Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit problem


  • This topic is locked This topic is locked
39 replies to this topic

#1 wharrrrrgarbl

wharrrrrgarbl

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 22 March 2012 - 05:12 AM

I posted a thread here:
http://www.bleepingcomputer.com/forums/topic447150.html

This explained the problems I'm having at the moment. That's about all the information I can give at this point. Every time I try and get a DDS log it gets about halfway through and then my computer freezes. The same happens when I try and get a gmer log. I've managed to get about 1/4 of the way through a gmer log, so I'll attach what I have of it. I'm really desperate for some help here as I'm at risk of losing years of hard work, and really can't afford to. I'm also on holiday at the moment, wanting to enjoy myself, but the fear of losing all my work has completely ruined any possibility of enjoying my trip. I'd be incredibly grateful for some speedy help, and will happily pay.


EDIT:

I have now run rkill, and it's given me the following:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/03/2012 at 20:49:51.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWow64\rundll32.exe
C:\Windows\SysWOW64\grpconv.exe




EDIT: NOW HAVE LOGS


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Ciaran at 2:10:15 on 2012-03-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.2668 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\fsproflt.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
uRun: [LG LinkAir]
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{08389208-A48A-4B87-BA43-54BE9279A8C0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4193AC87-EAC2-41AA-B3BF-C2308470EDDB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4193AC87-EAC2-41AA-B3BF-C2308470EDDB}\244524573796E6563737845726D2132363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4193AC87-EAC2-41AA-B3BF-C2308470EDDB}\244524573796E6563737845726D2736333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4193AC87-EAC2-41AA-B3BF-C2308470EDDB}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4193AC87-EAC2-41AA-B3BF-C2308470EDDB}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4193AC87-EAC2-41AA-B3BF-C2308470EDDB}\C496675626F687D216164603 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4193AC87-EAC2-41AA-B3BF-C2308470EDDB}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO-X64: Freecorder - No File
BHO-X64: HistoryTriggerBHO Class: {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
BHO-X64: LinkAirBrowserHelper HistoryTriggerBHO - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ciaran\AppData\Roaming\Mozilla\Firefox\Profiles\r98y41wh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 fsproflt;FSPro Filter Service;C:\Windows\SysWOW64\fsproflt.exe [2012-2-25 142648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-19 652360]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\system32\DRIVERS\lgbtpt64.sys --> C:\Windows\system32\DRIVERS\lgbtpt64.sys [?]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\system32\DRIVERS\lgbtbs64.sys --> C:\Windows\system32\DRIVERS\lgbtbs64.sys [?]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\system32\DRIVERS\lgvmdm64.sys --> C:\Windows\system32\DRIVERS\lgvmdm64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\7C32.tmp --> C:\Windows\system32\7C32.tmp [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\Razerlow.sys --> C:\Windows\system32\drivers\Razerlow.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-23 01:57:59 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\SUPERAntiSpyware.com
2012-03-23 01:57:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-23 01:57:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-23 00:55:58 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-23 00:41:51 6144 ------w- C:\Windows\System32\7C32.tmp
2012-03-23 00:40:13 6144 ------w- C:\Windows\System32\FC58.tmp
2012-03-22 13:13:58 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-21 11:27:12 74824 ----a-w- C:\Windows\System32\drivers\TfSysMon.sys
2012-03-21 11:27:12 65072 ----a-w- C:\Windows\System32\drivers\TfFsMon.sys
2012-03-21 11:27:12 41888 ----a-w- C:\Windows\System32\drivers\TfNetMon.sys
2012-03-21 11:27:10 -------- d-----w- C:\ProgramData\PC Tools
2012-03-21 11:27:10 -------- d-----w- C:\Program Files (x86)\ThreatFire
2012-03-20 22:35:15 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2012-03-20 21:45:21 6144 ------w- C:\Windows\System32\A563.tmp
2012-03-20 21:45:21 -------- d-----w- C:\Program Files\CCleaner
2012-03-20 21:43:50 6144 ------w- C:\Windows\System32\3ED3.tmp
2012-03-20 21:43:42 -------- d-----w- C:\Program Files (x86)\Sophos
2012-03-19 15:29:39 709968 ----a-w- C:\Windows\isRS-000.tmp
2012-03-18 12:43:01 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 12:43:01 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 17:10:19 -------- d-----w- C:\Windows\pss
2012-03-16 03:01:15 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-16 03:01:14 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-16 03:01:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 10:16:17 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 10:16:16 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-14 10:16:16 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 10:16:15 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-14 10:16:15 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 10:16:15 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 10:16:15 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 10:16:14 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-14 10:16:14 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 10:16:14 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-14 10:16:14 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 10:15:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 10:15:39 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 10:15:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 10:15:37 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 10:15:37 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 10:15:37 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 10:15:37 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-03 05:11:21 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\FastStone
2012-03-03 05:11:21 -------- d-----w- C:\Users\Ciaran\AppData\Local\FastStone
2012-03-03 05:11:14 -------- d-----w- C:\Program Files (x86)\FastStone Capture
2012-02-25 22:37:20 142648 ----a-w- C:\Windows\SysWow64\fsproflt.exe
2012-02-25 22:37:19 55440 ----a-w- C:\Windows\System32\drivers\FSPFltd.sys
2012-02-25 22:37:19 -------- d-----w- C:\Program Files\My Lockbox
2012-02-25 22:31:50 -------- d-----w- C:\Users\Ciaran\1
2012-02-25 20:19:26 -------- d-----w- C:\Program Files (x86)\Conduit
2012-02-25 20:19:21 -------- d-----w- C:\Users\Ciaran\AppData\Local\Conduit
2012-02-25 20:19:02 -------- d-----w- C:\Users\Ciaran\AppData\Local\FLVService
2012-02-25 20:18:38 -------- d-----w- C:\Program Files (x86)\Freecorder
.
==================== Find3M ====================
.
2012-01-11 22:19:26 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-01-11 22:19:26 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-01-11 22:19:26 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-01-11 22:19:26 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 2:15:24.97 ===============

Attached Files


Edited by wharrrrrgarbl, 22 March 2012 - 09:20 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 23 March 2012 - 12:11 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 March 2012 - 05:35 AM

Hi Gringo, thanks for taking the time to get back to me.

As I've described in my other post, combofix won't work, it gets halfway through the installation and then crashes. I'll try it again, but I'm sure it won't. Aditionally, as of this morning, threatfire won't load on startup (and last time my spyware software wouldn't load - and MBAM takes about 5 times as long to start up). Also, RKILL seems to have been blocked by this rootkit too, because when I've tried to use that, my computer's frozen and I've had to restart. This rootkit seems to be disabling more and more stuff as it goes.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 23 March 2012 - 10:33 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 March 2012 - 06:04 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 22:41:40
-----------------------------
22:41:40.873 OS Version: Windows x64 6.1.7600
22:41:40.873 Number of processors: 4 586 0x2505
22:41:40.873 ComputerName: CIARAN-PC UserName: Ciaran
22:41:43.931 Initialize success
22:43:27.346 AVAST engine defs: 12032302
22:43:44.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:43:44.132 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
22:43:44.178 Disk 0 MBR read successfully
22:43:44.194 Disk 0 MBR scan
22:43:44.194 Disk 0 unknown MBR code
22:43:44.210 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
22:43:44.256 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
22:43:44.288 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 183296 MB offset 42149888
22:43:44.303 Disk 0 Partition - 00 0F Extended LBA 273062 MB offset 417540096
22:43:44.366 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 273061 MB offset 417542144
22:43:44.412 Disk 0 scanning C:\Windows\system32\drivers
22:44:05.239 Service scanning
22:44:52.555 Modules scanning
22:44:53.086 Disk 0 trace - called modules:
22:44:53.195 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:44:53.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004437060]
22:44:53.226 3 CLASSPNP.SYS[fffff880018eb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800432d050]
22:44:54.365 AVAST engine scan C:\Windows
22:44:59.139 AVAST engine scan C:\Windows\system32
22:49:53.559 AVAST engine scan C:\Windows\system32\drivers
22:50:09.505 AVAST engine scan C:\Users\Ciaran
22:50:10.553 File: C:\Users\Ciaran\AppData\Local\Citrix\GoToAssist\GoToAssist_phone_application_570_en.exe **INFECTED** Win32:Malware-gen
22:58:37.525 AVAST engine scan C:\ProgramData
23:00:19.003 Scan finished successfully
23:02:50.355 Disk 0 MBR has been saved successfully to "C:\Users\Ciaran\Documents\MBR.dat"
23:02:50.355 The log file has been saved successfully to "C:\Users\Ciaran\Documents\aswMBR.txt"




Will post the TDSS logs when it's finished

#6 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 March 2012 - 06:06 PM

23:04:51.0746 4900 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
23:04:52.0120 4900 ============================================================
23:04:52.0120 4900 Current date / time: 2012/03/23 23:04:52.0120
23:04:52.0120 4900 SystemInfo:
23:04:52.0120 4900
23:04:52.0120 4900 OS Version: 6.1.7600 ServicePack: 0.0
23:04:52.0120 4900 Product type: Workstation
23:04:52.0120 4900 ComputerName: CIARAN-PC
23:04:52.0120 4900 UserName: Ciaran
23:04:52.0120 4900 Windows directory: C:\Windows
23:04:52.0120 4900 System windows directory: C:\Windows
23:04:52.0120 4900 Running under WOW64
23:04:52.0120 4900 Processor architecture: Intel x64
23:04:52.0120 4900 Number of processors: 4
23:04:52.0120 4900 Page size: 0x1000
23:04:52.0120 4900 Boot type: Normal boot
23:04:52.0120 4900 ============================================================
23:04:52.0947 4900 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:04:52.0962 4900 \Device\Harddisk0\DR0:
23:04:52.0962 4900 MBR used
23:04:52.0962 4900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
23:04:52.0962 4900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
23:04:52.0978 4900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
23:04:53.0056 4900 Initialize success
23:04:53.0056 4900 ============================================================
23:04:55.0755 1388 ============================================================
23:04:55.0755 1388 Scan started
23:04:55.0755 1388 Mode: Manual;
23:04:55.0755 1388 ============================================================
23:04:56.0504 1388 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:04:56.0504 1388 !SASCORE - ok
23:04:56.0644 1388 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:04:56.0644 1388 1394ohci - ok
23:04:56.0722 1388 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:04:56.0722 1388 ACPI - ok
23:04:56.0769 1388 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:04:56.0769 1388 AcpiPmi - ok
23:04:56.0894 1388 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:04:56.0894 1388 adp94xx - ok
23:04:57.0003 1388 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:04:57.0019 1388 adpahci - ok
23:04:57.0128 1388 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:04:57.0128 1388 adpu320 - ok
23:04:57.0190 1388 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:04:57.0190 1388 AeLookupSvc - ok
23:04:57.0315 1388 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:04:57.0331 1388 AFD - ok
23:04:57.0424 1388 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:04:57.0424 1388 agp440 - ok
23:04:57.0533 1388 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:04:57.0533 1388 ALG - ok
23:04:57.0627 1388 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:04:57.0627 1388 aliide - ok
23:04:57.0689 1388 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:04:57.0705 1388 amdide - ok
23:04:57.0736 1388 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:04:57.0736 1388 AmdK8 - ok
23:04:57.0799 1388 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:04:57.0799 1388 AmdPPM - ok
23:04:57.0908 1388 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:04:57.0908 1388 amdsata - ok
23:04:57.0955 1388 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:04:57.0955 1388 amdsbs - ok
23:04:58.0064 1388 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:04:58.0064 1388 amdxata - ok
23:04:58.0189 1388 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:04:58.0189 1388 AppID - ok
23:04:58.0267 1388 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:04:58.0267 1388 AppIDSvc - ok
23:04:58.0329 1388 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:04:58.0329 1388 Appinfo - ok
23:04:58.0438 1388 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:04:58.0438 1388 Apple Mobile Device - ok
23:04:58.0563 1388 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:04:58.0563 1388 arc - ok
23:04:58.0844 1388 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:04:58.0844 1388 arcsas - ok
23:04:58.0953 1388 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:58.0969 1388 AsyncMac - ok
23:04:59.0062 1388 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:04:59.0062 1388 atapi - ok
23:04:59.0203 1388 athr (2c0bb386e86670bb1b1a57caaef3e50d) C:\Windows\system32\DRIVERS\athrx.sys
23:04:59.0218 1388 athr - ok
23:04:59.0312 1388 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:04:59.0327 1388 AudioEndpointBuilder - ok
23:04:59.0343 1388 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:04:59.0343 1388 AudioSrv - ok
23:04:59.0515 1388 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
23:04:59.0624 1388 AVGIDSAgent - ok
23:04:59.0717 1388 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:04:59.0733 1388 AVGIDSDriver - ok
23:04:59.0827 1388 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:04:59.0827 1388 AVGIDSEH - ok
23:04:59.0920 1388 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:04:59.0920 1388 AVGIDSFilter - ok
23:04:59.0951 1388 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
23:04:59.0951 1388 Avgldx64 - ok
23:05:00.0045 1388 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:05:00.0045 1388 Avgmfx64 - ok
23:05:00.0154 1388 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:05:00.0154 1388 Avgrkx64 - ok
23:05:00.0201 1388 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
23:05:00.0201 1388 Avgtdia - ok
23:05:00.0279 1388 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:05:00.0279 1388 avgwd - ok
23:05:00.0357 1388 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:05:00.0357 1388 AxInstSV - ok
23:05:00.0451 1388 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:05:00.0451 1388 b06bdrv - ok
23:05:00.0575 1388 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:05:00.0575 1388 b57nd60a - ok
23:05:00.0669 1388 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:05:00.0685 1388 BDESVC - ok
23:05:00.0731 1388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:05:00.0731 1388 Beep - ok
23:05:00.0841 1388 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:05:00.0856 1388 BFE - ok
23:05:00.0950 1388 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
23:05:00.0965 1388 BITS - ok
23:05:01.0059 1388 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:05:01.0059 1388 blbdrive - ok
23:05:01.0153 1388 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:05:01.0153 1388 Bonjour Service - ok
23:05:01.0246 1388 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:05:01.0262 1388 bowser - ok
23:05:01.0293 1388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:05:01.0293 1388 BrFiltLo - ok
23:05:01.0402 1388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:05:01.0402 1388 BrFiltUp - ok
23:05:01.0511 1388 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:05:01.0511 1388 Browser - ok
23:05:01.0589 1388 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:05:01.0589 1388 Brserid - ok
23:05:01.0699 1388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:05:01.0699 1388 BrSerWdm - ok
23:05:01.0808 1388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:05:01.0808 1388 BrUsbMdm - ok
23:05:01.0917 1388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:05:01.0917 1388 BrUsbSer - ok
23:05:02.0042 1388 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:05:02.0042 1388 BthEnum - ok
23:05:02.0151 1388 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:05:02.0151 1388 BTHMODEM - ok
23:05:02.0213 1388 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:05:02.0213 1388 BthPan - ok
23:05:02.0307 1388 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
23:05:02.0323 1388 BTHPORT - ok
23:05:02.0416 1388 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:05:02.0416 1388 bthserv - ok
23:05:02.0463 1388 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
23:05:02.0463 1388 BTHUSB - ok
23:05:02.0510 1388 catchme - ok
23:05:02.0619 1388 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:05:02.0619 1388 cdfs - ok
23:05:02.0713 1388 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:05:02.0728 1388 cdrom - ok
23:05:02.0791 1388 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:05:02.0791 1388 CertPropSvc - ok
23:05:02.0869 1388 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:05:02.0869 1388 circlass - ok
23:05:02.0931 1388 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:05:02.0931 1388 CLFS - ok
23:05:03.0009 1388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:05:03.0009 1388 clr_optimization_v2.0.50727_32 - ok
23:05:03.0071 1388 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:05:03.0071 1388 clr_optimization_v2.0.50727_64 - ok
23:05:03.0165 1388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:05:03.0165 1388 clr_optimization_v4.0.30319_32 - ok
23:05:03.0227 1388 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:05:03.0227 1388 clr_optimization_v4.0.30319_64 - ok
23:05:03.0305 1388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:05:03.0305 1388 CmBatt - ok
23:05:03.0352 1388 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:05:03.0352 1388 cmdide - ok
23:05:03.0430 1388 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:05:03.0430 1388 CNG - ok
23:05:03.0555 1388 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:05:03.0555 1388 Compbatt - ok
23:05:03.0602 1388 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:05:03.0602 1388 CompositeBus - ok
23:05:03.0664 1388 COMSysApp - ok
23:05:03.0758 1388 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:05:03.0773 1388 crcdisk - ok
23:05:03.0836 1388 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
23:05:03.0836 1388 CryptSvc - ok
23:05:03.0945 1388 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:05:03.0945 1388 cvhsvc - ok
23:05:04.0054 1388 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:05:04.0070 1388 DcomLaunch - ok
23:05:04.0148 1388 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:05:04.0148 1388 defragsvc - ok
23:05:04.0210 1388 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:05:04.0210 1388 DfsC - ok
23:05:04.0304 1388 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:05:04.0304 1388 Dhcp - ok
23:05:04.0382 1388 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:05:04.0382 1388 discache - ok
23:05:04.0475 1388 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:05:04.0475 1388 Disk - ok
23:05:04.0538 1388 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:05:04.0538 1388 Dnscache - ok
23:05:04.0600 1388 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:05:04.0600 1388 dot3svc - ok
23:05:04.0647 1388 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:05:04.0647 1388 DPS - ok
23:05:04.0709 1388 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:05:04.0709 1388 drmkaud - ok
23:05:04.0819 1388 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:05:04.0834 1388 dtsoftbus01 - ok
23:05:04.0881 1388 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
23:05:04.0897 1388 DXGKrnl - ok
23:05:04.0959 1388 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:05:04.0959 1388 EapHost - ok
23:05:05.0099 1388 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:05:05.0193 1388 ebdrv - ok
23:05:05.0271 1388 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:05:05.0287 1388 EFS - ok
23:05:05.0333 1388 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:05:05.0349 1388 ehRecvr - ok
23:05:05.0396 1388 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:05:05.0396 1388 ehSched - ok
23:05:05.0521 1388 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:05:05.0521 1388 elxstor - ok
23:05:05.0614 1388 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:05:05.0614 1388 ErrDev - ok
23:05:05.0723 1388 ETD (438021c3f32f30e227d0f5dfd118b7b1) C:\Windows\system32\DRIVERS\ETD.sys
23:05:05.0739 1388 ETD - ok
23:05:05.0770 1388 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:05:05.0786 1388 EventSystem - ok
23:05:05.0879 1388 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:05:05.0879 1388 exfat - ok
23:05:05.0911 1388 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:05:05.0911 1388 fastfat - ok
23:05:06.0004 1388 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:05:06.0020 1388 Fax - ok
23:05:06.0129 1388 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:05:06.0129 1388 fdc - ok
23:05:06.0191 1388 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:05:06.0191 1388 fdPHost - ok
23:05:06.0223 1388 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:05:06.0223 1388 FDResPub - ok
23:05:06.0269 1388 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:05:06.0269 1388 FileInfo - ok
23:05:06.0316 1388 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:05:06.0316 1388 Filetrace - ok
23:05:06.0394 1388 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:05:06.0394 1388 flpydisk - ok
23:05:06.0441 1388 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:05:06.0457 1388 FltMgr - ok
23:05:06.0519 1388 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
23:05:06.0535 1388 FontCache - ok
23:05:06.0628 1388 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:05:06.0628 1388 FontCache3.0.0.0 - ok
23:05:06.0706 1388 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:05:06.0706 1388 FsDepends - ok
23:05:06.0815 1388 FSProFilter (bce299c96e94670680b72b1d4476eaa8) C:\Windows\system32\Drivers\FSPFltd.sys
23:05:06.0815 1388 FSProFilter - ok
23:05:06.0909 1388 fsproflt (b6911cb6436139af4b65f0c26c0f69ad) C:\Windows\SysWOW64\fsproflt.exe
23:05:06.0925 1388 fsproflt - ok
23:05:06.0987 1388 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\Windows\system32\DRIVERS\fssfltr.sys
23:05:06.0987 1388 fssfltr - ok
23:05:07.0065 1388 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:05:07.0065 1388 fsssvc - ok
23:05:07.0159 1388 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:05:07.0159 1388 Fs_Rec - ok
23:05:07.0221 1388 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:05:07.0221 1388 fvevol - ok
23:05:07.0283 1388 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:05:07.0283 1388 gagp30kx - ok
23:05:07.0393 1388 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:05:07.0393 1388 GEARAspiWDM - ok
23:05:07.0455 1388 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:05:07.0455 1388 gpsvc - ok
23:05:07.0564 1388 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:05:07.0564 1388 hcw85cir - ok
23:05:07.0627 1388 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:05:07.0642 1388 HdAudAddService - ok
23:05:07.0705 1388 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:05:07.0705 1388 HDAudBus - ok
23:05:07.0751 1388 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:05:07.0751 1388 HidBatt - ok
23:05:07.0829 1388 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:05:07.0829 1388 HidBth - ok
23:05:07.0892 1388 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:05:07.0892 1388 HidIr - ok
23:05:07.0923 1388 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:05:07.0939 1388 hidserv - ok
23:05:08.0032 1388 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:05:08.0032 1388 HidUsb - ok
23:05:08.0079 1388 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:05:08.0095 1388 hkmsvc - ok
23:05:08.0157 1388 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:05:08.0157 1388 HomeGroupListener - ok
23:05:08.0188 1388 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:05:08.0188 1388 HomeGroupProvider - ok
23:05:08.0251 1388 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:05:08.0251 1388 HpSAMD - ok
23:05:08.0360 1388 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:05:08.0375 1388 HTTP - ok
23:05:08.0469 1388 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:05:08.0469 1388 hwpolicy - ok
23:05:08.0578 1388 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:05:08.0594 1388 i8042prt - ok
23:05:08.0719 1388 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\Windows\system32\DRIVERS\iaStor.sys
23:05:08.0719 1388 iaStor - ok
23:05:08.0828 1388 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:05:08.0828 1388 iaStorV - ok
23:05:08.0921 1388 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:05:08.0937 1388 IDriverT - ok
23:05:09.0031 1388 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:05:09.0046 1388 idsvc - ok
23:05:09.0374 1388 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:05:09.0608 1388 igfx - ok
23:05:09.0701 1388 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:05:09.0701 1388 iirsp - ok
23:05:09.0764 1388 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:05:09.0779 1388 IKEEXT - ok
23:05:09.0889 1388 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:05:09.0889 1388 Impcd - ok
23:05:10.0045 1388 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
23:05:10.0076 1388 IntcAzAudAddService - ok
23:05:10.0201 1388 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:05:10.0216 1388 IntcDAud - ok
23:05:10.0279 1388 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:05:10.0279 1388 intelide - ok
23:05:10.0325 1388 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:05:10.0325 1388 intelppm - ok
23:05:10.0388 1388 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:05:10.0388 1388 IPBusEnum - ok
23:05:10.0466 1388 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:05:10.0466 1388 IpFilterDriver - ok
23:05:10.0528 1388 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:05:10.0528 1388 iphlpsvc - ok
23:05:10.0591 1388 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:05:10.0591 1388 IPMIDRV - ok
23:05:10.0653 1388 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:05:10.0653 1388 IPNAT - ok
23:05:10.0731 1388 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:05:10.0731 1388 iPod Service - ok
23:05:10.0840 1388 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:05:10.0840 1388 IRENUM - ok
23:05:10.0887 1388 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:05:10.0887 1388 isapnp - ok
23:05:10.0981 1388 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:05:10.0981 1388 iScsiPrt - ok
23:05:11.0043 1388 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:05:11.0043 1388 kbdclass - ok
23:05:11.0152 1388 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:05:11.0152 1388 kbdhid - ok
23:05:11.0183 1388 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:05:11.0183 1388 KeyIso - ok
23:05:11.0277 1388 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:05:11.0277 1388 KSecDD - ok
23:05:11.0293 1388 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:05:11.0308 1388 KSecPkg - ok
23:05:11.0386 1388 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:05:11.0386 1388 ksthunk - ok
23:05:11.0433 1388 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:05:11.0449 1388 KtmRm - ok
23:05:11.0527 1388 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
23:05:11.0542 1388 LanmanServer - ok
23:05:11.0558 1388 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:05:11.0573 1388 LanmanWorkstation - ok
23:05:11.0683 1388 LgBttPort (174803f2eea3b22165dfe0e5a1f20685) C:\Windows\system32\DRIVERS\lgbtpt64.sys
23:05:11.0683 1388 LgBttPort - ok
23:05:11.0776 1388 lgbusenum (565f93bb7c0361e61b3daea670c354d6) C:\Windows\system32\DRIVERS\lgbtbs64.sys
23:05:11.0776 1388 lgbusenum - ok
23:05:11.0807 1388 LGVMODEM (abf477857b7ced873362ec92c6ce10a7) C:\Windows\system32\DRIVERS\lgvmdm64.sys
23:05:11.0807 1388 LGVMODEM - ok
23:05:11.0932 1388 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:05:11.0932 1388 lltdio - ok
23:05:11.0979 1388 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:05:11.0979 1388 lltdsvc - ok
23:05:12.0057 1388 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:05:12.0057 1388 lmhosts - ok
23:05:12.0119 1388 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:05:12.0135 1388 LSI_FC - ok
23:05:12.0229 1388 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:05:12.0229 1388 LSI_SAS - ok
23:05:12.0260 1388 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:05:12.0260 1388 LSI_SAS2 - ok
23:05:12.0353 1388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:05:12.0353 1388 LSI_SCSI - ok
23:05:12.0369 1388 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:05:12.0369 1388 luafv - ok
23:05:12.0494 1388 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:05:12.0494 1388 MBAMProtector - ok
23:05:12.0587 1388 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:05:12.0587 1388 MBAMService - ok
23:05:12.0681 1388 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:05:12.0681 1388 Mcx2Svc - ok
23:05:12.0728 1388 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:05:12.0728 1388 megasas - ok
23:05:12.0806 1388 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:05:12.0806 1388 MegaSR - ok
23:05:12.0915 1388 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\7C32.tmp
23:05:12.0931 1388 MEMSWEEP2 - ok
23:05:12.0977 1388 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:05:12.0977 1388 MMCSS - ok
23:05:13.0055 1388 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:05:13.0055 1388 Modem - ok
23:05:13.0087 1388 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:05:13.0087 1388 monitor - ok
23:05:13.0165 1388 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:05:13.0165 1388 mouclass - ok
23:05:13.0196 1388 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:05:13.0196 1388 mouhid - ok
23:05:13.0274 1388 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:05:13.0274 1388 mountmgr - ok
23:05:13.0305 1388 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:05:13.0321 1388 mpio - ok
23:05:13.0336 1388 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:05:13.0336 1388 mpsdrv - ok
23:05:13.0430 1388 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:05:13.0445 1388 MpsSvc - ok
23:05:13.0539 1388 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:05:13.0555 1388 MRxDAV - ok
23:05:13.0570 1388 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:13.0586 1388 mrxsmb - ok
23:05:13.0648 1388 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:13.0648 1388 mrxsmb10 - ok
23:05:13.0726 1388 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:13.0726 1388 mrxsmb20 - ok
23:05:13.0789 1388 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:05:13.0789 1388 msahci - ok
23:05:13.0835 1388 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:05:13.0835 1388 msdsm - ok
23:05:13.0898 1388 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:05:13.0898 1388 MSDTC - ok
23:05:13.0960 1388 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:05:13.0960 1388 Msfs - ok
23:05:14.0023 1388 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:05:14.0023 1388 mshidkmdf - ok
23:05:14.0038 1388 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:05:14.0038 1388 msisadrv - ok
23:05:14.0069 1388 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:05:14.0085 1388 MSiSCSI - ok
23:05:14.0116 1388 msiserver - ok
23:05:14.0163 1388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:05:14.0163 1388 MSKSSRV - ok
23:05:14.0210 1388 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:14.0210 1388 MSPCLOCK - ok
23:05:14.0257 1388 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:05:14.0257 1388 MSPQM - ok
23:05:14.0319 1388 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:05:14.0319 1388 MsRPC - ok
23:05:14.0350 1388 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:14.0350 1388 mssmbios - ok
23:05:14.0444 1388 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:05:14.0444 1388 MSTEE - ok
23:05:14.0459 1388 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:05:14.0475 1388 MTConfig - ok
23:05:14.0537 1388 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:05:14.0537 1388 Mup - ok
23:05:14.0600 1388 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:05:14.0600 1388 napagent - ok
23:05:14.0725 1388 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:05:14.0740 1388 NativeWifiP - ok
23:05:14.0818 1388 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:05:14.0834 1388 NDIS - ok
23:05:14.0943 1388 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:05:14.0943 1388 NdisCap - ok
23:05:14.0974 1388 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:14.0974 1388 NdisTapi - ok
23:05:15.0068 1388 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:15.0068 1388 Ndisuio - ok
23:05:15.0083 1388 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:15.0083 1388 NdisWan - ok
23:05:15.0177 1388 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:05:15.0177 1388 NDProxy - ok
23:05:15.0208 1388 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:05:15.0208 1388 NetBIOS - ok
23:05:15.0302 1388 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:05:15.0317 1388 NetBT - ok
23:05:15.0349 1388 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:05:15.0349 1388 Netlogon - ok
23:05:15.0427 1388 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:05:15.0442 1388 Netman - ok
23:05:15.0473 1388 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:05:15.0489 1388 netprofm - ok
23:05:15.0583 1388 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:05:15.0583 1388 NetTcpPortSharing - ok
23:05:15.0645 1388 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:05:15.0645 1388 nfrd960 - ok
23:05:15.0723 1388 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:05:15.0723 1388 NlaSvc - ok
23:05:15.0817 1388 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:05:15.0817 1388 Npfs - ok
23:05:15.0863 1388 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:05:15.0879 1388 nsi - ok
23:05:15.0941 1388 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:05:15.0941 1388 nsiproxy - ok
23:05:16.0035 1388 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:05:16.0066 1388 Ntfs - ok
23:05:16.0144 1388 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:05:16.0144 1388 Null - ok
23:05:16.0191 1388 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:05:16.0191 1388 nvraid - ok
23:05:16.0285 1388 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:05:16.0285 1388 nvstor - ok
23:05:16.0316 1388 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:05:16.0316 1388 nv_agp - ok
23:05:16.0347 1388 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:05:16.0347 1388 ohci1394 - ok
23:05:16.0425 1388 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:05:16.0441 1388 ose - ok
23:05:16.0597 1388 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:05:16.0706 1388 osppsvc - ok
23:05:16.0799 1388 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:05:16.0799 1388 p2pimsvc - ok
23:05:16.0846 1388 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:05:16.0846 1388 p2psvc - ok
23:05:16.0955 1388 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:05:16.0955 1388 Parport - ok
23:05:16.0987 1388 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:05:17.0002 1388 partmgr - ok
23:05:17.0065 1388 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:05:17.0065 1388 PcaSvc - ok
23:05:17.0111 1388 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:05:17.0127 1388 pci - ok
23:05:17.0205 1388 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:05:17.0205 1388 pciide - ok
23:05:17.0252 1388 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:05:17.0252 1388 pcmcia - ok
23:05:17.0330 1388 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:05:17.0345 1388 pcw - ok
23:05:17.0377 1388 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:05:17.0392 1388 PEAUTH - ok
23:05:17.0486 1388 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:05:17.0486 1388 PerfHost - ok
23:05:17.0595 1388 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:05:17.0626 1388 pla - ok
23:05:17.0751 1388 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:05:17.0751 1388 PlugPlay - ok
23:05:17.0782 1388 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:05:17.0782 1388 PNRPAutoReg - ok
23:05:17.0829 1388 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:05:17.0829 1388 PNRPsvc - ok
23:05:17.0891 1388 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:05:17.0907 1388 PolicyAgent - ok
23:05:18.0001 1388 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:05:18.0016 1388 Power - ok
23:05:18.0110 1388 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:05:18.0110 1388 PptpMiniport - ok
23:05:18.0157 1388 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:05:18.0172 1388 Processor - ok
23:05:18.0219 1388 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
23:05:18.0219 1388 ProfSvc - ok
23:05:18.0266 1388 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:05:18.0266 1388 ProtectedStorage - ok
23:05:18.0359 1388 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:05:18.0359 1388 Psched - ok
23:05:18.0437 1388 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:05:18.0469 1388 ql2300 - ok
23:05:18.0547 1388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:05:18.0547 1388 ql40xx - ok
23:05:18.0593 1388 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:05:18.0609 1388 QWAVE - ok
23:05:18.0687 1388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:05:18.0687 1388 QWAVEdrv - ok
23:05:18.0718 1388 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:05:18.0718 1388 RasAcd - ok
23:05:18.0827 1388 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:05:18.0827 1388 RasAgileVpn - ok
23:05:18.0921 1388 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:05:18.0921 1388 RasAuto - ok
23:05:18.0968 1388 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:18.0968 1388 Rasl2tp - ok
23:05:19.0061 1388 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:05:19.0077 1388 RasMan - ok
23:05:19.0124 1388 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:19.0124 1388 RasPppoe - ok
23:05:19.0217 1388 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:05:19.0217 1388 RasSstp - ok
23:05:19.0264 1388 Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) C:\Windows\system32\drivers\Razerlow.sys
23:05:19.0264 1388 Razerlow - ok
23:05:19.0358 1388 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:05:19.0358 1388 rdbss - ok
23:05:19.0389 1388 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:05:19.0389 1388 rdpbus - ok
23:05:19.0420 1388 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:19.0420 1388 RDPCDD - ok
23:05:19.0514 1388 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:05:19.0514 1388 RDPENCDD - ok
23:05:19.0576 1388 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:05:19.0576 1388 RDPREFMP - ok
23:05:19.0607 1388 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
23:05:19.0607 1388 RDPWD - ok
23:05:19.0701 1388 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:05:19.0701 1388 rdyboost - ok
23:05:19.0732 1388 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:05:19.0748 1388 RemoteAccess - ok
23:05:19.0795 1388 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:05:19.0795 1388 RemoteRegistry - ok
23:05:19.0873 1388 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:05:19.0873 1388 RFCOMM - ok
23:05:19.0951 1388 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:05:19.0951 1388 RpcEptMapper - ok
23:05:19.0997 1388 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:05:19.0997 1388 RpcLocator - ok
23:05:20.0060 1388 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:05:20.0075 1388 RpcSs - ok
23:05:20.0169 1388 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:05:20.0169 1388 rspndr - ok
23:05:20.0200 1388 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:05:20.0200 1388 RTL8167 - ok
23:05:20.0325 1388 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\Windows\SysWOW64\drivers\rtport.sys
23:05:20.0325 1388 rtport - ok
23:05:20.0419 1388 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
23:05:20.0419 1388 SABI - ok
23:05:20.0481 1388 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:05:20.0481 1388 SamSs - ok
23:05:20.0575 1388 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:05:20.0575 1388 SASDIFSV - ok
23:05:20.0621 1388 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:05:20.0621 1388 SASKUTIL - ok
23:05:20.0699 1388 SAVRKBootTasks - ok
23:05:20.0746 1388 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:05:20.0746 1388 sbp2port - ok
23:05:20.0793 1388 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:05:20.0809 1388 SCardSvr - ok
23:05:20.0887 1388 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:05:20.0887 1388 scfilter - ok
23:05:20.0949 1388 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:05:20.0965 1388 Schedule - ok
23:05:21.0043 1388 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:05:21.0043 1388 SCPolicySvc - ok
23:05:21.0089 1388 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:05:21.0105 1388 SDRSVC - ok
23:05:21.0183 1388 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:05:21.0183 1388 SeaPort - ok
23:05:21.0261 1388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:05:21.0261 1388 secdrv - ok
23:05:21.0323 1388 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:05:21.0323 1388 seclogon - ok
23:05:21.0386 1388 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:05:21.0401 1388 SENS - ok
23:05:21.0448 1388 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:05:21.0448 1388 SensrSvc - ok
23:05:21.0542 1388 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:05:21.0542 1388 Serenum - ok
23:05:21.0635 1388 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:05:21.0635 1388 Serial - ok
23:05:21.0698 1388 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:05:21.0698 1388 sermouse - ok
23:05:21.0776 1388 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:05:21.0776 1388 SessionEnv - ok
23:05:21.0823 1388 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:05:21.0838 1388 sffdisk - ok
23:05:21.0869 1388 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:05:21.0869 1388 sffp_mmc - ok
23:05:21.0885 1388 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:05:21.0885 1388 sffp_sd - ok
23:05:21.0916 1388 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:05:21.0916 1388 sfloppy - ok
23:05:22.0025 1388 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:05:22.0041 1388 Sftfs - ok
23:05:22.0119 1388 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:05:22.0135 1388 sftlist - ok
23:05:22.0213 1388 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:05:22.0228 1388 Sftplay - ok
23:05:22.0259 1388 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:05:22.0259 1388 Sftredir - ok
23:05:22.0353 1388 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:05:22.0353 1388 Sftvol - ok
23:05:22.0400 1388 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:05:22.0400 1388 sftvsa - ok
23:05:22.0478 1388 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:05:22.0493 1388 SharedAccess - ok
23:05:22.0525 1388 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:05:22.0540 1388 ShellHWDetection - ok
23:05:22.0618 1388 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:05:22.0618 1388 SiSRaid2 - ok
23:05:22.0696 1388 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:05:22.0696 1388 SiSRaid4 - ok
23:05:22.0759 1388 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:05:22.0774 1388 Smb - ok
23:05:22.0837 1388 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:05:22.0837 1388 SNMPTRAP - ok
23:05:22.0915 1388 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:05:22.0915 1388 spldr - ok
23:05:22.0961 1388 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:05:22.0977 1388 Spooler - ok
23:05:23.0133 1388 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:05:23.0227 1388 sppsvc - ok
23:05:23.0305 1388 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:05:23.0305 1388 sppuinotify - ok
23:05:23.0367 1388 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:05:23.0383 1388 srv - ok
23:05:23.0461 1388 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:05:23.0476 1388 srv2 - ok
23:05:23.0570 1388 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:05:23.0585 1388 srvnet - ok
23:05:23.0679 1388 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:05:23.0695 1388 SSDPSRV - ok
23:05:23.0726 1388 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:05:23.0726 1388 SstpSvc - ok
23:05:23.0773 1388 Steam Client Service - ok
23:05:23.0835 1388 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:05:23.0835 1388 stexstor - ok
23:05:23.0913 1388 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:05:23.0913 1388 stisvc - ok
23:05:23.0975 1388 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:05:23.0975 1388 swenum - ok
23:05:24.0022 1388 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:05:24.0038 1388 swprv - ok
23:05:24.0131 1388 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:05:24.0163 1388 SysMain - ok
23:05:24.0241 1388 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:05:24.0256 1388 TabletInputService - ok
23:05:24.0287 1388 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:05:24.0287 1388 TapiSrv - ok
23:05:24.0334 1388 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:05:24.0334 1388 TBS - ok
23:05:24.0443 1388 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:05:24.0475 1388 Tcpip - ok
23:05:24.0615 1388 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:05:24.0631 1388 TCPIP6 - ok
23:05:24.0709 1388 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:05:24.0709 1388 tcpipreg - ok
23:05:24.0755 1388 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:05:24.0755 1388 TDPIPE - ok
23:05:24.0849 1388 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:05:24.0849 1388 TDTCP - ok
23:05:24.0880 1388 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:05:24.0880 1388 tdx - ok
23:05:24.0974 1388 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:05:24.0974 1388 TermDD - ok
23:05:25.0021 1388 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:05:25.0036 1388 TermService - ok
23:05:25.0161 1388 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
23:05:25.0161 1388 TfFsMon - ok
23:05:25.0255 1388 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
23:05:25.0255 1388 TfNetMon - ok
23:05:25.0379 1388 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
23:05:25.0379 1388 TfSysMon - ok
23:05:25.0457 1388 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:05:25.0473 1388 Themes - ok
23:05:25.0520 1388 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:05:25.0535 1388 THREADORDER - ok
23:05:25.0613 1388 ThreatFire - ok
23:05:25.0691 1388 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:05:25.0691 1388 TrkWks - ok
23:05:25.0738 1388 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:05:25.0754 1388 TrustedInstaller - ok
23:05:25.0816 1388 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:25.0816 1388 tssecsrv - ok
23:05:25.0894 1388 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:05:25.0894 1388 tunnel - ok
23:05:25.0957 1388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:05:25.0957 1388 uagp35 - ok
23:05:25.0988 1388 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
23:05:26.0003 1388 udfs - ok
23:05:26.0081 1388 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:05:26.0081 1388 UI0Detect - ok
23:05:26.0144 1388 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:05:26.0144 1388 uliagpkx - ok
23:05:26.0237 1388 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:05:26.0237 1388 umbus - ok
23:05:26.0269 1388 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:05:26.0284 1388 UmPass - ok
23:05:26.0362 1388 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:05:26.0378 1388 upnphost - ok
23:05:26.0456 1388 usbbus (1f9863697df570d371c49ddaf4bc0ad8) C:\Windows\system32\DRIVERS\lgx64bus.sys
23:05:26.0456 1388 usbbus - ok
23:05:26.0503 1388 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:26.0503 1388 usbccgp - ok
23:05:26.0534 1388 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:05:26.0534 1388 usbcir - ok
23:05:26.0643 1388 UsbDiag (e82f1b8dfc1def412b749c685041d8d5) C:\Windows\system32\DRIVERS\lgx64diag.sys
23:05:26.0643 1388 UsbDiag - ok
23:05:26.0674 1388 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
23:05:26.0674 1388 usbehci - ok
23:05:26.0768 1388 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
23:05:26.0783 1388 usbhub - ok
23:05:26.0815 1388 USBModem (1ffad96d8f6519728f0c4708aa9637df) C:\Windows\system32\DRIVERS\lgx64modem.sys
23:05:26.0815 1388 USBModem - ok
23:05:26.0908 1388 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
23:05:26.0908 1388 usbohci - ok
23:05:26.0939 1388 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:05:26.0939 1388 usbprint - ok
23:05:27.0033 1388 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:27.0033 1388 USBSTOR - ok
23:05:27.0064 1388 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
23:05:27.0064 1388 usbuhci - ok
23:05:27.0173 1388 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
23:05:27.0173 1388 usbvideo - ok
23:05:27.0205 1388 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:05:27.0205 1388 UxSms - ok
23:05:27.0283 1388 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:05:27.0298 1388 VaultSvc - ok
23:05:27.0345 1388 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:05:27.0345 1388 vdrvroot - ok
23:05:27.0423 1388 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:05:27.0454 1388 vds - ok
23:05:27.0563 1388 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:27.0563 1388 vga - ok
23:05:27.0579 1388 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:05:27.0595 1388 VgaSave - ok
23:05:27.0626 1388 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:05:27.0626 1388 vhdmp - ok
23:05:27.0657 1388 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:05:27.0657 1388 viaide - ok
23:05:27.0766 1388 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:05:27.0766 1388 volmgr - ok
23:05:27.0797 1388 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:05:27.0813 1388 volmgrx - ok
23:05:27.0860 1388 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:05:27.0860 1388 volsnap - ok
23:05:27.0938 1388 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:05:27.0938 1388 vsmraid - ok
23:05:28.0047 1388 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:05:28.0078 1388 VSS - ok
23:05:28.0156 1388 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:05:28.0156 1388 vwifibus - ok
23:05:28.0187 1388 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:05:28.0187 1388 vwififlt - ok
23:05:28.0234 1388 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:05:28.0250 1388 W32Time - ok
23:05:28.0328 1388 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:05:28.0343 1388 WacomPen - ok
23:05:28.0437 1388 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:28.0437 1388 WANARP - ok
23:05:28.0453 1388 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:28.0453 1388 Wanarpv6 - ok
23:05:28.0577 1388 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:05:28.0593 1388 WatAdminSvc - ok
23:05:28.0718 1388 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:05:28.0749 1388 wbengine - ok
23:05:28.0843 1388 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:05:28.0858 1388 WbioSrvc - ok
23:05:28.0921 1388 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:05:28.0936 1388 wcncsvc - ok
23:05:28.0999 1388 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:05:28.0999 1388 WcsPlugInService - ok
23:05:29.0077 1388 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:05:29.0077 1388 Wd - ok
23:05:29.0170 1388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:05:29.0186 1388 Wdf01000 - ok
23:05:29.0264 1388 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:05:29.0279 1388 WdiServiceHost - ok
23:05:29.0279 1388 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:05:29.0295 1388 WdiSystemHost - ok
23:05:29.0357 1388 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:05:29.0373 1388 WebClient - ok
23:05:29.0420 1388 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:05:29.0435 1388 Wecsvc - ok
23:05:29.0498 1388 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:05:29.0498 1388 wercplsupport - ok
23:05:29.0560 1388 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:05:29.0560 1388 WerSvc - ok
23:05:29.0638 1388 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:05:29.0638 1388 WfpLwf - ok
23:05:29.0716 1388 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:05:29.0716 1388 WIMMount - ok
23:05:29.0747 1388 WinDefend - ok
23:05:29.0763 1388 WinHttpAutoProxySvc - ok
23:05:29.0841 1388 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:05:29.0841 1388 Winmgmt - ok
23:05:29.0919 1388 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:05:29.0966 1388 WinRM - ok
23:05:30.0106 1388 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
23:05:30.0106 1388 WinUSB - ok
23:05:30.0153 1388 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:05:30.0169 1388 Wlansvc - ok
23:05:30.0293 1388 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:05:30.0340 1388 wlidsvc - ok
23:05:30.0418 1388 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:05:30.0418 1388 WmiAcpi - ok
23:05:30.0481 1388 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:05:30.0481 1388 wmiApSrv - ok
23:05:30.0527 1388 WMPNetworkSvc - ok
23:05:30.0605 1388 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe
23:05:30.0605 1388 WMZuneComm - ok
23:05:30.0668 1388 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:05:30.0668 1388 WPCSvc - ok
23:05:30.0715 1388 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:05:30.0730 1388 WPDBusEnum - ok
23:05:30.0777 1388 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:05:30.0777 1388 ws2ifsl - ok
23:05:30.0839 1388 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
23:05:30.0855 1388 wscsvc - ok
23:05:30.0871 1388 WSearch - ok
23:05:30.0964 1388 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
23:05:30.0995 1388 wuauserv - ok
23:05:31.0105 1388 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:05:31.0105 1388 WudfPf - ok
23:05:31.0151 1388 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:31.0167 1388 WUDFRd - ok
23:05:31.0214 1388 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:05:31.0214 1388 wudfsvc - ok
23:05:31.0276 1388 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:05:31.0292 1388 WwanSvc - ok
23:05:31.0370 1388 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:05:31.0370 1388 YahooAUService - ok
23:05:31.0479 1388 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
23:05:31.0495 1388 yukonw7 - ok
23:05:31.0729 1388 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe
23:05:31.0916 1388 ZuneNetworkSvc - ok
23:05:31.0978 1388 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
23:05:31.0994 1388 ZuneWlanCfgSvc - ok
23:05:32.0041 1388 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
23:05:32.0384 1388 \Device\Harddisk0\DR0 - ok
23:05:32.0384 1388 Boot (0x1200) (2ae042140464d67aba6cb57ed1f194fb) \Device\Harddisk0\DR0\Partition0
23:05:32.0384 1388 \Device\Harddisk0\DR0\Partition0 - ok
23:05:32.0399 1388 Boot (0x1200) (3fe0dfb4c4308e702455998c648c5e8f) \Device\Harddisk0\DR0\Partition1
23:05:32.0399 1388 \Device\Harddisk0\DR0\Partition1 - ok
23:05:32.0415 1388 Boot (0x1200) (9f69c305ec814b5c8a8e43df42f88d5d) \Device\Harddisk0\DR0\Partition2
23:05:32.0415 1388 \Device\Harddisk0\DR0\Partition2 - ok
23:05:32.0431 1388 ============================================================
23:05:32.0431 1388 Scan finished
23:05:32.0431 1388 ============================================================
23:05:32.0446 2604 Detected object count: 0
23:05:32.0446 2604 Actual detected object count: 0

#7 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 March 2012 - 08:30 PM

Managed to run RKILL just now, followed by a full aswMBR scan (the previous one was just a quick scan), I've attached the log.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 23 March 2012 - 09:00 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 24 March 2012 - 04:38 AM

Is it possible I'll lose data from using ComboFix? I'm not really able to back stuff up at the moment, and something in another thread said combofix could delete stuff if used impropely or something?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 24 March 2012 - 05:08 AM

Hello

it makes backups of anything it deletes - knowing how to use combofix and getting to these backups are the reason you want to use it with a trained helper

but you should at least backup anything that cannot be replaced by putting it on a pen drive or CD


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 24 March 2012 - 02:39 PM

ComboFix 12-03-22.01 - Ciaran 24/03/2012 19:07:46.4.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.2979 [GMT 0:00]
Running from: c:\users\Ciaran\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:14 . 2012-03-24 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 13:51 . 2012-03-24 13:51 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-23 01:57 . 2012-03-23 01:57 -------- d-----w- c:\users\Ciaran\AppData\Roaming\SUPERAntiSpyware.com
2012-03-23 01:57 . 2012-03-23 01:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-23 01:57 . 2012-03-23 01:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-23 00:55 . 2012-03-23 00:55 -------- d-----w- c:\program files (x86)\ESET
2012-03-23 00:41 . 2011-05-12 14:03 6144 ------w- c:\windows\system32\7C32.tmp
2012-03-23 00:40 . 2011-05-12 14:03 6144 ------w- c:\windows\system32\FC58.tmp
2012-03-22 13:13 . 2012-03-22 13:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-21 11:27 . 2011-02-22 13:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-21 11:27 . 2011-02-22 13:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-21 11:27 . 2011-02-22 13:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-21 11:27 . 2012-03-21 11:27 -------- d-----w- c:\program files (x86)\ThreatFire
2012-03-21 11:27 . 2012-03-21 11:27 -------- d-----w- c:\programdata\PC Tools
2012-03-20 22:35 . 2011-05-12 14:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-03-20 21:45 . 2012-03-20 21:45 -------- d-----w- c:\program files\CCleaner
2012-03-20 21:45 . 2011-05-12 14:03 6144 ------w- c:\windows\system32\A563.tmp
2012-03-20 21:43 . 2011-05-12 14:03 6144 ------w- c:\windows\system32\3ED3.tmp
2012-03-20 21:43 . 2012-03-20 21:43 -------- d-----w- c:\program files (x86)\Sophos
2012-03-18 12:43 . 2012-03-18 12:43 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 12:43 . 2012-03-18 12:43 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 03:01 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-16 03:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-16 03:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 10:16 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:16 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 10:16 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 10:16 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:16 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 10:16 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:16 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 10:16 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 10:16 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 10:16 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 10:16 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 10:15 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 10:15 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 10:15 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 10:15 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 10:15 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 10:15 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 10:15 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-03 05:11 . 2012-03-03 05:11 -------- d-----w- c:\users\Ciaran\AppData\Roaming\FastStone
2012-03-03 05:11 . 2012-03-03 05:11 -------- d-----w- c:\users\Ciaran\AppData\Local\FastStone
2012-03-03 05:11 . 2012-03-03 05:11 -------- d-----w- c:\program files (x86)\FastStone Capture
2012-02-25 22:37 . 2010-01-06 18:23 142648 ----a-w- c:\windows\SysWow64\fsproflt.exe
2012-02-25 22:37 . 2012-02-25 22:37 -------- d-----w- c:\program files\My Lockbox
2012-02-25 22:37 . 2008-06-06 16:35 55440 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2012-02-25 22:31 . 2012-02-25 22:31 -------- d-----w- c:\users\Ciaran\1
2012-02-25 20:19 . 2012-02-25 20:19 -------- d-----w- c:\program files (x86)\Conduit
2012-02-25 20:19 . 2012-02-25 20:19 -------- d-----w- c:\users\Ciaran\AppData\Local\Conduit
2012-02-25 20:19 . 2012-03-24 13:53 -------- d-----w- c:\users\Ciaran\AppData\Local\FLVService
2012-02-25 20:18 . 2012-02-25 20:19 -------- d-----w- c:\program files (x86)\Freecorder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 22:19 . 2012-01-11 22:19 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-11 22:19 . 2012-01-11 22:19 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-11 22:19 . 2012-01-11 22:19 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-11 22:19 . 2012-01-11 22:19 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-04 09:58 . 2012-02-15 12:00 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 12:00 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 12:00 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 12:00 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 12:00 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-24_18.40.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-24 18:30 . 2012-03-24 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-24 18:30 . 2012-03-24 19:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-24 18:30 . 2012-03-24 19:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-24 18:30 . 2012-03-24 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LG LinkAir"="" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7C32.tmp [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 413720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ciaran\AppData\Roaming\Mozilla\Firefox\Profiles\r98y41wh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7C32.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-24 19:16:29
ComboFix-quarantined-files.txt 2012-03-24 19:16
ComboFix2.txt 2012-03-24 18:42
.
Pre-Run: 5,333,057,536 bytes free
Post-Run: 5,166,149,632 bytes free
.
- - End Of File - - C3BF272986D14CF69101408C5001B65D

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 24 March 2012 - 05:39 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 24 March 2012 - 05:50 PM

I have already done both TDSS Killer and aswMBR. I posted them in this thread.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 24 March 2012 - 09:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Conduit
c:\users\Ciaran\AppData\Local\Conduit
c:\program files (x86)\Freecorder
c:\users\Ciaran\AppData\Local\FLVService

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 wharrrrrgarbl

wharrrrrgarbl
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 25 March 2012 - 03:55 PM

Nothing seemed to happen when I dragged/dropped. It just asked for permission to make changes, and then when I clicked "yes", nothing else happened. On this most recent startup the computer seems a lot faster than usual, although I'm not sure. I don't understand how it would have gone because none of those scans picked anything up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users