Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

B.Gen trojan, Agent.BA trojan, Conedex.B trojan


  • This topic is locked This topic is locked
18 replies to this topic

#1 blade12

blade12

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 07 August 2012 - 03:21 PM

Hello there. First, ESET NOD32 showed me that Z:\Windows\system32\services.exe was infected with Win64/Patched.B.Gen trojan. Says "Event occurred during an attempt to access the file by the application: Z:\Windows\System32\svchost.exe"

It also shows couple other infections: Agent.BA trojan, Conedex.B trojan and Sirefef.AP trojan (these 3 are shown in Z:\Windows\installer folder). I let NOD32 delete Sirefef.AP but once I restarted my pc, it told me that 3 required windows services were disabled: Base Filtering Engine, IPsec Policy Agent and IKE and AuthIP IPsec Keyring Modules. I can't enable them anymore..

Malwarebytes found Rootkit.0Access, which I deleted (it keeps coming up everytime I scan with malwarebytes even if I delete). For couple weeks now, I have been getting random infected signs from eset nod32. Finally, I decided to make the post here..

Thanks in advance!

--I have windows 7 64-bit so I didn't scan with GMER.

As for the logs of DDS...


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Harsh at 16:14:26 on 2012-08-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2501 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
Z:\Windows\system32\wininit.exe
Z:\Windows\system32\lsm.exe
Z:\Windows\system32\svchost.exe -k DcomLaunch
Z:\Windows\system32\nvvsvc.exe
Z:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Z:\Windows\system32\svchost.exe -k RPCSS
Z:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Z:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Z:\Windows\system32\svchost.exe -k netsvcs
Z:\Windows\system32\svchost.exe -k LocalService
Z:\Windows\system32\WUDFHost.exe
Z:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Z:\Windows\system32\nvvsvc.exe
Z:\Windows\system32\WUDFHost.exe
Z:\Windows\system32\svchost.exe -k NetworkService
Z:\Windows\System32\spoolsv.exe
Z:\Windows\system32\taskhost.exe
Z:\Program Files\Soluto\soluto.exe
Z:\Windows\system32\Dwm.exe
Z:\Windows\Explorer.EXE
Z:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
Z:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
Z:\Windows\system32\taskeng.exe
Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
Z:\Program Files (x86)\Skype\Updater\Updater.exe
Z:\Program Files\Soluto\SolutoService.exe
Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
Z:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Z:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Z:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Z:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Z:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Z:\Program Files\Windows Media Player\WMPSideShowGadget.exe
Z:\Program Files (x86)\Windows Media Player\wmplayer.exe
Z:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Z:\Windows\system32\taskhost.exe
Z:\Windows\SysWOW64\cmd.exe
Z:\Windows\system32\conhost.exe
Z:\Windows\SysWOW64\cscript.exe
Z:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - Z:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - Z:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - Z:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - Z:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Z:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - Z:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Z:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [PeerBlock] Z:\Program Files\PeerBlock\peerblock.exe
StartupFolder: Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled
StartupFolder: Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk.disabled
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with pod-works-platinum - Z:\Program Files (x86)\ImTOO\PodWorks Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - Z:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - Z:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - Z:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{0CF0BB43-C8A6-418D-AC51-B3170BB82810} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Z:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: Z:\PROGRA~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "Z:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - Z:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - Z:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - Z:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Z:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - Z:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
AppInit_DLLs-X64: Z:\PROGRA~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - plugin: Z:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: Z:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: Z:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: Z:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: Z:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: Z:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: Z:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: Z:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: Z:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: Z:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: Z:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: Z:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: Z:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: Z:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;Z:\Windows\system32\DRIVERS\Soluto.sys --> Z:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 SASDIFSV;SASDIFSV;Z:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;Z:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;Z:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ekrn;ESET Service;Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 GEST Service;GEST Service for program management.;Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2010-11-25 68136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 SkypeUpdate;Skype Updater;Z:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
R2 SolutoService;Soluto PCGenome Core Service;Z:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 TomTomHOMEService;TomTomHOMEService;Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632]
R3 DAdderFltr;DeathAdder Mouse;Z:\Windows\system32\drivers\dadder.sys --> Z:\Windows\system32\drivers\dadder.sys [?]
R3 dfmirage;dfmirage;Z:\Windows\system32\DRIVERS\dfmirage.sys --> Z:\Windows\system32\DRIVERS\dfmirage.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;Z:\Windows\system32\DRIVERS\dtsoftbus01.sys --> Z:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-8-31 26752]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;Z:\Windows\system32\drivers\LGBusEnum.sys --> Z:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;Z:\Windows\system32\DRIVERS\Rt64win7.sys --> Z:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);Z:\Windows\system32\DRIVERS\tap0901t.sys --> Z:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;Z:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;Z:\Windows\system32\DRIVERS\epfwwfpr.sys --> Z:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-27 1262400]
S3 AdobeARMservice;Adobe Acrobat Update Service;Z:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;Z:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-20 250056]
S3 Akamai;Akamai NetSession Interface;Z:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S3 cpudrv64;cpudrv64;Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 CYUSB;Cypress Generic USB Driver;Z:\Windows\system32\Drivers\CYUSB.sys --> Z:\Windows\system32\Drivers\CYUSB.sys [?]
S3 DrvAgent64;DrvAgent64;Z:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-10-26 21712]
S3 etdrv;etdrv;Z:\Windows\etdrv.sys [2010-11-27 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;Z:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-10-22 130976]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;Z:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-4-7 30192]
S3 gupdate;Google Update Service (gupdate);Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 136176]
S3 gupdatem;Google Update Service (gupdatem);Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 136176]
S3 GVTDrv64;GVTDrv64;Z:\Windows\GVTDrv64.sys [2010-11-27 30528]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;Z:\Windows\system32\drivers\LGVirHid.sys --> Z:\Windows\system32\drivers\LGVirHid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;Z:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-3 129976]
S3 pbfilter;pbfilter;Z:\Program Files\PeerBlock\pbfilter.sys [2010-8-27 24176]
S3 pwdrvio;pwdrvio;\??\Z:\Windows\system32\pwdrvio.sys --> Z:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\Z:\Windows\system32\pwdspio.sys --> Z:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;Z:\Windows\system32\drivers\rdpvideominiport.sys --> Z:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SBSDWSCService;SBSD Security Center Service;Z:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-27 1153368]
S3 teamviewervpn;TeamViewer VPN Adapter;Z:\Windows\system32\DRIVERS\teamviewervpn.sys --> Z:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TipCtrl;TipCtrl;"Z:\Program Files (x86)\uTIPu\TipCtrl.exe" --> Z:\Program Files (x86)\uTIPu\TipCtrl.exe [?]
S3 TsUsbFlt;TsUsbFlt;Z:\Windows\system32\drivers\tsusbflt.sys --> Z:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TunngleService;TunngleService;Z:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-5 736104]
S3 WatAdminSvc;Windows Activation Technologies Service;Z:\Windows\system32\Wat\WatAdminSvc.exe --> Z:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;Z:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-7-16 14544]
.
=============== Created Last 30 ================
.
2012-08-06 02:35:46 -------- d-----w- Z:\ProgramData\TomTom
2012-08-06 02:28:31 -------- d-----w- Z:\Users\Harsh\AppData\Roaming\TomTom
2012-08-06 02:27:58 -------- d-----w- Z:\Program Files (x86)\TomTom HOME 2
2012-08-06 02:26:39 -------- d-----w- Z:\Users\Harsh\AppData\Local\Downloaded Installations
2012-08-06 02:23:28 -------- d-----w- Z:\Users\Harsh\AppData\Local\TomTom
2012-08-06 02:23:25 -------- d-----w- Z:\Program Files (x86)\TomTom International B.V
2012-08-03 18:38:24 9133488 ----a-w- Z:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E02090EC-A4C2-4CF8-A5A6-926D1AFDAEE0}\mpengine.dll
2012-08-01 18:17:15 -------- d-----w- Z:\Users\Harsh\AppData\Local\{81443904-A2BA-4515-9CCF-96010FEBCFCC}
2012-08-01 18:16:54 -------- d-----w- Z:\Users\Harsh\AppData\Local\{5ED1E6AA-532F-45E3-8312-09BE5523CDAB}
2012-07-30 03:11:33 -------- d-----w- Z:\$RECYCLE.BIN
2012-07-30 02:54:18 -------- d-----w- Z:\TDSSKiller_Quarantine
2012-07-26 17:51:18 3148800 ----a-w- Z:\Windows\System32\win32k.sys
2012-07-25 21:12:13 -------- d-----w- Z:\Users\Harsh\temp
2012-07-24 02:09:17 -------- d-----w- Z:\Program Files (x86)\NirSoft
2012-07-18 18:21:43 -------- d-----w- Z:\Users\Harsh\AppData\Local\{93A93028-3509-4B4E-8CD1-D4B6DB31B100}
2012-07-18 18:21:21 -------- d-----w- Z:\Users\Harsh\AppData\Local\{66E08629-D627-4568-950E-97D69DA56CB4}
2012-07-17 17:51:31 -------- d-----w- Z:\Users\Harsh\AppData\Local\{7FC47060-6364-465D-9495-253CD6AB74F0}
2012-07-17 17:51:10 -------- d-----w- Z:\Users\Harsh\AppData\Local\{623E0AC5-730C-48DC-9BA7-828F1B2BE2CF}
2012-07-12 23:42:20 -------- d-----w- Z:\Users\Harsh\AppData\Local\{77E0E69F-C16C-4DF7-8FC1-E45575FDF72B}
2012-07-12 23:41:58 -------- d-----w- Z:\Users\Harsh\AppData\Local\{25E66DB1-DBD7-408B-A8F2-34190E58F4AC}
2012-07-11 18:18:21 -------- d-----w- Z:\Users\Harsh\AppData\Local\{AB037AAD-4CAC-44CE-AD75-9CDF3CC2AFE4}
2012-07-11 18:18:00 -------- d-----w- Z:\Users\Harsh\AppData\Local\{085E027D-2240-432E-B57D-0B4BDD54178F}
2012-07-11 01:46:23 -------- d-----w- Z:\Users\Harsh\AppData\Local\{0B23BA1D-849A-411A-B5A4-75097456B563}
2012-07-11 01:46:02 -------- d-----w- Z:\Users\Harsh\AppData\Local\{30BF59BE-626C-4CE7-865E-61750F7B0F72}
2012-07-09 17:47:05 -------- d-----w- Z:\Users\Harsh\AppData\Local\{F06C0D7A-FA24-4065-BB79-AC13CDBA79BC}
2012-07-09 17:46:44 -------- d-----w- Z:\Users\Harsh\AppData\Local\{6514BDA9-9B23-40B2-9617-916B80B9F9A9}
.
==================== Find3M ====================
.
2012-08-07 20:13:41 25640 ----a-w- Z:\Windows\gdrv.sys
2012-08-03 04:38:16 70344 ----a-w- Z:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 04:38:16 426184 ----a-w- Z:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- Z:\Windows\System32\drivers\mbam.sys
2012-06-18 17:34:44 19032 ------w- Z:\Windows\System32\pwdrvio.sys
2012-06-18 17:34:42 2966720 ----a-w- Z:\Windows\System32\pwNative.exe
2012-06-18 17:34:42 12384 ------w- Z:\Windows\System32\pwdspio.sys
2012-06-06 06:06:16 2004480 ----a-w- Z:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- Z:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- Z:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- Z:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- Z:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- Z:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- Z:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- Z:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- Z:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- Z:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- Z:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- Z:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- Z:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- Z:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- Z:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- Z:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- Z:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- Z:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- Z:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- Z:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- Z:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- Z:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- Z:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- Z:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- Z:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- Z:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- Z:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- Z:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- Z:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- Z:\Windows\System32\MpSigStub.exe
2012-05-15 09:29:47 889664 ----a-w- Z:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- Z:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- Z:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- Z:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- Z:\Windows\System32\nvcpl.dll
.
============= FINISH: 16:16:05.03 ===============

Attached Files


Edited by blade12, 07 August 2012 - 04:53 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 12 August 2012 - 03:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464278 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 blade12

blade12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 12 August 2012 - 07:45 PM

Description of problem I'm having:

Hello there. First, ESET NOD32 showed me that Z:\Windows\system32\services.exe was infected with Win64/Patched.B.Gen trojan. Says "Event occurred during an attempt to access the file by the application: Z:\Windows\System32\svchost.exe"

It also shows couple other infections: Agent.BA trojan, Conedex.B trojan and Sirefef.AP trojan (these 3 are shown in Z:\Windows\installer folder). I let NOD32 delete Sirefef.AP but once I restarted my pc, it told me that 3 required windows services were disabled: Base Filtering Engine, IPsec Policy Agent and IKE and AuthIP IPsec Keyring Modules. I can't enable them anymore..

Malwarebytes found Rootkit.0Access, which I deleted (it keeps coming up everytime I scan with malwarebytes even if I delete). For couple weeks now, I have been getting random infected signs from eset nod32.


--I have windows 7 ultimate 64-bit so I didn't scan with GMER.
--I don't have original windows 7 dvd handy but I can find it only if it was absolutely necessary

Thanks!

New DDS logs (Attach text file from DDS is attached below):

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Harsh at 20:39:18 on 2012-08-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2472 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
Z:\Windows\system32\wininit.exe
Z:\Windows\system32\lsm.exe
Z:\Windows\system32\svchost.exe -k DcomLaunch
Z:\Windows\system32\nvvsvc.exe
Z:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Z:\Windows\system32\svchost.exe -k RPCSS
Z:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Z:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Z:\Windows\system32\svchost.exe -k netsvcs
Z:\Windows\system32\svchost.exe -k LocalService
Z:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Z:\Windows\system32\nvvsvc.exe
Z:\Windows\system32\WUDFHost.exe
Z:\Windows\system32\WUDFHost.exe
Z:\Windows\system32\svchost.exe -k NetworkService
Z:\Windows\System32\spoolsv.exe
Z:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Z:\Windows\system32\taskhost.exe
Z:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
Z:\Windows\system32\Dwm.exe
Z:\Program Files\Soluto\soluto.exe
Z:\Windows\Explorer.EXE
Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
Z:\Windows\system32\taskeng.exe
Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Z:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Z:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
Z:\Program Files\PeerBlock\peerblock.exe
Z:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Z:\Program Files (x86)\Windows Media Player\wmplayer.exe
Z:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Z:\Program Files\Soluto\SolutoService.exe
Z:\Windows\system32\taskhost.exe
Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
Z:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Z:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Z:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Z:\Program Files (x86)\Mozilla Firefox\firefox.exe
Z:\Program Files (x86)\mIRC`\mirc.exe
Z:\Windows\servicing\TrustedInstaller.exe
Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Z:\Windows\system32\sppsvc.exe
Z:\Windows\system32\taskeng.exe
Z:\Windows\SysWOW64\cmd.exe
Z:\Windows\system32\conhost.exe
Z:\Windows\SysWOW64\cscript.exe
Z:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - Z:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - Z:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - Z:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - Z:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Z:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - Z:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Z:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [PeerBlock] Z:\Program Files\PeerBlock\peerblock.exe
StartupFolder: Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled
StartupFolder: Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk.disabled
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with pod-works-platinum - Z:\Program Files (x86)\ImTOO\PodWorks Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - Z:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - Z:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - Z:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0CF0BB43-C8A6-418D-AC51-B3170BB82810} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Z:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: Z:\PROGRA~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "Z:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - Z:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - Z:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - Z:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Z:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - Z:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
AppInit_DLLs-X64: Z:\PROGRA~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - plugin: Z:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: Z:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: Z:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: Z:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: Z:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: Z:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: Z:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: Z:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: Z:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: Z:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: Z:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: Z:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: Z:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: Z:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: Z:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;Z:\Windows\system32\DRIVERS\Soluto.sys --> Z:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 SASDIFSV;SASDIFSV;Z:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;Z:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;Z:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ekrn;ESET Service;Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;Z:\Windows\system32\DRIVERS\epfwwfpr.sys --> Z:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 GEST Service;GEST Service for program management.;Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2010-11-25 68136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 nvUpdatusService;NVIDIA Update Service Daemon;Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-27 1262400]
R2 SolutoService;Soluto PCGenome Core Service;Z:\Program Files\Soluto\SolutoService.exe [2012-8-7 598032]
R2 TomTomHOMEService;TomTomHOMEService;Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632]
R3 DAdderFltr;DeathAdder Mouse;Z:\Windows\system32\drivers\dadder.sys --> Z:\Windows\system32\drivers\dadder.sys [?]
R3 dfmirage;dfmirage;Z:\Windows\system32\DRIVERS\dfmirage.sys --> Z:\Windows\system32\DRIVERS\dfmirage.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;Z:\Windows\system32\DRIVERS\dtsoftbus01.sys --> Z:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-8-31 26752]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;Z:\Windows\system32\drivers\LGBusEnum.sys --> Z:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 pbfilter;pbfilter;Z:\Program Files\PeerBlock\pbfilter.sys [2010-8-27 24176]
R3 RTL8167;Realtek 8167 NT Driver;Z:\Windows\system32\DRIVERS\Rt64win7.sys --> Z:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);Z:\Windows\system32\DRIVERS\tap0901t.sys --> Z:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;Z:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;Z:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeARMservice;Adobe Acrobat Update Service;Z:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;Z:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-20 250056]
S3 cpudrv64;cpudrv64;Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 CYUSB;Cypress Generic USB Driver;Z:\Windows\system32\Drivers\CYUSB.sys --> Z:\Windows\system32\Drivers\CYUSB.sys [?]
S3 DrvAgent64;DrvAgent64;Z:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-10-26 21712]
S3 etdrv;etdrv;Z:\Windows\etdrv.sys [2010-11-27 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;Z:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-10-22 130976]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;Z:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-4-7 30192]
S3 gupdate;Google Update Service (gupdate);Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 136176]
S3 gupdatem;Google Update Service (gupdatem);Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 136176]
S3 GVTDrv64;GVTDrv64;Z:\Windows\GVTDrv64.sys [2010-11-27 30528]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;Z:\Windows\system32\drivers\LGVirHid.sys --> Z:\Windows\system32\drivers\LGVirHid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;Z:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-3 129976]
S3 pwdrvio;pwdrvio;\??\Z:\Windows\system32\pwdrvio.sys --> Z:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\Z:\Windows\system32\pwdspio.sys --> Z:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;Z:\Windows\system32\drivers\rdpvideominiport.sys --> Z:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SBSDWSCService;SBSD Security Center Service;Z:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-27 1153368]
S3 teamviewervpn;TeamViewer VPN Adapter;Z:\Windows\system32\DRIVERS\teamviewervpn.sys --> Z:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TipCtrl;TipCtrl;"Z:\Program Files (x86)\uTIPu\TipCtrl.exe" --> Z:\Program Files (x86)\uTIPu\TipCtrl.exe [?]
S3 TsUsbFlt;TsUsbFlt;Z:\Windows\system32\drivers\tsusbflt.sys --> Z:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TunngleService;TunngleService;Z:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-5 736104]
S3 WatAdminSvc;Windows Activation Technologies Service;Z:\Windows\system32\Wat\WatAdminSvc.exe --> Z:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;Z:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-7-16 14544]
.
=============== Created Last 30 ================
.
2012-08-11 05:24:52 -------- d-----w- Z:\Users\Harsh\AppData\Local\{25B0034B-51EC-436D-9B9B-322B840CF3CB}
2012-08-10 17:24:04 -------- d-----w- Z:\Users\Harsh\AppData\Local\{5113A6B4-B6EA-4CB0-BBD7-77A3E3D543C2}
2012-08-10 17:23:43 -------- d-----w- Z:\Users\Harsh\AppData\Local\{D46FC4F7-067D-41DC-A804-AD4D62C57E05}
2012-08-10 02:33:06 -------- d-----w- Z:\Users\Harsh\AppData\Local\{0D02892D-82AD-4D66-BCA5-19CBD0B58739}
2012-08-10 02:32:45 -------- d-----w- Z:\Users\Harsh\AppData\Local\{41ED9717-0CD2-46D4-9E3A-9F471918BF08}
2012-08-09 18:00:39 54728 ----a-w- Z:\Windows\System32\drivers\Soluto.sys
2012-08-09 18:00:38 -------- d-----w- Z:\Program Files\Soluto
2012-08-09 02:27:07 -------- d-----w- Z:\Program Files (x86)\Common Files\Symantec Shared
2012-08-09 02:24:45 -------- d-----w- Z:\ProgramData\NortonInstaller
2012-08-09 02:21:27 -------- d-----w- Z:\ProgramData\Norton
2012-08-09 01:08:45 -------- d-----w- Z:\Users\Harsh\AppData\Local\{8CA1C426-FA91-46F3-892B-7FD9BA0B0595}
2012-08-09 01:08:24 -------- d-----w- Z:\Users\Harsh\AppData\Local\{68433375-EB40-46C3-AC27-01F7D8867E0B}
2012-08-07 23:48:45 -------- d-----w- Z:\Program Files (x86)\Windows Resource Kits
2012-08-07 20:56:18 -------- d-----w- Z:\Program Files (x86)\mIRC`
2012-08-06 02:35:46 -------- d-----w- Z:\ProgramData\TomTom
2012-08-06 02:28:31 -------- d-----w- Z:\Users\Harsh\AppData\Roaming\TomTom
2012-08-06 02:27:58 -------- d-----w- Z:\Program Files (x86)\TomTom HOME 2
2012-08-06 02:26:39 -------- d-----w- Z:\Users\Harsh\AppData\Local\Downloaded Installations
2012-08-06 02:23:28 -------- d-----w- Z:\Users\Harsh\AppData\Local\TomTom
2012-08-06 02:23:25 -------- d-----w- Z:\Program Files (x86)\TomTom International B.V
2012-08-03 18:38:24 9133488 ----a-w- Z:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E02090EC-A4C2-4CF8-A5A6-926D1AFDAEE0}\mpengine.dll
2012-08-01 18:17:15 -------- d-----w- Z:\Users\Harsh\AppData\Local\{81443904-A2BA-4515-9CCF-96010FEBCFCC}
2012-08-01 18:16:54 -------- d-----w- Z:\Users\Harsh\AppData\Local\{5ED1E6AA-532F-45E3-8312-09BE5523CDAB}
2012-07-30 03:11:33 -------- d-----w- Z:\$RECYCLE.BIN
2012-07-30 02:54:18 -------- d-----w- Z:\TDSSKiller_Quarantine
2012-07-26 17:51:18 3148800 ----a-w- Z:\Windows\System32\win32k.sys
2012-07-25 21:12:13 -------- d-----w- Z:\Users\Harsh\temp
2012-07-24 02:09:17 -------- d-----w- Z:\Program Files (x86)\NirSoft
2012-07-18 18:21:43 -------- d-----w- Z:\Users\Harsh\AppData\Local\{93A93028-3509-4B4E-8CD1-D4B6DB31B100}
2012-07-18 18:21:21 -------- d-----w- Z:\Users\Harsh\AppData\Local\{66E08629-D627-4568-950E-97D69DA56CB4}
2012-07-17 17:51:31 -------- d-----w- Z:\Users\Harsh\AppData\Local\{7FC47060-6364-465D-9495-253CD6AB74F0}
2012-07-17 17:51:10 -------- d-----w- Z:\Users\Harsh\AppData\Local\{623E0AC5-730C-48DC-9BA7-828F1B2BE2CF}
.
==================== Find3M ====================
.
2012-08-13 00:34:45 25640 ----a-w- Z:\Windows\gdrv.sys
2012-08-03 04:38:16 70344 ----a-w- Z:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 04:38:16 426184 ----a-w- Z:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- Z:\Windows\System32\drivers\mbam.sys
2012-06-18 17:34:44 19032 ------w- Z:\Windows\System32\pwdrvio.sys
2012-06-18 17:34:42 2966720 ----a-w- Z:\Windows\System32\pwNative.exe
2012-06-18 17:34:42 12384 ------w- Z:\Windows\System32\pwdspio.sys
2012-06-06 06:06:16 2004480 ----a-w- Z:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- Z:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- Z:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- Z:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- Z:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- Z:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- Z:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- Z:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- Z:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- Z:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- Z:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- Z:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- Z:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- Z:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- Z:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- Z:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- Z:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- Z:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- Z:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- Z:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- Z:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- Z:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- Z:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- Z:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- Z:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- Z:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- Z:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- Z:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- Z:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- Z:\Windows\System32\MpSigStub.exe
2012-05-15 09:29:47 889664 ----a-w- Z:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- Z:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- Z:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- Z:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- Z:\Windows\System32\nvcpl.dll
.
============= FINISH: 20:40:55.07 ===============

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 AM

Posted 12 August 2012 - 09:29 PM

Greetings blade12 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for patiently waiting for assistance. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 AM

Posted 12 August 2012 - 10:03 PM

Greetings blade12,

It appears you have already run TDSSKiller and I would like to review those results before providing any steps.

In the mean time there are a few advisements I would like to offer for your consideration.


===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent and Stream Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent and Stream Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.


===================================================


Are you aware that Team Viewer is on your computer? That is perfectly fine as long as you are aware of its presence.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • Are you aware of Team Viewer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 blade12

blade12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 12 August 2012 - 10:43 PM

Hello there, Oh My!

-TDSSKiller log is below

-I uninstalled Spybot search&Destroy and also uninstalled Stream Torrent. I rarely use utorrent except maybe once a month, and I always stay far away from all public torrent/p2p websites.

-Teamviewer I used once to help somebody fix their computer. I remember I deleted it some time back though; seems like the driver for it got left behind.

-Just so you know, I still continue to get ESET Nod32 saying I have Patched.B.Gen trojan and few other trojans (Rootkit.0access also still shows up on MBAM). They don't show up on TDSS Rootkit for some reason

Thanks


23:19:45.0751 2112 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:19:46.0534 2112 ============================================================
23:19:46.0534 2112 Current date / time: 2012/08/12 23:19:46.0534
23:19:46.0534 2112 SystemInfo:
23:19:46.0534 2112
23:19:46.0534 2112 OS Version: 6.1.7601 ServicePack: 1.0
23:19:46.0534 2112 Product type: Workstation
23:19:46.0534 2112 ComputerName: HARSH-PC
23:19:46.0535 2112 UserName: Harsh
23:19:46.0535 2112 Windows directory: Z:\Windows
23:19:46.0535 2112 System windows directory: Z:\Windows
23:19:46.0535 2112 Running under WOW64
23:19:46.0535 2112 Processor architecture: Intel x64
23:19:46.0535 2112 Number of processors: 2
23:19:46.0535 2112 Page size: 0x1000
23:19:46.0535 2112 Boot type: Normal boot
23:19:46.0535 2112 ============================================================
23:19:47.0808 2112 Drive \Device\Harddisk2\DR2 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:19:47.0835 2112 Drive \Device\Harddisk0\DR0 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:19:47.0840 2112 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:19:47.0848 2112 ============================================================
23:19:47.0848 2112 \Device\Harddisk2\DR2:
23:19:47.0850 2112 MBR partitions:
23:19:47.0850 2112 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x7E, BlocksNum 0x950E443
23:19:47.0850 2112 \Device\Harddisk0\DR0:
23:19:47.0850 2112 MBR partitions:
23:19:47.0850 2112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x996051C
23:19:47.0850 2112 \Device\Harddisk1\DR1:
23:19:47.0851 2112 MBR partitions:
23:19:47.0851 2112 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x460025A
23:19:47.0851 2112 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x46014E6, BlocksNum 0x799CA35
23:19:47.0851 2112 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xBF9DF1B, BlocksNum 0x68767AA6
23:19:47.0851 2112 ============================================================
23:19:47.0870 2112 C: <-> \Device\Harddisk0\DR0\Partition0
23:19:47.0887 2112 F: <-> \Device\Harddisk2\DR2\Partition0
23:19:47.0913 2112 Z: <-> \Device\Harddisk1\DR1\Partition1
23:19:47.0962 2112 G: <-> \Device\Harddisk1\DR1\Partition2
23:19:47.0974 2112 X: <-> \Device\Harddisk1\DR1\Partition0
23:19:47.0974 2112 ============================================================
23:19:47.0974 2112 Initialize success
23:19:47.0974 2112 ============================================================
23:19:55.0802 2832 ============================================================
23:19:55.0802 2832 Scan started
23:19:55.0802 2832 Mode: Manual; SigCheck; TDLFS;
23:19:55.0802 2832 ============================================================
23:19:57.0637 2832 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) Z:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:19:57.0705 2832 !SASCORE - ok
23:19:57.0824 2832 1394ohci (a87d604aea360176311474c87a63bb88) Z:\Windows\system32\drivers\1394ohci.sys
23:19:57.0948 2832 1394ohci - ok
23:19:57.0999 2832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) Z:\Windows\system32\drivers\ACPI.sys
23:19:58.0023 2832 ACPI - ok
23:19:58.0033 2832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) Z:\Windows\system32\drivers\acpipmi.sys
23:19:58.0095 2832 AcpiPmi - ok
23:19:58.0165 2832 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) Z:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:19:58.0182 2832 AdobeARMservice - ok
23:19:58.0288 2832 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) Z:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:19:58.0308 2832 AdobeFlashPlayerUpdateSvc - ok
23:19:58.0353 2832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) Z:\Windows\system32\DRIVERS\adp94xx.sys
23:19:58.0431 2832 adp94xx - ok
23:19:58.0472 2832 adpahci (597f78224ee9224ea1a13d6350ced962) Z:\Windows\system32\DRIVERS\adpahci.sys
23:19:58.0544 2832 adpahci - ok
23:19:58.0564 2832 adpu320 (e109549c90f62fb570b9540c4b148e54) Z:\Windows\system32\DRIVERS\adpu320.sys
23:19:58.0591 2832 adpu320 - ok
23:19:58.0635 2832 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) Z:\Windows\System32\aelupsvc.dll
23:19:58.0693 2832 AeLookupSvc - ok
23:19:58.0743 2832 AFD (1c7857b62de5994a75b054a9fd4c3825) Z:\Windows\system32\drivers\afd.sys
23:19:58.0808 2832 AFD - ok
23:19:58.0857 2832 agp440 (608c14dba7299d8cb6ed035a68a15799) Z:\Windows\system32\drivers\agp440.sys
23:19:58.0901 2832 agp440 - ok
23:19:58.0919 2832 ALG (3290d6946b5e30e70414990574883ddb) Z:\Windows\System32\alg.exe
23:19:58.0993 2832 ALG - ok
23:19:59.0009 2832 aliide (5812713a477a3ad7363c7438ca2ee038) Z:\Windows\system32\drivers\aliide.sys
23:19:59.0044 2832 aliide - ok
23:19:59.0057 2832 amdide (1ff8b4431c353ce385c875f194924c0c) Z:\Windows\system32\drivers\amdide.sys
23:19:59.0092 2832 amdide - ok
23:19:59.0115 2832 AmdK8 (7024f087cff1833a806193ef9d22cda9) Z:\Windows\system32\DRIVERS\amdk8.sys
23:19:59.0177 2832 AmdK8 - ok
23:19:59.0443 2832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) Z:\Windows\system32\DRIVERS\amdppm.sys
23:19:59.0510 2832 AmdPPM - ok
23:19:59.0547 2832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) Z:\Windows\system32\drivers\amdsata.sys
23:19:59.0603 2832 amdsata - ok
23:19:59.0624 2832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) Z:\Windows\system32\DRIVERS\amdsbs.sys
23:19:59.0663 2832 amdsbs - ok
23:19:59.0685 2832 amdxata (540daf1cea6094886d72126fd7c33048) Z:\Windows\system32\drivers\amdxata.sys
23:19:59.0721 2832 amdxata - ok
23:19:59.0760 2832 AppID (89a69c3f2f319b43379399547526d952) Z:\Windows\system32\drivers\appid.sys
23:19:59.0843 2832 AppID - ok
23:19:59.0868 2832 AppIDSvc (0bc381a15355a3982216f7172f545de1) Z:\Windows\System32\appidsvc.dll
23:19:59.0932 2832 AppIDSvc - ok
23:19:59.0964 2832 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) Z:\Windows\System32\appinfo.dll
23:20:00.0012 2832 Appinfo - ok
23:20:00.0088 2832 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) Z:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:20:00.0103 2832 Apple Mobile Device - ok
23:20:00.0166 2832 AppMgmt (4aba3e75a76195a3e38ed2766c962899) Z:\Windows\System32\appmgmts.dll
23:20:00.0197 2832 AppMgmt - ok
23:20:00.0229 2832 arc (c484f8ceb1717c540242531db7845c4e) Z:\Windows\system32\DRIVERS\arc.sys
23:20:00.0266 2832 arc - ok
23:20:00.0273 2832 arcsas (019af6924aefe7839f61c830227fe79c) Z:\Windows\system32\DRIVERS\arcsas.sys
23:20:00.0291 2832 arcsas - ok
23:20:00.0589 2832 aspnet_state (9217d874131ae6ff8f642f124f00a555) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:20:00.0615 2832 aspnet_state - ok
23:20:00.0643 2832 AsyncMac (769765ce2cc62867468cea93969b2242) Z:\Windows\system32\DRIVERS\asyncmac.sys
23:20:00.0728 2832 AsyncMac - ok
23:20:00.0755 2832 atapi (02062c0b390b7729edc9e69c680a6f3c) Z:\Windows\system32\drivers\atapi.sys
23:20:00.0771 2832 atapi - ok
23:20:00.0808 2832 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) Z:\Windows\System32\Audiosrv.dll
23:20:00.0874 2832 AudioEndpointBuilder - ok
23:20:00.0883 2832 AudioSrv (f23fef6d569fce88671949894a8becf1) Z:\Windows\System32\Audiosrv.dll
23:20:00.0933 2832 AudioSrv - ok
23:20:00.0962 2832 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) Z:\Windows\System32\AxInstSV.dll
23:20:01.0170 2832 AxInstSV - ok
23:20:01.0225 2832 b06bdrv (3e5b191307609f7514148c6832bb0842) Z:\Windows\system32\DRIVERS\bxvbda.sys
23:20:01.0266 2832 b06bdrv - ok
23:20:01.0293 2832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) Z:\Windows\system32\DRIVERS\b57nd60a.sys
23:20:01.0351 2832 b57nd60a - ok
23:20:01.0387 2832 BDESVC (fde360167101b4e45a96f939f388aeb0) Z:\Windows\System32\bdesvc.dll
23:20:01.0439 2832 BDESVC - ok
23:20:01.0456 2832 Beep (16a47ce2decc9b099349a5f840654746) Z:\Windows\system32\drivers\Beep.sys
23:20:01.0507 2832 Beep - ok
23:20:01.0574 2832 BFE (82974d6a2fd19445cc5171fc378668a4) Z:\Windows\System32\bfe.dll
23:20:01.0639 2832 BFE - ok
23:20:01.0677 2832 BITS (1ea7969e3271cbc59e1730697dc74682) Z:\Windows\system32\qmgr.dll
23:20:01.0753 2832 BITS - ok
23:20:01.0793 2832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) Z:\Windows\system32\DRIVERS\blbdrive.sys
23:20:01.0836 2832 blbdrive - ok
23:20:01.0898 2832 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) Z:\Program Files\Bonjour\mDNSResponder.exe
23:20:01.0921 2832 Bonjour Service - ok
23:20:01.0974 2832 bowser (6c02a83164f5cc0a262f4199f0871cf5) Z:\Windows\system32\DRIVERS\bowser.sys
23:20:02.0030 2832 bowser - ok
23:20:02.0050 2832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) Z:\Windows\system32\DRIVERS\BrFiltLo.sys
23:20:02.0080 2832 BrFiltLo - ok
23:20:02.0094 2832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) Z:\Windows\system32\DRIVERS\BrFiltUp.sys
23:20:02.0115 2832 BrFiltUp - ok
23:20:02.0142 2832 BridgeMP (5c2f352a4e961d72518261257aae204b) Z:\Windows\system32\DRIVERS\bridge.sys
23:20:02.0212 2832 BridgeMP - ok
23:20:02.0227 2832 Browser (8ef0d5c41ec907751b8429162b1239ed) Z:\Windows\System32\browser.dll
23:20:02.0281 2832 Browser - ok
23:20:02.0302 2832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) Z:\Windows\System32\Drivers\Brserid.sys
23:20:02.0367 2832 Brserid - ok
23:20:02.0380 2832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) Z:\Windows\System32\Drivers\BrSerWdm.sys
23:20:02.0435 2832 BrSerWdm - ok
23:20:02.0446 2832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) Z:\Windows\System32\Drivers\BrUsbMdm.sys
23:20:02.0532 2832 BrUsbMdm - ok
23:20:02.0565 2832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) Z:\Windows\System32\Drivers\BrUsbSer.sys
23:20:02.0606 2832 BrUsbSer - ok
23:20:02.0646 2832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) Z:\Windows\system32\DRIVERS\bthmodem.sys
23:20:02.0694 2832 BTHMODEM - ok
23:20:02.0728 2832 bthserv (95f9c2976059462cbbf227f7aab10de9) Z:\Windows\system32\bthserv.dll
23:20:02.0800 2832 bthserv - ok
23:20:02.0822 2832 catchme - ok
23:20:02.0843 2832 cdfs (b8bd2bb284668c84865658c77574381a) Z:\Windows\system32\DRIVERS\cdfs.sys
23:20:02.0896 2832 cdfs - ok
23:20:02.0941 2832 cdrom (f036ce71586e93d94dab220d7bdf4416) Z:\Windows\system32\DRIVERS\cdrom.sys
23:20:02.0993 2832 cdrom - ok
23:20:03.0018 2832 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) Z:\Windows\System32\certprop.dll
23:20:03.0072 2832 CertPropSvc - ok
23:20:03.0081 2832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) Z:\Windows\system32\DRIVERS\circlass.sys
23:20:03.0114 2832 circlass - ok
23:20:03.0143 2832 CLFS (fe1ec06f2253f691fe36217c592a0206) Z:\Windows\system32\CLFS.sys
23:20:03.0205 2832 CLFS - ok
23:20:03.0251 2832 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) Z:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:20:03.0268 2832 clr_optimization_v2.0.50727_32 - ok
23:20:03.0291 2832 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) Z:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:20:03.0307 2832 clr_optimization_v2.0.50727_64 - ok
23:20:03.0372 2832 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) Z:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:20:03.0390 2832 clr_optimization_v4.0.30319_32 - ok
23:20:03.0438 2832 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:20:03.0453 2832 clr_optimization_v4.0.30319_64 - ok
23:20:03.0477 2832 CmBatt (0840155d0bddf1190f84a663c284bd33) Z:\Windows\system32\DRIVERS\CmBatt.sys
23:20:03.0510 2832 CmBatt - ok
23:20:03.0529 2832 cmdide (e19d3f095812725d88f9001985b94edd) Z:\Windows\system32\drivers\cmdide.sys
23:20:03.0565 2832 cmdide - ok
23:20:03.0600 2832 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) Z:\Windows\system32\Drivers\cng.sys
23:20:03.0653 2832 CNG - ok
23:20:03.0665 2832 Compbatt (102de219c3f61415f964c88e9085ad14) Z:\Windows\system32\DRIVERS\compbatt.sys
23:20:03.0703 2832 Compbatt - ok
23:20:03.0730 2832 CompositeBus (03edb043586cceba243d689bdda370a8) Z:\Windows\system32\drivers\CompositeBus.sys
23:20:03.0764 2832 CompositeBus - ok
23:20:03.0776 2832 COMSysApp - ok
23:20:03.0835 2832 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:20:03.0876 2832 cpudrv64 - ok
23:20:03.0890 2832 cpuz134 - ok
23:20:03.0935 2832 cpuz135 - ok
23:20:03.0948 2832 crcdisk (1c827878a998c18847245fe1f34ee597) Z:\Windows\system32\DRIVERS\crcdisk.sys
23:20:03.0966 2832 crcdisk - ok
23:20:03.0990 2832 CryptSvc (4f5414602e2544a4554d95517948b705) Z:\Windows\system32\cryptsvc.dll
23:20:04.0017 2832 CryptSvc - ok
23:20:04.0052 2832 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) Z:\Windows\system32\drivers\csc.sys
23:20:04.0098 2832 CSC - ok
23:20:04.0137 2832 CscService (3ab183ab4d2c79dcf459cd2c1266b043) Z:\Windows\System32\cscsvc.dll
23:20:04.0179 2832 CscService - ok
23:20:04.0211 2832 CYUSB (8ec96b753727b380089d66d4ab5869df) Z:\Windows\system32\Drivers\CYUSB.sys
23:20:04.0285 2832 CYUSB - ok
23:20:04.0321 2832 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) Z:\Windows\system32\drivers\dadder.sys
23:20:04.0352 2832 DAdderFltr - ok
23:20:04.0382 2832 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) Z:\Windows\system32\rpcss.dll
23:20:04.0435 2832 DcomLaunch - ok
23:20:04.0458 2832 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) Z:\Windows\System32\defragsvc.dll
23:20:04.0516 2832 defragsvc - ok
23:20:04.0576 2832 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) Z:\Windows\system32\DRIVERS\dfmirage.sys
23:20:04.0659 2832 dfmirage - ok
23:20:04.0709 2832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) Z:\Windows\system32\Drivers\dfsc.sys
23:20:04.0756 2832 DfsC - ok
23:20:04.0802 2832 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) Z:\Windows\system32\dhcpcore.dll
23:20:04.0874 2832 Dhcp - ok
23:20:04.0899 2832 discache (13096b05847ec78f0977f2c0f79e9ab3) Z:\Windows\system32\drivers\discache.sys
23:20:04.0988 2832 discache - ok
23:20:05.0022 2832 Disk (9819eee8b5ea3784ec4af3b137a5244c) Z:\Windows\system32\DRIVERS\disk.sys
23:20:05.0058 2832 Disk - ok
23:20:05.0083 2832 Dnscache (16835866aaa693c7d7fceba8fff706e4) Z:\Windows\System32\dnsrslvr.dll
23:20:05.0124 2832 Dnscache - ok
23:20:05.0145 2832 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) Z:\Windows\System32\dot3svc.dll
23:20:05.0203 2832 dot3svc - ok
23:20:05.0231 2832 DPS (b26f4f737e8f9df4f31af6cf31d05820) Z:\Windows\system32\dps.dll
23:20:05.0306 2832 DPS - ok
23:20:05.0341 2832 drmkaud (9b19f34400d24df84c858a421c205754) Z:\Windows\system32\drivers\drmkaud.sys
23:20:05.0387 2832 drmkaud - ok
23:20:05.0461 2832 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) Z:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
23:20:05.0478 2832 DrvAgent64 - ok
23:20:05.0529 2832 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) Z:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:20:05.0548 2832 dtsoftbus01 - ok
23:20:05.0594 2832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) Z:\Windows\System32\drivers\dxgkrnl.sys
23:20:05.0632 2832 DXGKrnl - ok
23:20:05.0659 2832 EagleX64 - ok
23:20:05.0716 2832 eamon (082dab566f704d258d35ba89f21239ca) Z:\Windows\system32\DRIVERS\eamon.sys
23:20:05.0752 2832 eamon - ok
23:20:05.0774 2832 EapHost (e2dda8726da9cb5b2c4000c9018a9633) Z:\Windows\System32\eapsvc.dll
23:20:05.0826 2832 EapHost - ok
23:20:05.0927 2832 ebdrv (dc5d737f51be844d8c82c695eb17372f) Z:\Windows\system32\DRIVERS\evbda.sys
23:20:06.0018 2832 ebdrv - ok
23:20:06.0082 2832 EFS (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\System32\lsass.exe
23:20:06.0117 2832 EFS - ok
23:20:06.0198 2832 ehdrv (4ff6f92f170550e226b4595766c4d6a6) Z:\Windows\system32\DRIVERS\ehdrv.sys
23:20:06.0233 2832 ehdrv - ok
23:20:06.0283 2832 ehRecvr (c4002b6b41975f057d98c439030cea07) Z:\Windows\ehome\ehRecvr.exe
23:20:06.0333 2832 ehRecvr - ok
23:20:06.0356 2832 ehSched (4705e8ef9934482c5bb488ce28afc681) Z:\Windows\ehome\ehsched.exe
23:20:06.0396 2832 ehSched - ok
23:20:06.0488 2832 EhttpSrv (98b82b6afa03f8f0dd058c3dfcea472a) Z:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
23:20:06.0500 2832 EhttpSrv - ok
23:20:06.0568 2832 ekrn (9737fc97b5c941f083c4e46cbcce2d4a) Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
23:20:06.0600 2832 ekrn - ok
23:20:06.0666 2832 elxstor (0e5da5369a0fcaea12456dd852545184) Z:\Windows\system32\DRIVERS\elxstor.sys
23:20:06.0694 2832 elxstor - ok
23:20:06.0714 2832 epfwwfpr (71c8cbde6b18f90f19e9c7cb884f87c8) Z:\Windows\system32\DRIVERS\epfwwfpr.sys
23:20:06.0748 2832 epfwwfpr - ok
23:20:06.0774 2832 ErrDev (34a3c54752046e79a126e15c51db409b) Z:\Windows\system32\drivers\errdev.sys
23:20:06.0816 2832 ErrDev - ok
23:20:06.0860 2832 etdrv (84486624268e078255bc7aa47f0960bc) Z:\Windows\etdrv.sys
23:20:06.0892 2832 etdrv - ok
23:20:06.0938 2832 EventSystem (4166f82be4d24938977dd1746be9b8a0) Z:\Windows\system32\es.dll
23:20:06.0996 2832 EventSystem - ok
23:20:07.0059 2832 EverestDriver (13a2b915f6d93e52505656773d53096f) Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
23:20:07.0073 2832 EverestDriver - ok
23:20:07.0088 2832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) Z:\Windows\system32\drivers\exfat.sys
23:20:07.0179 2832 exfat - ok
23:20:07.0201 2832 fastfat (0adc83218b66a6db380c330836f3e36d) Z:\Windows\system32\drivers\fastfat.sys
23:20:07.0293 2832 fastfat - ok
23:20:07.0340 2832 Fax (dbefd454f8318a0ef691fdd2eaab44eb) Z:\Windows\system32\fxssvc.exe
23:20:07.0390 2832 Fax - ok
23:20:07.0402 2832 fdc (d765d19cd8ef61f650c384f62fac00ab) Z:\Windows\system32\DRIVERS\fdc.sys
23:20:07.0466 2832 fdc - ok
23:20:07.0488 2832 fdPHost (0438cab2e03f4fb61455a7956026fe86) Z:\Windows\system32\fdPHost.dll
23:20:07.0563 2832 fdPHost - ok
23:20:07.0575 2832 FDResPub (802496cb59a30349f9a6dd22d6947644) Z:\Windows\system32\fdrespub.dll
23:20:07.0625 2832 FDResPub - ok
23:20:07.0639 2832 FileInfo (655661be46b5f5f3fd454e2c3095b930) Z:\Windows\system32\drivers\fileinfo.sys
23:20:07.0675 2832 FileInfo - ok
23:20:07.0689 2832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) Z:\Windows\system32\drivers\filetrace.sys
23:20:07.0764 2832 Filetrace - ok
23:20:07.0776 2832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) Z:\Windows\system32\DRIVERS\flpydisk.sys
23:20:07.0794 2832 flpydisk - ok
23:20:07.0812 2832 FltMgr (da6b67270fd9db3697b20fce94950741) Z:\Windows\system32\drivers\fltmgr.sys
23:20:07.0872 2832 FltMgr - ok
23:20:07.0923 2832 FontCache (5c4cb4086fb83115b153e47add961a0c) Z:\Windows\system32\FntCache.dll
23:20:07.0966 2832 FontCache - ok
23:20:08.0017 2832 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) Z:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:20:08.0032 2832 FontCache3.0.0.0 - ok
23:20:08.0051 2832 FsDepends (d43703496149971890703b4b1b723eac) Z:\Windows\system32\drivers\FsDepends.sys
23:20:08.0087 2832 FsDepends - ok
23:20:08.0114 2832 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) Z:\Windows\system32\drivers\Fs_Rec.sys
23:20:08.0150 2832 Fs_Rec - ok
23:20:08.0214 2832 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) Z:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
23:20:08.0231 2832 Futuremark SystemInfo Service - ok
23:20:08.0277 2832 fvevol (1f7b25b858fa27015169fe95e54108ed) Z:\Windows\system32\DRIVERS\fvevol.sys
23:20:08.0340 2832 fvevol - ok
23:20:08.0369 2832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) Z:\Windows\system32\DRIVERS\gagp30kx.sys
23:20:08.0443 2832 gagp30kx - ok
23:20:08.0475 2832 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) Z:\Windows\gdrv.sys
23:20:08.0507 2832 gdrv - ok
23:20:08.0527 2832 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) Z:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:20:08.0541 2832 GEARAspiWDM - ok
23:20:08.0573 2832 GEST Service (2ddd5cbb203c3c3fd6f74979ebd8cc92) Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
23:20:08.0588 2832 GEST Service - ok
23:20:08.0662 2832 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) Z:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
23:20:08.0677 2832 GoogleDesktopManager-051210-111108 - ok
23:20:08.0720 2832 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) Z:\Windows\System32\gpsvc.dll
23:20:08.0786 2832 gpsvc - ok
23:20:08.0814 2832 gupdate (f02a533f517eb38333cb12a9e8963773) Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:20:08.0827 2832 gupdate - ok
23:20:08.0840 2832 gupdatem (f02a533f517eb38333cb12a9e8963773) Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:20:08.0855 2832 gupdatem - ok
23:20:08.0872 2832 gusvc (408ddd80eede47175f6844817b90213e) Z:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:20:08.0892 2832 gusvc - ok
23:20:08.0925 2832 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) Z:\Windows\GVTDrv64.sys
23:20:08.0959 2832 GVTDrv64 - ok
23:20:08.0998 2832 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) Z:\Windows\system32\DRIVERS\hamachi.sys
23:20:09.0049 2832 hamachi - ok
23:20:09.0168 2832 Hamachi2Svc (21d24138b736983f6e23823e092e9428) Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
23:20:09.0230 2832 Hamachi2Svc - ok
23:20:09.0304 2832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) Z:\Windows\system32\drivers\hcw85cir.sys
23:20:09.0340 2832 hcw85cir - ok
23:20:09.0400 2832 HdAudAddService (975761c778e33cd22498059b91e7373a) Z:\Windows\system32\drivers\HdAudio.sys
23:20:09.0426 2832 HdAudAddService - ok
23:20:09.0439 2832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) Z:\Windows\system32\drivers\HDAudBus.sys
23:20:09.0476 2832 HDAudBus - ok
23:20:09.0487 2832 HidBatt (78e86380454a7b10a5eb255dc44a355f) Z:\Windows\system32\DRIVERS\HidBatt.sys
23:20:09.0547 2832 HidBatt - ok
23:20:09.0565 2832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) Z:\Windows\system32\DRIVERS\hidbth.sys
23:20:09.0615 2832 HidBth - ok
23:20:09.0629 2832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) Z:\Windows\system32\DRIVERS\hidir.sys
23:20:09.0697 2832 HidIr - ok
23:20:09.0715 2832 hidserv (bd9eb3958f213f96b97b1d897dee006d) Z:\Windows\System32\hidserv.dll
23:20:09.0785 2832 hidserv - ok
23:20:09.0808 2832 HidUsb (9592090a7e2b61cd582b612b6df70536) Z:\Windows\system32\DRIVERS\hidusb.sys
23:20:09.0845 2832 HidUsb - ok
23:20:09.0876 2832 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) Z:\Windows\system32\kmsvc.dll
23:20:09.0937 2832 hkmsvc - ok
23:20:09.0963 2832 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) Z:\Windows\system32\ListSvc.dll
23:20:10.0002 2832 HomeGroupListener - ok
23:20:10.0025 2832 HomeGroupProvider (908acb1f594274965a53926b10c81e89) Z:\Windows\system32\provsvc.dll
23:20:10.0055 2832 HomeGroupProvider - ok
23:20:10.0103 2832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) Z:\Windows\system32\drivers\HpSAMD.sys
23:20:10.0122 2832 HpSAMD - ok
23:20:10.0155 2832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) Z:\Windows\system32\drivers\HTTP.sys
23:20:10.0241 2832 HTTP - ok
23:20:10.0255 2832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) Z:\Windows\system32\drivers\hwpolicy.sys
23:20:10.0290 2832 hwpolicy - ok
23:20:10.0315 2832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) Z:\Windows\system32\drivers\i8042prt.sys
23:20:10.0356 2832 i8042prt - ok
23:20:10.0395 2832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) Z:\Windows\system32\drivers\iaStorV.sys
23:20:10.0439 2832 iaStorV - ok
23:20:10.0494 2832 IDriverT (1cf03c69b49acb70c722df92755c0c8c) Z:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:20:10.0509 2832 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:20:10.0509 2832 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:20:10.0600 2832 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) Z:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:20:10.0632 2832 idsvc - ok
23:20:10.0720 2832 iirsp (5c18831c61933628f5bb0ea2675b9d21) Z:\Windows\system32\DRIVERS\iirsp.sys
23:20:10.0738 2832 iirsp - ok
23:20:10.0780 2832 IKEEXT (fcd84c381e0140af901e58d48882d26b) Z:\Windows\System32\ikeext.dll
23:20:10.0846 2832 IKEEXT - ok
23:20:10.0941 2832 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) Z:\Windows\system32\drivers\RTKVHD64.sys
23:20:11.0025 2832 IntcAzAudAddService - ok
23:20:11.0076 2832 intelide (f00f20e70c6ec3aa366910083a0518aa) Z:\Windows\system32\drivers\intelide.sys
23:20:11.0093 2832 intelide - ok
23:20:11.0115 2832 intelppm (ada036632c664caa754079041cf1f8c1) Z:\Windows\system32\DRIVERS\intelppm.sys
23:20:11.0162 2832 intelppm - ok
23:20:11.0181 2832 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) Z:\Windows\system32\ipbusenum.dll
23:20:11.0239 2832 IPBusEnum - ok
23:20:11.0262 2832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) Z:\Windows\system32\DRIVERS\ipfltdrv.sys
23:20:11.0318 2832 IpFilterDriver - ok
23:20:11.0345 2832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) Z:\Windows\system32\drivers\IPMIDrv.sys
23:20:11.0377 2832 IPMIDRV - ok
23:20:11.0392 2832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) Z:\Windows\system32\drivers\ipnat.sys
23:20:11.0474 2832 IPNAT - ok
23:20:11.0547 2832 iPod Service (46d249f9db7844cc01050a9345f0f61b) Z:\Program Files\iPod\bin\iPodService.exe
23:20:11.0581 2832 iPod Service - ok
23:20:11.0603 2832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) Z:\Windows\system32\drivers\irenum.sys
23:20:11.0641 2832 IRENUM - ok
23:20:11.0654 2832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) Z:\Windows\system32\drivers\isapnp.sys
23:20:11.0690 2832 isapnp - ok
23:20:11.0706 2832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) Z:\Windows\system32\drivers\msiscsi.sys
23:20:11.0746 2832 iScsiPrt - ok
23:20:11.0805 2832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) Z:\Windows\system32\DRIVERS\kbdclass.sys
23:20:11.0822 2832 kbdclass - ok
23:20:11.0844 2832 kbdhid (0705eff5b42a9db58548eec3b26bb484) Z:\Windows\system32\DRIVERS\kbdhid.sys
23:20:11.0871 2832 kbdhid - ok
23:20:11.0894 2832 KeyIso (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
23:20:11.0911 2832 KeyIso - ok
23:20:11.0993 2832 KSecDD (97a7070aea4c058b6418519e869a63b4) Z:\Windows\system32\Drivers\ksecdd.sys
23:20:12.0011 2832 KSecDD - ok
23:20:12.0035 2832 KSecPkg (26c43a7c2862447ec59deda188d1da07) Z:\Windows\system32\Drivers\ksecpkg.sys
23:20:12.0056 2832 KSecPkg - ok
23:20:12.0068 2832 ksthunk (6869281e78cb31a43e969f06b57347c4) Z:\Windows\system32\drivers\ksthunk.sys
23:20:12.0140 2832 ksthunk - ok
23:20:12.0187 2832 KtmRm (6ab66e16aa859232f64deb66887a8c9c) Z:\Windows\system32\msdtckrm.dll
23:20:12.0251 2832 KtmRm - ok
23:20:12.0274 2832 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) Z:\Windows\System32\srvsvc.dll
23:20:12.0328 2832 LanmanServer - ok
23:20:12.0355 2832 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) Z:\Windows\System32\wkssvc.dll
23:20:12.0410 2832 LanmanWorkstation - ok
23:20:12.0446 2832 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) Z:\Windows\system32\drivers\LGBusEnum.sys
23:20:12.0459 2832 LGBusEnum - ok
23:20:12.0522 2832 LGVirHid (94b29ce153765e768f004fb3440be2b0) Z:\Windows\system32\drivers\LGVirHid.sys
23:20:12.0536 2832 LGVirHid - ok
23:20:12.0588 2832 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) Z:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:20:12.0609 2832 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:20:12.0609 2832 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:20:12.0639 2832 lltdio (1538831cf8ad2979a04c423779465827) Z:\Windows\system32\DRIVERS\lltdio.sys
23:20:12.0714 2832 lltdio - ok
23:20:12.0746 2832 lltdsvc (c1185803384ab3feed115f79f109427f) Z:\Windows\System32\lltdsvc.dll
23:20:12.0795 2832 lltdsvc - ok
23:20:12.0806 2832 lmhosts (f993a32249b66c9d622ea5592a8b76b8) Z:\Windows\System32\lmhsvc.dll
23:20:12.0851 2832 lmhosts - ok
23:20:12.0878 2832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) Z:\Windows\system32\DRIVERS\lsi_fc.sys
23:20:12.0916 2832 LSI_FC - ok
23:20:12.0934 2832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) Z:\Windows\system32\DRIVERS\lsi_sas.sys
23:20:12.0971 2832 LSI_SAS - ok
23:20:12.0985 2832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) Z:\Windows\system32\DRIVERS\lsi_sas2.sys
23:20:13.0021 2832 LSI_SAS2 - ok
23:20:13.0033 2832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) Z:\Windows\system32\DRIVERS\lsi_scsi.sys
23:20:13.0070 2832 LSI_SCSI - ok
23:20:13.0090 2832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) Z:\Windows\system32\drivers\luafv.sys
23:20:13.0144 2832 luafv - ok
23:20:13.0167 2832 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) Z:\Windows\system32\Mcx2Svc.dll
23:20:13.0193 2832 Mcx2Svc - ok
23:20:13.0214 2832 megasas (a55805f747c6edb6a9080d7c633bd0f4) Z:\Windows\system32\DRIVERS\megasas.sys
23:20:13.0268 2832 megasas - ok
23:20:13.0286 2832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) Z:\Windows\system32\DRIVERS\MegaSR.sys
23:20:13.0331 2832 MegaSR - ok
23:20:13.0700 2832 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) Z:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:20:13.0718 2832 Microsoft Office Groove Audit Service - ok
23:20:13.0734 2832 MMCSS (e40e80d0304a73e8d269f7141d77250b) Z:\Windows\system32\mmcss.dll
23:20:13.0779 2832 MMCSS - ok
23:20:13.0786 2832 Modem (800ba92f7010378b09f9ed9270f07137) Z:\Windows\system32\drivers\modem.sys
23:20:13.0841 2832 Modem - ok
23:20:13.0879 2832 monitor (b03d591dc7da45ece20b3b467e6aadaa) Z:\Windows\system32\DRIVERS\monitor.sys
23:20:13.0927 2832 monitor - ok
23:20:13.0957 2832 mouclass (7d27ea49f3c1f687d357e77a470aea99) Z:\Windows\system32\DRIVERS\mouclass.sys
23:20:13.0974 2832 mouclass - ok
23:20:13.0986 2832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) Z:\Windows\system32\DRIVERS\mouhid.sys
23:20:14.0014 2832 mouhid - ok
23:20:14.0038 2832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) Z:\Windows\system32\drivers\mountmgr.sys
23:20:14.0075 2832 mountmgr - ok
23:20:14.0104 2832 MozillaMaintenance (750babaabb49a8a2238fa4b58ac09af8) Z:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:20:14.0123 2832 MozillaMaintenance - ok
23:20:14.0150 2832 mpio (a44b420d30bd56e145d6a2bc8768ec58) Z:\Windows\system32\drivers\mpio.sys
23:20:14.0173 2832 mpio - ok
23:20:14.0186 2832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) Z:\Windows\system32\drivers\mpsdrv.sys
23:20:14.0249 2832 mpsdrv - ok
23:20:14.0278 2832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) Z:\Windows\system32\drivers\mrxdav.sys
23:20:14.0312 2832 MRxDAV - ok
23:20:14.0335 2832 mrxsmb (a5d9106a73dc88564c825d317cac68ac) Z:\Windows\system32\DRIVERS\mrxsmb.sys
23:20:14.0365 2832 mrxsmb - ok
23:20:14.0391 2832 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) Z:\Windows\system32\DRIVERS\mrxsmb10.sys
23:20:14.0452 2832 mrxsmb10 - ok
23:20:14.0471 2832 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) Z:\Windows\system32\DRIVERS\mrxsmb20.sys
23:20:14.0508 2832 mrxsmb20 - ok
23:20:14.0523 2832 msahci (c25f0bafa182cbca2dd3c851c2e75796) Z:\Windows\system32\drivers\msahci.sys
23:20:14.0558 2832 msahci - ok
23:20:14.0566 2832 msdsm (db801a638d011b9633829eb6f663c900) Z:\Windows\system32\drivers\msdsm.sys
23:20:14.0605 2832 msdsm - ok
23:20:14.0629 2832 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) Z:\Windows\System32\msdtc.exe
23:20:14.0659 2832 MSDTC - ok
23:20:14.0689 2832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) Z:\Windows\system32\drivers\Msfs.sys
23:20:14.0734 2832 Msfs - ok
23:20:14.0754 2832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) Z:\Windows\System32\drivers\mshidkmdf.sys
23:20:14.0798 2832 mshidkmdf - ok
23:20:14.0813 2832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) Z:\Windows\system32\drivers\msisadrv.sys
23:20:14.0849 2832 msisadrv - ok
23:20:14.0871 2832 MSiSCSI (808e98ff49b155c522e6400953177b08) Z:\Windows\system32\iscsiexe.dll
23:20:14.0919 2832 MSiSCSI - ok
23:20:14.0924 2832 msiserver - ok
23:20:14.0956 2832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) Z:\Windows\system32\drivers\MSKSSRV.sys
23:20:15.0014 2832 MSKSSRV - ok
23:20:15.0028 2832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) Z:\Windows\system32\drivers\MSPCLOCK.sys
23:20:15.0080 2832 MSPCLOCK - ok
23:20:15.0096 2832 MSPQM (4ed981241db27c3383d72092b618a1d0) Z:\Windows\system32\drivers\MSPQM.sys
23:20:15.0170 2832 MSPQM - ok
23:20:15.0206 2832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) Z:\Windows\system32\drivers\MsRPC.sys
23:20:15.0230 2832 MsRPC - ok
23:20:15.0251 2832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) Z:\Windows\system32\drivers\mssmbios.sys
23:20:15.0268 2832 mssmbios - ok
23:20:15.0284 2832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) Z:\Windows\system32\drivers\MSTEE.sys
23:20:15.0342 2832 MSTEE - ok
23:20:15.0360 2832 MTConfig (7ea404308934e675bffde8edf0757bcd) Z:\Windows\system32\DRIVERS\MTConfig.sys
23:20:15.0392 2832 MTConfig - ok
23:20:15.0410 2832 Mup (f9a18612fd3526fe473c1bda678d61c8) Z:\Windows\system32\Drivers\mup.sys
23:20:15.0446 2832 Mup - ok
23:20:15.0483 2832 napagent (582ac6d9873e31dfa28a4547270862dd) Z:\Windows\system32\qagentRT.dll
23:20:15.0535 2832 napagent - ok
23:20:15.0563 2832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) Z:\Windows\system32\DRIVERS\nwifi.sys
23:20:15.0637 2832 NativeWifiP - ok
23:20:15.0677 2832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) Z:\Windows\system32\drivers\ndis.sys
23:20:15.0733 2832 NDIS - ok
23:20:15.0740 2832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) Z:\Windows\system32\DRIVERS\ndiscap.sys
23:20:15.0804 2832 NdisCap - ok
23:20:15.0828 2832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) Z:\Windows\system32\DRIVERS\ndistapi.sys
23:20:15.0873 2832 NdisTapi - ok
23:20:15.0890 2832 Ndisuio (136185f9fb2cc61e573e676aa5402356) Z:\Windows\system32\DRIVERS\ndisuio.sys
23:20:15.0935 2832 Ndisuio - ok
23:20:15.0961 2832 NdisWan (53f7305169863f0a2bddc49e116c2e11) Z:\Windows\system32\DRIVERS\ndiswan.sys
23:20:16.0031 2832 NdisWan - ok
23:20:16.0066 2832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) Z:\Windows\system32\drivers\NDProxy.sys
23:20:16.0147 2832 NDProxy - ok
23:20:16.0163 2832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) Z:\Windows\system32\DRIVERS\netbios.sys
23:20:16.0227 2832 NetBIOS - ok
23:20:16.0245 2832 NetBT (09594d1089c523423b32a4229263f068) Z:\Windows\system32\DRIVERS\netbt.sys
23:20:16.0323 2832 NetBT - ok
23:20:16.0348 2832 Netlogon (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
23:20:16.0365 2832 Netlogon - ok
23:20:16.0397 2832 Netman (847d3ae376c0817161a14a82c8922a9e) Z:\Windows\System32\netman.dll
23:20:16.0460 2832 Netman - ok
23:20:16.0524 2832 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:20:16.0542 2832 NetMsmqActivator - ok
23:20:16.0547 2832 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:20:16.0564 2832 NetPipeActivator - ok
23:20:16.0582 2832 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) Z:\Windows\System32\netprofm.dll
23:20:16.0644 2832 netprofm - ok
23:20:16.0649 2832 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:20:16.0668 2832 NetTcpActivator - ok
23:20:16.0673 2832 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:20:16.0689 2832 NetTcpPortSharing - ok
23:20:16.0728 2832 nfrd960 (77889813be4d166cdab78ddba990da92) Z:\Windows\system32\DRIVERS\nfrd960.sys
23:20:16.0783 2832 nfrd960 - ok
23:20:16.0811 2832 NlaSvc (1ee99a89cc788ada662441d1e9830529) Z:\Windows\System32\nlasvc.dll
23:20:16.0871 2832 NlaSvc - ok
23:20:16.0889 2832 NLNdisMP - ok
23:20:16.0909 2832 NLNdisPT - ok
23:20:16.0919 2832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) Z:\Windows\system32\drivers\Npfs.sys
23:20:16.0983 2832 Npfs - ok
23:20:16.0995 2832 nsi (d54bfdf3e0c953f823b3d0bfe4732528) Z:\Windows\system32\nsisvc.dll
23:20:17.0040 2832 nsi - ok
23:20:17.0058 2832 nsiproxy (e7f5ae18af4168178a642a9247c63001) Z:\Windows\system32\drivers\nsiproxy.sys
23:20:17.0128 2832 nsiproxy - ok
23:20:17.0199 2832 Ntfs (a2f74975097f52a00745f9637451fdd8) Z:\Windows\system32\drivers\Ntfs.sys
23:20:17.0269 2832 Ntfs - ok
23:20:17.0315 2832 Null (9899284589f75fa8724ff3d16aed75c1) Z:\Windows\system32\drivers\Null.sys
23:20:17.0383 2832 Null - ok
23:20:17.0861 2832 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) Z:\Windows\system32\DRIVERS\nvlddmkm.sys
23:20:18.0202 2832 nvlddmkm - ok
23:20:18.0248 2832 nvraid (0a92cb65770442ed0dc44834632f66ad) Z:\Windows\system32\drivers\nvraid.sys
23:20:18.0286 2832 nvraid - ok
23:20:18.0317 2832 nvstor (dab0e87525c10052bf65f06152f37e4a) Z:\Windows\system32\drivers\nvstor.sys
23:20:18.0374 2832 nvstor - ok
23:20:18.0441 2832 nvsvc (06633cf95bea62164c3bfca24bce6b11) Z:\Windows\system32\nvvsvc.exe
23:20:18.0476 2832 nvsvc - ok
23:20:18.0583 2832 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:20:18.0636 2832 nvUpdatusService - ok
23:20:18.0684 2832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) Z:\Windows\system32\drivers\nv_agp.sys
23:20:18.0734 2832 nv_agp - ok
23:20:18.0773 2832 odserv (785f487a64950f3cb8e9f16253ba3b7b) Z:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:20:18.0804 2832 odserv - ok
23:20:18.0827 2832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) Z:\Windows\system32\drivers\ohci1394.sys
23:20:18.0887 2832 ohci1394 - ok
23:20:18.0930 2832 ose (5a432a042dae460abe7199b758e8606c) Z:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:20:18.0954 2832 ose - ok
23:20:18.0989 2832 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) Z:\Windows\system32\pnrpsvc.dll
23:20:19.0039 2832 p2pimsvc - ok
23:20:19.0070 2832 p2psvc (927463ecb02179f88e4b9a17568c63c3) Z:\Windows\system32\p2psvc.dll
23:20:19.0101 2832 p2psvc - ok
23:20:19.0120 2832 Parport (0086431c29c35be1dbc43f52cc273887) Z:\Windows\system32\DRIVERS\parport.sys
23:20:19.0170 2832 Parport - ok
23:20:19.0195 2832 partmgr (e9766131eeade40a27dc27d2d68fba9c) Z:\Windows\system32\drivers\partmgr.sys
23:20:19.0244 2832 partmgr - ok
23:20:19.0305 2832 pbfilter (7c0582921913d00180ec2b8518ba135c) Z:\Program Files\PeerBlock\pbfilter.sys
23:20:19.0354 2832 pbfilter - ok
23:20:19.0378 2832 PcaSvc (3aeaa8b561e63452c655dc0584922257) Z:\Windows\System32\pcasvc.dll
23:20:19.0426 2832 PcaSvc - ok
23:20:19.0455 2832 pci (94575c0571d1462a0f70bde6bd6ee6b3) Z:\Windows\system32\drivers\pci.sys
23:20:19.0532 2832 pci - ok
23:20:19.0550 2832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) Z:\Windows\system32\drivers\pciide.sys
23:20:19.0596 2832 pciide - ok
23:20:19.0614 2832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) Z:\Windows\system32\DRIVERS\pcmcia.sys
23:20:19.0667 2832 pcmcia - ok
23:20:19.0685 2832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) Z:\Windows\system32\drivers\pcw.sys
23:20:19.0732 2832 pcw - ok
23:20:19.0766 2832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) Z:\Windows\system32\drivers\peauth.sys
23:20:19.0876 2832 PEAUTH - ok
23:20:19.0934 2832 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) Z:\Windows\system32\peerdistsvc.dll
23:20:20.0005 2832 PeerDistSvc - ok
23:20:20.0050 2832 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) Z:\Windows\SysWow64\perfhost.exe
23:20:20.0085 2832 PerfHost - ok
23:20:20.0185 2832 pla (c7cf6a6e137463219e1259e3f0f0dd6c) Z:\Windows\system32\pla.dll
23:20:20.0280 2832 pla - ok
23:20:20.0330 2832 PlugPlay (25fbdef06c4d92815b353f6e792c8129) Z:\Windows\system32\umpnpmgr.dll
23:20:20.0388 2832 PlugPlay - ok
23:20:20.0414 2832 PnkBstrA - ok
23:20:20.0443 2832 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) Z:\Windows\system32\pnrpauto.dll
23:20:20.0474 2832 PNRPAutoReg - ok
23:20:20.0494 2832 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) Z:\Windows\system32\pnrpsvc.dll
23:20:20.0522 2832 PNRPsvc - ok
23:20:20.0550 2832 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) Z:\Windows\System32\ipsecsvc.dll
23:20:20.0632 2832 PolicyAgent - ok
23:20:20.0664 2832 Power (6ba9d927dded70bd1a9caded45f8b184) Z:\Windows\system32\umpo.dll
23:20:20.0733 2832 Power - ok
23:20:20.0783 2832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) Z:\Windows\system32\DRIVERS\raspptp.sys
23:20:20.0928 2832 PptpMiniport - ok
23:20:20.0953 2832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) Z:\Windows\system32\DRIVERS\processr.sys
23:20:21.0010 2832 Processor - ok
23:20:21.0040 2832 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) Z:\Windows\system32\profsvc.dll
23:20:21.0082 2832 ProfSvc - ok
23:20:21.0109 2832 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
23:20:21.0131 2832 ProtectedStorage - ok
23:20:21.0163 2832 Psched (0557cf5a2556bd58e26384169d72438d) Z:\Windows\system32\DRIVERS\pacer.sys
23:20:21.0258 2832 Psched - ok
23:20:21.0274 2832 pwdrvio (d8589a43b352e7f2317194c98447149f) Z:\Windows\system32\pwdrvio.sys
23:20:21.0322 2832 pwdrvio - ok
23:20:21.0330 2832 pwdspio (4b8fda635f4d2e7d638b2b3817b5afc8) Z:\Windows\system32\pwdspio.sys
23:20:21.0352 2832 pwdspio - ok
23:20:21.0406 2832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) Z:\Windows\system32\DRIVERS\ql2300.sys
23:20:21.0467 2832 ql2300 - ok
23:20:21.0515 2832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) Z:\Windows\system32\DRIVERS\ql40xx.sys
23:20:21.0541 2832 ql40xx - ok
23:20:21.0561 2832 QWAVE (906191634e99aea92c4816150bda3732) Z:\Windows\system32\qwave.dll
23:20:21.0596 2832 QWAVE - ok
23:20:21.0606 2832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) Z:\Windows\system32\drivers\qwavedrv.sys
23:20:21.0669 2832 QWAVEdrv - ok
23:20:21.0687 2832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) Z:\Windows\system32\DRIVERS\rasacd.sys
23:20:21.0771 2832 RasAcd - ok
23:20:21.0804 2832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) Z:\Windows\system32\DRIVERS\AgileVpn.sys
23:20:21.0861 2832 RasAgileVpn - ok
23:20:21.0880 2832 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) Z:\Windows\System32\rasauto.dll
23:20:21.0946 2832 RasAuto - ok
23:20:21.0973 2832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) Z:\Windows\system32\DRIVERS\rasl2tp.sys
23:20:22.0095 2832 Rasl2tp - ok
23:20:22.0131 2832 RasMan (ee867a0870fc9e4972ba9eaad35651e2) Z:\Windows\System32\rasmans.dll
23:20:22.0193 2832 RasMan - ok
23:20:22.0218 2832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) Z:\Windows\system32\DRIVERS\raspppoe.sys
23:20:22.0285 2832 RasPppoe - ok
23:20:22.0293 2832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) Z:\Windows\system32\DRIVERS\rassstp.sys
23:20:22.0387 2832 RasSstp - ok
23:20:22.0424 2832 rdbss (77f665941019a1594d887a74f301fa2f) Z:\Windows\system32\DRIVERS\rdbss.sys
23:20:22.0485 2832 rdbss - ok
23:20:22.0501 2832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) Z:\Windows\system32\DRIVERS\rdpbus.sys
23:20:22.0587 2832 rdpbus - ok
23:20:22.0602 2832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) Z:\Windows\system32\DRIVERS\RDPCDD.sys
23:20:22.0659 2832 RDPCDD - ok
23:20:22.0686 2832 RDPDR (1b6163c503398b23ff8b939c67747683) Z:\Windows\system32\drivers\rdpdr.sys
23:20:22.0771 2832 RDPDR - ok
23:20:22.0788 2832 RDPENCDD (bb5971a4f00659529a5c44831af22365) Z:\Windows\system32\drivers\rdpencdd.sys
23:20:22.0856 2832 RDPENCDD - ok
23:20:22.0878 2832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) Z:\Windows\system32\drivers\rdprefmp.sys
23:20:22.0937 2832 RDPREFMP - ok
23:20:22.0989 2832 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) Z:\Windows\system32\drivers\rdpvideominiport.sys
23:20:23.0058 2832 RdpVideoMiniport - ok
23:20:23.0083 2832 RDPWD (e61608aa35e98999af9aaeeea6114b0a) Z:\Windows\system32\drivers\RDPWD.sys
23:20:23.0154 2832 RDPWD - ok
23:20:23.0191 2832 rdyboost (34ed295fa0121c241bfef24764fc4520) Z:\Windows\system32\drivers\rdyboost.sys
23:20:23.0219 2832 rdyboost - ok
23:20:23.0255 2832 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) Z:\Windows\System32\mprdim.dll
23:20:23.0321 2832 RemoteAccess - ok
23:20:23.0343 2832 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) Z:\Windows\system32\regsvc.dll
23:20:23.0406 2832 RemoteRegistry - ok
23:20:23.0467 2832 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
23:20:23.0514 2832 RivaTuner64 - ok
23:20:23.0530 2832 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) Z:\Windows\System32\RpcEpMap.dll
23:20:23.0603 2832 RpcEptMapper - ok
23:20:23.0620 2832 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) Z:\Windows\system32\locator.exe
23:20:23.0650 2832 RpcLocator - ok
23:20:23.0689 2832 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) Z:\Windows\System32\rpcss.dll
23:20:23.0752 2832 RpcSs - ok
23:20:23.0772 2832 rspndr (ddc86e4f8e7456261e637e3552e804ff) Z:\Windows\system32\DRIVERS\rspndr.sys
23:20:23.0856 2832 rspndr - ok
23:20:23.0885 2832 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) Z:\Windows\system32\DRIVERS\Rt64win7.sys
23:20:23.0982 2832 RTL8167 - ok
23:20:24.0011 2832 s3cap (e60c0a09f997826c7627b244195ab581) Z:\Windows\system32\drivers\vms3cap.sys
23:20:24.0047 2832 s3cap - ok
23:20:24.0073 2832 SamSs (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
23:20:24.0094 2832 SamSs - ok
23:20:24.0156 2832 SASDIFSV (3289766038db2cb14d07dc84392138d5) Z:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:20:24.0174 2832 SASDIFSV - ok
23:20:24.0201 2832 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) Z:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:20:24.0242 2832 SASKUTIL - ok
23:20:24.0262 2832 sbp2port (ac03af3329579fffb455aa2daabbe22b) Z:\Windows\system32\drivers\sbp2port.sys
23:20:24.0313 2832 sbp2port - ok
23:20:24.0378 2832 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) Z:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:20:24.0425 2832 SBSDWSCService - ok
23:20:24.0453 2832 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) Z:\Windows\System32\SCardSvr.dll
23:20:24.0523 2832 SCardSvr - ok
23:20:24.0558 2832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) Z:\Windows\system32\DRIVERS\scfilter.sys
23:20:24.0651 2832 scfilter - ok
23:20:24.0701 2832 Schedule (262f6592c3299c005fd6bec90fc4463a) Z:\Windows\system32\schedsvc.dll
23:20:24.0779 2832 Schedule - ok
23:20:24.0810 2832 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) Z:\Windows\System32\certprop.dll
23:20:24.0864 2832 SCPolicySvc - ok
23:20:24.0910 2832 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) Z:\Windows\System32\SDRSVC.dll
23:20:24.0956 2832 SDRSVC - ok
23:20:24.0994 2832 secdrv (3ea8a16169c26afbeb544e0e48421186) Z:\Windows\system32\drivers\secdrv.sys
23:20:25.0077 2832 secdrv - ok
23:20:25.0101 2832 seclogon (bc617a4e1b4fa8df523a061739a0bd87) Z:\Windows\system32\seclogon.dll
23:20:25.0167 2832 seclogon - ok
23:20:25.0185 2832 SENS (c32ab8fa018ef34c0f113bd501436d21) Z:\Windows\system32\sens.dll
23:20:25.0244 2832 SENS - ok
23:20:25.0256 2832 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) Z:\Windows\system32\sensrsvc.dll
23:20:25.0287 2832 SensrSvc - ok
23:20:25.0298 2832 Serenum (cb624c0035412af0debec78c41f5ca1b) Z:\Windows\system32\DRIVERS\serenum.sys
23:20:25.0355 2832 Serenum - ok
23:20:25.0375 2832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) Z:\Windows\system32\DRIVERS\serial.sys
23:20:25.0493 2832 Serial - ok
23:20:25.0513 2832 sermouse (1c545a7d0691cc4a027396535691c3e3) Z:\Windows\system32\DRIVERS\sermouse.sys
23:20:25.0574 2832 sermouse - ok
23:20:25.0607 2832 SessionEnv (0b6231bf38174a1628c4ac812cc75804) Z:\Windows\system32\sessenv.dll
23:20:25.0677 2832 SessionEnv - ok
23:20:25.0710 2832 sffdisk (a554811bcd09279536440c964ae35bbf) Z:\Windows\system32\drivers\sffdisk.sys
23:20:25.0784 2832 sffdisk - ok
23:20:25.0801 2832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) Z:\Windows\system32\drivers\sffp_mmc.sys
23:20:25.0859 2832 sffp_mmc - ok
23:20:25.0865 2832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) Z:\Windows\system32\drivers\sffp_sd.sys
23:20:25.0902 2832 sffp_sd - ok
23:20:25.0921 2832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) Z:\Windows\system32\DRIVERS\sfloppy.sys
23:20:25.0981 2832 sfloppy - ok
23:20:26.0019 2832 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) Z:\Windows\System32\shsvcs.dll
23:20:26.0085 2832 ShellHWDetection - ok
23:20:26.0104 2832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) Z:\Windows\system32\DRIVERS\SiSRaid2.sys
23:20:26.0177 2832 SiSRaid2 - ok
23:20:26.0191 2832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) Z:\Windows\system32\DRIVERS\sisraid4.sys
23:20:26.0239 2832 SiSRaid4 - ok
23:20:26.0310 2832 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) Z:\Program Files (x86)\Skype\Updater\Updater.exe
23:20:26.0357 2832 SkypeUpdate - ok
23:20:26.0373 2832 Smb (548260a7b8654e024dc30bf8a7c5baa4) Z:\Windows\system32\DRIVERS\smb.sys
23:20:26.0447 2832 Smb - ok
23:20:26.0495 2832 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) Z:\Windows\System32\snmptrap.exe
23:20:26.0529 2832 SNMPTRAP - ok
23:20:26.0578 2832 Soluto (f9369327409492097b0bb7ce86bd29de) Z:\Windows\system32\DRIVERS\Soluto.sys
23:20:26.0601 2832 Soluto - ok
23:20:26.0680 2832 SolutoService (10dee00baf67de1059071c1ecd459ac5) Z:\Program Files\Soluto\SolutoService.exe
23:20:26.0711 2832 SolutoService - ok
23:20:26.0729 2832 spldr (b9e31e5cacdfe584f34f730a677803f9) Z:\Windows\system32\drivers\spldr.sys
23:20:26.0775 2832 spldr - ok
23:20:26.0810 2832 Spooler (b96c17b5dc1424d56eea3a99e97428cd) Z:\Windows\System32\spoolsv.exe
23:20:26.0878 2832 Spooler - ok
23:20:26.0996 2832 sppsvc (e17e0188bb90fae42d83e98707efa59c) Z:\Windows\system32\sppsvc.exe
23:20:27.0136 2832 sppsvc - ok
23:20:27.0192 2832 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) Z:\Windows\system32\sppuinotify.dll
23:20:27.0256 2832 sppuinotify - ok
23:20:27.0307 2832 srv (441fba48bff01fdb9d5969ebc1838f0b) Z:\Windows\system32\DRIVERS\srv.sys
23:20:27.0402 2832 srv - ok
23:20:27.0435 2832 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) Z:\Windows\system32\DRIVERS\srv2.sys
23:20:27.0503 2832 srv2 - ok
23:20:27.0522 2832 srvnet (27e461f0be5bff5fc737328f749538c3) Z:\Windows\system32\DRIVERS\srvnet.sys
23:20:27.0547 2832 srvnet - ok
23:20:27.0606 2832 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) Z:\Windows\system32\DRIVERS\sscdbus.sys
23:20:27.0627 2832 sscdbus - ok
23:20:27.0664 2832 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) Z:\Windows\System32\ssdpsrv.dll
23:20:27.0737 2832 SSDPSRV - ok
23:20:27.0756 2832 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) Z:\Windows\system32\sstpsvc.dll
23:20:27.0816 2832 SstpSvc - ok
23:20:27.0862 2832 Steam Client Service - ok
23:20:27.0891 2832 stexstor (f3817967ed533d08327dc73bc4d5542a) Z:\Windows\system32\DRIVERS\stexstor.sys
23:20:27.0913 2832 stexstor - ok
23:20:27.0958 2832 stisvc (8dd52e8e6128f4b2da92ce27402871c1) Z:\Windows\System32\wiaservc.dll
23:20:28.0008 2832 stisvc - ok
23:20:28.0029 2832 storflt (7785dc213270d2fc066538daf94087e7) Z:\Windows\system32\drivers\vmstorfl.sys
23:20:28.0052 2832 storflt - ok
23:20:28.0072 2832 storvsc (d34e4943d5ac096c8edeebfd80d76e23) Z:\Windows\system32\drivers\storvsc.sys
23:20:28.0121 2832 storvsc - ok
23:20:28.0134 2832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) Z:\Windows\system32\drivers\swenum.sys
23:20:28.0180 2832 swenum - ok
23:20:28.0206 2832 swprv (e08e46fdd841b7184194011ca1955a0b) Z:\Windows\System32\swprv.dll
23:20:28.0286 2832 swprv - ok
23:20:28.0303 2832 Synth3dVsc - ok
23:20:28.0378 2832 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) Z:\Windows\system32\sysmain.dll
23:20:28.0455 2832 SysMain - ok
23:20:28.0518 2832 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) Z:\Windows\System32\TabSvc.dll
23:20:28.0558 2832 TabletInputService - ok
23:20:28.0616 2832 tap0901t (b08740047145b9bce15bf75ca0f9718a) Z:\Windows\system32\DRIVERS\tap0901t.sys
23:20:28.0644 2832 tap0901t - ok
23:20:28.0675 2832 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) Z:\Windows\System32\tapisrv.dll
23:20:28.0750 2832 TapiSrv - ok
23:20:28.0777 2832 TBS (1be03ac720f4d302ea01d40f588162f6) Z:\Windows\System32\tbssvc.dll
23:20:28.0837 2832 TBS - ok
23:20:28.0908 2832 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) Z:\Windows\system32\drivers\tcpip.sys
23:20:28.0988 2832 Tcpip - ok
23:20:29.0066 2832 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) Z:\Windows\system32\DRIVERS\tcpip.sys
23:20:29.0129 2832 TCPIP6 - ok
23:20:29.0177 2832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) Z:\Windows\system32\drivers\tcpipreg.sys
23:20:29.0247 2832 tcpipreg - ok
23:20:29.0274 2832 TDPIPE (3371d21011695b16333a3934340c4e7c) Z:\Windows\system32\drivers\tdpipe.sys
23:20:29.0343 2832 TDPIPE - ok
23:20:29.0367 2832 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) Z:\Windows\system32\drivers\tdtcp.sys
23:20:29.0408 2832 TDTCP - ok
23:20:29.0433 2832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) Z:\Windows\system32\DRIVERS\tdx.sys
23:20:29.0517 2832 tdx - ok
23:20:29.0542 2832 teamviewervpn (f5520dbb47c60ee83024b38720abda24) Z:\Windows\system32\DRIVERS\teamviewervpn.sys
23:20:29.0558 2832 teamviewervpn - ok
23:20:29.0587 2832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) Z:\Windows\system32\drivers\termdd.sys
23:20:29.0638 2832 TermDD - ok
23:20:29.0674 2832 TermService (2e648163254233755035b46dd7b89123) Z:\Windows\System32\termsrv.dll
23:20:29.0755 2832 TermService - ok
23:20:29.0774 2832 Themes (f0344071948d1a1fa732231785a0664c) Z:\Windows\system32\themeservice.dll
23:20:29.0815 2832 Themes - ok
23:20:29.0833 2832 THREADORDER (e40e80d0304a73e8d269f7141d77250b) Z:\Windows\system32\mmcss.dll
23:20:29.0891 2832 THREADORDER - ok
23:20:29.0943 2832 TipCtrl - ok
23:20:30.0021 2832 TomTomHOMEService (e9ca6ed72ea9f56bd6e98c7042092a1c) Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
23:20:30.0042 2832 TomTomHOMEService - ok
23:20:30.0056 2832 TrkWks (7e7afd841694f6ac397e99d75cead49d) Z:\Windows\System32\trkwks.dll
23:20:30.0116 2832 TrkWks - ok
23:20:30.0162 2832 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) Z:\Windows\servicing\TrustedInstaller.exe
23:20:30.0221 2832 TrustedInstaller - ok
23:20:30.0263 2832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) Z:\Windows\system32\DRIVERS\tssecsrv.sys
23:20:30.0331 2832 tssecsrv - ok
23:20:30.0355 2832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) Z:\Windows\system32\drivers\tsusbflt.sys
23:20:30.0442 2832 TsUsbFlt - ok
23:20:30.0456 2832 tsusbhub - ok
23:20:30.0505 2832 tunnel (3566a8daafa27af944f5d705eaa64894) Z:\Windows\system32\DRIVERS\tunnel.sys
23:20:30.0597 2832 tunnel - ok
23:20:30.0656 2832 TunngleService (f8302e3e534af5e3f2588a974bea80df) Z:\Program Files (x86)\Tunngle\TnglCtrl.exe
23:20:30.0691 2832 TunngleService - ok
23:20:30.0715 2832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) Z:\Windows\system32\DRIVERS\uagp35.sys
23:20:30.0764 2832 uagp35 - ok
23:20:30.0787 2832 udfs (ff4232a1a64012baa1fd97c7b67df593) Z:\Windows\system32\DRIVERS\udfs.sys
23:20:30.0854 2832 udfs - ok
23:20:30.0883 2832 UI0Detect (3cbdec8d06b9968aba702eba076364a1) Z:\Windows\system32\UI0Detect.exe
23:20:30.0911 2832 UI0Detect - ok
23:20:30.0935 2832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) Z:\Windows\system32\drivers\uliagpkx.sys
23:20:30.0983 2832 uliagpkx - ok
23:20:30.0999 2832 umbus (dc54a574663a895c8763af0fa1ff7561) Z:\Windows\system32\drivers\umbus.sys
23:20:31.0056 2832 umbus - ok
23:20:31.0068 2832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) Z:\Windows\system32\DRIVERS\umpass.sys
23:20:31.0124 2832 UmPass - ok
23:20:31.0150 2832 UmRdpService (a293dcd756d04d8492a750d03b9a297c) Z:\Windows\System32\umrdp.dll
23:20:31.0182 2832 UmRdpService - ok
23:20:31.0210 2832 upnphost (d47ec6a8e81633dd18d2436b19baf6de) Z:\Windows\System32\upnphost.dll
23:20:31.0275 2832 upnphost - ok
23:20:31.0310 2832 usbbus (5fcc71487888589a9244af54cfefab29) Z:\Windows\system32\DRIVERS\lgx64bus.sys
23:20:31.0352 2832 usbbus - ok
23:20:31.0376 2832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) Z:\Windows\system32\DRIVERS\usbccgp.sys
23:20:31.0437 2832 usbccgp - ok
23:20:31.0466 2832 usbcir (af0892a803fdda7492f595368e3b68e7) Z:\Windows\system32\drivers\usbcir.sys
23:20:31.0496 2832 usbcir - ok
23:20:31.0528 2832 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) Z:\Windows\system32\DRIVERS\lgx64diag.sys
23:20:31.0555 2832 UsbDiag - ok
23:20:31.0575 2832 usbehci (c025055fe7b87701eb042095df1a2d7b) Z:\Windows\system32\DRIVERS\usbehci.sys
23:20:31.0622 2832 usbehci - ok
23:20:31.0651 2832 usbhub (287c6c9410b111b68b52ca298f7b8c24) Z:\Windows\system32\DRIVERS\usbhub.sys
23:20:31.0722 2832 usbhub - ok
23:20:31.0746 2832 USBModem (78d551f5b93488b4666f5fc8dd4815f3) Z:\Windows\system32\DRIVERS\lgx64modem.sys
23:20:31.0765 2832 USBModem - ok
23:20:31.0789 2832 usbohci (58e546bbaf87664fc57e0f6081e4f609) Z:\Windows\system32\DRIVERS\usbohci.sys
23:20:31.0838 2832 usbohci - ok
23:20:31.0861 2832 usbprint (73188f58fb384e75c4063d29413cee3d) Z:\Windows\system32\DRIVERS\usbprint.sys
23:20:31.0920 2832 usbprint - ok
23:20:31.0941 2832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) Z:\Windows\system32\DRIVERS\USBSTOR.SYS
23:20:32.0032 2832 USBSTOR - ok
23:20:32.0052 2832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) Z:\Windows\system32\DRIVERS\usbuhci.sys
23:20:32.0082 2832 usbuhci - ok
23:20:32.0107 2832 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) Z:\Windows\System32\uxsms.dll
23:20:32.0174 2832 UxSms - ok
23:20:32.0195 2832 VaultSvc (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
23:20:32.0217 2832 VaultSvc - ok
23:20:32.0255 2832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) Z:\Windows\system32\drivers\vdrvroot.sys
23:20:32.0327 2832 vdrvroot - ok
23:20:32.0365 2832 vds (8d6b481601d01a456e75c3210f1830be) Z:\Windows\System32\vds.exe
23:20:32.0435 2832 vds - ok
23:20:32.0458 2832 vga (da4da3f5e02943c2dc8c6ed875de68dd) Z:\Windows\system32\DRIVERS\vgapnp.sys
23:20:32.0485 2832 vga - ok
23:20:32.0502 2832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) Z:\Windows\System32\drivers\vga.sys
23:20:32.0628 2832 VgaSave - ok
23:20:32.0636 2832 VGPU - ok
23:20:32.0666 2832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) Z:\Windows\system32\drivers\vhdmp.sys
23:20:32.0724 2832 vhdmp - ok
23:20:32.0758 2832 vhidmini (1161acff728d97f75d74d2f1465f8a46) Z:\Windows\system32\DRIVERS\vHidDev.sys
23:20:32.0797 2832 vhidmini - ok
23:20:32.0816 2832 viaide (e5689d93ffe4e5d66c0178761240dd54) Z:\Windows\system32\drivers\viaide.sys
23:20:32.0863 2832 viaide - ok
23:20:32.0878 2832 vmbus (86ea3e79ae350fea5331a1303054005f) Z:\Windows\system32\drivers\vmbus.sys
23:20:32.0996 2832 vmbus - ok
23:20:33.0005 2832 VMBusHID (7de90b48f210d29649380545db45a187) Z:\Windows\system32\drivers\VMBusHID.sys
23:20:33.0062 2832 VMBusHID - ok
23:20:33.0076 2832 volmgr (d2aafd421940f640b407aefaaebd91b0) Z:\Windows\system32\drivers\volmgr.sys
23:20:33.0149 2832 volmgr - ok
23:20:33.0179 2832 volmgrx (a255814907c89be58b79ef2f189b843b) Z:\Windows\system32\drivers\volmgrx.sys
23:20:33.0212 2832 volmgrx - ok
23:20:33.0229 2832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) Z:\Windows\system32\drivers\volsnap.sys
23:20:33.0294 2832 volsnap - ok
23:20:33.0325 2832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) Z:\Windows\system32\DRIVERS\vsmraid.sys
23:20:33.0375 2832 vsmraid - ok
23:20:33.0441 2832 VSS (b60ba0bc31b0cb414593e169f6f21cc2) Z:\Windows\system32\vssvc.exe
23:20:33.0538 2832 VSS - ok
23:20:33.0600 2832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) Z:\Windows\System32\drivers\vwifibus.sys
23:20:33.0661 2832 vwifibus - ok
23:20:33.0696 2832 W32Time (1c9d80cc3849b3788048078c26486e1a) Z:\Windows\system32\w32time.dll
23:20:33.0763 2832 W32Time - ok
23:20:33.0788 2832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) Z:\Windows\system32\DRIVERS\wacompen.sys
23:20:33.0824 2832 WacomPen - ok
23:20:33.0847 2832 WANARP (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
23:20:33.0940 2832 WANARP - ok
23:20:33.0958 2832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
23:20:34.0014 2832 Wanarpv6 - ok
23:20:34.0075 2832 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) Z:\Windows\system32\Wat\WatAdminSvc.exe
23:20:34.0129 2832 WatAdminSvc - ok
23:20:34.0197 2832 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) Z:\Windows\system32\wbengine.exe
23:20:34.0533 2832 wbengine - ok
23:20:34.0568 2832 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) Z:\Windows\System32\wbiosrvc.dll
23:20:34.0601 2832 WbioSrvc - ok
23:20:34.0642 2832 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) Z:\Windows\System32\wcncsvc.dll
23:20:34.0695 2832 wcncsvc - ok
23:20:34.0714 2832 WcsPlugInService (20f7441334b18cee52027661df4a6129) Z:\Windows\System32\WcsPlugInService.dll
23:20:34.0750 2832 WcsPlugInService - ok
23:20:34.0785 2832 Wd (72889e16ff12ba0f235467d6091b17dc) Z:\Windows\system32\DRIVERS\wd.sys
23:20:34.0806 2832 Wd - ok
23:20:34.0840 2832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) Z:\Windows\system32\drivers\Wdf01000.sys
23:20:34.0879 2832 Wdf01000 - ok
23:20:34.0898 2832 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) Z:\Windows\system32\wdi.dll
23:20:34.0975 2832 WdiServiceHost - ok
23:20:34.0980 2832 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) Z:\Windows\system32\wdi.dll
23:20:35.0014 2832 WdiSystemHost - ok
23:20:35.0049 2832 WebClient (3db6d04e1c64272f8b14eb8bc4616280) Z:\Windows\System32\webclnt.dll
23:20:35.0089 2832 WebClient - ok
23:20:35.0111 2832 Wecsvc (c749025a679c5103e575e3b48e092c43) Z:\Windows\system32\wecsvc.dll
23:20:35.0186 2832 Wecsvc - ok
23:20:35.0211 2832 wercplsupport (7e591867422dc788b9e5bd337a669a08) Z:\Windows\System32\wercplsupport.dll
23:20:35.0279 2832 wercplsupport - ok
23:20:35.0301 2832 WerSvc (6d137963730144698cbd10f202e9f251) Z:\Windows\System32\WerSvc.dll
23:20:35.0361 2832 WerSvc - ok
23:20:35.0389 2832 WfpLwf (611b23304bf067451a9fdee01fbdd725) Z:\Windows\system32\DRIVERS\wfplwf.sys
23:20:35.0472 2832 WfpLwf - ok
23:20:35.0488 2832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) Z:\Windows\system32\drivers\wimmount.sys
23:20:35.0535 2832 WIMMount - ok
23:20:35.0562 2832 WinHttpAutoProxySvc - ok
23:20:35.0619 2832 Winmgmt (19b07e7e8915d701225da41cb3877306) Z:\Windows\system32\wbem\WMIsvc.dll
23:20:35.0680 2832 Winmgmt - ok
23:20:35.0753 2832 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) Z:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
23:20:35.0798 2832 WinRing0_1_2_0 - ok
23:20:35.0872 2832 WinRM (bcb1310604aa415c4508708975b3931e) Z:\Windows\system32\WsmSvc.dll
23:20:35.0977 2832 WinRM - ok
23:20:36.0066 2832 WinUsb (fe88b288356e7b47b74b13372add906d) Z:\Windows\system32\DRIVERS\WinUsb.sys
23:20:36.0111 2832 WinUsb - ok
23:20:36.0153 2832 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) Z:\Windows\System32\wlansvc.dll
23:20:36.0201 2832 Wlansvc - ok
23:20:36.0309 2832 wlidsvc (2bacd71123f42cea603f4e205e1ae337) Z:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:20:36.0386 2832 wlidsvc - ok
23:20:36.0439 2832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) Z:\Windows\system32\drivers\wmiacpi.sys
23:20:36.0496 2832 WmiAcpi - ok
23:20:36.0546 2832 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) Z:\Windows\system32\wbem\WmiApSrv.exe
23:20:36.0580 2832 wmiApSrv - ok
23:20:36.0612 2832 WMPNetworkSvc - ok
23:20:36.0631 2832 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) Z:\Windows\System32\wpcsvc.dll
23:20:36.0664 2832 WPCSvc - ok
23:20:36.0684 2832 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) Z:\Windows\system32\wpdbusenum.dll
23:20:36.0725 2832 WPDBusEnum - ok
23:20:36.0750 2832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) Z:\Windows\system32\drivers\ws2ifsl.sys
23:20:36.0831 2832 ws2ifsl - ok
23:20:36.0839 2832 WSearch - ok
23:20:36.0928 2832 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) Z:\Windows\system32\wuaueng.dll
23:20:37.0012 2832 wuauserv - ok
23:20:37.0060 2832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) Z:\Windows\system32\drivers\WudfPf.sys
23:20:37.0155 2832 WudfPf - ok
23:20:37.0184 2832 WUDFRd (cf8d590be3373029d57af80914190682) Z:\Windows\system32\DRIVERS\WUDFRd.sys
23:20:37.0277 2832 WUDFRd - ok
23:20:37.0307 2832 wudfsvc (7a95c95b6c4cf292d689106bcae49543) Z:\Windows\System32\WUDFSvc.dll
23:20:37.0366 2832 wudfsvc - ok
23:20:37.0390 2832 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) Z:\Windows\System32\wwansvc.dll
23:20:37.0428 2832 WwanSvc - ok
23:20:37.0477 2832 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) Z:\Windows\system32\DRIVERS\xusb21.sys
23:20:37.0544 2832 xusb21 - ok
23:20:37.0590 2832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
23:20:37.0646 2832 \Device\Harddisk2\DR2 - ok
23:20:37.0674 2832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:20:38.0155 2832 \Device\Harddisk0\DR0 - ok
23:20:38.0170 2832 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:20:38.0210 2832 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
23:20:38.0210 2832 \Device\Harddisk1\DR1 - detected TDSS File System (1)
23:20:38.0215 2832 Boot (0x1200) (c2526875d66db35c281ca8c9a8469ea7) \Device\Harddisk2\DR2\Partition0
23:20:38.0217 2832 \Device\Harddisk2\DR2\Partition0 - ok
23:20:38.0220 2832 Boot (0x1200) (3d7d28df30fe7f2c3198e10bcffd2454) \Device\Harddisk0\DR0\Partition0
23:20:38.0222 2832 \Device\Harddisk0\DR0\Partition0 - ok
23:20:38.0230 2832 Boot (0x1200) (6960a4a86de4e011ffff08d1908b3d24) \Device\Harddisk1\DR1\Partition0
23:20:38.0231 2832 \Device\Harddisk1\DR1\Partition0 - ok
23:20:38.0261 2832 Boot (0x1200) (fc2edc3c6204438ba2f9129116e8be15) \Device\Harddisk1\DR1\Partition1
23:20:38.0263 2832 \Device\Harddisk1\DR1\Partition1 - ok
23:20:38.0275 2832 Boot (0x1200) (488cb0b9821bb99e00e9d213aff0a669) \Device\Harddisk1\DR1\Partition2
23:20:38.0276 2832 \Device\Harddisk1\DR1\Partition2 - ok
23:20:38.0276 2832 ============================================================
23:20:38.0276 2832 Scan finished
23:20:38.0276 2832 ============================================================
23:20:38.0329 4688 Detected object count: 3
23:20:38.0329 4688 Actual detected object count: 3
23:20:42.0406 4688 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:20:42.0406 4688 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:20:42.0410 4688 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:20:42.0410 4688 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:20:42.0414 4688 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
23:20:42.0415 4688 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
23:20:44.0263 1536 Deinitialize success

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 AM

Posted 13 August 2012 - 09:33 AM

Greetings blade12,

Thank you for the valuable information. I am going to have you run TDSSKiller again but this time we will take a proactive step at the end to cure an infection on your computer. Basically, the infection created a secret file system to infect your computer, over and over again until it is removed. That is why you have been unable to stop it from coming back. I would also like to take a look at your Master Boot Record (MBR)

Please perform the following for me.


===================================================


Deleting TDLFS Using TDSSKiller with Changed Parameters

--------------------

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Detect TDLFS file system
  • Click OK
  • Click Start Scan and allow the scan process to run
  • When these threat(s) are detected select Delete then Click Continue

    23:20:42.0414 4688 \Device\Harddisk1\DR1 ( TDSS File System )
  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 blade12

blade12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 13 August 2012 - 12:22 PM

-I am still getting the trojan quarantine screens from Eset NOD32 for Z:\Windows\system32\services.exe was infected with Win64/Patched.B.Gen trojan and
Agent.BA trojan, Conedex.B trojan and Sirefef.AP trojan (these 3 are in some Windows Installer folder or something according to eset)
-Malwarebytes still shows Rootkit.0Access (I attached log of MBAM all the way below under new TDSSKiller log and aswMBR log if you need it).


12:52:54.0624 1060 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:52:55.0388 1060 ============================================================
12:52:55.0388 1060 Current date / time: 2012/08/13 12:52:55.0388
12:52:55.0388 1060 SystemInfo:
12:52:55.0388 1060
12:52:55.0388 1060 OS Version: 6.1.7601 ServicePack: 1.0
12:52:55.0388 1060 Product type: Workstation
12:52:55.0388 1060 ComputerName: HARSH-PC
12:52:55.0388 1060 UserName: Harsh
12:52:55.0388 1060 Windows directory: Z:\Windows
12:52:55.0388 1060 System windows directory: Z:\Windows
12:52:55.0388 1060 Running under WOW64
12:52:55.0388 1060 Processor architecture: Intel x64
12:52:55.0388 1060 Number of processors: 2
12:52:55.0388 1060 Page size: 0x1000
12:52:55.0388 1060 Boot type: Normal boot
12:52:55.0388 1060 ============================================================
12:53:12.0502 1060 Drive \Device\Harddisk2\DR2 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:12.0533 1060 Drive \Device\Harddisk0\DR0 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:12.0549 1060 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:12.0549 1060 ============================================================
12:53:12.0549 1060 \Device\Harddisk2\DR2:
12:53:12.0564 1060 MBR partitions:
12:53:12.0564 1060 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x7E, BlocksNum 0x950E443
12:53:12.0564 1060 \Device\Harddisk0\DR0:
12:53:12.0564 1060 MBR partitions:
12:53:12.0564 1060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x996051C
12:53:12.0564 1060 \Device\Harddisk1\DR1:
12:53:12.0564 1060 MBR partitions:
12:53:12.0564 1060 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x460025A
12:53:12.0564 1060 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x46014E6, BlocksNum 0x799CA35
12:53:12.0564 1060 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xBF9DF1B, BlocksNum 0x68767AA6
12:53:12.0564 1060 ============================================================
12:53:12.0611 1060 C: <-> \Device\Harddisk0\DR0\Partition0
12:53:12.0627 1060 F: <-> \Device\Harddisk2\DR2\Partition0
12:53:12.0673 1060 Z: <-> \Device\Harddisk1\DR1\Partition1
12:53:12.0845 1060 G: <-> \Device\Harddisk1\DR1\Partition2
12:53:12.0845 1060 X: <-> \Device\Harddisk1\DR1\Partition0
12:53:12.0845 1060 ============================================================
12:53:12.0845 1060 Initialize success
12:53:12.0845 1060 ============================================================
12:53:25.0169 0720 ============================================================
12:53:25.0169 0720 Scan started
12:53:25.0169 0720 Mode: Manual; TDLFS;
12:53:25.0169 0720 ============================================================
12:53:26.0869 0720 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) Z:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:53:26.0869 0720 !SASCORE - ok
12:53:26.0979 0720 1394ohci (a87d604aea360176311474c87a63bb88) Z:\Windows\system32\drivers\1394ohci.sys
12:53:27.0025 0720 1394ohci - ok
12:53:27.0681 0720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) Z:\Windows\system32\drivers\ACPI.sys
12:53:27.0696 0720 ACPI - ok
12:53:27.0696 0720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) Z:\Windows\system32\drivers\acpipmi.sys
12:53:27.0727 0720 AcpiPmi - ok
12:53:27.0915 0720 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) Z:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:53:27.0915 0720 AdobeARMservice - ok
12:53:28.0102 0720 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) Z:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:28.0117 0720 AdobeFlashPlayerUpdateSvc - ok
12:53:28.0149 0720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) Z:\Windows\system32\DRIVERS\adp94xx.sys
12:53:28.0195 0720 adp94xx - ok
12:53:28.0227 0720 adpahci (597f78224ee9224ea1a13d6350ced962) Z:\Windows\system32\DRIVERS\adpahci.sys
12:53:28.0258 0720 adpahci - ok
12:53:28.0273 0720 adpu320 (e109549c90f62fb570b9540c4b148e54) Z:\Windows\system32\DRIVERS\adpu320.sys
12:53:28.0289 0720 adpu320 - ok
12:53:28.0305 0720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) Z:\Windows\System32\aelupsvc.dll
12:53:28.0320 0720 AeLookupSvc - ok
12:53:28.0367 0720 AFD (1c7857b62de5994a75b054a9fd4c3825) Z:\Windows\system32\drivers\afd.sys
12:53:28.0367 0720 AFD - ok
12:53:28.0461 0720 agp440 (608c14dba7299d8cb6ed035a68a15799) Z:\Windows\system32\drivers\agp440.sys
12:53:28.0492 0720 agp440 - ok
12:53:28.0507 0720 ALG (3290d6946b5e30e70414990574883ddb) Z:\Windows\System32\alg.exe
12:53:28.0523 0720 ALG - ok
12:53:28.0523 0720 aliide (5812713a477a3ad7363c7438ca2ee038) Z:\Windows\system32\drivers\aliide.sys
12:53:28.0554 0720 aliide - ok
12:53:28.0554 0720 amdide (1ff8b4431c353ce385c875f194924c0c) Z:\Windows\system32\drivers\amdide.sys
12:53:28.0585 0720 amdide - ok
12:53:28.0617 0720 AmdK8 (7024f087cff1833a806193ef9d22cda9) Z:\Windows\system32\DRIVERS\amdk8.sys
12:53:28.0632 0720 AmdK8 - ok
12:53:28.0632 0720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) Z:\Windows\system32\DRIVERS\amdppm.sys
12:53:28.0648 0720 AmdPPM - ok
12:53:28.0679 0720 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) Z:\Windows\system32\drivers\amdsata.sys
12:53:28.0710 0720 amdsata - ok
12:53:28.0741 0720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) Z:\Windows\system32\DRIVERS\amdsbs.sys
12:53:28.0757 0720 amdsbs - ok
12:53:28.0804 0720 amdxata (540daf1cea6094886d72126fd7c33048) Z:\Windows\system32\drivers\amdxata.sys
12:53:28.0819 0720 amdxata - ok
12:53:28.0835 0720 AppID (89a69c3f2f319b43379399547526d952) Z:\Windows\system32\drivers\appid.sys
12:53:28.0851 0720 AppID - ok
12:53:28.0882 0720 AppIDSvc (0bc381a15355a3982216f7172f545de1) Z:\Windows\System32\appidsvc.dll
12:53:28.0882 0720 AppIDSvc - ok
12:53:28.0929 0720 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) Z:\Windows\System32\appinfo.dll
12:53:28.0929 0720 Appinfo - ok
12:53:29.0007 0720 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) Z:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:53:29.0007 0720 Apple Mobile Device - ok
12:53:29.0038 0720 AppMgmt (4aba3e75a76195a3e38ed2766c962899) Z:\Windows\System32\appmgmts.dll
12:53:29.0038 0720 AppMgmt - ok
12:53:29.0069 0720 arc (c484f8ceb1717c540242531db7845c4e) Z:\Windows\system32\DRIVERS\arc.sys
12:53:29.0085 0720 arc - ok
12:53:29.0085 0720 arcsas (019af6924aefe7839f61c830227fe79c) Z:\Windows\system32\DRIVERS\arcsas.sys
12:53:29.0100 0720 arcsas - ok
12:53:29.0163 0720 aspnet_state (9217d874131ae6ff8f642f124f00a555) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:53:29.0178 0720 aspnet_state - ok
12:53:29.0209 0720 AsyncMac (769765ce2cc62867468cea93969b2242) Z:\Windows\system32\DRIVERS\asyncmac.sys
12:53:29.0225 0720 AsyncMac - ok
12:53:29.0225 0720 atapi (02062c0b390b7729edc9e69c680a6f3c) Z:\Windows\system32\drivers\atapi.sys
12:53:29.0225 0720 atapi - ok
12:53:29.0272 0720 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) Z:\Windows\System32\Audiosrv.dll
12:53:29.0272 0720 AudioEndpointBuilder - ok
12:53:29.0287 0720 AudioSrv (f23fef6d569fce88671949894a8becf1) Z:\Windows\System32\Audiosrv.dll
12:53:29.0287 0720 AudioSrv - ok
12:53:29.0319 0720 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) Z:\Windows\System32\AxInstSV.dll
12:53:29.0319 0720 AxInstSV - ok
12:53:29.0350 0720 b06bdrv (3e5b191307609f7514148c6832bb0842) Z:\Windows\system32\DRIVERS\bxvbda.sys
12:53:29.0365 0720 b06bdrv - ok
12:53:29.0381 0720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) Z:\Windows\system32\DRIVERS\b57nd60a.sys
12:53:29.0412 0720 b57nd60a - ok
12:53:29.0428 0720 BDESVC (fde360167101b4e45a96f939f388aeb0) Z:\Windows\System32\bdesvc.dll
12:53:29.0428 0720 BDESVC - ok
12:53:29.0459 0720 Beep (16a47ce2decc9b099349a5f840654746) Z:\Windows\system32\drivers\Beep.sys
12:53:29.0459 0720 Beep - ok
12:53:29.0521 0720 BFE (82974d6a2fd19445cc5171fc378668a4) Z:\Windows\System32\bfe.dll
12:53:29.0521 0720 BFE - ok
12:53:29.0553 0720 BITS (1ea7969e3271cbc59e1730697dc74682) Z:\Windows\system32\qmgr.dll
12:53:29.0568 0720 BITS - ok
12:53:29.0599 0720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) Z:\Windows\system32\DRIVERS\blbdrive.sys
12:53:29.0631 0720 blbdrive - ok
12:53:29.0693 0720 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) Z:\Program Files\Bonjour\mDNSResponder.exe
12:53:29.0709 0720 Bonjour Service - ok
12:53:29.0740 0720 bowser (6c02a83164f5cc0a262f4199f0871cf5) Z:\Windows\system32\DRIVERS\bowser.sys
12:53:29.0787 0720 bowser - ok
12:53:29.0802 0720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) Z:\Windows\system32\DRIVERS\BrFiltLo.sys
12:53:29.0802 0720 BrFiltLo - ok
12:53:29.0833 0720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) Z:\Windows\system32\DRIVERS\BrFiltUp.sys
12:53:29.0833 0720 BrFiltUp - ok
12:53:29.0849 0720 BridgeMP (5c2f352a4e961d72518261257aae204b) Z:\Windows\system32\DRIVERS\bridge.sys
12:53:29.0880 0720 BridgeMP - ok
12:53:29.0896 0720 Browser (8ef0d5c41ec907751b8429162b1239ed) Z:\Windows\System32\browser.dll
12:53:29.0896 0720 Browser - ok
12:53:29.0927 0720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) Z:\Windows\System32\Drivers\Brserid.sys
12:53:29.0974 0720 Brserid - ok
12:53:29.0989 0720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) Z:\Windows\System32\Drivers\BrSerWdm.sys
12:53:30.0021 0720 BrSerWdm - ok
12:53:30.0021 0720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) Z:\Windows\System32\Drivers\BrUsbMdm.sys
12:53:30.0052 0720 BrUsbMdm - ok
12:53:30.0067 0720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) Z:\Windows\System32\Drivers\BrUsbSer.sys
12:53:30.0067 0720 BrUsbSer - ok
12:53:30.0083 0720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) Z:\Windows\system32\DRIVERS\bthmodem.sys
12:53:30.0114 0720 BTHMODEM - ok
12:53:30.0130 0720 bthserv (95f9c2976059462cbbf227f7aab10de9) Z:\Windows\system32\bthserv.dll
12:53:30.0145 0720 bthserv - ok
12:53:30.0161 0720 catchme - ok
12:53:30.0192 0720 cdfs (b8bd2bb284668c84865658c77574381a) Z:\Windows\system32\DRIVERS\cdfs.sys
12:53:30.0192 0720 cdfs - ok
12:53:30.0239 0720 cdrom (f036ce71586e93d94dab220d7bdf4416) Z:\Windows\system32\DRIVERS\cdrom.sys
12:53:30.0270 0720 cdrom - ok
12:53:30.0301 0720 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) Z:\Windows\System32\certprop.dll
12:53:30.0301 0720 CertPropSvc - ok
12:53:30.0301 0720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) Z:\Windows\system32\DRIVERS\circlass.sys
12:53:30.0317 0720 circlass - ok
12:53:30.0333 0720 CLFS (fe1ec06f2253f691fe36217c592a0206) Z:\Windows\system32\CLFS.sys
12:53:30.0348 0720 CLFS - ok
12:53:30.0395 0720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) Z:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:30.0395 0720 clr_optimization_v2.0.50727_32 - ok
12:53:30.0442 0720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) Z:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:53:30.0442 0720 clr_optimization_v2.0.50727_64 - ok
12:53:30.0504 0720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) Z:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:30.0582 0720 clr_optimization_v4.0.30319_32 - ok
12:53:30.0613 0720 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:53:30.0645 0720 clr_optimization_v4.0.30319_64 - ok
12:53:30.0676 0720 CmBatt (0840155d0bddf1190f84a663c284bd33) Z:\Windows\system32\DRIVERS\CmBatt.sys
12:53:30.0691 0720 CmBatt - ok
12:53:30.0707 0720 cmdide (e19d3f095812725d88f9001985b94edd) Z:\Windows\system32\drivers\cmdide.sys
12:53:30.0738 0720 cmdide - ok
12:53:30.0769 0720 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) Z:\Windows\system32\Drivers\cng.sys
12:53:30.0801 0720 CNG - ok
12:53:30.0832 0720 Compbatt (102de219c3f61415f964c88e9085ad14) Z:\Windows\system32\DRIVERS\compbatt.sys
12:53:30.0847 0720 Compbatt - ok
12:53:30.0879 0720 CompositeBus (03edb043586cceba243d689bdda370a8) Z:\Windows\system32\drivers\CompositeBus.sys
12:53:30.0879 0720 CompositeBus - ok
12:53:30.0894 0720 COMSysApp - ok
12:53:31.0003 0720 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
12:53:31.0035 0720 cpudrv64 - ok
12:53:31.0050 0720 cpuz134 - ok
12:53:31.0097 0720 cpuz135 - ok
12:53:31.0113 0720 crcdisk (1c827878a998c18847245fe1f34ee597) Z:\Windows\system32\DRIVERS\crcdisk.sys
12:53:31.0113 0720 crcdisk - ok
12:53:31.0144 0720 CryptSvc (4f5414602e2544a4554d95517948b705) Z:\Windows\system32\cryptsvc.dll
12:53:31.0159 0720 CryptSvc - ok
12:53:31.0191 0720 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) Z:\Windows\system32\drivers\csc.sys
12:53:31.0206 0720 CSC - ok
12:53:31.0237 0720 CscService (3ab183ab4d2c79dcf459cd2c1266b043) Z:\Windows\System32\cscsvc.dll
12:53:31.0253 0720 CscService - ok
12:53:31.0284 0720 CYUSB (8ec96b753727b380089d66d4ab5869df) Z:\Windows\system32\Drivers\CYUSB.sys
12:53:31.0347 0720 CYUSB - ok
12:53:31.0378 0720 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) Z:\Windows\system32\drivers\dadder.sys
12:53:31.0378 0720 DAdderFltr - ok
12:53:31.0409 0720 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) Z:\Windows\system32\rpcss.dll
12:53:31.0425 0720 DcomLaunch - ok
12:53:31.0440 0720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) Z:\Windows\System32\defragsvc.dll
12:53:31.0456 0720 defragsvc - ok
12:53:31.0534 0720 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) Z:\Windows\system32\DRIVERS\dfmirage.sys
12:53:31.0643 0720 dfmirage - ok
12:53:31.0705 0720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) Z:\Windows\system32\Drivers\dfsc.sys
12:53:31.0721 0720 DfsC - ok
12:53:31.0815 0720 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) Z:\Windows\system32\dhcpcore.dll
12:53:31.0815 0720 Dhcp - ok
12:53:31.0846 0720 discache (13096b05847ec78f0977f2c0f79e9ab3) Z:\Windows\system32\drivers\discache.sys
12:53:31.0846 0720 discache - ok
12:53:31.0877 0720 Disk (9819eee8b5ea3784ec4af3b137a5244c) Z:\Windows\system32\DRIVERS\disk.sys
12:53:31.0908 0720 Disk - ok
12:53:31.0939 0720 Dnscache (16835866aaa693c7d7fceba8fff706e4) Z:\Windows\System32\dnsrslvr.dll
12:53:31.0955 0720 Dnscache - ok
12:53:31.0986 0720 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) Z:\Windows\System32\dot3svc.dll
12:53:31.0986 0720 dot3svc - ok
12:53:32.0017 0720 DPS (b26f4f737e8f9df4f31af6cf31d05820) Z:\Windows\system32\dps.dll
12:53:32.0017 0720 DPS - ok
12:53:32.0049 0720 drmkaud (9b19f34400d24df84c858a421c205754) Z:\Windows\system32\drivers\drmkaud.sys
12:53:32.0080 0720 drmkaud - ok
12:53:32.0142 0720 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) Z:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
12:53:32.0158 0720 DrvAgent64 - ok
12:53:32.0205 0720 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) Z:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:53:32.0205 0720 dtsoftbus01 - ok
12:53:32.0251 0720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) Z:\Windows\System32\drivers\dxgkrnl.sys
12:53:32.0267 0720 DXGKrnl - ok
12:53:32.0298 0720 EagleX64 - ok
12:53:32.0345 0720 eamon (082dab566f704d258d35ba89f21239ca) Z:\Windows\system32\DRIVERS\eamon.sys
12:53:32.0376 0720 eamon - ok
12:53:32.0407 0720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) Z:\Windows\System32\eapsvc.dll
12:53:32.0407 0720 EapHost - ok
12:53:32.0532 0720 ebdrv (dc5d737f51be844d8c82c695eb17372f) Z:\Windows\system32\DRIVERS\evbda.sys
12:53:32.0595 0720 ebdrv - ok
12:53:32.0657 0720 EFS (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\System32\lsass.exe
12:53:32.0673 0720 EFS - ok
12:53:32.0719 0720 ehdrv (4ff6f92f170550e226b4595766c4d6a6) Z:\Windows\system32\DRIVERS\ehdrv.sys
12:53:32.0751 0720 ehdrv - ok
12:53:32.0813 0720 ehRecvr (c4002b6b41975f057d98c439030cea07) Z:\Windows\ehome\ehRecvr.exe
12:53:32.0813 0720 ehRecvr - ok
12:53:32.0844 0720 ehSched (4705e8ef9934482c5bb488ce28afc681) Z:\Windows\ehome\ehsched.exe
12:53:32.0844 0720 ehSched - ok
12:53:32.0907 0720 EhttpSrv (98b82b6afa03f8f0dd058c3dfcea472a) Z:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
12:53:32.0907 0720 EhttpSrv - ok
12:53:32.0969 0720 ekrn (9737fc97b5c941f083c4e46cbcce2d4a) Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
12:53:32.0985 0720 ekrn - ok
12:53:33.0047 0720 elxstor (0e5da5369a0fcaea12456dd852545184) Z:\Windows\system32\DRIVERS\elxstor.sys
12:53:33.0063 0720 elxstor - ok
12:53:33.0078 0720 epfwwfpr (71c8cbde6b18f90f19e9c7cb884f87c8) Z:\Windows\system32\DRIVERS\epfwwfpr.sys
12:53:33.0109 0720 epfwwfpr - ok
12:53:33.0125 0720 ErrDev (34a3c54752046e79a126e15c51db409b) Z:\Windows\system32\drivers\errdev.sys
12:53:33.0172 0720 ErrDev - ok
12:53:33.0219 0720 etdrv (84486624268e078255bc7aa47f0960bc) Z:\Windows\etdrv.sys
12:53:33.0250 0720 etdrv - ok
12:53:33.0453 0720 EventSystem (4166f82be4d24938977dd1746be9b8a0) Z:\Windows\system32\es.dll
12:53:33.0453 0720 EventSystem - ok
12:53:33.0515 0720 EverestDriver (13a2b915f6d93e52505656773d53096f) Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
12:53:33.0531 0720 EverestDriver - ok
12:53:33.0562 0720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) Z:\Windows\system32\drivers\exfat.sys
12:53:33.0624 0720 exfat - ok
12:53:33.0640 0720 fastfat (0adc83218b66a6db380c330836f3e36d) Z:\Windows\system32\drivers\fastfat.sys
12:53:33.0702 0720 fastfat - ok
12:53:33.0749 0720 Fax (dbefd454f8318a0ef691fdd2eaab44eb) Z:\Windows\system32\fxssvc.exe
12:53:33.0765 0720 Fax - ok
12:53:33.0780 0720 fdc (d765d19cd8ef61f650c384f62fac00ab) Z:\Windows\system32\DRIVERS\fdc.sys
12:53:33.0827 0720 fdc - ok
12:53:33.0843 0720 fdPHost (0438cab2e03f4fb61455a7956026fe86) Z:\Windows\system32\fdPHost.dll
12:53:33.0843 0720 fdPHost - ok
12:53:33.0858 0720 FDResPub (802496cb59a30349f9a6dd22d6947644) Z:\Windows\system32\fdrespub.dll
12:53:33.0874 0720 FDResPub - ok
12:53:33.0905 0720 FileInfo (655661be46b5f5f3fd454e2c3095b930) Z:\Windows\system32\drivers\fileinfo.sys
12:53:33.0921 0720 FileInfo - ok
12:53:33.0936 0720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) Z:\Windows\system32\drivers\filetrace.sys
12:53:33.0967 0720 Filetrace - ok
12:53:33.0983 0720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) Z:\Windows\system32\DRIVERS\flpydisk.sys
12:53:33.0983 0720 flpydisk - ok
12:53:33.0999 0720 FltMgr (da6b67270fd9db3697b20fce94950741) Z:\Windows\system32\drivers\fltmgr.sys
12:53:34.0045 0720 FltMgr - ok
12:53:34.0092 0720 FontCache (5c4cb4086fb83115b153e47add961a0c) Z:\Windows\system32\FntCache.dll
12:53:34.0108 0720 FontCache - ok
12:53:34.0170 0720 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) Z:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:53:34.0186 0720 FontCache3.0.0.0 - ok
12:53:34.0201 0720 FsDepends (d43703496149971890703b4b1b723eac) Z:\Windows\system32\drivers\FsDepends.sys
12:53:34.0217 0720 FsDepends - ok
12:53:34.0248 0720 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) Z:\Windows\system32\drivers\Fs_Rec.sys
12:53:34.0264 0720 Fs_Rec - ok
12:53:34.0326 0720 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) Z:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
12:53:34.0342 0720 Futuremark SystemInfo Service - ok
12:53:34.0404 0720 fvevol (1f7b25b858fa27015169fe95e54108ed) Z:\Windows\system32\DRIVERS\fvevol.sys
12:53:34.0404 0720 fvevol - ok
12:53:34.0435 0720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) Z:\Windows\system32\DRIVERS\gagp30kx.sys
12:53:34.0498 0720 gagp30kx - ok
12:53:34.0529 0720 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) Z:\Windows\gdrv.sys
12:53:34.0545 0720 gdrv - ok
12:53:34.0576 0720 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) Z:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:53:34.0576 0720 GEARAspiWDM - ok
12:53:34.0591 0720 GEST Service (2ddd5cbb203c3c3fd6f74979ebd8cc92) Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
12:53:34.0607 0720 GEST Service - ok
12:53:34.0669 0720 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) Z:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
12:53:34.0669 0720 GoogleDesktopManager-051210-111108 - ok
12:53:34.0716 0720 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) Z:\Windows\System32\gpsvc.dll
12:53:34.0716 0720 gpsvc - ok
12:53:34.0763 0720 gupdate (f02a533f517eb38333cb12a9e8963773) Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:53:34.0763 0720 gupdate - ok
12:53:34.0779 0720 gupdatem (f02a533f517eb38333cb12a9e8963773) Z:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:53:34.0779 0720 gupdatem - ok
12:53:34.0810 0720 gusvc (408ddd80eede47175f6844817b90213e) Z:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:53:34.0810 0720 gusvc - ok
12:53:34.0841 0720 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) Z:\Windows\GVTDrv64.sys
12:53:34.0857 0720 GVTDrv64 - ok
12:53:34.0903 0720 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) Z:\Windows\system32\DRIVERS\hamachi.sys
12:53:34.0935 0720 hamachi - ok
12:53:35.0059 0720 Hamachi2Svc (21d24138b736983f6e23823e092e9428) Z:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:53:35.0091 0720 Hamachi2Svc - ok
12:53:35.0137 0720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) Z:\Windows\system32\drivers\hcw85cir.sys
12:53:35.0137 0720 hcw85cir - ok
12:53:35.0200 0720 HdAudAddService (975761c778e33cd22498059b91e7373a) Z:\Windows\system32\drivers\HdAudio.sys
12:53:35.0215 0720 HdAudAddService - ok
12:53:35.0231 0720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) Z:\Windows\system32\drivers\HDAudBus.sys
12:53:35.0247 0720 HDAudBus - ok
12:53:35.0293 0720 HidBatt (78e86380454a7b10a5eb255dc44a355f) Z:\Windows\system32\DRIVERS\HidBatt.sys
12:53:35.0340 0720 HidBatt - ok
12:53:35.0449 0720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) Z:\Windows\system32\DRIVERS\hidbth.sys
12:53:35.0481 0720 HidBth - ok
12:53:35.0621 0720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) Z:\Windows\system32\DRIVERS\hidir.sys
12:53:35.0683 0720 HidIr - ok
12:53:35.0715 0720 hidserv (bd9eb3958f213f96b97b1d897dee006d) Z:\Windows\System32\hidserv.dll
12:53:35.0715 0720 hidserv - ok
12:53:35.0777 0720 HidUsb (9592090a7e2b61cd582b612b6df70536) Z:\Windows\system32\DRIVERS\hidusb.sys
12:53:35.0808 0720 HidUsb - ok
12:53:35.0839 0720 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) Z:\Windows\system32\kmsvc.dll
12:53:35.0855 0720 hkmsvc - ok
12:53:35.0871 0720 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) Z:\Windows\system32\ListSvc.dll
12:53:35.0886 0720 HomeGroupListener - ok
12:53:35.0902 0720 HomeGroupProvider (908acb1f594274965a53926b10c81e89) Z:\Windows\system32\provsvc.dll
12:53:35.0902 0720 HomeGroupProvider - ok
12:53:35.0933 0720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) Z:\Windows\system32\drivers\HpSAMD.sys
12:53:35.0933 0720 HpSAMD - ok
12:53:35.0995 0720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) Z:\Windows\system32\drivers\HTTP.sys
12:53:36.0011 0720 HTTP - ok
12:53:36.0027 0720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) Z:\Windows\system32\drivers\hwpolicy.sys
12:53:36.0027 0720 hwpolicy - ok
12:53:36.0073 0720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) Z:\Windows\system32\drivers\i8042prt.sys
12:53:36.0089 0720 i8042prt - ok
12:53:36.0120 0720 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) Z:\Windows\system32\drivers\iaStorV.sys
12:53:36.0151 0720 iaStorV - ok
12:53:36.0229 0720 IDriverT (1cf03c69b49acb70c722df92755c0c8c) Z:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:53:36.0229 0720 IDriverT - ok
12:53:36.0292 0720 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) Z:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:53:36.0307 0720 idsvc - ok
12:53:36.0370 0720 iirsp (5c18831c61933628f5bb0ea2675b9d21) Z:\Windows\system32\DRIVERS\iirsp.sys
12:53:36.0370 0720 iirsp - ok
12:53:36.0432 0720 IKEEXT (fcd84c381e0140af901e58d48882d26b) Z:\Windows\System32\ikeext.dll
12:53:36.0432 0720 IKEEXT - ok
12:53:36.0541 0720 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) Z:\Windows\system32\drivers\RTKVHD64.sys
12:53:36.0588 0720 IntcAzAudAddService - ok
12:53:36.0651 0720 intelide (f00f20e70c6ec3aa366910083a0518aa) Z:\Windows\system32\drivers\intelide.sys
12:53:36.0651 0720 intelide - ok
12:53:36.0682 0720 intelppm (ada036632c664caa754079041cf1f8c1) Z:\Windows\system32\DRIVERS\intelppm.sys
12:53:36.0713 0720 intelppm - ok
12:53:36.0744 0720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) Z:\Windows\system32\ipbusenum.dll
12:53:36.0744 0720 IPBusEnum - ok
12:53:36.0775 0720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) Z:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:36.0775 0720 IpFilterDriver - ok
12:53:36.0807 0720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) Z:\Windows\system32\drivers\IPMIDrv.sys
12:53:36.0807 0720 IPMIDRV - ok
12:53:36.0822 0720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) Z:\Windows\system32\drivers\ipnat.sys
12:53:36.0869 0720 IPNAT - ok
12:53:36.0947 0720 iPod Service (46d249f9db7844cc01050a9345f0f61b) Z:\Program Files\iPod\bin\iPodService.exe
12:53:36.0963 0720 iPod Service - ok
12:53:36.0978 0720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) Z:\Windows\system32\drivers\irenum.sys
12:53:36.0978 0720 IRENUM - ok
12:53:36.0994 0720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) Z:\Windows\system32\drivers\isapnp.sys
12:53:37.0025 0720 isapnp - ok
12:53:37.0119 0720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) Z:\Windows\system32\drivers\msiscsi.sys
12:53:37.0228 0720 iScsiPrt - ok
12:53:37.0243 0720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) Z:\Windows\system32\DRIVERS\kbdclass.sys
12:53:37.0243 0720 kbdclass - ok
12:53:37.0259 0720 kbdhid (0705eff5b42a9db58548eec3b26bb484) Z:\Windows\system32\DRIVERS\kbdhid.sys
12:53:37.0259 0720 kbdhid - ok
12:53:37.0337 0720 KeyIso (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
12:53:37.0337 0720 KeyIso - ok
12:53:37.0368 0720 KSecDD (97a7070aea4c058b6418519e869a63b4) Z:\Windows\system32\Drivers\ksecdd.sys
12:53:37.0368 0720 KSecDD - ok
12:53:37.0384 0720 KSecPkg (26c43a7c2862447ec59deda188d1da07) Z:\Windows\system32\Drivers\ksecpkg.sys
12:53:37.0399 0720 KSecPkg - ok
12:53:37.0399 0720 ksthunk (6869281e78cb31a43e969f06b57347c4) Z:\Windows\system32\drivers\ksthunk.sys
12:53:37.0431 0720 ksthunk - ok
12:53:37.0555 0720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) Z:\Windows\system32\msdtckrm.dll
12:53:37.0571 0720 KtmRm - ok
12:53:37.0618 0720 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) Z:\Windows\System32\srvsvc.dll
12:53:37.0618 0720 LanmanServer - ok
12:53:37.0649 0720 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) Z:\Windows\System32\wkssvc.dll
12:53:37.0649 0720 LanmanWorkstation - ok
12:53:37.0727 0720 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) Z:\Windows\system32\drivers\LGBusEnum.sys
12:53:37.0727 0720 LGBusEnum - ok
12:53:37.0758 0720 LGVirHid (94b29ce153765e768f004fb3440be2b0) Z:\Windows\system32\drivers\LGVirHid.sys
12:53:37.0774 0720 LGVirHid - ok
12:53:38.0023 0720 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) Z:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:53:38.0039 0720 LightScribeService - ok
12:53:38.0179 0720 lltdio (1538831cf8ad2979a04c423779465827) Z:\Windows\system32\DRIVERS\lltdio.sys
12:53:38.0211 0720 lltdio - ok
12:53:38.0320 0720 lltdsvc (c1185803384ab3feed115f79f109427f) Z:\Windows\System32\lltdsvc.dll
12:53:38.0320 0720 lltdsvc - ok
12:53:38.0335 0720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) Z:\Windows\System32\lmhsvc.dll
12:53:38.0335 0720 lmhosts - ok
12:53:38.0367 0720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) Z:\Windows\system32\DRIVERS\lsi_fc.sys
12:53:38.0398 0720 LSI_FC - ok
12:53:38.0429 0720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) Z:\Windows\system32\DRIVERS\lsi_sas.sys
12:53:38.0460 0720 LSI_SAS - ok
12:53:38.0476 0720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) Z:\Windows\system32\DRIVERS\lsi_sas2.sys
12:53:38.0507 0720 LSI_SAS2 - ok
12:53:38.0507 0720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) Z:\Windows\system32\DRIVERS\lsi_scsi.sys
12:53:38.0538 0720 LSI_SCSI - ok
12:53:38.0554 0720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) Z:\Windows\system32\drivers\luafv.sys
12:53:38.0569 0720 luafv - ok
12:53:38.0585 0720 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) Z:\Windows\system32\Mcx2Svc.dll
12:53:38.0585 0720 Mcx2Svc - ok
12:53:38.0616 0720 megasas (a55805f747c6edb6a9080d7c633bd0f4) Z:\Windows\system32\DRIVERS\megasas.sys
12:53:38.0663 0720 megasas - ok
12:53:38.0694 0720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) Z:\Windows\system32\DRIVERS\MegaSR.sys
12:53:38.0725 0720 MegaSR - ok
12:53:38.0788 0720 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) Z:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:53:38.0788 0720 Microsoft Office Groove Audit Service - ok
12:53:38.0803 0720 MMCSS (e40e80d0304a73e8d269f7141d77250b) Z:\Windows\system32\mmcss.dll
12:53:38.0803 0720 MMCSS - ok
12:53:38.0819 0720 Modem (800ba92f7010378b09f9ed9270f07137) Z:\Windows\system32\drivers\modem.sys
12:53:38.0819 0720 Modem - ok
12:53:38.0850 0720 monitor (b03d591dc7da45ece20b3b467e6aadaa) Z:\Windows\system32\DRIVERS\monitor.sys
12:53:38.0866 0720 monitor - ok
12:53:38.0913 0720 mouclass (7d27ea49f3c1f687d357e77a470aea99) Z:\Windows\system32\DRIVERS\mouclass.sys
12:53:38.0913 0720 mouclass - ok
12:53:38.0913 0720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) Z:\Windows\system32\DRIVERS\mouhid.sys
12:53:38.0928 0720 mouhid - ok
12:53:38.0959 0720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) Z:\Windows\system32\drivers\mountmgr.sys
12:53:38.0959 0720 mountmgr - ok
12:53:38.0991 0720 MozillaMaintenance (750babaabb49a8a2238fa4b58ac09af8) Z:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:53:38.0991 0720 MozillaMaintenance - ok
12:53:39.0022 0720 mpio (a44b420d30bd56e145d6a2bc8768ec58) Z:\Windows\system32\drivers\mpio.sys
12:53:39.0022 0720 mpio - ok
12:53:39.0037 0720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) Z:\Windows\system32\drivers\mpsdrv.sys
12:53:39.0069 0720 mpsdrv - ok
12:53:39.0100 0720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) Z:\Windows\system32\drivers\mrxdav.sys
12:53:39.0100 0720 MRxDAV - ok
12:53:39.0131 0720 mrxsmb (a5d9106a73dc88564c825d317cac68ac) Z:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:39.0147 0720 mrxsmb - ok
12:53:39.0178 0720 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) Z:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:39.0240 0720 mrxsmb10 - ok
12:53:39.0256 0720 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) Z:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:39.0287 0720 mrxsmb20 - ok
12:53:39.0303 0720 msahci (c25f0bafa182cbca2dd3c851c2e75796) Z:\Windows\system32\drivers\msahci.sys
12:53:39.0334 0720 msahci - ok
12:53:39.0349 0720 msdsm (db801a638d011b9633829eb6f663c900) Z:\Windows\system32\drivers\msdsm.sys
12:53:39.0381 0720 msdsm - ok
12:53:39.0412 0720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) Z:\Windows\System32\msdtc.exe
12:53:39.0412 0720 MSDTC - ok
12:53:39.0443 0720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) Z:\Windows\system32\drivers\Msfs.sys
12:53:39.0443 0720 Msfs - ok
12:53:39.0459 0720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) Z:\Windows\System32\drivers\mshidkmdf.sys
12:53:39.0459 0720 mshidkmdf - ok
12:53:39.0474 0720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) Z:\Windows\system32\drivers\msisadrv.sys
12:53:39.0505 0720 msisadrv - ok
12:53:39.0537 0720 MSiSCSI (808e98ff49b155c522e6400953177b08) Z:\Windows\system32\iscsiexe.dll
12:53:39.0537 0720 MSiSCSI - ok
12:53:39.0537 0720 msiserver - ok
12:53:39.0568 0720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) Z:\Windows\system32\drivers\MSKSSRV.sys
12:53:39.0583 0720 MSKSSRV - ok
12:53:39.0583 0720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) Z:\Windows\system32\drivers\MSPCLOCK.sys
12:53:39.0583 0720 MSPCLOCK - ok
12:53:39.0599 0720 MSPQM (4ed981241db27c3383d72092b618a1d0) Z:\Windows\system32\drivers\MSPQM.sys
12:53:39.0630 0720 MSPQM - ok
12:53:39.0661 0720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) Z:\Windows\system32\drivers\MsRPC.sys
12:53:39.0677 0720 MsRPC - ok
12:53:39.0693 0720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) Z:\Windows\system32\drivers\mssmbios.sys
12:53:39.0693 0720 mssmbios - ok
12:53:39.0708 0720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) Z:\Windows\system32\drivers\MSTEE.sys
12:53:39.0708 0720 MSTEE - ok
12:53:39.0724 0720 MTConfig (7ea404308934e675bffde8edf0757bcd) Z:\Windows\system32\DRIVERS\MTConfig.sys
12:53:39.0739 0720 MTConfig - ok
12:53:39.0739 0720 Mup (f9a18612fd3526fe473c1bda678d61c8) Z:\Windows\system32\Drivers\mup.sys
12:53:39.0771 0720 Mup - ok
12:53:39.0817 0720 napagent (582ac6d9873e31dfa28a4547270862dd) Z:\Windows\system32\qagentRT.dll
12:53:39.0817 0720 napagent - ok
12:53:39.0849 0720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) Z:\Windows\system32\DRIVERS\nwifi.sys
12:53:39.0911 0720 NativeWifiP - ok
12:53:39.0942 0720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) Z:\Windows\system32\drivers\ndis.sys
12:53:39.0989 0720 NDIS - ok
12:53:39.0989 0720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) Z:\Windows\system32\DRIVERS\ndiscap.sys
12:53:40.0020 0720 NdisCap - ok
12:53:40.0051 0720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) Z:\Windows\system32\DRIVERS\ndistapi.sys
12:53:40.0051 0720 NdisTapi - ok
12:53:40.0067 0720 Ndisuio (136185f9fb2cc61e573e676aa5402356) Z:\Windows\system32\DRIVERS\ndisuio.sys
12:53:40.0067 0720 Ndisuio - ok
12:53:40.0098 0720 NdisWan (53f7305169863f0a2bddc49e116c2e11) Z:\Windows\system32\DRIVERS\ndiswan.sys
12:53:40.0129 0720 NdisWan - ok
12:53:40.0161 0720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) Z:\Windows\system32\drivers\NDProxy.sys
12:53:40.0207 0720 NDProxy - ok
12:53:40.0223 0720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) Z:\Windows\system32\DRIVERS\netbios.sys
12:53:40.0254 0720 NetBIOS - ok
12:53:40.0270 0720 NetBT (09594d1089c523423b32a4229263f068) Z:\Windows\system32\DRIVERS\netbt.sys
12:53:40.0301 0720 NetBT - ok
12:53:40.0332 0720 Netlogon (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
12:53:40.0332 0720 Netlogon - ok
12:53:40.0597 0720 Netman (847d3ae376c0817161a14a82c8922a9e) Z:\Windows\System32\netman.dll
12:53:40.0613 0720 Netman - ok
12:53:40.0722 0720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:53:40.0753 0720 NetMsmqActivator - ok
12:53:40.0769 0720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:53:40.0769 0720 NetPipeActivator - ok
12:53:40.0785 0720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) Z:\Windows\System32\netprofm.dll
12:53:40.0800 0720 netprofm - ok
12:53:40.0800 0720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:53:40.0800 0720 NetTcpActivator - ok
12:53:40.0816 0720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) Z:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:53:40.0816 0720 NetTcpPortSharing - ok
12:53:40.0847 0720 nfrd960 (77889813be4d166cdab78ddba990da92) Z:\Windows\system32\DRIVERS\nfrd960.sys
12:53:40.0909 0720 nfrd960 - ok
12:53:40.0925 0720 NlaSvc (1ee99a89cc788ada662441d1e9830529) Z:\Windows\System32\nlasvc.dll
12:53:40.0941 0720 NlaSvc - ok
12:53:40.0941 0720 NLNdisMP - ok
12:53:40.0956 0720 NLNdisPT - ok
12:53:40.0972 0720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) Z:\Windows\system32\drivers\Npfs.sys
12:53:40.0987 0720 Npfs - ok
12:53:41.0019 0720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) Z:\Windows\system32\nsisvc.dll
12:53:41.0019 0720 nsi - ok
12:53:41.0034 0720 nsiproxy (e7f5ae18af4168178a642a9247c63001) Z:\Windows\system32\drivers\nsiproxy.sys
12:53:41.0034 0720 nsiproxy - ok
12:53:41.0112 0720 Ntfs (a2f74975097f52a00745f9637451fdd8) Z:\Windows\system32\drivers\Ntfs.sys
12:53:41.0159 0720 Ntfs - ok
12:53:41.0206 0720 Null (9899284589f75fa8724ff3d16aed75c1) Z:\Windows\system32\drivers\Null.sys
12:53:41.0237 0720 Null - ok
12:53:41.0627 0720 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) Z:\Windows\system32\DRIVERS\nvlddmkm.sys
12:53:41.0767 0720 nvlddmkm - ok
12:53:41.0830 0720 nvraid (0a92cb65770442ed0dc44834632f66ad) Z:\Windows\system32\drivers\nvraid.sys
12:53:41.0861 0720 nvraid - ok
12:53:41.0892 0720 nvstor (dab0e87525c10052bf65f06152f37e4a) Z:\Windows\system32\drivers\nvstor.sys
12:53:41.0955 0720 nvstor - ok
12:53:42.0017 0720 nvsvc (06633cf95bea62164c3bfca24bce6b11) Z:\Windows\system32\nvvsvc.exe
12:53:42.0017 0720 nvsvc - ok
12:53:42.0126 0720 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:53:42.0142 0720 nvUpdatusService - ok
12:53:42.0189 0720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) Z:\Windows\system32\drivers\nv_agp.sys
12:53:42.0220 0720 nv_agp - ok
12:53:42.0267 0720 odserv (785f487a64950f3cb8e9f16253ba3b7b) Z:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:53:42.0267 0720 odserv - ok
12:53:42.0298 0720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) Z:\Windows\system32\drivers\ohci1394.sys
12:53:42.0329 0720 ohci1394 - ok
12:53:42.0360 0720 ose (5a432a042dae460abe7199b758e8606c) Z:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:42.0376 0720 ose - ok
12:53:42.0407 0720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) Z:\Windows\system32\pnrpsvc.dll
12:53:42.0407 0720 p2pimsvc - ok
12:53:42.0438 0720 p2psvc (927463ecb02179f88e4b9a17568c63c3) Z:\Windows\system32\p2psvc.dll
12:53:42.0454 0720 p2psvc - ok
12:53:42.0469 0720 Parport (0086431c29c35be1dbc43f52cc273887) Z:\Windows\system32\DRIVERS\parport.sys
12:53:42.0501 0720 Parport - ok
12:53:42.0532 0720 partmgr (e9766131eeade40a27dc27d2d68fba9c) Z:\Windows\system32\drivers\partmgr.sys
12:53:42.0563 0720 partmgr - ok
12:53:42.0610 0720 pbfilter (7c0582921913d00180ec2b8518ba135c) Z:\Program Files\PeerBlock\pbfilter.sys
12:53:42.0641 0720 pbfilter - ok
12:53:42.0657 0720 PcaSvc (3aeaa8b561e63452c655dc0584922257) Z:\Windows\System32\pcasvc.dll
12:53:42.0672 0720 PcaSvc - ok
12:53:42.0703 0720 pci (94575c0571d1462a0f70bde6bd6ee6b3) Z:\Windows\system32\drivers\pci.sys
12:53:42.0766 0720 pci - ok
12:53:42.0781 0720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) Z:\Windows\system32\drivers\pciide.sys
12:53:42.0813 0720 pciide - ok
12:53:42.0859 0720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) Z:\Windows\system32\DRIVERS\pcmcia.sys
12:53:42.0891 0720 pcmcia - ok
12:53:42.0906 0720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) Z:\Windows\system32\drivers\pcw.sys
12:53:42.0937 0720 pcw - ok
12:53:42.0969 0720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) Z:\Windows\system32\drivers\peauth.sys
12:53:43.0000 0720 PEAUTH - ok
12:53:43.0062 0720 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) Z:\Windows\system32\peerdistsvc.dll
12:53:43.0078 0720 PeerDistSvc - ok
12:53:43.0125 0720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) Z:\Windows\SysWow64\perfhost.exe
12:53:43.0125 0720 PerfHost - ok
12:53:43.0234 0720 pla (c7cf6a6e137463219e1259e3f0f0dd6c) Z:\Windows\system32\pla.dll
12:53:43.0249 0720 pla - ok
12:53:43.0296 0720 PlugPlay (25fbdef06c4d92815b353f6e792c8129) Z:\Windows\system32\umpnpmgr.dll
12:53:43.0312 0720 PlugPlay - ok
12:53:43.0327 0720 PnkBstrA - ok
12:53:43.0359 0720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) Z:\Windows\system32\pnrpauto.dll
12:53:43.0359 0720 PNRPAutoReg - ok
12:53:43.0374 0720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) Z:\Windows\system32\pnrpsvc.dll
12:53:43.0390 0720 PNRPsvc - ok
12:53:43.0405 0720 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) Z:\Windows\System32\ipsecsvc.dll
12:53:43.0421 0720 PolicyAgent - ok
12:53:43.0452 0720 Power (6ba9d927dded70bd1a9caded45f8b184) Z:\Windows\system32\umpo.dll
12:53:43.0452 0720 Power - ok
12:53:43.0515 0720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) Z:\Windows\system32\DRIVERS\raspptp.sys
12:53:43.0593 0720 PptpMiniport - ok
12:53:43.0624 0720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) Z:\Windows\system32\DRIVERS\processr.sys
12:53:43.0639 0720 Processor - ok
12:53:43.0671 0720 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) Z:\Windows\system32\profsvc.dll
12:53:43.0671 0720 ProfSvc - ok
12:53:43.0702 0720 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
12:53:43.0702 0720 ProtectedStorage - ok
12:53:43.0733 0720 Psched (0557cf5a2556bd58e26384169d72438d) Z:\Windows\system32\DRIVERS\pacer.sys
12:53:43.0733 0720 Psched - ok
12:53:43.0764 0720 pwdrvio (d8589a43b352e7f2317194c98447149f) Z:\Windows\system32\pwdrvio.sys
12:53:43.0780 0720 pwdrvio - ok
12:53:43.0795 0720 pwdspio (4b8fda635f4d2e7d638b2b3817b5afc8) Z:\Windows\system32\pwdspio.sys
12:53:43.0795 0720 pwdspio - ok
12:53:43.0858 0720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) Z:\Windows\system32\DRIVERS\ql2300.sys
12:53:43.0873 0720 ql2300 - ok
12:53:43.0936 0720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) Z:\Windows\system32\DRIVERS\ql40xx.sys
12:53:43.0936 0720 ql40xx - ok
12:53:43.0967 0720 QWAVE (906191634e99aea92c4816150bda3732) Z:\Windows\system32\qwave.dll
12:53:43.0983 0720 QWAVE - ok
12:53:43.0983 0720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) Z:\Windows\system32\drivers\qwavedrv.sys
12:53:44.0014 0720 QWAVEdrv - ok
12:53:44.0029 0720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) Z:\Windows\system32\DRIVERS\rasacd.sys
12:53:44.0061 0720 RasAcd - ok
12:53:44.0092 0720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) Z:\Windows\system32\DRIVERS\AgileVpn.sys
12:53:44.0092 0720 RasAgileVpn - ok
12:53:44.0107 0720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) Z:\Windows\System32\rasauto.dll
12:53:44.0123 0720 RasAuto - ok
12:53:44.0139 0720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) Z:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:44.0201 0720 Rasl2tp - ok
12:53:44.0232 0720 RasMan (ee867a0870fc9e4972ba9eaad35651e2) Z:\Windows\System32\rasmans.dll
12:53:44.0248 0720 RasMan - ok
12:53:44.0263 0720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) Z:\Windows\system32\DRIVERS\raspppoe.sys
12:53:44.0263 0720 RasPppoe - ok
12:53:44.0279 0720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) Z:\Windows\system32\DRIVERS\rassstp.sys
12:53:44.0295 0720 RasSstp - ok
12:53:44.0341 0720 rdbss (77f665941019a1594d887a74f301fa2f) Z:\Windows\system32\DRIVERS\rdbss.sys
12:53:44.0341 0720 rdbss - ok
12:53:44.0357 0720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) Z:\Windows\system32\DRIVERS\rdpbus.sys
12:53:44.0404 0720 rdpbus - ok
12:53:44.0419 0720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) Z:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:44.0419 0720 RDPCDD - ok
12:53:44.0451 0720 RDPDR (1b6163c503398b23ff8b939c67747683) Z:\Windows\system32\drivers\rdpdr.sys
12:53:44.0497 0720 RDPDR - ok
12:53:44.0513 0720 RDPENCDD (bb5971a4f00659529a5c44831af22365) Z:\Windows\system32\drivers\rdpencdd.sys
12:53:44.0513 0720 RDPENCDD - ok
12:53:44.0544 0720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) Z:\Windows\system32\drivers\rdprefmp.sys
12:53:44.0544 0720 RDPREFMP - ok
12:53:44.0591 0720 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) Z:\Windows\system32\drivers\rdpvideominiport.sys
12:53:44.0622 0720 RdpVideoMiniport - ok
12:53:44.0653 0720 RDPWD (e61608aa35e98999af9aaeeea6114b0a) Z:\Windows\system32\drivers\RDPWD.sys
12:53:44.0685 0720 RDPWD - ok
12:53:44.0716 0720 rdyboost (34ed295fa0121c241bfef24764fc4520) Z:\Windows\system32\drivers\rdyboost.sys
12:53:44.0731 0720 rdyboost - ok
12:53:44.0763 0720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) Z:\Windows\System32\mprdim.dll
12:53:44.0763 0720 RemoteAccess - ok
12:53:44.0794 0720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) Z:\Windows\system32\regsvc.dll
12:53:44.0794 0720 RemoteRegistry - ok
12:53:44.0856 0720 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
12:53:44.0872 0720 RivaTuner64 - ok
12:53:44.0887 0720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) Z:\Windows\System32\RpcEpMap.dll
12:53:44.0903 0720 RpcEptMapper - ok
12:53:44.0934 0720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) Z:\Windows\system32\locator.exe
12:53:44.0934 0720 RpcLocator - ok
12:53:45.0293 0720 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) Z:\Windows\System32\rpcss.dll
12:53:45.0309 0720 RpcSs - ok
12:53:45.0324 0720 rspndr (ddc86e4f8e7456261e637e3552e804ff) Z:\Windows\system32\DRIVERS\rspndr.sys
12:53:45.0355 0720 rspndr - ok
12:53:45.0387 0720 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) Z:\Windows\system32\DRIVERS\Rt64win7.sys
12:53:45.0449 0720 RTL8167 - ok
12:53:45.0465 0720 s3cap (e60c0a09f997826c7627b244195ab581) Z:\Windows\system32\drivers\vms3cap.sys
12:53:45.0465 0720 s3cap - ok
12:53:45.0496 0720 SamSs (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
12:53:45.0496 0720 SamSs - ok
12:53:45.0558 0720 SASDIFSV (3289766038db2cb14d07dc84392138d5) Z:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:53:45.0558 0720 SASDIFSV - ok
12:53:45.0589 0720 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) Z:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:53:45.0605 0720 SASKUTIL - ok
12:53:45.0636 0720 sbp2port (ac03af3329579fffb455aa2daabbe22b) Z:\Windows\system32\drivers\sbp2port.sys
12:53:45.0667 0720 sbp2port - ok
12:53:45.0699 0720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) Z:\Windows\System32\SCardSvr.dll
12:53:45.0699 0720 SCardSvr - ok
12:53:45.0730 0720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) Z:\Windows\system32\DRIVERS\scfilter.sys
12:53:45.0745 0720 scfilter - ok
12:53:45.0792 0720 Schedule (262f6592c3299c005fd6bec90fc4463a) Z:\Windows\system32\schedsvc.dll
12:53:45.0823 0720 Schedule - ok
12:53:45.0855 0720 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) Z:\Windows\System32\certprop.dll
12:53:45.0855 0720 SCPolicySvc - ok
12:53:45.0886 0720 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) Z:\Windows\System32\SDRSVC.dll
12:53:45.0901 0720 SDRSVC - ok
12:53:45.0948 0720 secdrv (3ea8a16169c26afbeb544e0e48421186) Z:\Windows\system32\drivers\secdrv.sys
12:53:45.0964 0720 secdrv - ok
12:53:45.0995 0720 seclogon (bc617a4e1b4fa8df523a061739a0bd87) Z:\Windows\system32\seclogon.dll
12:53:45.0995 0720 seclogon - ok
12:53:46.0011 0720 SENS (c32ab8fa018ef34c0f113bd501436d21) Z:\Windows\system32\sens.dll
12:53:46.0011 0720 SENS - ok
12:53:46.0026 0720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) Z:\Windows\system32\sensrsvc.dll
12:53:46.0042 0720 SensrSvc - ok
12:53:46.0057 0720 Serenum (cb624c0035412af0debec78c41f5ca1b) Z:\Windows\system32\DRIVERS\serenum.sys
12:53:46.0073 0720 Serenum - ok
12:53:46.0089 0720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) Z:\Windows\system32\DRIVERS\serial.sys
12:53:46.0198 0720 Serial - ok
12:53:46.0213 0720 sermouse (1c545a7d0691cc4a027396535691c3e3) Z:\Windows\system32\DRIVERS\sermouse.sys
12:53:46.0245 0720 sermouse - ok
12:53:46.0276 0720 SessionEnv (0b6231bf38174a1628c4ac812cc75804) Z:\Windows\system32\sessenv.dll
12:53:46.0291 0720 SessionEnv - ok
12:53:46.0307 0720 sffdisk (a554811bcd09279536440c964ae35bbf) Z:\Windows\system32\drivers\sffdisk.sys
12:53:46.0338 0720 sffdisk - ok
12:53:46.0354 0720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) Z:\Windows\system32\drivers\sffp_mmc.sys
12:53:46.0385 0720 sffp_mmc - ok
12:53:46.0385 0720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) Z:\Windows\system32\drivers\sffp_sd.sys
12:53:46.0385 0720 sffp_sd - ok
12:53:46.0416 0720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) Z:\Windows\system32\DRIVERS\sfloppy.sys
12:53:46.0447 0720 sfloppy - ok
12:53:46.0479 0720 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) Z:\Windows\System32\shsvcs.dll
12:53:46.0479 0720 ShellHWDetection - ok
12:53:46.0510 0720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) Z:\Windows\system32\DRIVERS\SiSRaid2.sys
12:53:46.0557 0720 SiSRaid2 - ok
12:53:46.0572 0720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) Z:\Windows\system32\DRIVERS\sisraid4.sys
12:53:46.0603 0720 SiSRaid4 - ok
12:53:46.0666 0720 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) Z:\Program Files (x86)\Skype\Updater\Updater.exe
12:53:46.0697 0720 SkypeUpdate - ok
12:53:46.0713 0720 Smb (548260a7b8654e024dc30bf8a7c5baa4) Z:\Windows\system32\DRIVERS\smb.sys
12:53:46.0728 0720 Smb - ok
12:53:46.0759 0720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) Z:\Windows\System32\snmptrap.exe
12:53:46.0759 0720 SNMPTRAP - ok
12:53:46.0806 0720 Soluto (f9369327409492097b0bb7ce86bd29de) Z:\Windows\system32\DRIVERS\Soluto.sys
12:53:46.0806 0720 Soluto - ok
12:53:46.0884 0720 SolutoService (10dee00baf67de1059071c1ecd459ac5) Z:\Program Files\Soluto\SolutoService.exe
12:53:46.0900 0720 SolutoService - ok
12:53:46.0915 0720 spldr (b9e31e5cacdfe584f34f730a677803f9) Z:\Windows\system32\drivers\spldr.sys
12:53:46.0947 0720 spldr - ok
12:53:46.0978 0720 Spooler (b96c17b5dc1424d56eea3a99e97428cd) Z:\Windows\System32\spoolsv.exe
12:53:46.0993 0720 Spooler - ok
12:53:47.0118 0720 sppsvc (e17e0188bb90fae42d83e98707efa59c) Z:\Windows\system32\sppsvc.exe
12:53:47.0165 0720 sppsvc - ok
12:53:47.0212 0720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) Z:\Windows\system32\sppuinotify.dll
12:53:47.0212 0720 sppuinotify - ok
12:53:47.0274 0720 srv (441fba48bff01fdb9d5969ebc1838f0b) Z:\Windows\system32\DRIVERS\srv.sys
12:53:47.0337 0720 srv - ok
12:53:47.0742 0720 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) Z:\Windows\system32\DRIVERS\srv2.sys
12:53:47.0789 0720 srv2 - ok
12:53:47.0929 0720 srvnet (27e461f0be5bff5fc737328f749538c3) Z:\Windows\system32\DRIVERS\srvnet.sys
12:53:47.0929 0720 srvnet - ok
12:53:48.0054 0720 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) Z:\Windows\system32\DRIVERS\sscdbus.sys
12:53:48.0054 0720 sscdbus - ok
12:53:48.0163 0720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) Z:\Windows\System32\ssdpsrv.dll
12:53:48.0163 0720 SSDPSRV - ok
12:53:48.0179 0720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) Z:\Windows\system32\sstpsvc.dll
12:53:48.0179 0720 SstpSvc - ok
12:53:48.0319 0720 Steam Client Service - ok
12:53:48.0382 0720 stexstor (f3817967ed533d08327dc73bc4d5542a) Z:\Windows\system32\DRIVERS\stexstor.sys
12:53:48.0397 0720 stexstor - ok
12:53:48.0647 0720 stisvc (8dd52e8e6128f4b2da92ce27402871c1) Z:\Windows\System32\wiaservc.dll
12:53:48.0663 0720 stisvc - ok
12:53:48.0709 0720 storflt (7785dc213270d2fc066538daf94087e7) Z:\Windows\system32\drivers\vmstorfl.sys
12:53:48.0709 0720 storflt - ok
12:53:48.0756 0720 storvsc (d34e4943d5ac096c8edeebfd80d76e23) Z:\Windows\system32\drivers\storvsc.sys
12:53:48.0772 0720 storvsc - ok
12:53:48.0787 0720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) Z:\Windows\system32\drivers\swenum.sys
12:53:48.0819 0720 swenum - ok
12:53:48.0865 0720 swprv (e08e46fdd841b7184194011ca1955a0b) Z:\Windows\System32\swprv.dll
12:53:48.0881 0720 swprv - ok
12:53:48.0912 0720 Synth3dVsc - ok
12:53:49.0006 0720 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) Z:\Windows\system32\sysmain.dll
12:53:49.0021 0720 SysMain - ok
12:53:49.0099 0720 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) Z:\Windows\System32\TabSvc.dll
12:53:49.0099 0720 TabletInputService - ok
12:53:49.0146 0720 tap0901t (b08740047145b9bce15bf75ca0f9718a) Z:\Windows\system32\DRIVERS\tap0901t.sys
12:53:49.0162 0720 tap0901t - ok
12:53:49.0177 0720 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) Z:\Windows\System32\tapisrv.dll
12:53:49.0193 0720 TapiSrv - ok
12:53:49.0209 0720 TBS (1be03ac720f4d302ea01d40f588162f6) Z:\Windows\System32\tbssvc.dll
12:53:49.0209 0720 TBS - ok
12:53:49.0271 0720 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) Z:\Windows\system32\drivers\tcpip.sys
12:53:49.0318 0720 Tcpip - ok
12:53:49.0396 0720 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) Z:\Windows\system32\DRIVERS\tcpip.sys
12:53:49.0411 0720 TCPIP6 - ok
12:53:49.0458 0720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) Z:\Windows\system32\drivers\tcpipreg.sys
12:53:49.0458 0720 tcpipreg - ok
12:53:49.0489 0720 TDPIPE (3371d21011695b16333a3934340c4e7c) Z:\Windows\system32\drivers\tdpipe.sys
12:53:49.0521 0720 TDPIPE - ok
12:53:49.0552 0720 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) Z:\Windows\system32\drivers\tdtcp.sys
12:53:49.0567 0720 TDTCP - ok
12:53:49.0599 0720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) Z:\Windows\system32\DRIVERS\tdx.sys
12:53:49.0630 0720 tdx - ok
12:53:49.0661 0720 teamviewervpn (f5520dbb47c60ee83024b38720abda24) Z:\Windows\system32\DRIVERS\teamviewervpn.sys
12:53:49.0661 0720 teamviewervpn - ok
12:53:49.0677 0720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) Z:\Windows\system32\drivers\termdd.sys
12:53:49.0708 0720 TermDD - ok
12:53:49.0739 0720 TermService (2e648163254233755035b46dd7b89123) Z:\Windows\System32\termsrv.dll
12:53:49.0755 0720 TermService - ok
12:53:49.0786 0720 Themes (f0344071948d1a1fa732231785a0664c) Z:\Windows\system32\themeservice.dll
12:53:49.0786 0720 Themes - ok
12:53:49.0801 0720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) Z:\Windows\system32\mmcss.dll
12:53:49.0801 0720 THREADORDER - ok
12:53:49.0864 0720 TipCtrl - ok
12:53:49.0926 0720 TomTomHOMEService (e9ca6ed72ea9f56bd6e98c7042092a1c) Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
12:53:49.0926 0720 TomTomHOMEService - ok
12:53:49.0942 0720 TrkWks (7e7afd841694f6ac397e99d75cead49d) Z:\Windows\System32\trkwks.dll
12:53:49.0957 0720 TrkWks - ok
12:53:50.0004 0720 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) Z:\Windows\servicing\TrustedInstaller.exe
12:53:50.0004 0720 TrustedInstaller - ok
12:53:50.0051 0720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) Z:\Windows\system32\DRIVERS\tssecsrv.sys
12:53:50.0051 0720 tssecsrv - ok
12:53:50.0082 0720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) Z:\Windows\system32\drivers\tsusbflt.sys
12:53:50.0129 0720 TsUsbFlt - ok
12:53:50.0145 0720 tsusbhub - ok
12:53:50.0332 0720 tunnel (3566a8daafa27af944f5d705eaa64894) Z:\Windows\system32\DRIVERS\tunnel.sys
12:53:50.0363 0720 tunnel - ok
12:53:50.0878 0720 TunngleService (f8302e3e534af5e3f2588a974bea80df) Z:\Program Files (x86)\Tunngle\TnglCtrl.exe
12:53:50.0878 0720 TunngleService - ok
12:53:50.0925 0720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) Z:\Windows\system32\DRIVERS\uagp35.sys
12:53:50.0956 0720 uagp35 - ok
12:53:50.0987 0720 udfs (ff4232a1a64012baa1fd97c7b67df593) Z:\Windows\system32\DRIVERS\udfs.sys
12:53:50.0987 0720 udfs - ok
12:53:51.0018 0720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) Z:\Windows\system32\UI0Detect.exe
12:53:51.0018 0720 UI0Detect - ok
12:53:51.0065 0720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) Z:\Windows\system32\drivers\uliagpkx.sys
12:53:51.0096 0720 uliagpkx - ok
12:53:51.0127 0720 umbus (dc54a574663a895c8763af0fa1ff7561) Z:\Windows\system32\drivers\umbus.sys
12:53:51.0143 0720 umbus - ok
12:53:51.0159 0720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) Z:\Windows\system32\DRIVERS\umpass.sys
12:53:51.0190 0720 UmPass - ok
12:53:51.0221 0720 UmRdpService (a293dcd756d04d8492a750d03b9a297c) Z:\Windows\System32\umrdp.dll
12:53:51.0221 0720 UmRdpService - ok
12:53:51.0252 0720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) Z:\Windows\System32\upnphost.dll
12:53:51.0268 0720 upnphost - ok
12:53:51.0330 0720 usbbus (5fcc71487888589a9244af54cfefab29) Z:\Windows\system32\DRIVERS\lgx64bus.sys
12:53:51.0330 0720 usbbus - ok
12:53:51.0346 0720 usbccgp (6f1a3157a1c89435352ceb543cdb359c) Z:\Windows\system32\DRIVERS\usbccgp.sys
12:53:51.0377 0720 usbccgp - ok
12:53:51.0408 0720 usbcir (af0892a803fdda7492f595368e3b68e7) Z:\Windows\system32\drivers\usbcir.sys
12:53:51.0408 0720 usbcir - ok
12:53:51.0471 0720 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) Z:\Windows\system32\DRIVERS\lgx64diag.sys
12:53:51.0486 0720 UsbDiag - ok
12:53:51.0517 0720 usbehci (c025055fe7b87701eb042095df1a2d7b) Z:\Windows\system32\DRIVERS\usbehci.sys
12:53:51.0533 0720 usbehci - ok
12:53:51.0580 0720 usbhub (287c6c9410b111b68b52ca298f7b8c24) Z:\Windows\system32\DRIVERS\usbhub.sys
12:53:51.0611 0720 usbhub - ok
12:53:51.0627 0720 USBModem (78d551f5b93488b4666f5fc8dd4815f3) Z:\Windows\system32\DRIVERS\lgx64modem.sys
12:53:51.0627 0720 USBModem - ok
12:53:51.0658 0720 usbohci (58e546bbaf87664fc57e0f6081e4f609) Z:\Windows\system32\DRIVERS\usbohci.sys
12:53:51.0689 0720 usbohci - ok
12:53:51.0705 0720 usbprint (73188f58fb384e75c4063d29413cee3d) Z:\Windows\system32\DRIVERS\usbprint.sys
12:53:51.0736 0720 usbprint - ok
12:53:51.0814 0720 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) Z:\Windows\system32\DRIVERS\USBSTOR.SYS
12:53:51.0876 0720 USBSTOR - ok
12:53:51.0892 0720 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) Z:\Windows\system32\DRIVERS\usbuhci.sys
12:53:51.0892 0720 usbuhci - ok
12:53:51.0907 0720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) Z:\Windows\System32\uxsms.dll
12:53:51.0923 0720 UxSms - ok
12:53:51.0939 0720 VaultSvc (c118a82cd78818c29ab228366ebf81c3) Z:\Windows\system32\lsass.exe
12:53:51.0954 0720 VaultSvc - ok
12:53:51.0985 0720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) Z:\Windows\system32\drivers\vdrvroot.sys
12:53:52.0032 0720 vdrvroot - ok
12:53:52.0204 0720 vds (8d6b481601d01a456e75c3210f1830be) Z:\Windows\System32\vds.exe
12:53:52.0219 0720 vds - ok
12:53:52.0219 0720 vga (da4da3f5e02943c2dc8c6ed875de68dd) Z:\Windows\system32\DRIVERS\vgapnp.sys
12:53:52.0219 0720 vga - ok
12:53:52.0251 0720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) Z:\Windows\System32\drivers\vga.sys
12:53:52.0266 0720 VgaSave - ok
12:53:52.0282 0720 VGPU - ok
12:53:52.0313 0720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) Z:\Windows\system32\drivers\vhdmp.sys
12:53:52.0344 0720 vhdmp - ok
12:53:52.0375 0720 vhidmini (1161acff728d97f75d74d2f1465f8a46) Z:\Windows\system32\DRIVERS\vHidDev.sys
12:53:52.0391 0720 vhidmini - ok
12:53:52.0407 0720 viaide (e5689d93ffe4e5d66c0178761240dd54) Z:\Windows\system32\drivers\viaide.sys
12:53:52.0438 0720 viaide - ok
12:53:52.0469 0720 vmbus (86ea3e79ae350fea5331a1303054005f) Z:\Windows\system32\drivers\vmbus.sys
12:53:52.0563 0720 vmbus - ok
12:53:52.0578 0720 VMBusHID (7de90b48f210d29649380545db45a187) Z:\Windows\system32\drivers\VMBusHID.sys
12:53:52.0609 0720 VMBusHID - ok
12:53:52.0625 0720 volmgr (d2aafd421940f640b407aefaaebd91b0) Z:\Windows\system32\drivers\volmgr.sys
12:53:52.0687 0720 volmgr - ok
12:53:52.0703 0720 volmgrx (a255814907c89be58b79ef2f189b843b) Z:\Windows\system32\drivers\volmgrx.sys
12:53:52.0719 0720 volmgrx - ok
12:53:52.0734 0720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) Z:\Windows\system32\drivers\volsnap.sys
12:53:52.0765 0720 volsnap - ok
12:53:52.0797 0720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) Z:\Windows\system32\DRIVERS\vsmraid.sys
12:53:52.0843 0720 vsmraid - ok
12:53:53.0171 0720 VSS (b60ba0bc31b0cb414593e169f6f21cc2) Z:\Windows\system32\vssvc.exe
12:53:53.0202 0720 VSS - ok
12:53:53.0265 0720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) Z:\Windows\System32\drivers\vwifibus.sys
12:53:53.0280 0720 vwifibus - ok
12:53:53.0327 0720 W32Time (1c9d80cc3849b3788048078c26486e1a) Z:\Windows\system32\w32time.dll
12:53:53.0327 0720 W32Time - ok
12:53:53.0343 0720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) Z:\Windows\system32\DRIVERS\wacompen.sys
12:53:53.0343 0720 WacomPen - ok
12:53:53.0374 0720 WANARP (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
12:53:53.0405 0720 WANARP - ok
12:53:53.0421 0720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
12:53:53.0421 0720 Wanarpv6 - ok
12:53:53.0670 0720 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) Z:\Windows\system32\Wat\WatAdminSvc.exe
12:53:53.0686 0720 WatAdminSvc - ok
12:53:53.0951 0720 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) Z:\Windows\system32\wbengine.exe
12:53:53.0967 0720 wbengine - ok
12:53:54.0060 0720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) Z:\Windows\System32\wbiosrvc.dll
12:53:54.0060 0720 WbioSrvc - ok
12:53:54.0091 0720 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) Z:\Windows\System32\wcncsvc.dll
12:53:54.0107 0720 wcncsvc - ok
12:53:54.0123 0720 WcsPlugInService (20f7441334b18cee52027661df4a6129) Z:\Windows\System32\WcsPlugInService.dll
12:53:54.0123 0720 WcsPlugInService - ok
12:53:54.0185 0720 Wd (72889e16ff12ba0f235467d6091b17dc) Z:\Windows\system32\DRIVERS\wd.sys
12:53:54.0185 0720 Wd - ok
12:53:54.0341 0720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) Z:\Windows\system32\drivers\Wdf01000.sys
12:53:54.0341 0720 Wdf01000 - ok
12:53:54.0372 0720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) Z:\Windows\system32\wdi.dll
12:53:54.0372 0720 WdiServiceHost - ok
12:53:54.0372 0720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) Z:\Windows\system32\wdi.dll
12:53:54.0388 0720 WdiSystemHost - ok
12:53:54.0419 0720 WebClient (3db6d04e1c64272f8b14eb8bc4616280) Z:\Windows\System32\webclnt.dll
12:53:54.0419 0720 WebClient - ok
12:53:54.0450 0720 Wecsvc (c749025a679c5103e575e3b48e092c43) Z:\Windows\system32\wecsvc.dll
12:53:54.0466 0720 Wecsvc - ok
12:53:54.0497 0720 wercplsupport (7e591867422dc788b9e5bd337a669a08) Z:\Windows\System32\wercplsupport.dll
12:53:54.0513 0720 wercplsupport - ok
12:53:54.0591 0720 WerSvc (6d137963730144698cbd10f202e9f251) Z:\Windows\System32\WerSvc.dll
12:53:54.0591 0720 WerSvc - ok
12:53:54.0669 0720 WfpLwf (611b23304bf067451a9fdee01fbdd725) Z:\Windows\system32\DRIVERS\wfplwf.sys
12:53:54.0700 0720 WfpLwf - ok
12:53:54.0871 0720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) Z:\Windows\system32\drivers\wimmount.sys
12:53:54.0903 0720 WIMMount - ok
12:53:54.0934 0720 WinHttpAutoProxySvc - ok
12:53:55.0105 0720 Winmgmt (19b07e7e8915d701225da41cb3877306) Z:\Windows\system32\wbem\WMIsvc.dll
12:53:55.0105 0720 Winmgmt - ok
12:53:55.0183 0720 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) Z:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
12:53:55.0215 0720 WinRing0_1_2_0 - ok
12:53:55.0605 0720 WinRM (bcb1310604aa415c4508708975b3931e) Z:\Windows\system32\WsmSvc.dll
12:53:55.0636 0720 WinRM - ok
12:53:55.0729 0720 WinUsb (fe88b288356e7b47b74b13372add906d) Z:\Windows\system32\DRIVERS\WinUsb.sys
12:53:55.0745 0720 WinUsb - ok
12:53:55.0948 0720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) Z:\Windows\System32\wlansvc.dll
12:53:55.0963 0720 Wlansvc - ok
12:53:56.0088 0720 wlidsvc (2bacd71123f42cea603f4e205e1ae337) Z:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:53:56.0119 0720 wlidsvc - ok
12:53:56.0260 0720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) Z:\Windows\system32\drivers\wmiacpi.sys
12:53:56.0275 0720 WmiAcpi - ok
12:53:56.0447 0720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) Z:\Windows\system32\wbem\WmiApSrv.exe
12:53:56.0463 0720 wmiApSrv - ok
12:53:56.0478 0720 WMPNetworkSvc - ok
12:53:56.0509 0720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) Z:\Windows\System32\wpcsvc.dll
12:53:56.0509 0720 WPCSvc - ok
12:53:56.0525 0720 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) Z:\Windows\system32\wpdbusenum.dll
12:53:56.0541 0720 WPDBusEnum - ok
12:53:56.0572 0720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) Z:\Windows\system32\drivers\ws2ifsl.sys
12:53:56.0587 0720 ws2ifsl - ok
12:53:56.0603 0720 WSearch - ok
12:53:56.0697 0720 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) Z:\Windows\system32\wuaueng.dll
12:53:56.0728 0720 wuauserv - ok
12:53:56.0775 0720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) Z:\Windows\system32\drivers\WudfPf.sys
12:53:56.0806 0720 WudfPf - ok
12:53:56.0977 0720 WUDFRd (cf8d590be3373029d57af80914190682) Z:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:57.0009 0720 WUDFRd - ok
12:53:57.0133 0720 wudfsvc (7a95c95b6c4cf292d689106bcae49543) Z:\Windows\System32\WUDFSvc.dll
12:53:57.0133 0720 wudfsvc - ok
12:53:57.0149 0720 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) Z:\Windows\System32\wwansvc.dll
12:53:57.0165 0720 WwanSvc - ok
12:53:57.0211 0720 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) Z:\Windows\system32\DRIVERS\xusb21.sys
12:53:57.0243 0720 xusb21 - ok
12:53:57.0399 0720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
12:53:57.0461 0720 \Device\Harddisk2\DR2 - ok
12:53:57.0539 0720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:53:58.0444 0720 \Device\Harddisk0\DR0 - ok
12:53:58.0444 0720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:53:58.0491 0720 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
12:53:58.0491 0720 \Device\Harddisk1\DR1 - detected TDSS File System (1)
12:53:58.0491 0720 Boot (0x1200) (c2526875d66db35c281ca8c9a8469ea7) \Device\Harddisk2\DR2\Partition0
12:53:58.0491 0720 \Device\Harddisk2\DR2\Partition0 - ok
12:53:58.0522 0720 Boot (0x1200) (3d7d28df30fe7f2c3198e10bcffd2454) \Device\Harddisk0\DR0\Partition0
12:53:58.0522 0720 \Device\Harddisk0\DR0\Partition0 - ok
12:53:58.0522 0720 Boot (0x1200) (6960a4a86de4e011ffff08d1908b3d24) \Device\Harddisk1\DR1\Partition0
12:53:58.0522 0720 \Device\Harddisk1\DR1\Partition0 - ok
12:53:58.0537 0720 Boot (0x1200) (fc2edc3c6204438ba2f9129116e8be15) \Device\Harddisk1\DR1\Partition1
12:53:58.0537 0720 \Device\Harddisk1\DR1\Partition1 - ok
12:53:58.0553 0720 Boot (0x1200) (488cb0b9821bb99e00e9d213aff0a669) \Device\Harddisk1\DR1\Partition2
12:53:58.0553 0720 \Device\Harddisk1\DR1\Partition2 - ok
12:53:58.0553 0720 ============================================================
12:53:58.0553 0720 Scan finished
12:53:58.0553 0720 ============================================================
12:53:58.0569 3216 Detected object count: 1
12:53:58.0569 3216 Actual detected object count: 1
12:54:15.0838 3216 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
12:54:16.0711 3216 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
12:54:17.0133 3216 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine
12:54:17.0523 3216 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine
12:54:17.0866 3216 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
12:54:18.0225 3216 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
12:54:18.0568 3216 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine
12:54:18.0568 3216 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
12:54:18.0568 3216 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
12:54:18.0583 3216 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
12:54:18.0880 3216 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
12:54:19.0192 3216 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
12:54:19.0192 3216 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine
12:54:19.0192 3216 \Device\Harddisk1\DR1\TDLFS - deleted
12:54:19.0192 3216 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Delete
12:55:13.0324 1176 Deinitialize success



________________________________________________________________________________________________________________________________________________________________________________________________
________________________________________________________________________________________________________________________________________________________________________________________________
________________________________________________________________________________________________________________________________________________________________________________________________



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 12:55:56
-----------------------------
12:55:56.678 OS Version: Windows x64 6.1.7601 Service Pack 1
12:55:56.678 Number of processors: 2 586 0xF0D
12:55:56.678 ComputerName: HARSH-PC UserName: Harsh
12:55:57.037 Initialize success
12:56:43.999 AVAST engine defs: 12081300
12:57:50.176 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
12:57:50.182 Disk 0 Vendor: HDS728080PLA380 PF2OA60A Size: 78532MB BusType: 3
12:57:50.190 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-4
12:57:50.197 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953868MB BusType: 3
12:57:50.205 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-a
12:57:50.214 Disk 2 Vendor: ST380815AS 3.AAD Size: 76318MB BusType: 3
12:57:50.241 Disk 0 MBR read successfully
12:57:50.250 Disk 0 MBR scan
12:57:50.264 Disk 0 Windows 7 default MBR code
12:57:50.278 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63
12:57:50.321 Disk 0 scanning Z:\Windows\system32\drivers
12:58:13.770 Service scanning
12:58:38.699 Modules scanning
12:58:39.153 Disk 0 trace - called modules:
12:58:39.197 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
12:58:39.216 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004941060]
12:58:39.239 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047ea580]
12:58:39.260 5 ACPI.sys[fffff88000f807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80047ec060]
12:58:42.871 AVAST engine scan Z:\Windows
12:58:44.779 AVAST engine scan Z:\Windows\system32
13:02:24.362 AVAST engine scan Z:\Windows\system32\drivers
13:02:43.756 AVAST engine scan Z:\Users\Harsh
13:08:57.603 AVAST engine scan Z:\ProgramData
13:10:29.101 Scan finished successfully
13:13:04.330 Disk 0 MBR has been saved successfully to "Z:\Users\Harsh\Desktop\MBR.dat"
13:13:04.344 The log file has been saved successfully to "Z:\Users\Harsh\Desktop\aswMBR.txt"



__________________________________________________________________________________________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________________________________________________________



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Harsh :: HARSH-PC [administrator]

8/13/2012 1:16:23 PM
mbam-log-2012-08-13 (13-20-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220888
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
Z:\Windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

Edited by blade12, 13 August 2012 - 12:27 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 AM

Posted 13 August 2012 - 12:45 PM

Greetings blade12,

I expected the warnings to continue. We removed the hidden malicious entry that was pestering your machine (TDLFS deletion) and your MBR looks good. That is great.

Now we will continue on with the next step which should hopefully help your computer to feel better right away! :)

Please perform the following.


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • Are things any better now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 blade12

blade12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 13 August 2012 - 01:45 PM

The issue may be fixed now. I have been on for 5 minutes without a single virus/trojan screen from Eset NOD32 thus far. Usually, it would pop up instantly after booting and keep coming up.

Just so you know, combofix froze when I first opened it (perhaps the trojan blocked it from opening, idk). It restarted my pc, installed after booting automatically and then did the scan. Fortunately, it seems like it has removed the virus files..

MBAM shows up clean now (no more rootkit.0Agent).



ComboFix 12-08-13.01 - Harsh 08/13/2012 14:19:20.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2588 [GMT -4:00]
Running from: z:\users\Harsh\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
z:\windows\assembly\GAC_32\Desktop.ini
z:\windows\assembly\GAC_64\Desktop.ini
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\@
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\L\00000004.@
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\L\201d3dde
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\00000004.@
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\00000008.@
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\000000cb.@
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\80000000.@
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\80000032.@
z:\windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\80000064.@
.
Infected copy of z:\windows\system32\services.exe was found and disinfected
Restored copy from - z:\windows\ERDNT\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-09 18:00 . 2012-08-08 00:41 54728 ----a-w- z:\windows\system32\drivers\Soluto.sys
2012-08-09 18:00 . 2012-08-09 18:00 -------- d-----w- z:\program files\Soluto
2012-08-09 02:27 . 2012-08-09 17:42 -------- d-----w- z:\program files (x86)\Common Files\Symantec Shared
2012-08-09 02:21 . 2012-08-09 02:24 -------- d-----w- z:\programdata\Norton
2012-08-07 23:48 . 2012-08-07 23:48 -------- d-----w- z:\program files (x86)\Windows Resource Kits
2012-08-07 20:56 . 2012-08-13 00:35 -------- d-----w- z:\program files (x86)\mIRC`
2012-08-06 02:35 . 2012-08-06 02:35 -------- d-----w- z:\programdata\TomTom
2012-08-06 02:28 . 2012-08-06 02:28 -------- d-----w- z:\users\Harsh\AppData\Roaming\TomTom
2012-08-06 02:27 . 2012-08-06 02:28 -------- d-----w- z:\program files (x86)\TomTom HOME 2
2012-08-06 02:26 . 2012-08-06 02:26 -------- d-----w- z:\users\Harsh\AppData\Local\Downloaded Installations
2012-08-06 02:23 . 2012-08-06 02:28 -------- d-----w- z:\users\Harsh\AppData\Local\TomTom
2012-08-06 02:23 . 2012-08-06 02:27 -------- d-----w- z:\program files (x86)\TomTom International B.V
2012-08-03 18:38 . 2012-06-29 10:04 9133488 ----a-w- z:\programdata\Microsoft\Windows Defender\Definition Updates\{E02090EC-A4C2-4CF8-A5A6-926D1AFDAEE0}\mpengine.dll
2012-07-30 02:54 . 2012-08-13 16:54 -------- d-----w- Z:\TDSSKiller_Quarantine
2012-07-26 17:51 . 2012-06-12 03:08 3148800 ----a-w- z:\windows\system32\win32k.sys
2012-07-26 17:44 . 2012-06-09 05:43 14172672 ----a-w- z:\windows\system32\shell32.dll
2012-07-25 21:12 . 2012-07-25 21:12 -------- d-----w- z:\users\Harsh\temp
2012-07-24 02:09 . 2012-07-24 02:09 -------- d-----w- z:\program files (x86)\NirSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 18:33 . 2010-11-25 05:08 25640 ----a-w- z:\windows\gdrv.sys
2012-08-03 04:38 . 2011-11-21 00:46 426184 ----a-w- z:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 04:38 . 2011-09-07 00:10 70344 ----a-w- z:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 17:46 . 2010-08-27 20:09 59701280 ----a-w- z:\windows\system32\MRT.exe
2012-07-03 17:46 . 2010-08-27 22:21 24904 ----a-w- z:\windows\system32\drivers\mbam.sys
2012-06-18 17:34 . 2010-08-29 02:09 19032 ------w- z:\windows\system32\pwdrvio.sys
2012-06-18 17:34 . 2010-08-29 02:12 2966720 ----a-w- z:\windows\system32\pwNative.exe
2012-06-18 17:34 . 2010-08-29 02:09 12384 ------w- z:\windows\system32\pwdspio.sys
2012-06-02 22:19 . 2012-06-30 01:14 38424 ----a-w- z:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 01:14 2428952 ----a-w- z:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 01:14 57880 ----a-w- z:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 01:14 44056 ----a-w- z:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 01:14 701976 ----a-w- z:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-30 01:14 2622464 ----a-w- z:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 01:14 99840 ----a-w- z:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-30 01:14 186752 ----a-w- z:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-30 01:14 36864 ----a-w- z:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-08-27 20:11 279656 ------w- z:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="z:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
.
z:\users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk.disabled [2011-12-11 990]
PowerMenu.lnk.disabled [2012-3-10 1946]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=z:\progra~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="z:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="z:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="z:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="z:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="z:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor"="z:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="z:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=z:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon"="z:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"googletalk"=z:\program files (x86)\Google\Google Talk\googletalk.exe /autostart
"Google Desktop Search"="z:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LogMeIn Hamachi Ui"="z:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;z:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz134;cpuz134;z:\windows\system32\drivers\cpuz134_x64.sys [x]
R2 SkypeUpdate;Skype Updater;z:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 SolutoService;Soluto PCGenome Core Service;z:\program files\Soluto\SolutoService.exe [2012-08-08 598032]
R3 AdobeARMservice;Adobe Acrobat Update Service;z:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;z:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 cpudrv64;cpudrv64;z:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz135;cpuz135;z:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 CYUSB;Cypress Generic USB Driver;z:\windows\system32\Drivers\CYUSB.sys [2009-08-10 47104]
R3 DrvAgent64;DrvAgent64;z:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-10-26 21712]
R3 EagleX64;EagleX64;z:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;z:\windows\etdrv.sys [2011-11-21 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;z:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;z:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-04-07 30192]
R3 gupdate;Google Update Service (gupdate);z:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-27 136176]
R3 gupdatem;Google Update Service (gupdatem);z:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-27 136176]
R3 GVTDrv64;GVTDrv64;z:\windows\GVTDrv64.sys [2011-11-21 30528]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;z:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;z:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-03 129976]
R3 NLNdisMP;NLNdisMP;z:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;z:\windows\system32\DRIVERS\nlndis.sys [x]
R3 pwdrvio;pwdrvio;z:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;z:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;z:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RivaTuner64;RivaTuner64;z:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-11-27 19952]
R3 Synth3dVsc;Synth3dVsc;z:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;z:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
R3 TipCtrl;TipCtrl;z:\program files (x86)\uTIPu\TipCtrl.exe [x]
R3 TsUsbFlt;TsUsbFlt;z:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;z:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;z:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]
R3 VGPU;VGPU;z:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;z:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;z:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544]
S0 Soluto;Soluto;z:\windows\system32\DRIVERS\Soluto.sys [2012-08-08 54728]
S1 ehdrv;ehdrv;z:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 136584]
S1 SASDIFSV;SASDIFSV;z:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;z:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;z:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ekrn;ESET Service;z:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;z:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 123200]
S2 GEST Service;GEST Service for program management.;z:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-12-03 68136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;z:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 nvUpdatusService;NVIDIA Update Service Daemon;z:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 TomTomHOMEService;TomTomHOMEService;z:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S3 DAdderFltr;DeathAdder Mouse;z:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
S3 dfmirage;dfmirage;z:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 36432]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;z:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-19 279616]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;z:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-31 26752]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;z:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 pbfilter;pbfilter;z:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 RTL8167;Realtek 8167 NT Driver;z:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);z:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EVERESTDRIVER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- z:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 z:\windows\Tasks\Adobe Flash Player Updater.job
- z:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-21 04:38]
.
2012-08-10 z:\windows\Tasks\GlaryInitialize.job
- z:\program files (x86)\Glary Utilities\initialize.exe [2012-02-26 14:38]
.
2012-07-25 z:\windows\Tasks\Google Software Updater.job
- z:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-27 21:30]
.
2012-08-10 z:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- z:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-27 21:36]
.
2012-08-13 z:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- z:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-27 21:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="z:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"egui"="z:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
.
------- Supplementary Scan -------
.
uLocal Page = z:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with pod-works-platinum - z:\program files (x86)\ImTOO\PodWorks Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - z:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - z:\users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CoreAAC Audio Decoder - z:\windows\system32\CoreAAC-uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\z:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@z:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="z:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="z:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="z:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="z:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="z:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="z:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="z:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{4183655A-5FC6-4A23-A804-7764145EC57C}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.0"
"UniqueId"="000941434D8D8E3F"
"ScannerBuild"=dword:00002304
"ScannerVersionId"=dword:00001764
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
z:\program files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
.
**************************************************************************
.
Completion time: 2012-08-13 14:38:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 18:38
.
Pre-Run: 14,132,805,632 bytes free
Post-Run: 13,866,098,688 bytes free
.
- - End Of File - - 54AC4E961016CE423EDC337F541C6BA4

Edited by blade12, 13 August 2012 - 01:50 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 AM

Posted 13 August 2012 - 02:08 PM

Greetings blade12,

Excellent job handling Combofix.

Since we have confirmed the type of malware on your machine I need to provide you some information about that.

Let's see if we can uninstall Teamviewer. Although I do not see it listed in the Add/Remove portion of Attach.txt (part of DDS) I would like us to check anyway. We are going to run a couple of additional scans as well.

Please consider and perform the following.


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Uninstalling a Program using Add/Remove Program

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of programs installed will be displayed
  • Uninstall the following by clicking on the program(s) below and selecting Remove or Uninstall

Teamviewer


===================================================


Rerun Malwarebytes

--------------------

Temporarily disable your antivirus program.

  • Please locate your Malwarebytes icon Posted Image and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Were you able to uninstall Teamviewer?
  • MBAM results
  • ESET results
  • Are you noticing any issues?

Edited by Oh My, 13 August 2012 - 06:58 PM.
Backdoor warning

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 blade12

blade12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 13 August 2012 - 09:16 PM

-Concerning the backdoor warning.. Lets say I wanted to backup everything and reformat then just replace the backed up files back onto newly reformatted windows 7. You think that would be a risky idea? You think there's a chance that other files may be infected and it would carry over through the backed up data? All of the files have been scanned, and they show up clean.

-I don't know if any of the financial stuff has been compromised; I don't think there has been any shady credit-card charges or something within past year. My father has also used this computer to check his finances (bank mostly) so I will ask him to change his password. I changed passwords to places like amazon, ebay, paypal, etc from my laptop to be on the safe side. I am just trying to think what else could be compromised. Probably nothing else finances-wise because I don't keep any of that info on my pc ever.

-Teamviewer isn't under add/remove programs in appwiz.cpl

-There are no other issues that I currently notice



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Harsh :: HARSH-PC [administrator]

8/13/2012 3:26:18 PM
mbam-log-2012-08-13 (15-26-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220507
Time elapsed: 1 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


___________________________________________________________________________________________________________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________________________________________________________________________

ESET Online scanner threats:



Z:\Program Files (x86)\IObit\Game Booster\GameBoosterSetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
Z:\Program Files (x86)\IObit\Game Booster\Update\GameBoosterSetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
Z:\Qoobox\Quarantine\Z\Windows\Installer\{14c67c2f-333f-317c-62f5-3cad2853aeb3}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 AM

Posted 13 August 2012 - 10:00 PM

Greetings blade12,

Typically if someone wants to reformat their computer we do what we have done in your case, namely clean the computer as much as possible before backing up files/data. That way we have greatly minimized the chances of reinfection via those files. Without a doubt you are in a much better position now to do that then before we began. Personally I would not be too concerned about backing up then returning those files and data to a clean machine.

There are several goals associated with backdoor trojans but the most important ones are those which try to separate you from your money. If your account, login, and/or password was compromised there would likely be an immediate attempt to act upon that information. Strike while the iron is hot because as soon as you realize something is amiss you will take steps to close those doors. If you have not noticed any irregularities at your financial or other institutions that is a good sign. Changing passwords in an excellent step.

The MBAM and ESET logs look good.

Please let me know if you would like some information about reformatting. Remember, you can not back up programs, only data.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 blade12

blade12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 14 August 2012 - 12:39 PM

Alright, I will back everything up then reinstall windows 7. Just one question - should I bother uninstalling combofix and removing the quarantined files, etc before backing up data? Also, is there any specific program that is good for backing up files? Only thing I have is Norton Security Suite that I get from my ISP that has option to backup data/files/etc. I never backed up more than a 4-5 gigs of data at a time before.

Do you know if repairing windows 7 is almost like reinstalling? I would think that it would replace all of the windows files (if mp5 checksum doesn't match) but keep the other non-windows-install-related data intact. That could save the time of reformatting and then installing all of my programs from scratch.

Thanks for the help thus far. I appreciate it!

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 AM

Posted 14 August 2012 - 02:00 PM

Greetings blade12,

Yes, we should complete the remaining steps which will include uninstalling Combofix and you can delete the quarantined files. Windows 7 has a feature for backing up files. However I would still encourage you to manually review your files to make sure you save what you need. Typically backup programs target pre-defined folders/locations so if you saved something somewhere else it will be gone.

For what it is worth, when I reformat I make a special folder which I use to contain all of my files/data that I want to save. That way if I need to start over again I simply copy that one folder and I am done! No guessing or worrying.


Do you know if repairing windows 7 is almost like reinstalling?


It is not the same and it won't do what you desire to be done. What you need is a reformat which cleans all the nooks and crannies. In order to have peace of mind these areas need to be "cleaned". The only way to do that is to wipe the hard drive (reformat).

Let me know when you are good to go with the reformat. I have one more post for you which includes uninstalling Combofix and provide information which may of value to you in keeping your computer clean from this point forward.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users