Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stealth MBR rootkit/Mebroot/Sinowal/TDL4


  • Please log in to reply
20 replies to this topic

#1 QM1Wife

QM1Wife

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 22 August 2012 - 05:22 PM

I have Windows Vista Home Edition - SP2
I have problems of typing an item in the search box and after I click on a valid link it redirects to a totally different link. Spybot search and destroy states that it was smitfraudc. Removed that with combofix. Scanned registry with different rootkit scanners and I am lost.
I consider myself more than your average user when it comes to trojans and the like, but when trying to access my mbr, I get: Stealth MBR rootkit/Mebroot/Sinowal/TDL4
I am so lost. I have done TDSS Killer and many other things. I just want this problem to go away. Please help!
Thanks so much in advance!

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 PM

Posted 22 August 2012 - 06:16 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 22 August 2012 - 08:57 PM

TDSS Killer file: 21:26:34.0494 4656 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:26:39.0191 4656 ============================================================
21:26:39.0191 4656 Current date / time: 2012/08/20 21:26:39.0191
21:26:39.0191 4656 SystemInfo:
21:26:39.0191 4656
21:26:39.0191 4656 OS Version: 6.0.6002 ServicePack: 2.0
21:26:39.0191 4656 Product type: Workstation
21:26:39.0191 4656 ComputerName: SANDY-PC
21:26:39.0191 4656 UserName: Sandy
21:26:39.0191 4656 Windows directory: C:\Windows
21:26:39.0191 4656 System windows directory: C:\Windows
21:26:39.0191 4656 Running under WOW64
21:26:39.0191 4656 Processor architecture: Intel x64
21:26:39.0191 4656 Number of processors: 8
21:26:39.0191 4656 Page size: 0x1000
21:26:39.0191 4656 Boot type: Normal boot
21:26:39.0191 4656 ============================================================
21:26:40.0251 4656 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:26:40.0269 4656 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:26:40.0414 4656 ============================================================
21:26:40.0415 4656 \Device\Harddisk0\DR0:
21:26:40.0415 4656 MBR partitions:
21:26:40.0415 4656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
21:26:40.0415 4656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x38562000
21:26:40.0415 4656 \Device\Harddisk1\DR1:
21:26:40.0415 4656 MBR partitions:
21:26:40.0415 4656 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8BA231A
21:26:40.0415 4656 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xC, StartLBA 0x8BB5CDF, BlocksNum 0x948CDE
21:26:40.0415 4656 ============================================================
21:26:40.0467 4656 C: <-> \Device\Harddisk0\DR0\Partition2
21:26:40.0497 4656 D: <-> \Device\Harddisk0\DR0\Partition1
21:26:40.0523 4656 F: <-> \Device\Harddisk1\DR1\Partition1
21:26:40.0530 4656 K: <-> \Device\Harddisk1\DR1\Partition2
21:26:40.0531 4656 ============================================================
21:26:40.0531 4656 Initialize success
21:26:40.0531 4656 ============================================================
21:27:00.0044 2808 ============================================================
21:27:00.0044 2808 Scan started
21:27:00.0044 2808 Mode: Manual; SigCheck; TDLFS;
21:27:00.0044 2808 ============================================================
21:27:01.0066 2808 ================ Scan services =============================
21:27:01.0211 2808 [ 5e8efeb338deb1f485420b090fe6c85e ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
21:27:01.0304 2808 ac.sharedstore - ok
21:27:01.0459 2808 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:27:01.0477 2808 ACPI - ok
21:27:01.0616 2808 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:01.0629 2808 AdobeFlashPlayerUpdateSvc - ok
21:27:01.0818 2808 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:27:01.0883 2808 adp94xx - ok
21:27:01.0942 2808 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:27:01.0963 2808 adpahci - ok
21:27:01.0995 2808 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:27:02.0009 2808 adpu160m - ok
21:27:02.0060 2808 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:27:02.0076 2808 adpu320 - ok
21:27:02.0154 2808 [ 852d8034ffd1a1f076318039872fc500 ] AE1000 C:\Windows\system32\DRIVERS\ae1000va.sys
21:27:02.0259 2808 AE1000 - ok
21:27:02.0312 2808 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:27:02.0442 2808 AeLookupSvc - ok
21:27:02.0582 2808 [ 7394641611ef3ab2d041f104f1e8c1b9 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:27:02.0655 2808 AERTFilters - ok
21:27:02.0765 2808 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
21:27:02.0852 2808 AFD - ok
21:27:02.0945 2808 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:27:02.0961 2808 agp440 - ok
21:27:03.0042 2808 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:27:03.0059 2808 aic78xx - ok
21:27:03.0098 2808 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
21:27:03.0263 2808 ALG - ok
21:27:03.0301 2808 [ 9544c2c55541c0c6bfd7b489d0e7d430 ] aliide C:\Windows\system32\drivers\aliide.sys
21:27:03.0319 2808 aliide - ok
21:27:03.0347 2808 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
21:27:03.0362 2808 amdide - ok
21:27:03.0404 2808 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:27:03.0479 2808 AmdK8 - ok
21:27:03.0531 2808 [ 48cd7e6520d47d62eab0e6ce3ec30c65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
21:27:03.0567 2808 Andbus - ok
21:27:03.0623 2808 [ 08cbacc00d15dcdbbaae1a7c8f231c61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
21:27:03.0657 2808 AndDiag - ok
21:27:03.0708 2808 [ cea9a4cd6b3a83428ce8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
21:27:03.0742 2808 AndGps - ok
21:27:03.0789 2808 [ e2b5663e547fa5e756b253efa8ec8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
21:27:03.0820 2808 ANDModem - ok
21:27:03.0870 2808 [ 9c1751b2e733471ae07561028b7d2a9b ] androidusb C:\Windows\system32\Drivers\lgandadb.sys
21:27:03.0924 2808 androidusb - ok
21:27:03.0986 2808 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
21:27:04.0057 2808 Appinfo - ok
21:27:04.0179 2808 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:27:04.0193 2808 Apple Mobile Device - ok
21:27:04.0267 2808 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
21:27:04.0285 2808 arc - ok
21:27:04.0337 2808 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:27:04.0356 2808 arcsas - ok
21:27:04.0471 2808 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:27:04.0486 2808 aspnet_state - ok
21:27:04.0546 2808 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:04.0608 2808 AsyncMac - ok
21:27:04.0852 2808 [ f988bb0690cd660318037908e9b8dbf7 ] atapi C:\Windows\system32\drivers\atapi.sys
21:27:04.0869 2808 atapi - ok
21:27:04.0937 2808 [ 25508c3a6565f06f30d645e11c6c25ec ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:27:05.0046 2808 Ati External Event Utility - ok
21:27:05.0139 2808 [ db96850170c9895d855463c207fbd4ad ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:27:05.0338 2808 atikmdag - ok
21:27:05.0396 2808 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:27:05.0427 2808 AudioEndpointBuilder - ok
21:27:05.0479 2808 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:27:05.0504 2808 AudioSrv - ok
21:27:05.0708 2808 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:27:05.0913 2808 AVGIDSAgent - ok
21:27:05.0986 2808 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:27:06.0005 2808 AVGIDSDriver - ok
21:27:06.0058 2808 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:27:06.0069 2808 AVGIDSFilter - ok
21:27:06.0094 2808 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:27:06.0106 2808 AVGIDSHA - ok
21:27:06.0163 2808 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:27:06.0180 2808 Avgldx64 - ok
21:27:06.0204 2808 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:27:06.0215 2808 Avgmfx64 - ok
21:27:06.0228 2808 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:27:06.0238 2808 Avgrkx64 - ok
21:27:06.0254 2808 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:27:06.0275 2808 Avgtdia - ok
21:27:06.0302 2808 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:27:06.0316 2808 avgwd - ok
21:27:06.0320 2808 Beep - ok
21:27:06.0355 2808 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
21:27:06.0409 2808 BFE - ok
21:27:06.0460 2808 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\system32\qmgr.dll
21:27:06.0527 2808 BITS - ok
21:27:06.0562 2808 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:27:06.0610 2808 blbdrive - ok
21:27:06.0683 2808 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:27:06.0723 2808 Bonjour Service - ok
21:27:06.0786 2808 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:27:06.0850 2808 bowser - ok
21:27:06.0872 2808 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:27:06.0919 2808 BrFiltLo - ok
21:27:06.0955 2808 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:27:06.0992 2808 BrFiltUp - ok
21:27:07.0014 2808 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
21:27:07.0079 2808 Browser - ok
21:27:07.0099 2808 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
21:27:07.0264 2808 Brserid - ok
21:27:07.0299 2808 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:27:07.0392 2808 BrSerWdm - ok
21:27:07.0428 2808 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:27:07.0491 2808 BrUsbMdm - ok
21:27:07.0505 2808 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:27:07.0592 2808 BrUsbSer - ok
21:27:07.0627 2808 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:27:07.0730 2808 BTHMODEM - ok
21:27:07.0750 2808 catchme - ok
21:27:07.0764 2808 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:27:07.0812 2808 cdfs - ok
21:27:07.0848 2808 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:27:07.0889 2808 cdrom - ok
21:27:07.0926 2808 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
21:27:07.0967 2808 CertPropSvc - ok
21:27:07.0995 2808 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:27:08.0039 2808 circlass - ok
21:27:08.0077 2808 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
21:27:08.0109 2808 CLFS - ok
21:27:08.0227 2808 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:27:08.0239 2808 clr_optimization_v2.0.50727_32 - ok
21:27:08.0270 2808 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:27:08.0282 2808 clr_optimization_v2.0.50727_64 - ok
21:27:08.0389 2808 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:27:08.0400 2808 clr_optimization_v4.0.30319_32 - ok
21:27:08.0427 2808 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:27:08.0439 2808 clr_optimization_v4.0.30319_64 - ok
21:27:08.0465 2808 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:27:08.0476 2808 cmdide - ok
21:27:08.0492 2808 [ 34a6aa82aa36c87fc8816f2097efa345 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:27:08.0505 2808 Compbatt - ok
21:27:08.0507 2808 COMSysApp - ok
21:27:08.0522 2808 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:27:08.0534 2808 crcdisk - ok
21:27:08.0595 2808 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:27:08.0635 2808 CryptSvc - ok
21:27:08.0672 2808 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
21:27:08.0844 2808 DcomLaunch - ok
21:27:08.0887 2808 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:27:08.0947 2808 DfsC - ok
21:27:09.0039 2808 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
21:27:09.0297 2808 DFSR - ok
21:27:09.0343 2808 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:27:09.0396 2808 Dhcp - ok
21:27:09.0472 2808 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
21:27:09.0487 2808 disk - ok
21:27:09.0544 2808 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:27:09.0573 2808 Dnscache - ok
21:27:09.0651 2808 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:27:09.0858 2808 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
21:27:09.0858 2808 DockLoginService - detected UnsignedFile.Multi.Generic (1)
21:27:09.0884 2808 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
21:27:09.0938 2808 dot3svc - ok
21:27:09.0990 2808 [ 74c02b1717740c3b8039539e23e4b53f ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:27:10.0043 2808 Dot4 - ok
21:27:10.0057 2808 [ 08321d1860235bf42cf2854234337aea ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:27:10.0101 2808 Dot4Print - ok
21:27:10.0110 2808 [ 4adccf0124f2b6911d3786a5d0e779e5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:27:10.0173 2808 dot4usb - ok
21:27:10.0243 2808 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
21:27:10.0297 2808 DPS - ok
21:27:10.0327 2808 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:27:10.0379 2808 drmkaud - ok
21:27:10.0434 2808 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:27:10.0479 2808 DXGKrnl - ok
21:27:10.0526 2808 [ 17d40652ef3e55eeae187a89df40965a ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
21:27:10.0576 2808 e1express - ok
21:27:10.0617 2808 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:27:10.0682 2808 E1G60 - ok
21:27:10.0730 2808 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
21:27:10.0781 2808 EapHost - ok
21:27:10.0815 2808 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
21:27:10.0837 2808 Ecache - ok
21:27:10.0914 2808 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:27:10.0961 2808 ehRecvr - ok
21:27:10.0969 2808 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
21:27:11.0006 2808 ehSched - ok
21:27:11.0037 2808 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
21:27:11.0109 2808 ehstart - ok
21:27:11.0136 2808 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:27:11.0166 2808 elxstor - ok
21:27:11.0204 2808 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:27:11.0281 2808 EMDMgmt - ok
21:27:11.0335 2808 [ 991fab6aa066e1214efb5b496fb7959a ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:27:11.0393 2808 ErrDev - ok
21:27:11.0416 2808 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
21:27:11.0495 2808 EventSystem - ok
21:27:11.0516 2808 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
21:27:11.0545 2808 exfat - ok
21:27:11.0570 2808 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:27:11.0613 2808 fastfat - ok
21:27:11.0636 2808 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:27:11.0697 2808 fdc - ok
21:27:11.0734 2808 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
21:27:11.0777 2808 fdPHost - ok
21:27:11.0791 2808 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
21:27:11.0881 2808 FDResPub - ok
21:27:11.0904 2808 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:27:11.0922 2808 FileInfo - ok
21:27:11.0938 2808 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:27:12.0000 2808 Filetrace - ok
21:27:12.0035 2808 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:27:12.0096 2808 flpydisk - ok
21:27:12.0135 2808 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:27:12.0152 2808 FltMgr - ok
21:27:12.0226 2808 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
21:27:12.0348 2808 FontCache - ok
21:27:12.0408 2808 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:27:12.0417 2808 FontCache3.0.0.0 - ok
21:27:12.0481 2808 [ dc0dce4ec2c5d2cf6472f9fd6aa9a7dc ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:27:12.0491 2808 fssfltr - ok
21:27:12.0623 2808 [ 40cdfad174b3d5e80f95dda003c0b97f ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:27:12.0704 2808 fsssvc - ok
21:27:12.0769 2808 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:27:12.0835 2808 Fs_Rec - ok
21:27:12.0880 2808 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:27:12.0893 2808 gagp30kx - ok
21:27:12.0931 2808 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:27:12.0941 2808 GEARAspiWDM - ok
21:27:12.0963 2808 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
21:27:13.0060 2808 gpsvc - ok
21:27:13.0149 2808 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:27:13.0161 2808 gupdate - ok
21:27:13.0182 2808 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:27:13.0192 2808 gupdatem - ok
21:27:13.0230 2808 [ 68e732382b32417ff61fd663259b4b09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:27:13.0267 2808 HdAudAddService - ok
21:27:13.0324 2808 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:27:13.0420 2808 HDAudBus - ok
21:27:13.0441 2808 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:27:13.0516 2808 HidBth - ok
21:27:13.0542 2808 [ 5f47839455d01ff6403b008d481a6f5b ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:27:13.0584 2808 HidIr - ok
21:27:13.0624 2808 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\System32\hidserv.dll
21:27:13.0660 2808 hidserv - ok
21:27:13.0699 2808 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:27:13.0737 2808 HidUsb - ok
21:27:13.0790 2808 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
21:27:13.0845 2808 hkmsvc - ok
21:27:13.0891 2808 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:27:13.0906 2808 HpCISSs - ok
21:27:14.0002 2808 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:27:14.0030 2808 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:27:14.0030 2808 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:27:14.0060 2808 [ 7da3211ac63edd90b8eca1ca1abfd43b ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:27:14.0066 2808 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:27:14.0066 2808 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:27:14.0100 2808 [ 298a6890a7ac415dabb35047d168f13b ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:27:14.0176 2808 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:27:14.0176 2808 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:27:14.0214 2808 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:27:14.0299 2808 HTTP - ok
21:27:14.0343 2808 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:27:14.0358 2808 i2omp - ok
21:27:14.0386 2808 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:27:14.0432 2808 i8042prt - ok
21:27:14.0548 2808 [ 3e42c4691aad4b1e8d0466f9cbf05cbe ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:27:14.0571 2808 IAANTMON - ok
21:27:14.0588 2808 [ fc28e90f2204d8fd147fa9bfa8a51c01 ] iaStor C:\Windows\system32\drivers\iastor.sys
21:27:14.0608 2808 iaStor - ok
21:27:14.0666 2808 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:27:14.0689 2808 iaStorV - ok
21:27:14.0759 2808 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:27:14.0836 2808 idsvc - ok
21:27:14.0848 2808 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:27:14.0865 2808 iirsp - ok
21:27:14.0893 2808 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
21:27:14.0943 2808 IKEEXT - ok
21:27:15.0015 2808 [ e28edf74900e68184f44cfcdd66f1bc3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:27:15.0123 2808 IntcAzAudAddService - ok
21:27:15.0145 2808 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
21:27:15.0156 2808 intelide - ok
21:27:15.0168 2808 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:27:15.0193 2808 intelppm - ok
21:27:15.0239 2808 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:27:15.0286 2808 IPBusEnum - ok
21:27:15.0318 2808 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:15.0339 2808 IpFilterDriver - ok
21:27:15.0378 2808 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:27:15.0440 2808 iphlpsvc - ok
21:27:15.0442 2808 IpInIp - ok
21:27:15.0467 2808 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:27:15.0511 2808 IPMIDRV - ok
21:27:15.0533 2808 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:27:15.0563 2808 IPNAT - ok
21:27:15.0620 2808 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:27:15.0666 2808 iPod Service - ok
21:27:15.0713 2808 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:27:15.0752 2808 IRENUM - ok
21:27:15.0789 2808 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:27:15.0801 2808 isapnp - ok
21:27:15.0834 2808 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:27:15.0850 2808 iScsiPrt - ok
21:27:15.0866 2808 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:27:15.0877 2808 iteatapi - ok
21:27:15.0899 2808 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:27:15.0910 2808 iteraid - ok
21:27:15.0955 2808 [ db85fe8d6cbaa2047cb4da1b2c193d76 ] JRAID C:\Windows\system32\drivers\jraid.sys
21:27:15.0991 2808 JRAID - ok
21:27:16.0010 2808 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:27:16.0023 2808 kbdclass - ok
21:27:16.0033 2808 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:27:16.0097 2808 kbdhid - ok
21:27:16.0117 2808 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
21:27:16.0173 2808 KeyIso - ok
21:27:16.0185 2808 kmqdhyxn - ok
21:27:16.0241 2808 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:27:16.0274 2808 KSecDD - ok
21:27:16.0323 2808 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:27:16.0373 2808 ksthunk - ok
21:27:16.0420 2808 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
21:27:16.0461 2808 KtmRm - ok
21:27:16.0518 2808 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:27:16.0546 2808 LanmanServer - ok
21:27:16.0597 2808 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:27:16.0623 2808 LanmanWorkstation - ok
21:27:16.0679 2808 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:27:16.0751 2808 lltdio - ok
21:27:16.0800 2808 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:27:16.0848 2808 lltdsvc - ok
21:27:16.0858 2808 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:27:16.0898 2808 lmhosts - ok
21:27:16.0911 2808 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:27:16.0927 2808 LSI_FC - ok
21:27:16.0941 2808 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:27:16.0957 2808 LSI_SAS - ok
21:27:16.0975 2808 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:27:16.0991 2808 LSI_SCSI - ok
21:27:17.0032 2808 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
21:27:17.0094 2808 luafv - ok
21:27:17.0118 2808 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:27:17.0164 2808 Mcx2Svc - ok
21:27:17.0174 2808 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
21:27:17.0189 2808 megasas - ok
21:27:17.0211 2808 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:27:17.0257 2808 MegaSR - ok
21:27:17.0327 2808 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
21:27:17.0380 2808 MMCSS - ok
21:27:17.0405 2808 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
21:27:17.0458 2808 Modem - ok
21:27:17.0494 2808 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:27:17.0534 2808 monitor - ok
21:27:17.0585 2808 [ 940f4da752e28e6c4b1090d21aeb7b80 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
21:27:17.0646 2808 motmodem - ok
21:27:17.0668 2808 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:27:17.0680 2808 mouclass - ok
21:27:17.0689 2808 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:27:17.0736 2808 mouhid - ok
21:27:17.0761 2808 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:27:17.0772 2808 MountMgr - ok
21:27:17.0834 2808 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:27:17.0845 2808 MozillaMaintenance - ok
21:27:17.0924 2808 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:27:17.0939 2808 MpFilter - ok
21:27:18.0002 2808 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
21:27:18.0015 2808 mpio - ok
21:27:18.0041 2808 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:27:18.0087 2808 mpsdrv - ok
21:27:18.0130 2808 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
21:27:18.0198 2808 MpsSvc - ok
21:27:18.0214 2808 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:27:18.0225 2808 Mraid35x - ok
21:27:18.0249 2808 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:27:18.0301 2808 MRxDAV - ok
21:27:18.0330 2808 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:27:18.0360 2808 mrxsmb - ok
21:27:18.0420 2808 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:27:18.0457 2808 mrxsmb10 - ok
21:27:18.0496 2808 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:27:18.0509 2808 mrxsmb20 - ok
21:27:18.0610 2808 [ 730b784962d22d2c6481eae2370e7c8c ] msahci C:\Windows\system32\drivers\msahci.sys
21:27:18.0623 2808 msahci - ok
21:27:18.0691 2808 [ 41fb1d61df09c36ccab0b04eec66f6d5 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
21:27:18.0705 2808 MSCamSvc - ok
21:27:18.0752 2808 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:27:18.0766 2808 msdsm - ok
21:27:18.0852 2808 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
21:27:18.0969 2808 MSDTC - ok
21:27:18.0988 2808 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:27:19.0033 2808 Msfs - ok
21:27:19.0051 2808 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:27:19.0066 2808 msisadrv - ok
21:27:19.0102 2808 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:27:19.0145 2808 MSiSCSI - ok
21:27:19.0148 2808 msiserver - ok
21:27:19.0173 2808 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:27:19.0217 2808 MSKSSRV - ok
21:27:19.0352 2808 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:27:19.0363 2808 MsMpSvc - ok
21:27:19.0382 2808 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:27:19.0416 2808 MSPCLOCK - ok
21:27:19.0419 2808 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:27:19.0478 2808 MSPQM - ok
21:27:19.0507 2808 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:27:19.0524 2808 MsRPC - ok
21:27:19.0529 2808 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:27:19.0540 2808 mssmbios - ok
21:27:19.0564 2808 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:27:19.0614 2808 MSTEE - ok
21:27:19.0618 2808 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
21:27:19.0631 2808 Mup - ok
21:27:19.0686 2808 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
21:27:19.0770 2808 napagent - ok
21:27:19.0806 2808 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:27:19.0839 2808 NativeWifiP - ok
21:27:19.0904 2808 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:27:19.0941 2808 NDIS - ok
21:27:19.0956 2808 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:27:20.0006 2808 NdisTapi - ok
21:27:20.0009 2808 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:27:20.0039 2808 Ndisuio - ok
21:27:20.0168 2808 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:20.0194 2808 NdisWan - ok
21:27:20.0224 2808 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:27:20.0248 2808 NDProxy - ok
21:27:20.0271 2808 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:27:20.0325 2808 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:27:20.0325 2808 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:27:20.0343 2808 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:27:20.0375 2808 NetBIOS - ok
21:27:20.0576 2808 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:27:20.0605 2808 netbt - ok
21:27:20.0646 2808 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
21:27:20.0660 2808 Netlogon - ok
21:27:20.0709 2808 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
21:27:20.0754 2808 Netman - ok
21:27:20.0943 2808 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:20.0957 2808 NetMsmqActivator - ok
21:27:20.0961 2808 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:20.0974 2808 NetPipeActivator - ok
21:27:21.0014 2808 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
21:27:21.0076 2808 netprofm - ok
21:27:21.0079 2808 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:21.0092 2808 NetTcpActivator - ok
21:27:21.0096 2808 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:21.0109 2808 NetTcpPortSharing - ok
21:27:21.0162 2808 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:27:21.0176 2808 nfrd960 - ok
21:27:21.0219 2808 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:27:21.0233 2808 NisDrv - ok
21:27:21.0270 2808 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:27:21.0292 2808 NisSrv - ok
21:27:21.0315 2808 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
21:27:21.0375 2808 NlaSvc - ok
21:27:21.0419 2808 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:27:21.0461 2808 Npfs - ok
21:27:21.0507 2808 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
21:27:21.0575 2808 nsi - ok
21:27:21.0612 2808 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:27:21.0653 2808 nsiproxy - ok
21:27:21.0727 2808 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:27:21.0870 2808 Ntfs - ok
21:27:21.0953 2808 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
21:27:22.0005 2808 Null - ok
21:27:22.0040 2808 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:27:22.0060 2808 nvraid - ok
21:27:22.0073 2808 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:27:22.0092 2808 nvstor - ok
21:27:22.0115 2808 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:27:22.0135 2808 nv_agp - ok
21:27:22.0138 2808 NwlnkFlt - ok
21:27:22.0142 2808 NwlnkFwd - ok
21:27:22.0243 2808 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:27:22.0277 2808 odserv - ok
21:27:22.0331 2808 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:27:22.0384 2808 ohci1394 - ok
21:27:22.0489 2808 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:27:22.0507 2808 ose - ok
21:27:22.0576 2808 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:27:22.0675 2808 p2pimsvc - ok
21:27:22.0687 2808 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
21:27:22.0735 2808 p2psvc - ok
21:27:22.0780 2808 [ aecd57f94c887f58919f307c35498ea0 ] Parport C:\Windows\system32\drivers\parport.sys
21:27:22.0865 2808 Parport - ok
21:27:22.0896 2808 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:27:22.0915 2808 partmgr - ok
21:27:22.0968 2808 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
21:27:23.0017 2808 PcaSvc - ok
21:27:23.0031 2808 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
21:27:23.0056 2808 pci - ok
21:27:23.0069 2808 [ 8d618c829034479985a9ed56106cc732 ] pciide C:\Windows\system32\drivers\pciide.sys
21:27:23.0085 2808 pciide - ok
21:27:23.0112 2808 [ 037661f3d7c507c9993b7010ceee6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:27:23.0132 2808 pcmcia - ok
21:27:23.0174 2808 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:27:23.0261 2808 PEAUTH - ok
21:27:23.0378 2808 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:27:23.0440 2808 PerfHost - ok
21:27:23.0617 2808 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
21:27:23.0720 2808 pla - ok
21:27:23.0755 2808 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:27:23.0781 2808 PlugPlay - ok
21:27:23.0807 2808 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:27:23.0832 2808 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:27:23.0832 2808 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:27:23.0874 2808 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:27:23.0894 2808 PNRPAutoReg - ok
21:27:23.0949 2808 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:27:23.0972 2808 PNRPsvc - ok
21:27:24.0027 2808 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:27:24.0107 2808 PolicyAgent - ok
21:27:24.0152 2808 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:27:24.0222 2808 PptpMiniport - ok
21:27:24.0255 2808 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\drivers\processr.sys
21:27:24.0322 2808 Processor - ok
21:27:24.0381 2808 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
21:27:24.0430 2808 ProfSvc - ok
21:27:24.0804 2808 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
21:27:24.0817 2808 ProtectedStorage - ok
21:27:24.0833 2808 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:27:24.0879 2808 PSched - ok
21:27:24.0960 2808 [ a6a7ad767bf5141665f5c675f671b3e1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:27:24.0973 2808 PSI_SVC_2 - ok
21:27:24.0994 2808 [ fbf4db6d53585437e41a113300002a2b ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:27:25.0004 2808 PxHlpa64 - ok
21:27:25.0044 2808 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:27:25.0120 2808 ql2300 - ok
21:27:25.0150 2808 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:27:25.0162 2808 ql40xx - ok
21:27:25.0192 2808 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
21:27:25.0233 2808 QWAVE - ok
21:27:25.0264 2808 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:27:25.0277 2808 QWAVEdrv - ok
21:27:25.0389 2808 [ db96850170c9895d855463c207fbd4ad ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
21:27:25.0515 2808 R300 - ok
21:27:25.0528 2808 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:27:25.0576 2808 RasAcd - ok
21:27:25.0617 2808 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
21:27:25.0671 2808 RasAuto - ok
21:27:25.0716 2808 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:27:25.0760 2808 Rasl2tp - ok
21:27:25.0799 2808 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
21:27:25.0834 2808 RasMan - ok
21:27:25.0858 2808 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:27:25.0906 2808 RasPppoe - ok
21:27:25.0930 2808 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:27:25.0968 2808 RasSstp - ok
21:27:26.0011 2808 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:27:26.0062 2808 rdbss - ok
21:27:26.0082 2808 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:27:26.0113 2808 RDPCDD - ok
21:27:26.0144 2808 [ c045d1fb111c28df0d1be8d4bda22c06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:27:26.0180 2808 rdpdr - ok
21:27:26.0184 2808 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:27:26.0227 2808 RDPENCDD - ok
21:27:26.0261 2808 [ ae4bd9e1c33d351d8e607fc81f15160c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:27:26.0327 2808 RDPWD - ok
21:27:26.0363 2808 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:27:26.0397 2808 RemoteAccess - ok
21:27:26.0418 2808 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:27:26.0446 2808 RemoteRegistry - ok
21:27:26.0565 2808 [ fded778daf09235e4580f1b9046946b6 ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
21:27:26.0582 2808 RoxLiveShare10 - ok
21:27:26.0627 2808 [ e054a2caf0e2a55c9aac0bf1ccc558a5 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:27:26.0678 2808 RoxMediaDB10 - ok
21:27:26.0715 2808 [ c75fda9ab3314e555123673e08f9d86d ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
21:27:26.0729 2808 RoxWatch10 - ok
21:27:26.0783 2808 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
21:27:26.0839 2808 RpcLocator - ok
21:27:26.0872 2808 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
21:27:26.0912 2808 RpcSs - ok
21:27:26.0943 2808 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:27:27.0002 2808 rspndr - ok
21:27:27.0042 2808 [ 8b91737da75add21cb1554b38089196a ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
21:27:27.0104 2808 RTL8169 - ok
21:27:27.0142 2808 [ 0851174830dafad4eacc4dd818d803d1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
21:27:27.0159 2808 RTSTOR - ok
21:27:27.0204 2808 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] SamSs C:\Windows\system32\lsass.exe
21:27:27.0215 2808 SamSs - ok
21:27:27.0270 2808 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:27:27.0282 2808 sbp2port - ok
21:27:27.0420 2808 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:27:27.0482 2808 SBSDWSCService - ok
21:27:27.0527 2808 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:27:27.0570 2808 SCardSvr - ok
21:27:27.0619 2808 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
21:27:27.0671 2808 Schedule - ok
21:27:27.0700 2808 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:27:27.0721 2808 SCPolicySvc - ok
21:27:27.0765 2808 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:27:27.0828 2808 SDRSVC - ok
21:27:27.0838 2808 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:27:27.0903 2808 secdrv - ok
21:27:27.0926 2808 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
21:27:27.0957 2808 seclogon - ok
21:27:27.0964 2808 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\system32\sens.dll
21:27:27.0996 2808 SENS - ok
21:27:28.0005 2808 [ f71bfe7ac6c52273b7c82cbf1bb2a222 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:27:28.0049 2808 Serenum - ok
21:27:28.0062 2808 [ e62fac91ee288db29a9696a9d279929c ] Serial C:\Windows\system32\drivers\serial.sys
21:27:28.0116 2808 Serial - ok
21:27:28.0128 2808 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:27:28.0170 2808 sermouse - ok
21:27:28.0186 2808 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
21:27:28.0233 2808 SessionEnv - ok
21:27:28.0255 2808 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:27:28.0306 2808 sffdisk - ok
21:27:28.0339 2808 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:27:28.0389 2808 sffp_mmc - ok
21:27:28.0411 2808 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:27:28.0439 2808 sffp_sd - ok
21:27:28.0565 2808 [ 6b7838c94135768bd455cbdc23e39e5f ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:27:28.0606 2808 sfloppy - ok
21:27:28.0803 2808 [ 4ef8fc5158aa1a01df37fdb3fadda077 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:27:28.0837 2808 SftService - ok
21:27:28.0886 2808 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:27:28.0935 2808 SharedAccess - ok
21:27:28.0989 2808 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:27:29.0072 2808 ShellHWDetection - ok
21:27:29.0143 2808 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:27:29.0156 2808 SiSRaid2 - ok
21:27:29.0174 2808 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:27:29.0189 2808 SiSRaid4 - ok
21:27:29.0252 2808 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
21:27:29.0411 2808 slsvc - ok
21:27:29.0452 2808 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:27:29.0532 2808 SLUINotify - ok
21:27:29.0554 2808 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:27:29.0598 2808 Smb - ok
21:27:29.0684 2808 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:27:29.0716 2808 SNMPTRAP - ok
21:27:29.0744 2808 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
21:27:29.0758 2808 spldr - ok
21:27:29.0786 2808 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
21:27:29.0807 2808 Spooler - ok
21:27:29.0867 2808 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
21:27:29.0943 2808 srv - ok
21:27:29.0964 2808 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:27:30.0019 2808 srv2 - ok
21:27:30.0039 2808 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:27:30.0063 2808 srvnet - ok
21:27:30.0112 2808 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:27:30.0175 2808 SSDPSRV - ok
21:27:30.0212 2808 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:27:30.0230 2808 SstpSvc - ok
21:27:30.0246 2808 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
21:27:30.0344 2808 stisvc - ok
21:27:30.0447 2808 [ 1d0063597c3666404fcf97698abeb019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:27:30.0492 2808 stllssvr - ok
21:27:30.0550 2808 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:27:30.0565 2808 swenum - ok
21:27:30.0599 2808 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
21:27:30.0680 2808 swprv - ok
21:27:30.0756 2808 [ 650b53c73b287cb58781bd8f2ac12d2e ] sxuptp C:\Windows\system32\DRIVERS\sxuptp.sys
21:27:30.0776 2808 sxuptp - ok
21:27:30.0788 2808 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:27:30.0804 2808 Symc8xx - ok
21:27:30.0814 2808 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:27:30.0831 2808 Sym_hi - ok
21:27:30.0844 2808 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:27:30.0860 2808 Sym_u3 - ok
21:27:30.0901 2808 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
21:27:30.0976 2808 SysMain - ok
21:27:31.0028 2808 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:27:31.0073 2808 TabletInputService - ok
21:27:31.0114 2808 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:27:31.0153 2808 TapiSrv - ok
21:27:31.0201 2808 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
21:27:31.0249 2808 TBS - ok
21:27:31.0312 2808 [ ac8d5728e6ad6a7c4819d9a67008337a ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:27:31.0396 2808 Tcpip - ok
21:27:31.0441 2808 [ ac8d5728e6ad6a7c4819d9a67008337a ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:27:31.0474 2808 Tcpip6 - ok
21:27:31.0532 2808 [ fd8fde859e38e40a20085ebb0c22b416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:27:31.0580 2808 tcpipreg - ok
21:27:31.0598 2808 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:27:31.0649 2808 TDPIPE - ok
21:27:31.0663 2808 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:27:31.0714 2808 TDTCP - ok
21:27:31.0743 2808 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:27:31.0766 2808 tdx - ok
21:27:31.0796 2808 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:27:31.0809 2808 TermDD - ok
21:27:31.0837 2808 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
21:27:31.0898 2808 TermService - ok
21:27:31.0931 2808 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
21:27:31.0946 2808 Themes - ok
21:27:31.0970 2808 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
21:27:32.0000 2808 THREADORDER - ok
21:27:32.0036 2808 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
21:27:32.0089 2808 TrkWks - ok
21:27:32.0148 2808 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:27:32.0196 2808 TrustedInstaller - ok
21:27:32.0216 2808 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:27:32.0267 2808 tssecsrv - ok
21:27:32.0316 2808 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:27:32.0329 2808 tunmp - ok
21:27:32.0385 2808 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:27:32.0420 2808 tunnel - ok
21:27:32.0448 2808 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:27:32.0463 2808 uagp35 - ok
21:27:32.0493 2808 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:27:32.0537 2808 udfs - ok
21:27:32.0557 2808 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:27:32.0592 2808 UI0Detect - ok
21:27:32.0612 2808 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:27:32.0627 2808 uliagpkx - ok
21:27:32.0648 2808 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:27:32.0667 2808 uliahci - ok
21:27:32.0680 2808 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:27:32.0695 2808 UlSata - ok
21:27:32.0711 2808 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:27:32.0727 2808 ulsata2 - ok
21:27:32.0743 2808 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:27:32.0797 2808 umbus - ok
21:27:32.0822 2808 [ 01abe05c401e70795b43a8933b44831e ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
21:27:32.0872 2808 UMPass - ok
21:27:32.0924 2808 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
21:27:32.0993 2808 upnphost - ok
21:27:33.0052 2808 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:27:33.0084 2808 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:27:33.0084 2808 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:27:33.0148 2808 [ c6ba890de6e41857fbe84175519cae7d ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:27:33.0187 2808 usbaudio - ok
21:27:33.0218 2808 [ c85b8247fadd432fa54fe11667c8d97d ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
21:27:33.0246 2808 usbbus - ok
21:27:33.0264 2808 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:27:33.0303 2808 usbccgp - ok
21:27:33.0336 2808 [ f8e1cb9b8da037219953190cd2aca358 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys
21:27:33.0389 2808 USBCCID - ok
21:27:33.0393 2808 [ 8c39d53e1a343f4c47ee8f3c052126d8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:27:33.0433 2808 usbcir - ok
21:27:33.0474 2808 [ d8cdc12f5429878f23ddb3785a0fdf95 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
21:27:33.0487 2808 UsbDiag - ok
21:27:33.0521 2808 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:27:33.0577 2808 usbehci - ok
21:27:33.0618 2808 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:27:33.0691 2808 usbhub - ok
21:27:33.0734 2808 [ 5c4219c10b5887dff85e1d2779aed55b ] usbio C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
21:27:33.0759 2808 usbio - ok
21:27:33.0794 2808 [ 79fa7a22b0f6f0082f640cbc82a00fce ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
21:27:33.0822 2808 USBModem - ok
21:27:33.0856 2808 [ eba14ef0c07cec233f1529c698d0d154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:27:33.0922 2808 usbohci - ok
21:27:33.0935 2808 [ 28b693b6d31e7b9332c1bdcefef228c1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:27:33.0984 2808 usbprint - ok
21:27:34.0007 2808 [ ea0bf666868964fbe8cb10e50c97b9f1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:27:34.0060 2808 usbscan - ok
21:27:34.0108 2808 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:27:34.0151 2808 USBSTOR - ok
21:27:34.0196 2808 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:27:34.0229 2808 usbuhci - ok
21:27:34.0279 2808 [ fc33099877790d51b0927b7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:27:34.0324 2808 usbvideo - ok
21:27:34.0346 2808 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
21:27:34.0392 2808 UxSms - ok
21:27:34.0419 2808 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
21:27:34.0509 2808 vds - ok
21:27:34.0559 2808 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:27:34.0616 2808 vga - ok
21:27:34.0688 2808 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:27:34.0753 2808 VgaSave - ok
21:27:34.0777 2808 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
21:27:34.0796 2808 viaide - ok
21:27:34.0813 2808 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:27:34.0832 2808 volmgr - ok
21:27:34.0868 2808 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:27:34.0894 2808 volmgrx - ok
21:27:34.0948 2808 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:27:34.0973 2808 volsnap - ok
21:27:34.0998 2808 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:27:35.0019 2808 vsmraid - ok
21:27:35.0064 2808 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
21:27:35.0202 2808 VSS - ok
21:27:35.0225 2808 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
21:27:35.0268 2808 W32Time - ok
21:27:35.0290 2808 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:27:35.0343 2808 WacomPen - ok
21:27:35.0360 2808 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:27:35.0389 2808 Wanarp - ok
21:27:35.0391 2808 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:27:35.0413 2808 Wanarpv6 - ok
21:27:35.0439 2808 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:27:35.0472 2808 wcncsvc - ok
21:27:35.0517 2808 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:27:35.0561 2808 WcsPlugInService - ok
21:27:35.0598 2808 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
21:27:35.0609 2808 Wd - ok
21:27:35.0665 2808 [ d02e7e4567da1e7582fbf6a91144b0df ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:27:35.0701 2808 Wdf01000 - ok
21:27:35.0715 2808 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:27:35.0752 2808 WdiServiceHost - ok
21:27:35.0755 2808 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:27:35.0783 2808 WdiSystemHost - ok
21:27:35.0795 2808 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
21:27:35.0812 2808 WebClient - ok
21:27:35.0867 2808 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:27:35.0883 2808 Wecsvc - ok
21:27:35.0891 2808 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:27:35.0914 2808 wercplsupport - ok
21:27:35.0958 2808 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
21:27:36.0002 2808 WerSvc - ok
21:27:36.0035 2808 WinDefend - ok
21:27:36.0039 2808 WinHttpAutoProxySvc - ok
21:27:36.0090 2808 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:27:36.0116 2808 Winmgmt - ok
21:27:36.0164 2808 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
21:27:36.0296 2808 WinRM - ok
21:27:36.0338 2808 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:27:36.0432 2808 Wlansvc - ok
21:27:36.0497 2808 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:27:36.0509 2808 wlcrasvc - ok
21:27:36.0644 2808 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:27:36.0779 2808 wlidsvc - ok
21:27:36.0800 2808 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:27:36.0848 2808 WmiAcpi - ok
21:27:36.0869 2808 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:27:36.0896 2808 wmiApSrv - ok
21:27:36.0906 2808 WMPNetworkSvc - ok
21:27:36.0963 2808 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:27:37.0050 2808 WPCSvc - ok
21:27:37.0076 2808 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:27:37.0095 2808 WPDBusEnum - ok
21:27:37.0136 2808 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:27:37.0151 2808 WpdUsb - ok
21:27:37.0624 2808 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:27:37.0678 2808 WPFFontCache_v0400 - ok
21:27:37.0732 2808 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:27:37.0781 2808 ws2ifsl - ok
21:27:37.0812 2808 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\system32\wscsvc.dll
21:27:37.0845 2808 wscsvc - ok
21:27:37.0848 2808 WSearch - ok
21:27:37.0913 2808 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:27:38.0019 2808 wuauserv - ok
21:27:38.0045 2808 [ 501a65252617b495c0f1832f908d54d8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:38.0073 2808 WUDFRd - ok
21:27:38.0114 2808 [ 6cbd51ff913c851d56ed9dc7f2a27dde ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:27:38.0160 2808 wudfsvc - ok
21:27:38.0168 2808 ================ Scan global ===============================
21:27:38.0218 2808 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
21:27:38.0280 2808 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
21:27:38.0302 2808 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
21:27:38.0334 2808 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
21:27:38.0340 2808 [Global] - ok
21:27:38.0340 2808 ================ Scan MBR ==================================
21:27:38.0349 2808 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:27:38.0786 2808 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:27:38.0787 2808 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:27:38.0796 2808 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk1\DR1
21:27:38.0906 2808 \Device\Harddisk1\DR1 - ok
21:27:38.0906 2808 ================ Scan VBR ==================================
21:27:38.0930 2808 Boot (0x1200) (533bc820da329acc42e5b1be37153107) \Device\Harddisk0\DR0\Partition1
21:27:38.0932 2808 \Device\Harddisk0\DR0\Partition1 - ok
21:27:38.0933 2808 Boot (0x1200) (19e81f8ecdf9ccecc29c9dac83a40779) \Device\Harddisk0\DR0\Partition2
21:27:38.0935 2808 \Device\Harddisk0\DR0\Partition2 - ok
21:27:38.0952 2808 Boot (0x1200) (3d90b912c282b8ed361d9279f73ef471) \Device\Harddisk1\DR1\Partition1
21:27:38.0954 2808 \Device\Harddisk1\DR1\Partition1 - ok
21:27:38.0955 2808 Boot (0x1200) (34a9696a2351d32bc52ad9975ad3b953) \Device\Harddisk1\DR1\Partition2
21:27:38.0956 2808 \Device\Harddisk1\DR1\Partition2 - ok
21:27:38.0957 2808 ============================================================
21:27:38.0957 2808 Scan finished
21:27:38.0957 2808 ============================================================
21:27:38.0962 7112 Detected object count: 8
21:27:38.0962 7112 Actual detected object count: 8
21:28:26.0498 7112 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:26.0498 7112 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:26.0499 7112 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:26.0499 7112 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:26.0500 7112 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:26.0500 7112 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:26.0500 7112 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:26.0500 7112 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:26.0501 7112 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:26.0501 7112 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:26.0502 7112 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:26.0502 7112 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:26.0503 7112 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:26.0503 7112 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:26.0503 7112 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:28:26.0503 7112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:28:34.0119 1852 Deinitialize success

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 PM

Posted 22 August 2012 - 09:06 PM

Download new version of TDSSkiller and run a scan,post the log

#5 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 22 August 2012 - 09:28 PM

Avast Master Boot Record:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 21:16:36
-----------------------------
21:16:36.486 OS Version: Windows x64 6.0.6002 Service Pack 2
21:16:36.486 Number of processors: 8 586 0x1A04
21:16:36.486 ComputerName: SANDY-PC UserName: Sandy
21:16:46.860 Initialize success
21:17:19.152 AVAST engine defs: 12082200
21:17:26.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:17:26.464 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:17:26.466 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:17:26.467 Disk 1 Vendor: ST380819 8.03 Size: 76293MB BusType: 3
21:17:26.824 Disk 0 MBR read successfully
21:17:26.827 Disk 0 MBR scan
21:17:26.831 Disk 0 Windows VISTA default MBR code
21:17:26.841 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
21:17:27.006 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408
21:17:27.028 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461508 MB offset 31602688
21:17:27.129 Disk 0 scanning C:\Windows\system32\drivers
21:18:13.676 Service scanning
21:18:57.751 Modules scanning
21:18:57.759 Disk 0 trace - called modules:
21:18:57.795 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:18:57.800 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80051b1790]
21:18:57.805 3 CLASSPNP.SYS[fffffa60011cdc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d97050]
21:18:59.907 AVAST engine scan C:\
21:25:44.065 Disk 0 MBR has been saved successfully to "C:\Users\Sandy\Desktop\MBR.dat"
21:25:44.073 The log file has been saved successfully to "C:\Users\Sandy\Desktop\aswMBR.txt"

#6 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 22 August 2012 - 09:32 PM

new TDSS file:
21:31:02.0638 4344 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
21:31:03.0004 4344 ============================================================
21:31:03.0004 4344 Current date / time: 2012/08/22 21:31:03.0004
21:31:03.0004 4344 SystemInfo:
21:31:03.0004 4344
21:31:03.0004 4344 OS Version: 6.0.6002 ServicePack: 2.0
21:31:03.0005 4344 Product type: Workstation
21:31:03.0005 4344 ComputerName: SANDY-PC
21:31:03.0005 4344 UserName: Sandy
21:31:03.0005 4344 Windows directory: C:\Windows
21:31:03.0005 4344 System windows directory: C:\Windows
21:31:03.0005 4344 Running under WOW64
21:31:03.0005 4344 Processor architecture: Intel x64
21:31:03.0005 4344 Number of processors: 8
21:31:03.0005 4344 Page size: 0x1000
21:31:03.0005 4344 Boot type: Normal boot
21:31:03.0005 4344 ============================================================
21:31:03.0625 4344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:03.0637 4344 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:03.0687 4344 Drive \Device\Harddisk5\DR5 - Size: 0xF2E80000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:31:03.0700 4344 ============================================================
21:31:03.0700 4344 \Device\Harddisk0\DR0:
21:31:03.0700 4344 MBR partitions:
21:31:03.0700 4344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
21:31:03.0700 4344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x38562000
21:31:03.0700 4344 \Device\Harddisk1\DR1:
21:31:03.0700 4344 MBR partitions:
21:31:03.0700 4344 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8BA231A
21:31:03.0700 4344 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xC, StartLBA 0x8BB5CDF, BlocksNum 0x948CDE
21:31:03.0700 4344 \Device\Harddisk5\DR5:
21:31:03.0701 4344 MBR partitions:
21:31:03.0701 4344 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x795400
21:31:03.0701 4344 ============================================================
21:31:03.0732 4344 C: <-> \Device\Harddisk0\DR0\Partition2
21:31:03.0763 4344 D: <-> \Device\Harddisk0\DR0\Partition1
21:31:03.0791 4344 F: <-> \Device\Harddisk1\DR1\Partition1
21:31:03.0807 4344 K: <-> \Device\Harddisk1\DR1\Partition2
21:31:03.0807 4344 ============================================================
21:31:03.0807 4344 Initialize success
21:31:03.0807 4344 ============================================================
21:31:19.0522 3208 ============================================================
21:31:19.0522 3208 Scan started
21:31:19.0522 3208 Mode: Manual; TDLFS;
21:31:19.0522 3208 ============================================================
21:31:21.0136 3208 ================ Scan system memory ========================
21:31:21.0136 3208 System memory - ok
21:31:21.0136 3208 ================ Scan services =============================
21:31:21.0299 3208 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
21:31:21.0301 3208 ac.sharedstore - ok
21:31:21.0463 3208 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:31:21.0468 3208 ACPI - ok
21:31:21.0595 3208 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:21.0597 3208 AdobeFlashPlayerUpdateSvc - ok
21:31:21.0756 3208 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:31:21.0772 3208 adp94xx - ok
21:31:21.0821 3208 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:31:21.0827 3208 adpahci - ok
21:31:21.0857 3208 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:31:21.0860 3208 adpu160m - ok
21:31:21.0880 3208 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:31:21.0883 3208 adpu320 - ok
21:31:21.0942 3208 [ 852D8034FFD1A1F076318039872FC500 ] AE1000 C:\Windows\system32\DRIVERS\ae1000va.sys
21:31:21.0967 3208 AE1000 - ok
21:31:22.0016 3208 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:31:22.0017 3208 AeLookupSvc - ok
21:31:22.0128 3208 [ 7394641611EF3AB2D041F104F1E8C1B9 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:31:22.0129 3208 AERTFilters - ok
21:31:22.0202 3208 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
21:31:22.0207 3208 AFD - ok
21:31:22.0256 3208 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:31:22.0258 3208 agp440 - ok
21:31:22.0304 3208 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:31:22.0306 3208 aic78xx - ok
21:31:22.0343 3208 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
21:31:22.0344 3208 ALG - ok
21:31:22.0355 3208 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
21:31:22.0356 3208 aliide - ok
21:31:22.0367 3208 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
21:31:22.0368 3208 amdide - ok
21:31:22.0383 3208 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:31:22.0385 3208 AmdK8 - ok
21:31:22.0418 3208 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
21:31:22.0419 3208 Andbus - ok
21:31:22.0468 3208 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
21:31:22.0469 3208 AndDiag - ok
21:31:22.0528 3208 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
21:31:22.0529 3208 AndGps - ok
21:31:22.0567 3208 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
21:31:22.0568 3208 ANDModem - ok
21:31:22.0615 3208 [ 9C1751B2E733471AE07561028B7D2A9B ] androidusb C:\Windows\system32\Drivers\lgandadb.sys
21:31:22.0616 3208 androidusb - ok
21:31:22.0698 3208 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
21:31:22.0699 3208 Appinfo - ok
21:31:22.0807 3208 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:31:22.0809 3208 Apple Mobile Device - ok
21:31:22.0845 3208 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
21:31:22.0847 3208 arc - ok
21:31:22.0882 3208 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:31:22.0884 3208 arcsas - ok
21:31:22.0982 3208 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:31:22.0984 3208 aspnet_state - ok
21:31:23.0033 3208 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:23.0035 3208 AsyncMac - ok
21:31:23.0072 3208 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
21:31:23.0074 3208 atapi - ok
21:31:23.0132 3208 [ 25508C3A6565F06F30D645E11C6C25EC ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:31:23.0157 3208 Ati External Event Utility - ok
21:31:23.0281 3208 [ DB96850170C9895D855463C207FBD4AD ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:31:23.0381 3208 atikmdag - ok
21:31:23.0442 3208 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:31:23.0457 3208 AudioEndpointBuilder - ok
21:31:23.0466 3208 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:31:23.0470 3208 AudioSrv - ok
21:31:23.0688 3208 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:31:23.0725 3208 AVGIDSAgent - ok
21:31:23.0773 3208 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:31:23.0775 3208 AVGIDSDriver - ok
21:31:23.0836 3208 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:31:23.0837 3208 AVGIDSFilter - ok
21:31:23.0848 3208 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:31:23.0849 3208 AVGIDSHA - ok
21:31:23.0908 3208 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:31:23.0913 3208 Avgldx64 - ok
21:31:23.0940 3208 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:31:23.0942 3208 Avgmfx64 - ok
21:31:23.0956 3208 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:31:23.0957 3208 Avgrkx64 - ok
21:31:23.0975 3208 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:31:23.0981 3208 Avgtdia - ok
21:31:24.0005 3208 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:31:24.0008 3208 avgwd - ok
21:31:24.0014 3208 Beep - ok
21:31:24.0059 3208 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
21:31:24.0075 3208 BFE - ok
21:31:24.0141 3208 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
21:31:24.0166 3208 BITS - ok
21:31:24.0207 3208 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:31:24.0209 3208 blbdrive - ok
21:31:24.0287 3208 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:31:24.0302 3208 Bonjour Service - ok
21:31:24.0357 3208 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:31:24.0359 3208 bowser - ok
21:31:24.0375 3208 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:31:24.0377 3208 BrFiltLo - ok
21:31:24.0384 3208 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:31:24.0385 3208 BrFiltUp - ok
21:31:24.0410 3208 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
21:31:24.0411 3208 Browser - ok
21:31:24.0436 3208 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
21:31:24.0437 3208 Brserid - ok
21:31:24.0470 3208 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:31:24.0471 3208 BrSerWdm - ok
21:31:24.0481 3208 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:31:24.0482 3208 BrUsbMdm - ok
21:31:24.0492 3208 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:31:24.0493 3208 BrUsbSer - ok
21:31:24.0505 3208 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:31:24.0507 3208 BTHMODEM - ok
21:31:24.0523 3208 catchme - ok
21:31:24.0535 3208 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:31:24.0536 3208 cdfs - ok
21:31:24.0560 3208 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:31:24.0561 3208 cdrom - ok
21:31:24.0588 3208 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
21:31:24.0589 3208 CertPropSvc - ok
21:31:24.0598 3208 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:31:24.0600 3208 circlass - ok
21:31:24.0632 3208 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
21:31:24.0638 3208 CLFS - ok
21:31:24.0714 3208 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:24.0743 3208 clr_optimization_v2.0.50727_32 - ok
21:31:24.0799 3208 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:24.0816 3208 clr_optimization_v2.0.50727_64 - ok
21:31:24.0909 3208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:24.0960 3208 clr_optimization_v4.0.30319_32 - ok
21:31:24.0972 3208 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:31:24.0976 3208 clr_optimization_v4.0.30319_64 - ok
21:31:25.0019 3208 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:31:25.0020 3208 cmdide - ok
21:31:25.0037 3208 [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:31:25.0039 3208 Compbatt - ok
21:31:25.0042 3208 COMSysApp - ok
21:31:25.0059 3208 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:31:25.0060 3208 crcdisk - ok
21:31:25.0124 3208 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:31:25.0126 3208 CryptSvc - ok
21:31:25.0169 3208 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:31:25.0186 3208 DcomLaunch - ok
21:31:25.0208 3208 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:31:25.0209 3208 DfsC - ok
21:31:25.0307 3208 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
21:31:25.0382 3208 DFSR - ok
21:31:25.0472 3208 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:31:25.0476 3208 Dhcp - ok
21:31:25.0526 3208 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
21:31:25.0527 3208 disk - ok
21:31:25.0581 3208 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:31:25.0583 3208 Dnscache - ok
21:31:25.0655 3208 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:31:25.0657 3208 DockLoginService - ok
21:31:25.0680 3208 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
21:31:25.0684 3208 dot3svc - ok

#7 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 22 August 2012 - 11:31 PM

still scanning eset. Will post log in the morning.

Edited by QM1Wife, 22 August 2012 - 11:32 PM.


#8 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 23 August 2012 - 07:07 AM

ESET results C:\TDSSKiller_Quarantine\22.08.2012_20.52.19\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.08.2012_20.52.19\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.08.2012_20.52.19\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.08.2012_20.52.19\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.08.2012_20.52.19\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\ce3stdyq.default\extensions\eqccxtibyx@eqccxtibyx.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2a360d9-2957b36f a variant of Java/Exploit.Agent.NDA trojan deleted - quarantined
C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\492fa366-333b3e96 multiple threats deleted - quarantined
C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\extensions\eqccxtibyx@eqccxtibyx.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\Users\Sandy\Desktop\Programs\Zipped Programs\allinonefile.zip a variant of Win32/Tool.TPE.A application deleted - quarantined

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 PM

Posted 23 August 2012 - 07:19 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 23 August 2012 - 07:19 AM.


#10 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 24 August 2012 - 07:32 AM

mini toolbox results:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Sandy (administrator) on 24-08-2012 at 07:30:35
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Linksys AE1000 = Wireless Network Connection 3 (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sandy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys AE1000 #3
Physical Address. . . . . . . . . : 68-7F-74-F3-9A-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2137:efc8:e43b:5d6b%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.144(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 23, 2012 11:36:31 PM
Lease Expires . . . . . . . . . . : Friday, August 24, 2012 11:36:29 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 258506612
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0D-36-16-00-23-AE-E7-13-A9
DNS Servers . . . . . . . . . . . : 97.64.209.36
97.64.168.13
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-AE-E7-13-A9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{22C3EEFB-D2BB-41AE-8BFB-CBA1F58FF88D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3467:11d4:3f57:fe6f(Preferred)
Link-local IPv6 Address . . . . . : fe80::3467:11d4:3f57:fe6f%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{666F9CC9-299B-4A99-9081-526196DEAE99}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: albdc-dns-dts10.mcomdc.com
Address: 97.64.209.36

Name: google.com
Addresses: 2001:4860:800a::66
74.125.134.139
74.125.134.100
74.125.134.101
74.125.134.102
74.125.134.113
74.125.134.138



Pinging google.com [74.125.134.100] with 32 bytes of data:

Reply from 74.125.134.100: bytes=32 time=23ms TTL=47

Reply from 74.125.134.100: bytes=32 time=23ms TTL=47



Ping statistics for 74.125.134.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 23ms, Average = 23ms

Server: albdc-dns-dts10.mcomdc.com
Address: 97.64.209.36

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=1005ms TTL=47

Reply from 98.138.253.109: bytes=32 time=100ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 100ms, Maximum = 1005ms, Average = 552ms

Server: albdc-dns-dts10.mcomdc.com
Address: 97.64.209.36

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
15 ...68 7f 74 f3 9a 0a ...... Linksys AE1000 #3
11 ...00 23 ae e7 13 a9 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{22C3EEFB-D2BB-41AE-8BFB-CBA1F58FF88D}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{666F9CC9-299B-4A99-9081-526196DEAE99}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.144 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.144 281
192.168.1.144 255.255.255.255 On-link 192.168.1.144 281
192.168.1.255 255.255.255.255 On-link 192.168.1.144 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.144 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.144 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:9d38:953c:3467:11d4:3f57:fe6f/128
On-link
15 281 fe80::/64 On-link
10 266 fe80::/64 On-link
15 281 fe80::2137:efc8:e43b:5d6b/128
On-link
10 266 fe80::3467:11d4:3f57:fe6f/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 18 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 19 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

More help is available by typing NET HELPMSG 4201.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
ActivClient x64 (Version: 6.2)
Akamai NetSession Interface
Apple Mobile Device Support (Version: 5.2.0.6)
Ask Toolbar Updater (Version: 1.2.0.20007)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2009.0213.2138.38808)
CCleaner (Version: 3.21)
Dell Dock (Version: 1.0.0)
EMCGadgets64 (Version: 1.1.501)
Facebook Plug-In
Google Chrome (Version: 21.0.1180.83)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Printer Driver Software 10.0.02 (Version: 10.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
iCloud (Version: 1.1.0.40)
Intel® Matrix Storage Manager
iTunes (Version: 10.6.3.25)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
MobileMe Control Panel (Version: 3.1.8.0)
Network64 (Version: 120.0.194.000)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
ROBLOX Player for Sandy
Share64 (Version: 1.6.2.36)
Shop for HP Supplies (Version: 12)
Unity Web Player (Version: )
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 4086.07 MB
Available physical RAM: 1449.9 MB
Total Pagefile: 8369.65 MB
Available Pagefile: 5386.83 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.62 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.69 GB) (Free:296.67 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:6.71 GB) NTFS
3 Drive e: (SM3DVD) (CDROM) (Total:3.1 GB) (Free:0 GB) UDF
4 Drive f: () (Fixed) (Total:69.82 GB) (Free:32.53 GB) NTFS
7 Drive i: (NIKON D40) (Removable) (Total:3.79 GB) (Free:3.24 GB) FAT32
9 Drive k: () (Fixed) (Total:4.63 GB) (Free:0.49 GB) FAT32

========================= Users: ========================================

User accounts for \\SANDY-PC

Administrator Guest Mike
Rachel Sandy William


**** End of log ****

#11 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 24 August 2012 - 07:34 AM

FSS:
Farbar Service Scanner Version: 06-08-2012
Ran by Sandy (administrator) on 24-08-2012 at 07:33:26
Running from "C:\Users\Sandy\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-17 02:11] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 14:45] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 02:57] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 02:57] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-17 02:11] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-17 02:10] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-17 02:11] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-17 02:10] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-17 02:11] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-17 02:11] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-17 02:11] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-20 19:51] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-17 02:11] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#12 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 24 August 2012 - 07:48 AM

# AdwCleaner v1.801 - Logfile created 08/24/2012 at 07:40:43
# Updated 14/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Sandy - SANDY-PC
# Boot Mode : Normal
# Running from : C:\Users\Sandy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde
Deleted on reboot : C:\Users\Sandy\AppData\Local\Ilivid Player
Deleted on reboot : C:\Users\Sandy\AppData\LocalLow\Toolbar4
Deleted on reboot : C:\Users\William\AppData\LocalLow\Dealio
Deleted on reboot : C:\Users\William\AppData\LocalLow\Search Settings
Deleted on reboot : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\Conduit
Deleted on reboot : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\ConduitCommon
Deleted on reboot : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\CT2438727
Deleted on reboot : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\CT2464976
Deleted on reboot : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\FCTB
Deleted on reboot : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}(72)
Deleted on reboot : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Deleted on reboot : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\ce3stdyq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Deleted on reboot : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\ce3stdyq.default\extensions\crossriderapp2258@crossrider.com
Deleted on reboot : C:\ProgramData\blekko toolbars
Deleted on reboot : C:\ProgramData\boost_interprocess

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\9z4kweh4.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\ce3stdyq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [38719 octets] - [24/08/2012 07:35:00]
AdwCleaner[S1].txt - [35663 octets] - [24/08/2012 07:38:13]
AdwCleaner[S2].txt - [2727 octets] - [24/08/2012 07:40:44]

########## EOF - C:\AdwCleaner[S2].txt - [2855 octets] ##########

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 PM

Posted 24 August 2012 - 07:50 AM

Malwarebytes log?

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues?

#14 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 24 August 2012 - 09:14 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4168

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/4/2010 7:07:20 AM
mbam-log-2010-06-04 (07-07-20).txt

Scan type: Full scan (C:\|D:\|F:\|K:\|)
Objects scanned: 439422
Time elapsed: 1 hour(s), 41 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\MPK (Refog.Keylogger) -> Delete on reboot.
C:\ProgramData\MPK\1 (Refog.Keylogger) -> Delete on reboot.
C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\M0000 (Refog.Keylogger) -> Delete on reboot.
C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\D0000 (Refog.Keylogger) -> Delete on reboot.
C:\ProgramData\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

#15 QM1Wife

QM1Wife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 24 August 2012 - 09:17 AM

MBR still states that the Stealth MBR rootkit/Mebroot/Sinowal/TDL4 is still there. Links seem okay when doing a search result. Am unable to turn on windows defender. Here is the Rkill results:
Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/24/2012 09:14:37 AM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]
* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/24/2012 09:14:52 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users