Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Browser Tabs and Virus Alert


  • This topic is locked This topic is locked
10 replies to this topic

#1 Bane88

Bane88

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 27 February 2012 - 06:16 AM

Hello,

On two occasions now I have had one of my browser tabs change to a suspicious address followed by an alert generated by AVG telling me that it blocked a virus from infecting my computer. It may have been from visiting the site www.demonoid.me however I cannot be sure because I have had multiple tabs open both times and I have visited the site again after both alerts with no such event recurring. I scanned my computer with Spybot Search and Destroy, AVG and Malwarebytes Anti-malware. I think I had one positive result in one of the three scans (I can't remember which off the top of my head but I can check the logs if necessary). I would just like to see if my system is infected with anything malicious. Please find the contents of the DDS log below and the other files attached as requested. Any help you can give me is much appreciated.

Thanks,
Bane

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Daniel at 12:44:34 on 2012-02-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3511.2069 [GMT 11:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\System32\StkASv2K.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aldi.com
uDefault_Page_URL = hxxp://www.aldi.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [LMgrVolOSD] "c:\program files\launch manager\OSD.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjA3Mjg2Mjk1LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtQ0lBOTArMi1YTzkrMS1GTDEwKzEtWE8xMCsxMS1MSUMrNy1GMTBNKzM"&"prod=90"&"ver=10.0.1325
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\shrink~1.lnk - c:\program files\shrink pic\shrink_pic.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{438A213E-64D8-44D3-8323-323BF18CD6C5} : DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264}\24967605F6E646938334231373 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264}\24F696E676F60284F6473707F647 : DhcpNameServer = 10.4.0.2
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264}\34C61697 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264}\35D434 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264}\374716464702D61696E6A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264}\671627E61686F6374756C6 : DhcpNameServer = 10.53.0.1 192.168.0.1
TCP: Interfaces\{5265D717-50B0-4B3F-8C58-5BFCA4215264}\84F6374756C602D4F6374756C6 : DhcpNameServer = 192.168.1.99
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\a02ypaz2.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-3-11 249648]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2010-11-2 602624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-3-6 13336]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-14 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-3-6 2320920]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-14 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-3-6 232448]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-3-6 65576]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1009184]
R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2010-3-6 118560]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2010-3-6 13720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1caf31cbe210d3c;Google Update Service (gupdate1caf31cbe210d3c);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-26 191752]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 133104]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-27 191008]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-9 1343400]
.
=============== Created Last 30 ================
.
2074-05-18 07:44:52 607296 ----a-w- c:\program files\microsoft games\age of empires iii\deformerdllyD.dll
2012-02-16 08:00:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 08:08:27 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 08:08:25 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 08:03:06 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-01-30 00:27:26 -------- d-----w- c:\program files\Aspect2
2012-01-28 21:15:22 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2012-02-13 11:54:37 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-02 08:03:06 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 04:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:46:13.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 27 February 2012 - 09:43 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image P2P - I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until we are done.

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 February 2012 - 02:46 AM

Hello,

Thankyou so much for your help and and thankyou for responding to my post so promptly. I have decided to keep uTorrent but it will be disabled until we are finished. Below are the contents of the combofix log as you requested.

Thankyou again,
Bane



ComboFix 12-02-27.02 - Daniel 28/02/2012 18:29:31.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3511.2064 [GMT 11:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET17ED.tmp
c:\windows\system32\SET1969.tmp
c:\windows\system32\SET19F7.tmp
c:\windows\system32\SET1B9F.tmp
c:\windows\system32\SET2231.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2074-05-18 07:44 . 2008-03-21 04:46 607296 ----a-w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-02-28 07:36 . 2012-02-28 07:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-28 07:36 . 2012-02-28 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 07:36 . 2012-02-28 07:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-16 08:01 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 08:01 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-16 08:01 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-16 08:01 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-16 08:01 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 08:01 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-16 08:00 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 08:08 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 08:08 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 08:03 . 2012-02-02 08:03 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-01-30 00:27 . 2012-01-30 00:27 -------- d-----w- c:\program files\Aspect2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 11:54 . 2010-07-01 16:51 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-12-10 04:24 . 2010-09-02 21:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 23:43 . 2011-05-01 15:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-12 413696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-02 8522272]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-03-02 678432]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-08 1594664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA3Mjg2Mjk1LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtQ0lBOTArMi1YTzkrMS1GTDEwKzEtWE8xMCsxMS1MSUMrNy1GMTBNKzM&prod=90&ver=10.0.1325" [?]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2009-5-5 2528256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-11-2 117344]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2010-11-16 185688]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2010-11-2 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-11 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caf31cbe210d3c;Google Update Service (gupdate1caf31cbe210d3c);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 133104]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 133104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-04-27 191008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-08 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-12 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-06 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-03-10 249648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-03 16720]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 232448]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-12-22 65576]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:20]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aldi.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-28 18:39:05
ComboFix-quarantined-files.txt 2012-02-28 07:39
.
Pre-Run: 90,052,771,840 bytes free
Post-Run: 90,040,524,800 bytes free
.
- - End Of File - - 50A9E8AE4F8B065833809D4251D0C3A2

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 28 February 2012 - 05:10 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • TDSSKiller log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 February 2012 - 10:59 PM

Hey,

Here are the contents of the TDDSKiller log and the MBAM log.

Thanks,
Bane

12:28:58.0964 5988 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
12:28:59.0955 5988 ============================================================
12:28:59.0955 5988 Current date / time: 2012/02/29 12:28:59.0955
12:28:59.0955 5988 SystemInfo:
12:28:59.0955 5988
12:28:59.0955 5988 OS Version: 6.1.7600 ServicePack: 0.0
12:28:59.0955 5988 Product type: Workstation
12:28:59.0956 5988 ComputerName: DANIEL-LAPTOP
12:28:59.0956 5988 UserName: Daniel
12:28:59.0956 5988 Windows directory: C:\Windows
12:28:59.0956 5988 System windows directory: C:\Windows
12:28:59.0956 5988 Processor architecture: Intel x86
12:28:59.0956 5988 Number of processors: 4
12:28:59.0956 5988 Page size: 0x1000
12:28:59.0956 5988 Boot type: Normal boot
12:28:59.0956 5988 ============================================================
12:29:00.0699 5988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:29:00.0705 5988 \Device\Harddisk0\DR0:
12:29:00.0705 5988 MBR used
12:29:00.0705 5988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:29:00.0705 5988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
12:29:00.0705 5988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
12:29:00.0780 5988 Initialize success
12:29:00.0780 5988 ============================================================
12:29:27.0496 4048 ============================================================
12:29:27.0496 4048 Scan started
12:29:27.0496 4048 Mode: Manual; TDLFS;
12:29:27.0496 4048 ============================================================
12:29:27.0947 4048 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
12:29:27.0952 4048 1394ohci - ok
12:29:28.0044 4048 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
12:29:28.0051 4048 ACPI - ok
12:29:28.0154 4048 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
12:29:28.0155 4048 AcpiPmi - ok
12:29:28.0268 4048 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:29:28.0277 4048 adp94xx - ok
12:29:28.0397 4048 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:29:28.0404 4048 adpahci - ok
12:29:28.0509 4048 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:29:28.0513 4048 adpu320 - ok
12:29:28.0637 4048 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
12:29:28.0643 4048 AFD - ok
12:29:28.0690 4048 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
12:29:28.0693 4048 agp440 - ok
12:29:28.0778 4048 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:29:28.0780 4048 aic78xx - ok
12:29:28.0893 4048 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
12:29:28.0895 4048 aliide - ok
12:29:28.0981 4048 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
12:29:28.0983 4048 amdagp - ok
12:29:29.0080 4048 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
12:29:29.0081 4048 amdide - ok
12:29:29.0198 4048 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:29:29.0200 4048 AmdK8 - ok
12:29:29.0297 4048 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:29:29.0299 4048 AmdPPM - ok
12:29:29.0390 4048 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
12:29:29.0393 4048 amdsata - ok
12:29:29.0515 4048 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:29:29.0520 4048 amdsbs - ok
12:29:29.0606 4048 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
12:29:29.0608 4048 amdxata - ok
12:29:29.0705 4048 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
12:29:29.0708 4048 AppID - ok
12:29:29.0873 4048 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:29:29.0876 4048 arc - ok
12:29:29.0972 4048 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:29:29.0975 4048 arcsas - ok
12:29:30.0072 4048 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:30.0074 4048 AsyncMac - ok
12:29:30.0194 4048 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
12:29:30.0196 4048 atapi - ok
12:29:30.0350 4048 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:29:30.0353 4048 AVGIDSDriver - ok
12:29:30.0459 4048 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:29:30.0461 4048 AVGIDSEH - ok
12:29:30.0482 4048 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:29:30.0486 4048 AVGIDSFilter - ok
12:29:30.0531 4048 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
12:29:30.0533 4048 AVGIDSShim - ok
12:29:30.0661 4048 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
12:29:30.0667 4048 Avgldx86 - ok
12:29:30.0768 4048 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
12:29:30.0770 4048 Avgmfx86 - ok
12:29:30.0900 4048 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
12:29:30.0902 4048 Avgrkx86 - ok
12:29:30.0959 4048 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
12:29:30.0965 4048 Avgtdix - ok
12:29:31.0096 4048 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:29:31.0108 4048 b06bdrv - ok
12:29:31.0235 4048 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:29:31.0244 4048 b57nd60x - ok
12:29:31.0376 4048 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:29:31.0378 4048 Beep - ok
12:29:31.0532 4048 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:31.0534 4048 blbdrive - ok
12:29:31.0670 4048 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
12:29:31.0673 4048 bowser - ok
12:29:31.0757 4048 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:29:31.0759 4048 BrFiltLo - ok
12:29:31.0864 4048 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:29:31.0865 4048 BrFiltUp - ok
12:29:32.0002 4048 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:29:32.0005 4048 BridgeMP - ok
12:29:32.0124 4048 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:29:32.0130 4048 Brserid - ok
12:29:32.0241 4048 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:32.0244 4048 BrSerWdm - ok
12:29:32.0332 4048 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:32.0334 4048 BrUsbMdm - ok
12:29:32.0423 4048 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:32.0425 4048 BrUsbSer - ok
12:29:32.0525 4048 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:29:32.0527 4048 BTHMODEM - ok
12:29:32.0658 4048 catchme - ok
12:29:32.0761 4048 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:32.0764 4048 cdfs - ok
12:29:32.0906 4048 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
12:29:32.0908 4048 cdrbsdrv - ok
12:29:33.0012 4048 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
12:29:33.0016 4048 cdrom - ok
12:29:33.0112 4048 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:29:33.0114 4048 circlass - ok
12:29:33.0218 4048 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:29:33.0223 4048 CLFS - ok
12:29:33.0371 4048 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:33.0373 4048 CmBatt - ok
12:29:33.0472 4048 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
12:29:33.0474 4048 cmdide - ok
12:29:33.0587 4048 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
12:29:33.0595 4048 CNG - ok
12:29:33.0707 4048 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:29:33.0708 4048 Compbatt - ok
12:29:33.0819 4048 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:29:33.0825 4048 CompositeBus - ok
12:29:33.0924 4048 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:29:33.0926 4048 crcdisk - ok
12:29:34.0063 4048 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
12:29:34.0066 4048 DfsC - ok
12:29:34.0181 4048 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:29:34.0182 4048 discache - ok
12:29:34.0294 4048 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:29:34.0296 4048 Disk - ok
12:29:34.0419 4048 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:29:34.0420 4048 drmkaud - ok
12:29:34.0546 4048 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:34.0579 4048 DXGKrnl - ok
12:29:34.0774 4048 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:29:34.0878 4048 ebdrv - ok
12:29:35.0025 4048 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
12:29:35.0027 4048 ElbyCDFL - ok
12:29:35.0162 4048 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:29:35.0164 4048 ElbyCDIO - ok
12:29:35.0296 4048 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:29:35.0306 4048 elxstor - ok
12:29:35.0452 4048 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
12:29:35.0454 4048 ErrDev - ok
12:29:35.0598 4048 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:29:35.0602 4048 exfat - ok
12:29:35.0728 4048 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:29:35.0732 4048 fastfat - ok
12:29:35.0847 4048 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:29:35.0849 4048 fdc - ok
12:29:35.0897 4048 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:29:35.0899 4048 FileInfo - ok
12:29:35.0930 4048 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:29:35.0937 4048 Filetrace - ok
12:29:36.0054 4048 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:36.0055 4048 flpydisk - ok
12:29:36.0180 4048 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:29:36.0185 4048 FltMgr - ok
12:29:36.0294 4048 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:29:36.0297 4048 FsDepends - ok
12:29:36.0393 4048 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:36.0394 4048 Fs_Rec - ok
12:29:36.0501 4048 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:36.0505 4048 fvevol - ok
12:29:36.0594 4048 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:29:36.0596 4048 gagp30kx - ok
12:29:36.0713 4048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:29:36.0716 4048 GEARAspiWDM - ok
12:29:36.0887 4048 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:29:36.0889 4048 hcw85cir - ok
12:29:37.0003 4048 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
12:29:37.0012 4048 HdAudAddService - ok
12:29:37.0140 4048 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:29:37.0143 4048 HDAudBus - ok
12:29:37.0252 4048 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
12:29:37.0254 4048 HECI - ok
12:29:37.0354 4048 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:29:37.0356 4048 HidBatt - ok
12:29:37.0449 4048 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:29:37.0452 4048 HidBth - ok
12:29:37.0544 4048 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:29:37.0546 4048 HidIr - ok
12:29:37.0664 4048 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:37.0666 4048 HidUsb - ok
12:29:37.0781 4048 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:29:37.0783 4048 HpSAMD - ok
12:29:37.0925 4048 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
12:29:37.0935 4048 HTTP - ok
12:29:38.0044 4048 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
12:29:38.0045 4048 hwpolicy - ok
12:29:38.0153 4048 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
12:29:38.0157 4048 i8042prt - ok
12:29:38.0276 4048 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys
12:29:38.0283 4048 iaStor - ok
12:29:38.0433 4048 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
12:29:38.0441 4048 iaStorV - ok
12:29:38.0829 4048 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:29:39.0120 4048 igfx - ok
12:29:39.0224 4048 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:29:39.0226 4048 iirsp - ok
12:29:39.0340 4048 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
12:29:39.0344 4048 Impcd - ok
12:29:39.0535 4048 IntcAzAudAddService (e4d9b6d1b012db75a01729bc3d4c5b56) C:\Windows\system32\drivers\RTKVHDA.sys
12:29:39.0619 4048 IntcAzAudAddService - ok
12:29:39.0716 4048 IntcDAud (4ea6b57a3b71fd1a208af054e97fba37) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:29:39.0721 4048 IntcDAud - ok
12:29:39.0769 4048 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
12:29:39.0771 4048 intelide - ok
12:29:39.0885 4048 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:29:39.0887 4048 intelppm - ok
12:29:39.0929 4048 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:39.0932 4048 IpFilterDriver - ok
12:29:40.0036 4048 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:29:40.0038 4048 IPMIDRV - ok
12:29:40.0065 4048 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:29:40.0068 4048 IPNAT - ok
12:29:40.0192 4048 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:29:40.0194 4048 IRENUM - ok
12:29:40.0218 4048 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
12:29:40.0220 4048 isapnp - ok
12:29:40.0277 4048 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
12:29:40.0282 4048 iScsiPrt - ok
12:29:40.0386 4048 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:40.0388 4048 kbdclass - ok
12:29:40.0500 4048 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:40.0502 4048 kbdhid - ok
12:29:40.0636 4048 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
12:29:40.0639 4048 KSecDD - ok
12:29:40.0671 4048 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:40.0676 4048 KSecPkg - ok
12:29:40.0803 4048 L1C (6ef8146358452995a4a9335e44abb015) C:\Windows\system32\DRIVERS\L1C62x86.sys
12:29:40.0806 4048 L1C - ok
12:29:40.0933 4048 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:40.0935 4048 lltdio - ok
12:29:41.0001 4048 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:29:41.0004 4048 LSI_FC - ok
12:29:41.0074 4048 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:29:41.0078 4048 LSI_SAS - ok
12:29:41.0117 4048 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:29:41.0120 4048 LSI_SAS2 - ok
12:29:41.0206 4048 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:29:41.0210 4048 LSI_SCSI - ok
12:29:41.0268 4048 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:29:41.0270 4048 luafv - ok
12:29:41.0374 4048 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:29:41.0377 4048 megasas - ok
12:29:41.0480 4048 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:29:41.0486 4048 MegaSR - ok
12:29:41.0618 4048 mod7700 (5b9ca81817e046666e7abf8b9b101545) C:\Windows\system32\DRIVERS\mod7700.sys
12:29:41.0654 4048 mod7700 - ok
12:29:41.0755 4048 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:29:41.0759 4048 Modem - ok
12:29:41.0798 4048 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:29:41.0801 4048 monitor - ok
12:29:41.0918 4048 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:41.0920 4048 mouclass - ok
12:29:42.0030 4048 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:42.0032 4048 mouhid - ok
12:29:42.0063 4048 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
12:29:42.0066 4048 mountmgr - ok
12:29:42.0106 4048 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
12:29:42.0110 4048 mpio - ok
12:29:42.0186 4048 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:29:42.0188 4048 mpsdrv - ok
12:29:42.0241 4048 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
12:29:42.0245 4048 MRxDAV - ok
12:29:42.0327 4048 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:42.0331 4048 mrxsmb - ok
12:29:42.0381 4048 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:42.0387 4048 mrxsmb10 - ok
12:29:42.0478 4048 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:42.0480 4048 mrxsmb20 - ok
12:29:42.0525 4048 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
12:29:42.0530 4048 msahci - ok
12:29:42.0611 4048 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
12:29:42.0614 4048 msdsm - ok
12:29:42.0664 4048 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:29:42.0666 4048 Msfs - ok
12:29:42.0747 4048 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:42.0749 4048 mshidkmdf - ok
12:29:42.0780 4048 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
12:29:42.0782 4048 msisadrv - ok
12:29:42.0901 4048 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:42.0903 4048 MSKSSRV - ok
12:29:42.0931 4048 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:42.0932 4048 MSPCLOCK - ok
12:29:42.0954 4048 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:29:42.0955 4048 MSPQM - ok
12:29:42.0980 4048 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:29:42.0984 4048 MsRPC - ok
12:29:43.0022 4048 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:29:43.0024 4048 mssmbios - ok
12:29:43.0095 4048 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:29:43.0097 4048 MSTEE - ok
12:29:43.0141 4048 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:29:43.0143 4048 MTConfig - ok
12:29:43.0226 4048 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:29:43.0229 4048 Mup - ok
12:29:43.0334 4048 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:43.0340 4048 NativeWifiP - ok
12:29:43.0448 4048 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
12:29:43.0468 4048 NDIS - ok
12:29:43.0508 4048 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:43.0511 4048 NdisCap - ok
12:29:43.0542 4048 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:43.0546 4048 NdisTapi - ok
12:29:43.0581 4048 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:43.0584 4048 Ndisuio - ok
12:29:43.0606 4048 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:43.0611 4048 NdisWan - ok
12:29:43.0719 4048 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
12:29:43.0721 4048 NDProxy - ok
12:29:43.0746 4048 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:29:43.0748 4048 NetBIOS - ok
12:29:43.0810 4048 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
12:29:43.0815 4048 NetBT - ok
12:29:43.0945 4048 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:29:43.0947 4048 nfrd960 - ok
12:29:44.0008 4048 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:29:44.0012 4048 Npfs - ok
12:29:44.0076 4048 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:29:44.0076 4048 nsiproxy - ok
12:29:44.0134 4048 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
12:29:44.0183 4048 Ntfs - ok
12:29:44.0260 4048 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:29:44.0262 4048 Null - ok
12:29:44.0296 4048 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
12:29:44.0299 4048 nvraid - ok
12:29:44.0348 4048 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
12:29:44.0351 4048 nvstor - ok
12:29:44.0389 4048 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
12:29:44.0393 4048 nv_agp - ok
12:29:44.0494 4048 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
12:29:44.0496 4048 ohci1394 - ok
12:29:44.0629 4048 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:29:44.0632 4048 Parport - ok
12:29:44.0688 4048 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
12:29:44.0691 4048 partmgr - ok
12:29:44.0743 4048 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:29:44.0745 4048 Parvdm - ok
12:29:44.0801 4048 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
12:29:44.0805 4048 pci - ok
12:29:44.0904 4048 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
12:29:44.0906 4048 pciide - ok
12:29:44.0950 4048 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:44.0955 4048 pcmcia - ok
12:29:45.0044 4048 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:29:45.0046 4048 pcw - ok
12:29:45.0093 4048 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:29:45.0105 4048 PEAUTH - ok
12:29:45.0288 4048 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:45.0290 4048 PptpMiniport - ok
12:29:45.0322 4048 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:29:45.0326 4048 Processor - ok
12:29:45.0410 4048 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:29:45.0412 4048 Psched - ok
12:29:45.0493 4048 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:29:45.0553 4048 ql2300 - ok
12:29:45.0643 4048 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:29:45.0647 4048 ql40xx - ok
12:29:45.0676 4048 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:29:45.0678 4048 QWAVEdrv - ok
12:29:45.0752 4048 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:45.0754 4048 RasAcd - ok
12:29:45.0810 4048 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:45.0812 4048 RasAgileVpn - ok
12:29:45.0903 4048 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:45.0906 4048 Rasl2tp - ok
12:29:46.0014 4048 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:46.0017 4048 RasPppoe - ok
12:29:46.0045 4048 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:46.0048 4048 RasSstp - ok
12:29:46.0118 4048 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:46.0125 4048 rdbss - ok
12:29:46.0160 4048 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:29:46.0162 4048 rdpbus - ok
12:29:46.0234 4048 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:46.0235 4048 RDPCDD - ok
12:29:46.0327 4048 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:29:46.0328 4048 RDPENCDD - ok
12:29:46.0357 4048 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:29:46.0358 4048 RDPREFMP - ok
12:29:46.0385 4048 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
12:29:46.0390 4048 RDPWD - ok
12:29:46.0485 4048 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
12:29:46.0489 4048 rdyboost - ok
12:29:46.0544 4048 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:46.0546 4048 rspndr - ok
12:29:46.0612 4048 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\system32\Drivers\RtsUStor.sys
12:29:46.0615 4048 RSUSBSTOR - ok
12:29:46.0751 4048 rtl8192se (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys
12:29:46.0786 4048 rtl8192se - ok
12:29:46.0868 4048 RtsUIR - ok
12:29:46.0924 4048 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
12:29:46.0928 4048 sbp2port - ok
12:29:47.0020 4048 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
12:29:47.0022 4048 scfilter - ok
12:29:47.0067 4048 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:29:47.0069 4048 secdrv - ok
12:29:47.0193 4048 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:29:47.0194 4048 Serenum - ok
12:29:47.0240 4048 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:29:47.0245 4048 Serial - ok
12:29:47.0367 4048 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:29:47.0369 4048 sermouse - ok
12:29:47.0433 4048 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
12:29:47.0435 4048 sffdisk - ok
12:29:47.0459 4048 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:29:47.0461 4048 sffp_mmc - ok
12:29:47.0482 4048 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:29:47.0484 4048 sffp_sd - ok
12:29:47.0516 4048 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:29:47.0517 4048 sfloppy - ok
12:29:47.0589 4048 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
12:29:47.0592 4048 sisagp - ok
12:29:47.0718 4048 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:29:47.0721 4048 SiSRaid2 - ok
12:29:47.0758 4048 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:29:47.0761 4048 SiSRaid4 - ok
12:29:47.0839 4048 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:29:47.0845 4048 Smb - ok
12:29:47.0909 4048 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:29:47.0911 4048 spldr - ok
12:29:47.0984 4048 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
12:29:47.0992 4048 srv - ok
12:29:48.0022 4048 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
12:29:48.0029 4048 srv2 - ok
12:29:48.0073 4048 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:48.0076 4048 srvnet - ok
12:29:48.0119 4048 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:29:48.0121 4048 stexstor - ok
12:29:48.0239 4048 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
12:29:48.0246 4048 StkAMini - ok
12:29:48.0268 4048 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
12:29:48.0270 4048 StkScan - ok
12:29:48.0310 4048 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:29:48.0312 4048 swenum - ok
12:29:48.0413 4048 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
12:29:48.0419 4048 SynTP - ok
12:29:48.0507 4048 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
12:29:48.0544 4048 Tcpip - ok
12:29:48.0696 4048 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:48.0715 4048 TCPIP6 - ok
12:29:48.0765 4048 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
12:29:48.0767 4048 tcpipreg - ok
12:29:48.0797 4048 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
12:29:48.0799 4048 TDPIPE - ok
12:29:48.0819 4048 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
12:29:48.0820 4048 TDTCP - ok
12:29:48.0855 4048 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
12:29:48.0859 4048 tdx - ok
12:29:48.0883 4048 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
12:29:48.0885 4048 TermDD - ok
12:29:48.0959 4048 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:48.0961 4048 tssecsrv - ok
12:29:49.0001 4048 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:49.0005 4048 tunnel - ok
12:29:49.0042 4048 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:29:49.0045 4048 uagp35 - ok
12:29:49.0071 4048 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
12:29:49.0079 4048 udfs - ok
12:29:49.0161 4048 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:29:49.0163 4048 uliagpkx - ok
12:29:49.0200 4048 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
12:29:49.0202 4048 umbus - ok
12:29:49.0229 4048 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:29:49.0231 4048 UmPass - ok
12:29:49.0350 4048 USB28xxBGA (77d44027baf0b6a23a0c7763de377139) C:\Windows\system32\DRIVERS\emBDA.sys
12:29:49.0362 4048 USB28xxBGA - ok
12:29:49.0383 4048 USB28xxOEM (fd542789c738719af050b525ee42a04f) C:\Windows\system32\DRIVERS\emOEM.sys
12:29:49.0386 4048 USB28xxOEM - ok
12:29:49.0427 4048 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
12:29:49.0429 4048 USBAAPL - ok
12:29:49.0537 4048 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
12:29:49.0539 4048 usbaudio - ok
12:29:49.0574 4048 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:49.0577 4048 usbccgp - ok
12:29:49.0645 4048 USBCCID - ok
12:29:49.0688 4048 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:29:49.0692 4048 usbcir - ok
12:29:49.0781 4048 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:49.0783 4048 usbehci - ok
12:29:49.0811 4048 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:49.0816 4048 usbhub - ok
12:29:49.0857 4048 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
12:29:49.0859 4048 usbohci - ok
12:29:49.0948 4048 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:49.0950 4048 usbprint - ok
12:29:49.0988 4048 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:49.0990 4048 USBSTOR - ok
12:29:50.0098 4048 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:50.0100 4048 usbuhci - ok
12:29:50.0132 4048 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
12:29:50.0136 4048 usbvideo - ok
12:29:50.0231 4048 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:29:50.0233 4048 vdrvroot - ok
12:29:50.0278 4048 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:50.0280 4048 vga - ok
12:29:50.0317 4048 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:29:50.0319 4048 VgaSave - ok
12:29:50.0382 4048 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
12:29:50.0387 4048 vhdmp - ok
12:29:50.0493 4048 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
12:29:50.0496 4048 viaagp - ok
12:29:50.0529 4048 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:29:50.0532 4048 ViaC7 - ok
12:29:50.0594 4048 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
12:29:50.0596 4048 viaide - ok
12:29:50.0634 4048 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
12:29:50.0636 4048 volmgr - ok
12:29:50.0727 4048 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:29:50.0733 4048 volmgrx - ok
12:29:50.0823 4048 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
12:29:50.0831 4048 volsnap - ok
12:29:50.0950 4048 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:29:50.0953 4048 vsmraid - ok
12:29:51.0009 4048 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:29:51.0011 4048 vwifibus - ok
12:29:51.0062 4048 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:29:51.0065 4048 vwififlt - ok
12:29:51.0130 4048 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:29:51.0132 4048 WacomPen - ok
12:29:51.0250 4048 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:51.0252 4048 WANARP - ok
12:29:51.0258 4048 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:51.0260 4048 Wanarpv6 - ok
12:29:51.0393 4048 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:29:51.0395 4048 Wd - ok
12:29:51.0455 4048 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:29:51.0475 4048 Wdf01000 - ok
12:29:51.0630 4048 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:29:51.0633 4048 WfpLwf - ok
12:29:51.0663 4048 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:29:51.0665 4048 WIMMount - ok
12:29:51.0900 4048 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
12:29:51.0902 4048 WinUsb - ok
12:29:52.0080 4048 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:29:52.0082 4048 WmiAcpi - ok
12:29:52.0153 4048 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:52.0155 4048 ws2ifsl - ok
12:29:52.0226 4048 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:29:52.0232 4048 WudfPf - ok
12:29:52.0286 4048 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:52.0291 4048 WUDFRd - ok
12:29:52.0437 4048 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
12:29:52.0439 4048 X10Hid - ok
12:29:52.0581 4048 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
12:29:52.0583 4048 XUIF - ok
12:29:52.0676 4048 MBR (0x1B8) (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
12:29:58.0374 4048 \Device\Harddisk0\DR0 - ok
12:29:58.0410 4048 Boot (0x1200) (ab619d2e2aa6bc921b82770211a95e86) \Device\Harddisk0\DR0\Partition0
12:29:58.0412 4048 \Device\Harddisk0\DR0\Partition0 - ok
12:29:58.0422 4048 Boot (0x1200) (89f423c06ed32677a3cdce6494c59eae) \Device\Harddisk0\DR0\Partition1
12:29:58.0424 4048 \Device\Harddisk0\DR0\Partition1 - ok
12:29:58.0455 4048 Boot (0x1200) (2eb60054ba356707513c1f0c4e16b237) \Device\Harddisk0\DR0\Partition2
12:29:58.0457 4048 \Device\Harddisk0\DR0\Partition2 - ok
12:29:58.0457 4048 ============================================================
12:29:58.0457 4048 Scan finished
12:29:58.0457 4048 ============================================================
12:29:58.0472 3584 Detected object count: 0
12:29:58.0472 3584 Actual detected object count: 0
12:31:03.0482 2944 Deinitialize success








Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-LAPTOP [administrator]

29/02/2012 12:59:12 PM
mbam-log-2012-02-29 (12-59-12).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372969
Time elapsed: 1 hour(s), 57 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 29 February 2012 - 11:37 AM

Please do this next:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 01 March 2012 - 04:21 AM

There was no Java SE 6 update 30 on the page that you linked me to but there was update 31 in it's place so I used that instead.

Also, I use Firefox so I think the ESET Scanner runs a little different with Firefox than with Internet Explorer as there was no prompt to install any ActiveX control, instead I was prompted to download an installer file, which I did, and then I ran it from my desktop and completed the scan that way. There was no option to "scan for unwanted applications" as you wrote in green below, however there three options under Advanced Settings were present so I ticked those as requested.

The scan came back with no threats found and there was no option to generate a log. There were four files quarantined though.

My computer is seems to be running fine, nothing unusual to report.

Thanks again,
Bane

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 01 March 2012 - 09:43 PM

Sounds like all is well. All I have left for you is anohter update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
  • TDSSKiller
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 03 March 2012 - 06:17 AM

All done. I'd just like to thank you once again for your help and tell you how much I appreciate the efforts of yourself and others like you on this forum.

Sincerely,
Bane

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 04 March 2012 - 02:04 PM

You're welcome, Bane. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 05 March 2012 - 10:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users