Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Difficult svchost.exe infection, cannot clean


  • This topic is locked This topic is locked
31 replies to this topic

#1 Giggsteve8

Giggsteve8

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 23 May 2012 - 10:17 PM

Hi guys--

Looking for some help here, I'll follow your instructions closely and report back as thoroughly as possible.

Computer is running, but VERY slowly. Windows 7 Professional, 64-bit. Dell Latitude E6420.

Malwarebytes reported that it deleted svchost.exe, but that was all, it still is running slowly.

Some applications do not run when I double-click them, including DDS.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 24 May 2012 - 07:11 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Giggsteve8

Giggsteve8
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 May 2012 - 09:35 AM

Thank you, Gringo! I will follow these instructions as soon as I get home.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 24 May 2012 - 11:42 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Giggsteve8

Giggsteve8
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 May 2012 - 04:46 PM

Hey there Gringo, here's the update:

I got home and turned on the computer, which had been shutdown completely after my post last night.

After Windows finished loading, I logged in with the password, and Windows Malicious Software Remover immediately popped up, not giving me an option to stop it. It informed me that it had "partially removed" something malicious. I can attach the screen shot later if you like (I know you guys try to avoid them) but all it said was: "Trojan:DOS/Alureon.A Partially Removed". Every other piece of malicious software had "Not Detected" next to it.

Anyway, I continued on with your instructions. By the way, computer continues to move as slowly as ever today, feels like some large program is running behind the scenes and just slowing everything to a crawl.

Defogger ran just fine, disabled any CD emulation it found.


Security Check seemed to run fine at first, but produced no log. Gave a message like "No Instance(s) Available" two times, then said "attempting to update anti virus" or something similar, and then quit. No logs.


DDS, after multiple attempts using the different download links, refuses to produce logs. It flashes a black CMD screen with some text, but goes by too quickly to read. Nothing else occurs.


I patiently await your next instructions!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 24 May 2012 - 05:23 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Giggsteve8

Giggsteve8
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 May 2012 - 06:22 PM

Here you go, Gringo! Thanks again, by the way.

Some interesting looking stuff here... but I'll wait for your instruction :D




****************OTL LOGFILE*****************

OTL logfile created on: 5/24/2012 6:12:02 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Premier\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.89 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 13.33% Memory free
3.78 Gb Paging File | 1.42 Gb Available in Paging File | 37.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.11 Gb Total Space | 196.72 Gb Free Space | 84.75% Space Free | Partition Type: NTFS

Computer Name: PREMIER-PC | User Name: Premier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Premier\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Premier\Desktop\Defogger.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - c:\Windows\SysWOW64\SDIOAssist.exe (O2Micro.)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - c:\Windows\SysWOW64\srvany.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Premier\Desktop\Defogger.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV:64bit: - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV:64bit: - (TdmService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) Intel® -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro )
DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1660668186-2997493663-3725080978-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.premierfence.com/
IE - HKU\S-1-5-21-1660668186-2997493663-3725080978-1000\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-1660668186-2997493663-3725080978-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1660668186-2997493663-3725080978-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Premier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Premier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Premier\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Premier\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Premier\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Premier\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Premier\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Premier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Premier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Search = C:\Users\Premier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Premier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/23 18:51:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1660668186-2997493663-3725080978-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1660668186-2997493663-3725080978-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1660668186-2997493663-3725080978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24DAE4AE-0BE6-443D-BAB5-04E527EDCBE3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/24 18:10:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Premier\Desktop\OTL.exe
[2012/05/24 16:34:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Premier\Desktop\dds.scr
[2012/05/24 16:22:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/05/23 22:47:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/23 22:47:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/23 22:47:16 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/05/23 22:47:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/23 22:47:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/23 22:47:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/23 22:47:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/05/23 22:47:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/05/23 22:47:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/23 22:47:14 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/05/23 22:47:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/05/23 22:38:39 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/05/23 22:38:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/05/23 22:38:39 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/05/23 22:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/23 22:01:53 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/23 22:01:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/23 22:01:53 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/23 22:01:53 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/23 22:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/23 21:55:31 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/23 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\Premier\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/23 20:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/23 20:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/23 20:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/23 20:16:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/05/23 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\Premier\AppData\Roaming\Malwarebytes
[2012/05/23 19:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/23 19:15:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 19:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/23 19:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/23 19:12:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/23 18:37:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/23 18:37:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/23 18:37:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/23 18:36:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/23 18:36:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/23 18:35:05 | 004,525,103 | R--- | C] (Swearware) -- C:\Users\Premier\Desktop\ComboFix.exe
[2012/05/23 18:06:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/23 17:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/23 17:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/23 17:40:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

========== Files - Modified Within 30 Days ==========

[2012/05/24 18:10:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Premier\Desktop\OTL.exe
[2012/05/24 18:08:41 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1660668186-2997493663-3725080978-1000UA.job
[2012/05/24 18:08:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/24 16:34:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Premier\Desktop\dds.scr
[2012/05/24 16:28:32 | 000,852,401 | ---- | M] () -- C:\Users\Premier\Desktop\SecurityCheck.exe
[2012/05/24 16:28:16 | 000,000,000 | ---- | M] () -- C:\Users\Premier\defogger_reenable
[2012/05/24 16:27:31 | 000,050,477 | ---- | M] () -- C:\Users\Premier\Desktop\Defogger.exe
[2012/05/24 16:17:24 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 16:17:24 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 16:08:53 | 1521,664,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 23:03:25 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/05/23 22:01:09 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/23 22:01:09 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/23 22:01:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/23 22:01:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/23 22:01:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/23 21:26:14 | 261,752,815 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/23 20:45:16 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/23 19:15:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/23 18:51:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/23 18:35:06 | 004,525,103 | R--- | M] (Swearware) -- C:\Users\Premier\Desktop\ComboFix.exe
[2012/05/23 18:04:49 | 000,052,690 | ---- | M] () -- C:\Users\Premier\Documents\cc_20120523_180444.reg
[2012/05/23 17:39:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/23 17:19:57 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini

========== Files Created - No Company Name ==========

[2012/05/24 16:28:32 | 000,852,401 | ---- | C] () -- C:\Users\Premier\Desktop\SecurityCheck.exe
[2012/05/24 16:28:16 | 000,000,000 | ---- | C] () -- C:\Users\Premier\defogger_reenable
[2012/05/24 16:27:30 | 000,050,477 | ---- | C] () -- C:\Users\Premier\Desktop\Defogger.exe
[2012/05/23 21:26:14 | 261,752,815 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/23 20:45:16 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/23 19:15:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/23 18:37:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/23 18:37:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/23 18:37:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/23 18:37:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/23 18:37:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/23 18:04:47 | 000,052,690 | ---- | C] () -- C:\Users\Premier\Documents\cc_20120523_180444.reg
[2011/05/27 15:53:57 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/27 15:53:56 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/27 15:53:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/27 14:23:33 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011/05/27 14:17:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/02/10 09:33:46 | 000,790,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/19 17:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

< End of report >

Edited by Giggsteve8, 24 May 2012 - 06:43 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 24 May 2012 - 08:56 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Giggsteve8

Giggsteve8
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 May 2012 - 09:02 PM

Hi Gringo:

I got your reply, and went back to the infected machine to run combofix. I had not touched it since our last step, and it has adequate power, and everything. It did "sleep" last time, and the screen was black this time, so I powered it on like normal. Instead of restoring the desktop, it was at a "Windows was not shut down correctly" screen. I did "start windows normally" and now it's running startup repair... Odd.

I will run Combofix when it comes back up, and post the logs then. Just wanted to give you an update.

Edited by Giggsteve8, 24 May 2012 - 09:03 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 24 May 2012 - 09:33 PM

Hello


Ok let me know if you have any problems


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Giggsteve8

Giggsteve8
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 May 2012 - 10:26 PM

Foiled again, my Gringo friend!! :(

Every single time ComboFix attempts to extract itself, I get a BSOD. It's when it starts to extract the SECOND output folder... crashes at that point every single time.

It's a x0000001E... perhaps I should run some diagnostics? Frustrating :(



Here's the Windows log:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 1e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF80002A6FF6B
BCP3: 0000000000000000
BCP4: 000000007EFA0000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\052412-39608-01.dmp
C:\Users\Premier\AppData\Local\Temp\WER-151414-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 24 May 2012 - 10:42 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Giggsteve8

Giggsteve8
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 May 2012 - 11:50 PM

Sorry, Gringo :(

The /nombr helped get past the "output folder" crash on extraction, but this time got a BSOD about 10 minutes into ComboFix. Sorry for the bad news.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 24 May 2012 - 11:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Giggsteve8

Giggsteve8
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 26 May 2012 - 12:19 AM

Gringo!

Sorry for the late response, but it seems like we're getting somewhere now! Both ran successfully!

However, after TDSS detected a rootkit, it had me restart and I didn't see it remove anything, let alone run, on restart. Hoping it did it behind the scenes.

I await your instructions! Computer seems to be running slightly faster...


****************
****************
****************
TDSS LOG



23:54:04.0513 4736 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
23:54:04.0810 4736 ============================================================
23:54:04.0810 4736 Current date / time: 2012/05/25 23:54:04.0810
23:54:04.0810 4736 SystemInfo:
23:54:04.0810 4736
23:54:04.0810 4736 OS Version: 6.1.7601 ServicePack: 1.0
23:54:04.0810 4736 Product type: Workstation
23:54:04.0810 4736 ComputerName: PREMIER-PC
23:54:04.0810 4736 UserName: Premier
23:54:04.0810 4736 Windows directory: C:\Windows
23:54:04.0810 4736 System windows directory: C:\Windows
23:54:04.0810 4736 Running under WOW64
23:54:04.0810 4736 Processor architecture: Intel x64
23:54:04.0810 4736 Number of processors: 4
23:54:04.0810 4736 Page size: 0x1000
23:54:04.0810 4736 Boot type: Normal boot
23:54:04.0810 4736 ============================================================
23:54:05.0215 4736 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:54:05.0215 4736 ============================================================
23:54:05.0215 4736 \Device\Harddisk0\DR0:
23:54:05.0215 4736 MBR partitions:
23:54:05.0215 4736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178000
23:54:05.0215 4736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18C000, BlocksNum 0x1D038000
23:54:05.0215 4736 ============================================================
23:54:05.0278 4736 C: <-> \Device\Harddisk0\DR0\Partition1
23:54:05.0278 4736 ============================================================
23:54:05.0278 4736 Initialize success
23:54:05.0278 4736 ============================================================
23:54:18.0132 5084 ============================================================
23:54:18.0132 5084 Scan started
23:54:18.0132 5084 Mode: Manual;
23:54:18.0132 5084 ============================================================
23:54:21.0564 5084 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:54:21.0564 5084 !SASCORE - ok
23:54:26.0322 5084 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:54:26.0353 5084 1394ohci - ok
23:54:26.0525 5084 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
23:54:26.0525 5084 Acceler - ok
23:54:26.0681 5084 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:54:26.0681 5084 ACPI - ok
23:54:26.0806 5084 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:54:26.0806 5084 AcpiPmi - ok
23:54:27.0399 5084 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:54:27.0399 5084 AdobeARMservice - ok
23:54:28.0007 5084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:54:28.0475 5084 adp94xx - ok
23:54:29.0083 5084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:54:29.0208 5084 adpahci - ok
23:54:30.0097 5084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:54:30.0144 5084 adpu320 - ok
23:54:30.0253 5084 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:54:30.0253 5084 AeLookupSvc - ok
23:54:31.0189 5084 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
23:54:31.0189 5084 AESTFilters - ok
23:54:31.0423 5084 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:54:31.0439 5084 AFD - ok
23:54:31.0735 5084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:54:31.0735 5084 agp440 - ok
23:54:31.0938 5084 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:54:31.0938 5084 ALG - ok
23:54:32.0203 5084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:54:32.0235 5084 aliide - ok
23:54:32.0453 5084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:54:32.0453 5084 amdide - ok
23:54:32.0609 5084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:54:32.0656 5084 AmdK8 - ok
23:54:32.0781 5084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:54:32.0781 5084 AmdPPM - ok
23:54:33.0841 5084 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:54:33.0919 5084 amdsata - ok
23:54:35.0167 5084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:54:35.0167 5084 amdsbs - ok
23:54:35.0479 5084 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:54:35.0479 5084 amdxata - ok
23:54:36.0088 5084 ApfiltrService (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:54:36.0103 5084 ApfiltrService - ok
23:54:36.0681 5084 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:54:36.0727 5084 AppID - ok
23:54:37.0086 5084 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:54:37.0133 5084 AppIDSvc - ok
23:54:37.0617 5084 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:54:37.0648 5084 Appinfo - ok
23:54:38.0053 5084 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:54:38.0069 5084 AppMgmt - ok
23:54:38.0615 5084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:54:38.0677 5084 arc - ok
23:54:39.0005 5084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:54:39.0052 5084 arcsas - ok
23:54:40.0939 5084 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:54:41.0142 5084 aspnet_state - ok
23:54:41.0345 5084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:54:41.0345 5084 AsyncMac - ok
23:54:41.0735 5084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:54:41.0735 5084 atapi - ok
23:54:42.0609 5084 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:54:42.0999 5084 AudioEndpointBuilder - ok
23:54:43.0014 5084 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:54:43.0030 5084 AudioSrv - ok
23:54:43.0576 5084 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:54:43.0607 5084 AxInstSV - ok
23:54:44.0137 5084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:54:44.0200 5084 b06bdrv - ok
23:54:44.0871 5084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:54:44.0933 5084 b57nd60a - ok
23:54:45.0183 5084 BCM42RLY (c3d8920a5aaf10a72cedb57d3339280a) C:\Windows\system32\drivers\BCM42RLY.sys
23:54:45.0183 5084 BCM42RLY - ok
23:54:48.0537 5084 BCM43XX (d20ee58c13ff343b90550861ebcd9ddd) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:54:48.0552 5084 BCM43XX - ok
23:54:51.0267 5084 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:54:51.0313 5084 BDESVC - ok
23:54:52.0327 5084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:54:52.0327 5084 Beep - ok
23:54:52.0717 5084 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:54:52.0764 5084 BFE - ok
23:54:53.0170 5084 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:54:53.0201 5084 BITS - ok
23:54:54.0137 5084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:54:54.0153 5084 blbdrive - ok
23:54:55.0276 5084 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:54:55.0323 5084 bowser - ok
23:54:55.0572 5084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:54:55.0619 5084 BrFiltLo - ok
23:54:55.0713 5084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:54:55.0713 5084 BrFiltUp - ok
23:54:57.0491 5084 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:54:57.0631 5084 BridgeMP - ok
23:54:58.0053 5084 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:54:58.0053 5084 Browser - ok
23:54:58.0255 5084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:54:58.0271 5084 Brserid - ok
23:54:58.0365 5084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:54:58.0365 5084 BrSerWdm - ok
23:54:58.0411 5084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:54:58.0427 5084 BrUsbMdm - ok
23:54:58.0427 5084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:54:58.0427 5084 BrUsbSer - ok
23:54:58.0443 5084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:54:58.0443 5084 BTHMODEM - ok
23:54:58.0833 5084 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:54:58.0895 5084 bthserv - ok
23:55:00.0049 5084 catchme - ok
23:55:00.0237 5084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:55:00.0237 5084 cdfs - ok
23:55:00.0455 5084 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:55:00.0471 5084 cdrom - ok
23:55:00.0705 5084 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:55:00.0705 5084 CertPropSvc - ok
23:55:01.0157 5084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:55:01.0157 5084 circlass - ok
23:55:01.0453 5084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:55:01.0500 5084 CLFS - ok
23:55:02.0311 5084 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:02.0561 5084 clr_optimization_v2.0.50727_32 - ok
23:55:03.0201 5084 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:55:03.0793 5084 clr_optimization_v2.0.50727_64 - ok
23:55:05.0353 5084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:08.0239 5084 clr_optimization_v4.0.30319_32 - ok
23:55:09.0784 5084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:55:10.0111 5084 clr_optimization_v4.0.30319_64 - ok
23:55:10.0236 5084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:55:10.0236 5084 CmBatt - ok
23:55:10.0236 5084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:55:10.0236 5084 cmdide - ok
23:55:11.0219 5084 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:55:11.0266 5084 CNG - ok
23:55:11.0593 5084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:55:11.0593 5084 Compbatt - ok
23:55:11.0718 5084 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:55:11.0734 5084 CompositeBus - ok
23:55:11.0781 5084 COMSysApp - ok
23:55:11.0827 5084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:55:11.0827 5084 crcdisk - ok
23:55:14.0323 5084 Credential Vault Host Control Service (6e163faaf624a03a88dfd92e607de6e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
23:55:14.0667 5084 Credential Vault Host Control Service - ok
23:55:14.0963 5084 Credential Vault Host Storage (8884b4d345ddb029f43ad2e7add54a30) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
23:55:14.0963 5084 Credential Vault Host Storage - ok
23:55:15.0322 5084 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:55:15.0337 5084 CryptSvc - ok
23:55:15.0540 5084 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:55:15.0571 5084 CSC - ok
23:55:15.0696 5084 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:55:15.0774 5084 CscService - ok
23:55:16.0164 5084 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
23:55:16.0164 5084 cvusbdrv - ok
23:55:16.0663 5084 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:55:16.0726 5084 DcomLaunch - ok
23:55:17.0506 5084 dcpsysmgrsvc (3562c84415080b8b0c4d695a43372e3e) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
23:55:17.0677 5084 dcpsysmgrsvc - ok
23:55:19.0019 5084 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:55:19.0035 5084 defragsvc - ok
23:55:20.0267 5084 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:55:20.0329 5084 DfsC - ok
23:55:20.0673 5084 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:55:20.0688 5084 Dhcp - ok
23:55:21.0000 5084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:55:21.0000 5084 discache - ok
23:55:21.0312 5084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:55:21.0312 5084 Disk - ok
23:55:21.0999 5084 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
23:55:21.0999 5084 dmvsc - ok
23:55:22.0451 5084 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:55:22.0513 5084 Dnscache - ok
23:55:22.0872 5084 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:55:22.0872 5084 dot3svc - ok
23:55:23.0013 5084 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:55:23.0028 5084 DPS - ok
23:55:23.0169 5084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:55:23.0169 5084 drmkaud - ok
23:55:23.0434 5084 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:55:23.0434 5084 DXGKrnl - ok
23:55:23.0621 5084 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
23:55:23.0621 5084 e1cexpress - ok
23:55:23.0793 5084 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:55:23.0793 5084 EapHost - ok
23:55:24.0417 5084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:55:24.0526 5084 ebdrv - ok
23:55:27.0739 5084 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:55:27.0755 5084 EFS - ok
23:55:28.0083 5084 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:55:28.0363 5084 ehRecvr - ok
23:55:28.0488 5084 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:55:28.0504 5084 ehSched - ok
23:55:30.0235 5084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:55:30.0407 5084 elxstor - ok
23:55:30.0454 5084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:55:30.0454 5084 ErrDev - ok
23:55:30.0875 5084 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:55:30.0906 5084 EventSystem - ok
23:55:31.0171 5084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:55:31.0218 5084 exfat - ok
23:55:31.0281 5084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:55:31.0296 5084 fastfat - ok
23:55:31.0811 5084 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:55:31.0858 5084 Fax - ok
23:55:31.0905 5084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:55:31.0905 5084 fdc - ok
23:55:32.0154 5084 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:55:32.0154 5084 fdPHost - ok
23:55:32.0248 5084 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:55:32.0248 5084 FDResPub - ok
23:55:32.0965 5084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:55:32.0965 5084 FileInfo - ok
23:55:32.0981 5084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:55:32.0981 5084 Filetrace - ok
23:55:33.0059 5084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:55:33.0075 5084 flpydisk - ok
23:55:33.0231 5084 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:55:33.0277 5084 FltMgr - ok
23:55:34.0401 5084 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:55:34.0463 5084 FontCache - ok
23:55:34.0775 5084 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:55:34.0915 5084 FontCache3.0.0.0 - ok
23:55:35.0415 5084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:55:35.0415 5084 FsDepends - ok
23:55:35.0649 5084 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:55:35.0649 5084 Fs_Rec - ok
23:55:36.0413 5084 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:55:36.0413 5084 fvevol - ok
23:55:37.0380 5084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:55:37.0380 5084 gagp30kx - ok
23:55:37.0817 5084 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:55:37.0864 5084 gpsvc - ok
23:55:38.0020 5084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:55:38.0020 5084 hcw85cir - ok
23:55:38.0301 5084 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:55:38.0316 5084 HDAudBus - ok
23:55:38.0441 5084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:55:38.0441 5084 HidBatt - ok
23:55:38.0488 5084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:55:38.0519 5084 HidBth - ok
23:55:38.0847 5084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:55:38.0847 5084 HidIr - ok
23:55:38.0987 5084 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:55:38.0987 5084 hidserv - ok
23:55:39.0159 5084 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:55:39.0159 5084 HidUsb - ok
23:55:39.0346 5084 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:55:39.0346 5084 hkmsvc - ok
23:55:39.0464 5084 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:55:39.0464 5084 HomeGroupListener - ok
23:55:39.0554 5084 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:55:39.0554 5084 HomeGroupProvider - ok
23:55:40.0684 5084 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:55:40.0694 5084 HpSAMD - ok
23:55:40.0784 5084 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:55:40.0804 5084 HTTP - ok
23:55:40.0894 5084 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:55:40.0894 5084 hwpolicy - ok
23:55:41.0124 5084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:55:41.0134 5084 i8042prt - ok
23:55:41.0234 5084 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
23:55:41.0234 5084 iaStor - ok
23:55:41.0834 5084 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:55:41.0874 5084 iaStorV - ok
23:55:43.0104 5084 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:55:43.0194 5084 idsvc - ok
23:55:45.0414 5084 igfx (20d7fbbbbfc60f2799a42d36ad6f633e) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:55:45.0694 5084 igfx - ok
23:55:48.0970 5084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:55:49.0010 5084 iirsp - ok
23:55:49.0520 5084 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:55:49.0650 5084 IKEEXT - ok
23:55:51.0480 5084 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:55:51.0570 5084 IntcDAud - ok
23:55:52.0590 5084 Intel® PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
23:55:52.0620 5084 Intel® PROSet Monitoring Service - ok
23:55:52.0800 5084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:55:52.0850 5084 intelide - ok
23:55:53.0040 5084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:55:53.0040 5084 intelppm - ok
23:55:53.0240 5084 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:55:53.0250 5084 IPBusEnum - ok
23:55:53.0330 5084 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:55:53.0330 5084 IpFilterDriver - ok
23:55:53.0700 5084 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:55:53.0920 5084 iphlpsvc - ok
23:55:54.0010 5084 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:55:54.0370 5084 IPMIDRV - ok
23:55:54.0380 5084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:55:54.0380 5084 IPNAT - ok
23:55:54.0520 5084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:55:54.0520 5084 IRENUM - ok
23:55:54.0530 5084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:55:54.0530 5084 isapnp - ok
23:55:54.0640 5084 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:55:54.0710 5084 iScsiPrt - ok
23:55:57.0040 5084 jhi_service (3b794ca0de73790420deba3c759f1502) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
23:55:57.0100 5084 jhi_service - ok
23:55:57.0350 5084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:55:57.0350 5084 kbdclass - ok
23:55:57.0410 5084 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:55:57.0410 5084 kbdhid - ok
23:55:57.0860 5084 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:55:57.0860 5084 KeyIso - ok
23:55:58.0200 5084 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:55:58.0270 5084 KSecDD - ok
23:55:58.0880 5084 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:55:59.0180 5084 KSecPkg - ok
23:55:59.0340 5084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:55:59.0340 5084 ksthunk - ok
23:55:59.0690 5084 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:55:59.0730 5084 KtmRm - ok
23:56:00.0300 5084 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:56:00.0330 5084 LanmanServer - ok
23:56:00.0700 5084 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:56:01.0022 5084 LanmanWorkstation - ok
23:56:01.0187 5084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:56:01.0189 5084 lltdio - ok
23:56:01.0374 5084 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:56:01.0436 5084 lltdsvc - ok
23:56:02.0356 5084 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:56:02.0363 5084 lmhosts - ok
23:56:02.0930 5084 LMS (db083f1d27ba8a59cabb00f0a0fb6f84) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:56:03.0066 5084 LMS - ok
23:56:03.0346 5084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:56:03.0441 5084 LSI_FC - ok
23:56:03.0522 5084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:56:03.0524 5084 LSI_SAS - ok
23:56:03.0737 5084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:56:03.0739 5084 LSI_SAS2 - ok
23:56:03.0867 5084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:56:03.0869 5084 LSI_SCSI - ok
23:56:04.0633 5084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:56:04.0642 5084 luafv - ok
23:56:05.0050 5084 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:56:05.0180 5084 Mcx2Svc - ok
23:56:05.0253 5084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:56:05.0273 5084 megasas - ok
23:56:05.0445 5084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:56:05.0475 5084 MegaSR - ok
23:56:05.0795 5084 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:56:05.0806 5084 MEIx64 - ok
23:56:06.0623 5084 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:56:06.0649 5084 MMCSS - ok
23:56:06.0806 5084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:56:06.0808 5084 Modem - ok
23:56:07.0127 5084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:56:07.0128 5084 monitor - ok
23:56:07.0266 5084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:56:07.0270 5084 mouclass - ok
23:56:07.0463 5084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
23:56:07.0529 5084 mouhid - ok
23:56:07.0830 5084 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:56:07.0832 5084 mountmgr - ok
23:56:07.0860 5084 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:56:07.0862 5084 mpio - ok
23:56:08.0587 5084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:56:08.0627 5084 mpsdrv - ok
23:56:09.0066 5084 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:56:09.0221 5084 MpsSvc - ok
23:56:09.0292 5084 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:56:09.0294 5084 MRxDAV - ok
23:56:09.0368 5084 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:56:09.0372 5084 mrxsmb - ok
23:56:09.0864 5084 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:56:09.0993 5084 mrxsmb10 - ok
23:56:11.0122 5084 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:56:11.0153 5084 mrxsmb20 - ok
23:56:11.0358 5084 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:56:11.0435 5084 msahci - ok
23:56:11.0606 5084 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:56:11.0611 5084 msdsm - ok
23:56:11.0743 5084 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:56:11.0751 5084 MSDTC - ok
23:56:12.0078 5084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:56:12.0079 5084 Msfs - ok
23:56:12.0179 5084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:56:12.0181 5084 mshidkmdf - ok
23:56:12.0306 5084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:56:12.0308 5084 msisadrv - ok
23:56:13.0412 5084 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:56:13.0419 5084 MSiSCSI - ok
23:56:13.0424 5084 msiserver - ok
23:56:13.0682 5084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:56:13.0685 5084 MSKSSRV - ok
23:56:13.0914 5084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:56:13.0916 5084 MSPCLOCK - ok
23:56:13.0919 5084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:56:13.0919 5084 MSPQM - ok
23:56:14.0177 5084 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:56:14.0213 5084 MsRPC - ok
23:56:14.0223 5084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:56:14.0224 5084 mssmbios - ok
23:56:14.0399 5084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:56:14.0400 5084 MSTEE - ok
23:56:14.0404 5084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:56:14.0405 5084 MTConfig - ok
23:56:14.0412 5084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:56:14.0413 5084 Mup - ok
23:56:14.0645 5084 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:56:15.0001 5084 napagent - ok
23:56:15.0155 5084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:56:15.0158 5084 NativeWifiP - ok
23:56:17.0022 5084 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:56:17.0112 5084 NDIS - ok
23:56:17.0321 5084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:56:17.0325 5084 NdisCap - ok
23:56:17.0370 5084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:56:17.0373 5084 NdisTapi - ok
23:56:17.0667 5084 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:56:17.0670 5084 Ndisuio - ok
23:56:17.0749 5084 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:56:17.0752 5084 NdisWan - ok
23:56:17.0757 5084 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:56:17.0759 5084 NDProxy - ok
23:56:17.0855 5084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:56:17.0856 5084 NetBIOS - ok
23:56:18.0068 5084 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:56:18.0111 5084 NetBT - ok
23:56:18.0424 5084 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:56:18.0424 5084 Netlogon - ok
23:56:18.0774 5084 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:56:18.0864 5084 Netman - ok
23:56:19.0659 5084 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:56:19.0797 5084 NetMsmqActivator - ok
23:56:19.0944 5084 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:56:19.0946 5084 NetPipeActivator - ok
23:56:20.0110 5084 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:56:20.0333 5084 netprofm - ok
23:56:20.0569 5084 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:56:20.0594 5084 NetTcpActivator - ok
23:56:20.0597 5084 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:56:20.0598 5084 NetTcpPortSharing - ok
23:56:21.0705 5084 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
23:56:21.0740 5084 netvsc - ok
23:56:21.0937 5084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:56:21.0938 5084 nfrd960 - ok
23:56:22.0463 5084 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:56:22.0467 5084 NlaSvc - ok
23:56:22.0602 5084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:56:22.0603 5084 Npfs - ok
23:56:22.0697 5084 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:56:22.0702 5084 nsi - ok
23:56:22.0780 5084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:56:22.0781 5084 nsiproxy - ok
23:56:23.0240 5084 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:56:23.0438 5084 Ntfs - ok
23:56:27.0011 5084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:56:27.0013 5084 Null - ok
23:56:28.0712 5084 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:56:28.0773 5084 nvraid - ok
23:56:30.0175 5084 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:56:30.0328 5084 nvstor - ok
23:56:30.0802 5084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:56:30.0841 5084 nv_agp - ok
23:56:31.0245 5084 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
23:56:31.0253 5084 O2FLASH - ok
23:56:31.0497 5084 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
23:56:31.0514 5084 O2MDFRDR - ok
23:56:32.0749 5084 O2MDRRDR (8ed738aba394bbf6d7802698be453112) C:\Windows\system32\drivers\O2MDRw7x64.sys
23:56:32.0882 5084 O2MDRRDR - ok
23:56:36.0720 5084 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) c:\Windows\SysWOW64\srvany.exe
23:56:36.0723 5084 O2SDIOAssist - ok
23:56:37.0382 5084 O2SDJRDR (a9c1e6b7c134fad124338b7944fa996d) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
23:56:37.0449 5084 O2SDJRDR - ok
23:56:37.0508 5084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:56:37.0511 5084 ohci1394 - ok
23:56:38.0790 5084 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:56:39.0008 5084 ose - ok
23:56:41.0012 5084 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:56:41.0530 5084 osppsvc - ok
23:56:43.0479 5084 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:56:43.0786 5084 p2pimsvc - ok
23:56:44.0032 5084 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:56:44.0348 5084 p2psvc - ok
23:56:46.0308 5084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:56:46.0308 5084 Parport - ok
23:56:46.0389 5084 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:56:46.0389 5084 partmgr - ok
23:56:46.0539 5084 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
23:56:46.0549 5084 PBADRV - ok
23:56:46.0709 5084 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:56:46.0809 5084 PcaSvc - ok
23:56:47.0609 5084 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:56:47.0919 5084 pci - ok
23:56:48.0149 5084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:56:48.0159 5084 pciide - ok
23:56:48.0349 5084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:56:48.0469 5084 pcmcia - ok
23:56:49.0049 5084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:56:49.0059 5084 pcw - ok
23:56:49.0139 5084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:56:49.0159 5084 PEAUTH - ok
23:56:50.0729 5084 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:56:50.0964 5084 PeerDistSvc - ok
23:56:54.0561 5084 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:56:54.0628 5084 PerfHost - ok
23:56:55.0940 5084 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:56:56.0023 5084 pla - ok
23:56:56.0933 5084 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:56:56.0945 5084 PlugPlay - ok
23:56:57.0072 5084 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:56:57.0076 5084 PNRPAutoReg - ok
23:56:57.0154 5084 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:56:57.0162 5084 PNRPsvc - ok
23:56:57.0275 5084 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:56:57.0287 5084 PolicyAgent - ok
23:56:57.0495 5084 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:56:57.0498 5084 Power - ok
23:56:58.0180 5084 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:56:58.0195 5084 PptpMiniport - ok
23:56:58.0260 5084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:56:58.0263 5084 Processor - ok
23:56:58.0343 5084 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:56:58.0351 5084 ProfSvc - ok
23:56:58.0590 5084 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:56:58.0592 5084 ProtectedStorage - ok
23:56:59.0420 5084 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:56:59.0423 5084 Psched - ok
23:57:00.0474 5084 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:57:00.0541 5084 PxHlpa64 - ok
23:57:01.0250 5084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:57:01.0376 5084 ql2300 - ok
23:57:02.0991 5084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:57:02.0995 5084 ql40xx - ok
23:57:03.0156 5084 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:57:03.0231 5084 QWAVE - ok
23:57:03.0272 5084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:57:03.0273 5084 QWAVEdrv - ok
23:57:03.0277 5084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:57:03.0278 5084 RasAcd - ok
23:57:03.0475 5084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:57:03.0476 5084 RasAgileVpn - ok
23:57:03.0531 5084 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:57:03.0533 5084 RasAuto - ok
23:57:03.0861 5084 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:57:03.0863 5084 Rasl2tp - ok
23:57:04.0415 5084 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:57:04.0569 5084 RasMan - ok
23:57:04.0635 5084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:57:04.0636 5084 RasPppoe - ok
23:57:04.0762 5084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:57:04.0763 5084 RasSstp - ok
23:57:04.0896 5084 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:57:05.0378 5084 rdbss - ok
23:57:05.0414 5084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:57:05.0416 5084 rdpbus - ok
23:57:05.0654 5084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:57:05.0655 5084 RDPCDD - ok
23:57:06.0791 5084 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:57:07.0745 5084 RDPDR - ok
23:57:08.0230 5084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:57:08.0231 5084 RDPENCDD - ok
23:57:08.0507 5084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:57:08.0508 5084 RDPREFMP - ok
23:57:08.0749 5084 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:57:08.0858 5084 RDPWD - ok
23:57:09.0031 5084 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:57:09.0038 5084 rdyboost - ok
23:57:09.0396 5084 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:57:09.0450 5084 RemoteAccess - ok
23:57:09.0644 5084 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:57:10.0430 5084 RemoteRegistry - ok
23:57:12.0461 5084 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:57:12.0786 5084 RoxMediaDB12OEM - ok
23:57:13.0027 5084 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:57:13.0033 5084 RoxWatch12 - ok
23:57:13.0887 5084 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:57:13.0893 5084 RpcEptMapper - ok
23:57:14.0102 5084 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:57:14.0106 5084 RpcLocator - ok
23:57:14.0299 5084 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:57:14.0305 5084 RpcSs - ok
23:57:15.0130 5084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:57:15.0133 5084 rspndr - ok
23:57:15.0225 5084 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:57:15.0227 5084 s3cap - ok
23:57:15.0478 5084 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:57:15.0482 5084 SamSs - ok
23:57:16.0445 5084 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:57:16.0489 5084 SASDIFSV - ok
23:57:16.0638 5084 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:57:16.0640 5084 SASKUTIL - ok
23:57:16.0835 5084 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:57:16.0895 5084 sbp2port - ok
23:57:17.0343 5084 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:57:17.0405 5084 SCardSvr - ok
23:57:17.0574 5084 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:57:17.0584 5084 scfilter - ok
23:57:17.0756 5084 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:57:17.0903 5084 Schedule - ok
23:57:18.0892 5084 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:57:18.0893 5084 SCPolicySvc - ok
23:57:19.0062 5084 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:57:19.0103 5084 SDRSVC - ok
23:57:19.0891 5084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:57:19.0893 5084 secdrv - ok
23:57:20.0355 5084 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:57:20.0361 5084 seclogon - ok
23:57:25.0928 5084 SecureStorageService (f3d951071c624137430fe65a67541ef9) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
23:57:26.0434 5084 SecureStorageService - ok
23:57:27.0055 5084 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:57:27.0059 5084 SENS - ok
23:57:27.0074 5084 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:57:27.0077 5084 SensrSvc - ok
23:57:27.0605 5084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:57:27.0606 5084 Serenum - ok
23:57:27.0629 5084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:57:27.0637 5084 Serial - ok
23:57:27.0641 5084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:57:27.0642 5084 sermouse - ok
23:57:27.0717 5084 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:57:27.0720 5084 SessionEnv - ok
23:57:27.0763 5084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:57:27.0764 5084 sffdisk - ok
23:57:27.0768 5084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:57:27.0768 5084 sffp_mmc - ok
23:57:27.0773 5084 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:57:27.0774 5084 sffp_sd - ok
23:57:27.0778 5084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:57:27.0779 5084 sfloppy - ok
23:57:27.0964 5084 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:57:28.0258 5084 SharedAccess - ok
23:57:28.0389 5084 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:57:28.0394 5084 ShellHWDetection - ok
23:57:28.0478 5084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:57:28.0479 5084 SiSRaid2 - ok
23:57:28.0489 5084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:57:28.0490 5084 SiSRaid4 - ok
23:57:28.0561 5084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:57:28.0564 5084 Smb - ok
23:57:28.0638 5084 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:57:28.0640 5084 SNMPTRAP - ok
23:57:28.0699 5084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:57:28.0701 5084 spldr - ok
23:57:28.0853 5084 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:57:28.0904 5084 Spooler - ok
23:57:29.0996 5084 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:57:30.0072 5084 sppsvc - ok
23:57:30.0739 5084 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:57:30.0749 5084 sppuinotify - ok
23:57:31.0602 5084 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:57:31.0628 5084 srv - ok
23:57:31.0873 5084 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:57:31.0887 5084 srv2 - ok
23:57:32.0331 5084 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:57:32.0655 5084 srvnet - ok
23:57:32.0960 5084 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:57:33.0001 5084 SSDPSRV - ok
23:57:33.0325 5084 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:57:33.0346 5084 SstpSvc - ok
23:57:33.0865 5084 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
23:57:33.0887 5084 STacSV - ok
23:57:33.0942 5084 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
23:57:33.0943 5084 stdcfltn - ok
23:57:34.0076 5084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:57:34.0119 5084 stexstor - ok
23:57:34.0891 5084 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
23:57:34.0945 5084 STHDA - ok
23:57:35.0057 5084 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:57:35.0073 5084 stisvc - ok
23:57:36.0852 5084 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:57:37.0021 5084 stllssvr - ok
23:57:37.0124 5084 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:57:37.0128 5084 StorSvc - ok
23:57:37.0272 5084 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:57:37.0275 5084 storvsc - ok
23:57:37.0321 5084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:57:37.0323 5084 swenum - ok
23:57:37.0444 5084 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:57:37.0450 5084 swprv - ok
23:57:37.0582 5084 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
23:57:37.0583 5084 SynthVid - ok
23:57:37.0790 5084 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:57:37.0840 5084 SysMain - ok
23:57:38.0649 5084 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:57:38.0653 5084 TabletInputService - ok
23:57:38.0884 5084 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:57:39.0340 5084 TapiSrv - ok
23:57:39.0439 5084 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:57:39.0441 5084 TBS - ok
23:57:41.0700 5084 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:57:41.0775 5084 Tcpip - ok
23:57:44.0448 5084 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:57:44.0458 5084 TCPIP6 - ok
23:57:45.0403 5084 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:57:45.0407 5084 tcpipreg - ok
23:57:45.0797 5084 tcsd_win32.exe (e42d560e2163480e7b586b14abeb3386) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
23:57:45.0877 5084 tcsd_win32.exe - ok
23:57:47.0684 5084 TdmService (347d6407c90c0b6ac82f8249eba9a482) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
23:57:47.0796 5084 TdmService - ok
23:57:48.0747 5084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:57:48.0748 5084 TDPIPE - ok
23:57:48.0912 5084 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:57:48.0935 5084 TDTCP - ok
23:57:49.0029 5084 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:57:49.0036 5084 tdx - ok
23:57:49.0072 5084 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:57:49.0073 5084 TermDD - ok
23:57:49.0159 5084 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:57:49.0177 5084 TermService - ok
23:57:49.0220 5084 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:57:49.0222 5084 Themes - ok
23:57:49.0299 5084 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:57:49.0303 5084 THREADORDER - ok
23:57:49.0429 5084 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:57:49.0434 5084 TrkWks - ok
23:57:49.0557 5084 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:57:49.0579 5084 TrustedInstaller - ok
23:57:49.0631 5084 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:57:49.0632 5084 tssecsrv - ok
23:57:49.0666 5084 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:57:49.0667 5084 TsUsbFlt - ok
23:57:49.0672 5084 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:57:49.0674 5084 TsUsbGD - ok
23:57:49.0729 5084 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:57:49.0731 5084 tunnel - ok
23:57:49.0741 5084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:57:49.0742 5084 uagp35 - ok
23:57:49.0806 5084 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:57:49.0814 5084 udfs - ok
23:57:49.0897 5084 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:57:49.0903 5084 UI0Detect - ok
23:57:49.0917 5084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:57:49.0918 5084 uliagpkx - ok
23:57:50.0374 5084 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:57:50.0375 5084 umbus - ok
23:57:51.0097 5084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:57:51.0099 5084 UmPass - ok
23:57:51.0203 5084 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:57:51.0213 5084 UmRdpService - ok
23:57:53.0924 5084 UNS (07ae0c9f64c4d83abaa816ee23548d6d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:57:54.0000 5084 UNS - ok
23:57:54.0822 5084 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:57:54.0866 5084 upnphost - ok
23:57:55.0437 5084 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
23:57:55.0481 5084 usbccgp - ok
23:57:55.0601 5084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:57:55.0649 5084 usbcir - ok
23:57:55.0742 5084 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:57:55.0751 5084 usbehci - ok
23:57:57.0941 5084 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
23:57:58.0057 5084 usbhub - ok
23:57:58.0409 5084 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:57:58.0432 5084 usbohci - ok
23:57:58.0486 5084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:57:58.0488 5084 usbprint - ok
23:57:58.0552 5084 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:57:58.0554 5084 USBSTOR - ok
23:57:58.0853 5084 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:57:58.0875 5084 usbuhci - ok
23:57:58.0937 5084 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:57:58.0947 5084 UxSms - ok
23:57:59.0137 5084 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:57:59.0141 5084 VaultSvc - ok
23:57:59.0228 5084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:57:59.0231 5084 vdrvroot - ok
23:57:59.0505 5084 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:57:59.0708 5084 vds - ok
23:57:59.0905 5084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:57:59.0906 5084 vga - ok
23:57:59.0910 5084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:57:59.0912 5084 VgaSave - ok
23:58:00.0010 5084 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:58:00.0015 5084 vhdmp - ok
23:58:00.0048 5084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:58:00.0049 5084 viaide - ok
23:58:00.0083 5084 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:58:00.0085 5084 VMBusHID - ok
23:58:00.0144 5084 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:58:00.0145 5084 volmgr - ok
23:58:00.0193 5084 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:58:00.0219 5084 volmgrx - ok
23:58:01.0929 5084 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:58:01.0971 5084 volsnap - ok
23:58:02.0146 5084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:58:02.0148 5084 vsmraid - ok
23:58:02.0865 5084 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:58:03.0056 5084 VSS - ok
23:58:03.0949 5084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:58:03.0950 5084 vwifibus - ok
23:58:04.0007 5084 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:58:04.0008 5084 vwififlt - ok
23:58:04.0150 5084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:58:04.0555 5084 W32Time - ok
23:58:04.0619 5084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:58:04.0621 5084 WacomPen - ok
23:58:04.0729 5084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:04.0733 5084 WANARP - ok
23:58:04.0765 5084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:04.0765 5084 Wanarpv6 - ok
23:58:05.0578 5084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:58:05.0660 5084 WatAdminSvc - ok
23:58:05.0954 5084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:58:06.0331 5084 wbengine - ok
23:58:06.0869 5084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:58:06.0886 5084 WbioSrvc - ok
23:58:06.0937 5084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:58:06.0942 5084 wcncsvc - ok
23:58:06.0983 5084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:58:06.0985 5084 WcsPlugInService - ok
23:58:07.0308 5084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:58:07.0309 5084 Wd - ok
23:58:07.0414 5084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:58:07.0481 5084 Wdf01000 - ok
23:58:07.0541 5084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:58:07.0544 5084 WdiServiceHost - ok
23:58:07.0548 5084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:58:07.0551 5084 WdiSystemHost - ok
23:58:07.0604 5084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:58:07.0608 5084 WebClient - ok
23:58:07.0646 5084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:58:07.0651 5084 Wecsvc - ok
23:58:07.0668 5084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:58:07.0673 5084 wercplsupport - ok
23:58:07.0745 5084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:58:07.0747 5084 WerSvc - ok
23:58:08.0083 5084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:58:08.0086 5084 WfpLwf - ok
23:58:08.0109 5084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:58:08.0110 5084 WIMMount - ok
23:58:08.0398 5084 WinDefend - ok
23:58:08.0403 5084 WinHttpAutoProxySvc - ok
23:58:08.0832 5084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:58:08.0838 5084 Winmgmt - ok
23:58:09.0474 5084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:58:09.0561 5084 WinRM - ok
23:58:11.0517 5084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
23:58:11.0557 5084 WinUsb - ok
23:58:11.0907 5084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:58:11.0957 5084 Wlansvc - ok
23:58:13.0399 5084 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:58:13.0554 5084 wlcrasvc - ok
23:58:14.0740 5084 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:58:14.0842 5084 wlidsvc - ok
23:58:15.0045 5084 wltrysvc (55dbb16fdc57808615323389241fdc99) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
23:58:15.0047 5084 wltrysvc - ok
23:58:16.0568 5084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:58:16.0569 5084 WmiAcpi - ok
23:58:17.0199 5084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:58:17.0407 5084 wmiApSrv - ok
23:58:17.0577 5084 WMPNetworkSvc - ok
23:58:17.0648 5084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:58:17.0654 5084 WPCSvc - ok
23:58:17.0666 5084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:58:17.0669 5084 WPDBusEnum - ok
23:58:17.0807 5084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:58:17.0809 5084 ws2ifsl - ok
23:58:17.0988 5084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:58:17.0996 5084 wscsvc - ok
23:58:17.0999 5084 WSearch - ok
23:58:18.0563 5084 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:58:18.0644 5084 wuauserv - ok
23:58:19.0919 5084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:58:19.0921 5084 WudfPf - ok
23:58:21.0040 5084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:21.0072 5084 WUDFRd - ok
23:58:21.0186 5084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:58:21.0205 5084 wudfsvc - ok
23:58:21.0326 5084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:58:21.0336 5084 WwanSvc - ok
23:58:21.0452 5084 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
23:58:21.0506 5084 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:58:21.0506 5084 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:58:21.0552 5084 Boot (0x1200) (12c5d695044d6a9690ce94a7bc6b2d51) \Device\Harddisk0\DR0\Partition0
23:58:21.0555 5084 \Device\Harddisk0\DR0\Partition0 - ok
23:58:21.0575 5084 Boot (0x1200) (6e512f13289d4f4b687d4c30fdca9807) \Device\Harddisk0\DR0\Partition1
23:58:21.0578 5084 \Device\Harddisk0\DR0\Partition1 - ok
23:58:21.0579 5084 ============================================================
23:58:21.0579 5084 Scan finished
23:58:21.0579 5084 ============================================================
23:58:21.0596 5076 Detected object count: 1
23:58:21.0596 5076 Actual detected object count: 1
00:03:05.0329 5076 \Device\Harddisk0\DR0\# - copied to quarantine
00:03:05.0330 5076 \Device\Harddisk0\DR0 - copied to quarantine
00:03:24.0854 5076 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:03:24.0858 5076 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:03:24.0893 5076 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:03:25.0443 5076 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:03:25.0714 5076 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:03:28.0001 5076 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:03:31.0071 5076 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:03:38.0068 5076 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:03:41.0118 5076 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:03:43.0116 5076 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:03:45.0559 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:03:47.0735 5076 \Device\Harddisk0\DR0 - ok
00:03:49.0578 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
00:04:15.0521 4724 Deinitialize success



**********************
**********************
**********************




**********************
**********************
**********************

aswMBR Log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 00:09:51
-----------------------------
00:09:51.489 OS Version: Windows x64 6.1.7601 Service Pack 1
00:09:51.489 Number of processors: 4 586 0x2A07
00:09:51.489 ComputerName: PREMIER-PC UserName: Premier
00:09:52.425 Initialize success
00:10:25.410 AVAST engine defs: 12052501
00:10:38.124 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:10:38.124 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
00:10:38.156 Disk 0 MBR read successfully
00:10:38.156 Disk 0 MBR scan
00:10:38.156 Disk 0 Windows VISTA default MBR code
00:10:38.171 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
00:10:38.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
00:10:38.202 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
00:10:38.234 Disk 0 scanning C:\Windows\system32\drivers
00:10:49.700 Service scanning
00:11:24.971 Modules scanning
00:11:24.987 Disk 0 trace - called modules:
00:11:24.987
00:11:26.001 AVAST engine scan C:\Windows
00:11:29.043 AVAST engine scan C:\Windows\system32
00:14:12.219 AVAST engine scan C:\Windows\system32\drivers
00:14:22.484 AVAST engine scan C:\Users\Premier
00:15:22.232 AVAST engine scan C:\ProgramData
00:15:37.161 File: C:\ProgramData\Microsoft\Windows\DRM\27D0.tmp **INFECTED** Win32:Malware-gen
00:15:37.239 File: C:\ProgramData\Microsoft\Windows\DRM\27D1.tmp **INFECTED** Win32:Malware-gen
00:15:51.279 Scan finished successfully
00:16:04.804 Disk 0 MBR has been saved successfully to "C:\Users\Premier\Desktop\MBR.dat"
00:16:04.820 The log file has been saved successfully to "C:\Users\Premier\Desktop\aswMBR.txt"


*************
*************
*************




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users