0979 7932 Wd - ok
16:01:29.0002 7932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:01:29.0006 7932 Wdf01000 - ok
16:01:29.0054 7932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:01:29.0055 7932 WfpLwf - ok
16:01:29.0064 7932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:01:29.0064 7932 WIMMount - ok
16:01:29.0112 7932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:01:29.0113 7932 WmiAcpi - ok
16:01:29.0140 7932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:01:29.0141 7932 ws2ifsl - ok
16:01:29.0162 7932 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:01:29.0163 7932 WudfPf - ok
16:01:29.0186 7932 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:01:29.0187 7932 WUDFRd - ok
16:01:29.0215 7932 MBR (0x1B8) (3ca12b05b2a320bd5380b2ef06c7180d) \Device\Harddisk0\DR0
16:01:29.0436 7932 \Device\Harddisk0\DR0 - ok
16:01:29.0443 7932 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
16:01:29.0817 7932 \Device\Harddisk2\DR2 - ok
16:01:29.0820 7932 Boot (0x1200) (3b4824418ba5d28ad17cdbdd17af8cbc) \Device\Harddisk0\DR0\Partition0
16:01:29.0821 7932 \Device\Harddisk0\DR0\Partition0 - ok
16:01:29.0835 7932 Boot (0x1200) (33552a13864427cd6dba4bf74ab42602) \Device\Harddisk0\DR0\Partition1
16:01:29.0835 7932 \Device\Harddisk0\DR0\Partition1 - ok
16:01:29.0875 7932 Boot (0x1200) (1c2737f9e61bb2c9d061a7ff53402d02) \Device\Harddisk0\DR0\Partition2
16:01:29.0877 7932 \Device\Harddisk0\DR0\Partition2 - ok
16:01:29.0885 7932 Boot (0x1200) (af3a8b238049335b4a0cd0644d997ff7) \Device\Harddisk2\DR2\Partition0
16:01:29.0887 7932 \Device\Harddisk2\DR2\Partition0 - ok
16:01:29.0888 7932 ============================================================
16:01:29.0888 7932 Scan finished
16:01:29.0888 7932 ============================================================
16:01:29.0907 9672 Detected object count: 0
16:01:29.0907 9672 Actual detected object count: 0
16:01:52.0325 4676 Deinitialize success


Here is the ESET log (viruses found)

C:\Program Files (x86)\Common Files\ZugoInstaller.exe Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{106265e9-d7b3-4f79-9890-829bcc81929b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\o1t9ngz8.default\extensions\{b9dc590d-3338-4c4e-907f-61e11711bb10}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Ben\Downloads\FreeYouTubeDownloaderSetup.exe multiple threats

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 13 February 2012 - 05:26 PM

This will take care of the ESET detections that are not already in quarantine:

Posted Image Open notepad and copy/paste the text in the quotebox below into it:

@echo off
del "C:\Program Files (x86)\Common Files\ZugoInstaller.exe"
del "C:\Users\Ben\Downloads\FreeYouTubeDownloaderSetup.exe"
del /Q %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this: Posted Image
Right click on fix.bat and select "Run as administrator" to run it.

Other than those your logs look good! Next I have an update and some very important cleanup for you to take care of:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • TDSSKiller
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 bbroski69

bbroski69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 13 February 2012 - 08:14 PM

I've followed all your instructions. looks like everything is good now. thanks so much for all your help!

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 13 February 2012 - 11:05 PM

You're welcome, bbroski69. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 14 February 2012 - 05:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users