Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS And google keeps redirecting


  • This topic is locked This topic is locked
17 replies to this topic

#1 Sotyr

Sotyr

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 01 November 2012 - 01:56 PM

Google DOES redirect, Avast keeps popping up with malicious URL Blocked, Malwarebytes says it's svchost Microsoft security essentials says it's Trojan:DOS/Alureon.A I do get Blue screens when I do too much stuff when the computer is starting up, And when it starts Microsoft security essentials detects Alureon even after It's removed. At one point I couldn't boot normally untill I did a system restore, My whole computer screwed up once (Barely anything would open and when it did it screwed up Immediatly) (The guide http://www.bleepingcomputer.com/forums/topic34773.html that I'm following) 64bit windows 7 btw

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Skeith at 11:46:14 on 2012-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2066 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0961BF4F-B5B2-4E08-81B2-B3868388C2CC} : DHCPNameServer = 192.168.2.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Skeith\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-31 23:33; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
---- FIREFOX POLICIES ----
.
.
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-outbrowse
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-30 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-31 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-31 370288]
R1 MpKsl19e78fe6;MpKsl19e78fe6;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{159C6E8B-413B-4140-B249-E4029E7F170F}\MpKsl19e78fe6.sys [2012-11-1 35664]
R1 MpKsl3fdba7a6;MpKsl3fdba7a6;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{159C6E8B-413B-4140-B249-E4029E7F170F}\MpKsl3fdba7a6.sys [2012-11-1 35664]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-30 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-31 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-31 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-31 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-18 2754984]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-10-4 66728]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-3-30 320040]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-10 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-5 116648]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2010-4-14 45736]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-30 1691848]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-5 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown MpKsl693b2832;MpKsl693b2832; [x]
.
=============== Created Last 30 ================
.
2012-11-01 18:17:27 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{159C6E8B-413B-4140-B249-E4029E7F170F}\MpKsl3fdba7a6.sys
2012-11-01 18:09:10 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-11-01 18:06:54 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{159C6E8B-413B-4140-B249-E4029E7F170F}\MpKsla10ff6d5.sys
2012-11-01 17:16:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{159C6E8B-413B-4140-B249-E4029E7F170F}\offreg.dll
2012-11-01 17:15:25 20480 ------w- C:\Windows\svchost.exe
2012-11-01 17:14:31 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{159C6E8B-413B-4140-B249-E4029E7F170F}\MpKsl19e78fe6.sys
2012-11-01 11:20:29 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{159C6E8B-413B-4140-B249-E4029E7F170F}\mpengine.dll
2012-11-01 06:35:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-11-01 06:35:26 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-11-01 06:35:19 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-11-01 06:33:20 41224 ----a-w- C:\Windows\avastSS.scr
2012-11-01 06:33:05 -------- d-----w- C:\ProgramData\AVAST Software
2012-11-01 06:33:05 -------- d-----w- C:\Program Files\AVAST Software
2012-11-01 05:41:49 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-29 07:10:28 -------- d-sh--w- C:\Users\Skeith\wc
2012-10-29 07:10:06 -------- d-sh--w- C:\Users\Skeith\AppData\Roaming\wyUpdate AU
2012-10-29 07:08:07 -------- d-----w- C:\ProgramData\Team [SAO]
2012-10-29 07:08:07 -------- d-----w- C:\Program Files (x86)\Team [SAO]
2012-10-29 07:07:26 -------- d-----w- C:\Users\Skeith\AppData\Local\Downloaded Installations
2012-10-27 15:17:07 -------- d-----w- C:\Users\Skeith\AppData\Local\Package Cache
2012-10-25 19:29:59 -------- d-----w- C:\ProgramData\3DMGAME
2012-10-19 23:10:30 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE52A164-3431-4F30-A655-1FAA9DB1010B}\gapaengine.dll
2012-10-10 08:25:04 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 08:25:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 08:25:03 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 08:25:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 02:49:34 -------- d-----w- C:\Users\Skeith\AppData\Local\SkypeFx
2012-10-08 05:42:10 -------- d-----w- C:\Nexon
2012-10-08 05:22:20 -------- d-----w- C:\Users\Skeith\AppData\Local\PMB Files
2012-10-08 05:22:19 -------- d-----w- C:\ProgramData\PMB Files
2012-10-05 17:45:07 -------- d-----w- C:\Users\Skeith\AppData\Roaming\thriXXX
2012-10-04 18:35:32 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2012-10-04 18:35:32 -------- d-----w- C:\Program Files\Virtual Audio Cable
2012-10-04 18:29:34 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects
2012-10-04 18:28:35 -------- d-----w- C:\ProgramData\Acoustica
2012-10-04 18:28:35 -------- d-----w- C:\Program Files (x86)\VST
2012-10-04 18:28:19 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 5
.
==================== Find3M ====================
.
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-27 23:10:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-27 23:10:23 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-27 23:10:23 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 21:02:24 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-15 20:18:50 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 11:47:08.85 ===============

Edited by Sotyr, 01 November 2012 - 02:02 PM.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:47 AM

Posted 01 November 2012 - 06:09 PM

Hello Sotyr, and welcome to Bleeping Computer! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

:step1: Warning

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you would still like to clean the machine, then please follow the next steps.

==========

:step2: Warning Multiple Antivirus Programs

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to Programs and Features under Computer and uninstall either avast! Antivirus or Microsoft Security Essentials.

==========

:step3: Next Step

Run Combofix

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

In your next reply, please include the following:

  • The Combofix.txt log
  • How is the computer running now?

bloopie

#3 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 02 November 2012 - 09:16 AM

I do not have a disc at all, It didn't come with one and I was going to create one soon.
I also started combo fix on safe mode because the computer gave me blue screen then a failed to boot up afterward (It did boot after i shut it down and started it up again), I hope that is not a problem.
I had forgotten to also mention Avast says \\.globalroot\systemroot\svchost.exe is trying to open sites, And it is still trying, And after a blue screen the computer starts up to a black screen for a little while, Which I assume is normal though since it goes back.


ComboFix 12-10-31.03 - Skeith 11/02/2012 6:49.3.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2761 [GMT -7:00]
Running from: c:\users\Skeith\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Skeith\AppData\Roaming\Love
c:\users\Skeith\AppData\Roaming\Love\mari0\options.txt
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 14:00 . 2012-11-02 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 11:15 . 2012-11-02 11:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{636F84B7-B9CF-4C39-99ED-7812573A1BB4}\offreg.dll
2012-11-02 11:14 . 2012-10-17 09:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{636F84B7-B9CF-4C39-99ED-7812573A1BB4}\mpengine.dll
2012-11-01 18:09 . 2012-11-01 18:09 -------- d-----w- c:\windows\system32\MpEngineStore
2012-11-01 06:35 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-01 06:35 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-01 06:35 . 2012-10-15 15:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-01 06:35 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-01 06:35 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-01 06:35 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-01 06:35 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-01 06:33 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-01 06:33 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-01 06:33 . 2012-11-01 06:33 -------- d-----w- c:\programdata\AVAST Software
2012-11-01 06:33 . 2012-11-01 06:33 -------- d-----w- c:\program files\AVAST Software
2012-10-29 07:10 . 2012-10-29 07:10 -------- d-sh--w- c:\users\Skeith\wc
2012-10-29 07:10 . 2012-10-29 07:10 -------- d-sh--w- c:\users\Skeith\AppData\Roaming\wyUpdate AU
2012-10-29 07:08 . 2012-10-29 07:08 -------- d-----w- c:\programdata\Team [SAO]
2012-10-29 07:08 . 2012-10-29 07:08 -------- d-----w- c:\program files (x86)\Team [SAO]
2012-10-29 07:07 . 2012-10-29 07:07 -------- d-----w- c:\users\Skeith\AppData\Local\Downloaded Installations
2012-10-28 03:54 . 2012-10-28 03:54 -------- d-----w- c:\windows\Sun
2012-10-27 15:17 . 2012-10-27 15:17 -------- d-----w- c:\users\Skeith\AppData\Local\Package Cache
2012-10-25 19:29 . 2012-10-25 19:29 -------- d-----w- c:\programdata\3DMGAME
2012-10-10 08:25 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 08:25 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 08:25 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 08:25 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 02:49 . 2012-10-12 03:07 -------- d-----w- c:\users\Skeith\AppData\Local\SkypeFx
2012-10-08 05:42 . 2012-10-08 05:42 -------- d-----w- C:\Nexon
2012-10-08 05:22 . 2012-10-31 19:45 -------- d-----w- c:\users\Skeith\AppData\Local\PMB Files
2012-10-08 05:22 . 2012-11-01 05:25 -------- d-----w- c:\programdata\PMB Files
2012-10-05 17:45 . 2012-10-05 17:45 -------- d-----w- c:\users\Skeith\AppData\Roaming\thriXXX
2012-10-04 18:35 . 2012-10-04 18:36 -------- d-----w- c:\program files\Virtual Audio Cable
2012-10-04 18:35 . 2012-10-04 18:35 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2012-10-04 18:29 . 2012-10-04 18:29 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
2012-10-04 18:28 . 2012-10-04 18:28 -------- d-----w- c:\programdata\Acoustica
2012-10-04 18:28 . 2012-10-04 18:28 -------- d-----w- c:\program files (x86)\VST
2012-10-04 18:28 . 2012-10-04 18:29 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 02:54 . 2012-05-06 07:22 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-15 22:47 . 2012-09-15 22:47 40960 ----a-r- c:\users\Skeith\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-09-15 22:47 . 2012-09-15 22:47 40960 ----a-r- c:\users\Skeith\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-08-27 23:10 . 2012-08-27 23:10 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-27 23:10 . 2012-08-27 23:10 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-27 23:10 . 2012-08-27 23:10 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-27 23:10 . 2012-08-27 23:10 188904 ----a-w- c:\windows\system32\java.exe
2012-08-27 23:10 . 2012-08-27 07:25 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-27 23:10 . 2012-03-31 00:15 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 11:15 . 2012-09-23 10:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 10:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 10:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 10:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 10:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 10:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 10:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 10:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 10:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 10:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 10:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 10:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 10:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 10:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 10:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 10:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 10:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 10:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 10:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 10:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 10:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 10:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 00:20 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 00:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 00:20 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 00:20 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 18:42 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 08:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-15 21:02 . 2012-08-15 20:04 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-15 20:18 . 2012-08-15 19:54 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-05-16 296056]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-30 1089608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-4-28 2647664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 116648]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-15 1052328]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-15 45736]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-10-04 66728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 116648]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHLPA64
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 00:46]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 00:46]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000Core.job
- c:\users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 05:46]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000UA.job
- c:\users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 05:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - ExtSQL: 2012-10-31 23:33; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-outbrowse
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-{5C13C5F3-6E30-449F-8872-DF8AC35AE285}_is1 - c:\users\Skeith\Documents\Camtasia Studio\Minederp\Server d3rp\CraftBukkit\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-02 07:03:20
ComboFix-quarantined-files.txt 2012-11-02 14:03
.
Pre-Run: 300,689,895,424 bytes free
Post-Run: 303,223,783,424 bytes free
.
- - End Of File - - F4CF0AC8877E3BB972EC85C4E693B045

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:47 AM

Posted 02 November 2012 - 03:27 PM

Hi again,

Are you saying your computer won't boot into normal mode? Also please let me know how the computer is running if in normal mode. Do you still get popups from avast about svchost.exe?

==========

Let's run these next:

Step :step1:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note*** If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

==========

Step :step2:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

In your next reply, please include the following:

  • The TDSSKiller log
  • The aswMBR log
  • Any changes to the machine?
bloopie

#5 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 02 November 2012 - 03:54 PM

I am able to run normally, I just have to force shut it down and restart it up to get it past that. But Since I ran TDSSKiller it removed the Rookit and detected a medium threat that I had to skip, I no longer get avast pop ups about something trying to open something but when turning on my computer before running aswMBR It started up to a black screen with two security warnings trying to open something, They both opened TSDDKiller I also hope that is normal. I ran aswMBR, If that was suppose to remove the medium threat then it did that, if not then It just disappeared. Also I am unsure if saving the log ends the scan on aswMBR or if I can even do it during the middle, So I am unsure if it finished. Also sorry if I am confusing or miss details I am tired and sick.I ran malwarebytes only thing detected was in TDSSKiller quarintine (Should I delete it with malwarebytes?), But I believe it's gone, so thank you so much bloopie!


13:32:57.0368 2852 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:32:57.0826 2852 ============================================================
13:32:57.0826 2852 Current date / time: 2012/11/02 13:32:57.0826
13:32:57.0826 2852 SystemInfo:
13:32:57.0826 2852
13:32:57.0826 2852 OS Version: 6.1.7601 ServicePack: 1.0
13:32:57.0826 2852 Product type: Workstation
13:32:57.0827 2852 ComputerName: SHADOWSKEITH-PC
13:32:57.0827 2852 UserName: Skeith
13:32:57.0827 2852 Windows directory: C:\Windows
13:32:57.0827 2852 System windows directory: C:\Windows
13:32:57.0827 2852 Running under WOW64
13:32:57.0827 2852 Processor architecture: Intel x64
13:32:57.0827 2852 Number of processors: 2
13:32:57.0827 2852 Page size: 0x1000
13:32:57.0827 2852 Boot type: Normal boot
13:32:57.0827 2852 ============================================================
13:32:58.0016 2852 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:32:58.0051 2852 ============================================================
13:32:58.0051 2852 \Device\Harddisk0\DR0:
13:32:58.0051 2852 MBR partitions:
13:32:58.0051 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
13:32:58.0051 2852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x385D0000
13:32:58.0051 2852 ============================================================
13:32:58.0080 2852 C: <-> \Device\Harddisk0\DR0\Partition2
13:32:58.0080 2852 ============================================================
13:32:58.0080 2852 Initialize success
13:32:58.0080 2852 ============================================================
13:33:02.0711 2720 ============================================================
13:33:02.0711 2720 Scan started
13:33:02.0711 2720 Mode: Manual; SigCheck; TDLFS;
13:33:02.0711 2720 ============================================================
13:33:03.0430 2720 ================ Scan system memory ========================
13:33:03.0430 2720 System memory - ok
13:33:03.0430 2720 ================ Scan services =============================
13:33:03.0575 2720 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:33:03.0639 2720 1394ohci - ok
13:33:03.0684 2720 [ F146E2BA475893DD77B2370DC1211FC6 ] 82024746 C:\Windows\system32\drivers\06007172.sys
13:33:03.0700 2720 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:33:03.0716 2720 ACPI - ok
13:33:03.0738 2720 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:33:03.0753 2720 AcpiPmi - ok
13:33:03.0762 2720 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:33:03.0779 2720 adp94xx - ok
13:33:03.0787 2720 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:33:03.0802 2720 adpahci - ok
13:33:03.0809 2720 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:33:03.0821 2720 adpu320 - ok
13:33:03.0844 2720 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:33:03.0875 2720 AeLookupSvc - ok
13:33:03.0923 2720 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:33:03.0941 2720 AFD - ok
13:33:03.0978 2720 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:33:03.0992 2720 agp440 - ok
13:33:04.0002 2720 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:33:04.0016 2720 ALG - ok
13:33:04.0031 2720 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:33:04.0043 2720 aliide - ok
13:33:04.0062 2720 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:33:04.0086 2720 AMD External Events Utility - ok
13:33:04.0091 2720 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:33:04.0102 2720 amdide - ok
13:33:04.0120 2720 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:33:04.0134 2720 AmdK8 - ok
13:33:04.0154 2720 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:33:04.0167 2720 AmdPPM - ok
13:33:04.0187 2720 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:33:04.0199 2720 amdsata - ok
13:33:04.0211 2720 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:33:04.0223 2720 amdsbs - ok
13:33:04.0239 2720 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:33:04.0251 2720 amdxata - ok
13:33:04.0276 2720 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:33:04.0307 2720 AppID - ok
13:33:04.0331 2720 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:33:04.0361 2720 AppIDSvc - ok
13:33:04.0375 2720 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:33:04.0405 2720 Appinfo - ok
13:33:04.0427 2720 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:33:04.0440 2720 arc - ok
13:33:04.0447 2720 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:33:04.0459 2720 arcsas - ok
13:33:04.0529 2720 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:33:04.0542 2720 aspnet_state - ok
13:33:04.0591 2720 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:33:04.0611 2720 aswFsBlk - ok
13:33:04.0656 2720 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:33:04.0668 2720 aswMonFlt - ok
13:33:04.0696 2720 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:33:04.0711 2720 aswRdr - ok
13:33:04.0755 2720 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:33:04.0784 2720 aswSnx - ok
13:33:04.0823 2720 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:33:04.0840 2720 aswSP - ok
13:33:04.0868 2720 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:33:04.0883 2720 aswTdi - ok
13:33:04.0897 2720 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:04.0929 2720 AsyncMac - ok
13:33:04.0954 2720 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:33:04.0966 2720 atapi - ok
13:33:04.0996 2720 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:33:05.0009 2720 AtiHdmiService - ok
13:33:05.0093 2720 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:05.0209 2720 atikmdag - ok
13:33:05.0242 2720 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys
13:33:05.0253 2720 AtiPcie - ok
13:33:05.0285 2720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:33:05.0323 2720 AudioEndpointBuilder - ok
13:33:05.0332 2720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:33:05.0368 2720 AudioSrv - ok
13:33:05.0418 2720 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:33:05.0433 2720 avast! Antivirus - ok
13:33:05.0470 2720 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:33:05.0489 2720 AxInstSV - ok
13:33:05.0512 2720 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:33:05.0536 2720 b06bdrv - ok
13:33:05.0553 2720 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:05.0570 2720 b57nd60a - ok
13:33:05.0594 2720 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:33:05.0614 2720 BDESVC - ok
13:33:05.0620 2720 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:33:05.0654 2720 Beep - ok
13:33:05.0683 2720 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:33:05.0721 2720 BFE - ok
13:33:05.0749 2720 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:33:05.0790 2720 BITS - ok
13:33:05.0821 2720 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:05.0836 2720 blbdrive - ok
13:33:05.0892 2720 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:33:05.0924 2720 bowser - ok
13:33:05.0971 2720 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:33:06.0004 2720 BrFiltLo - ok
13:33:06.0009 2720 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:33:06.0046 2720 BrFiltUp - ok
13:33:06.0090 2720 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:33:06.0121 2720 BridgeMP - ok
13:33:06.0176 2720 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:33:06.0210 2720 Browser - ok
13:33:06.0227 2720 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:33:06.0249 2720 Brserid - ok
13:33:06.0254 2720 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:06.0270 2720 BrSerWdm - ok
13:33:06.0274 2720 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:06.0290 2720 BrUsbMdm - ok
13:33:06.0294 2720 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:06.0307 2720 BrUsbSer - ok
13:33:06.0311 2720 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:33:06.0328 2720 BTHMODEM - ok
13:33:06.0344 2720 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:33:06.0376 2720 bthserv - ok
13:33:06.0379 2720 catchme - ok
13:33:06.0394 2720 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:33:06.0427 2720 cdfs - ok
13:33:06.0456 2720 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:33:06.0472 2720 cdrom - ok
13:33:06.0499 2720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:33:06.0529 2720 CertPropSvc - ok
13:33:06.0538 2720 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:33:06.0555 2720 circlass - ok
13:33:06.0579 2720 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:33:06.0597 2720 CLFS - ok
13:33:06.0641 2720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:06.0653 2720 clr_optimization_v2.0.50727_32 - ok
13:33:06.0689 2720 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:06.0701 2720 clr_optimization_v2.0.50727_64 - ok
13:33:06.0747 2720 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:06.0759 2720 clr_optimization_v4.0.30319_32 - ok
13:33:06.0767 2720 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:06.0779 2720 clr_optimization_v4.0.30319_64 - ok
13:33:06.0799 2720 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:33:06.0812 2720 CmBatt - ok
13:33:06.0816 2720 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:33:06.0829 2720 cmdide - ok
13:33:06.0871 2720 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:33:06.0897 2720 CNG - ok
13:33:06.0913 2720 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:33:06.0925 2720 Compbatt - ok
13:33:06.0949 2720 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:33:06.0965 2720 CompositeBus - ok
13:33:06.0969 2720 COMSysApp - ok
13:33:06.0975 2720 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:33:06.0988 2720 crcdisk - ok
13:33:07.0028 2720 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:33:07.0052 2720 CryptSvc - ok
13:33:07.0128 2720 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:33:07.0154 2720 cvhsvc - ok
13:33:07.0179 2720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:33:07.0215 2720 DcomLaunch - ok
13:33:07.0235 2720 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:33:07.0270 2720 defragsvc - ok
13:33:07.0287 2720 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:33:07.0319 2720 DfsC - ok
13:33:07.0337 2720 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:33:07.0371 2720 Dhcp - ok
13:33:07.0387 2720 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:33:07.0419 2720 discache - ok
13:33:07.0437 2720 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:33:07.0451 2720 Disk - ok
13:33:07.0473 2720 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:33:07.0499 2720 Dnscache - ok
13:33:07.0516 2720 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:33:07.0550 2720 dot3svc - ok
13:33:07.0564 2720 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:33:07.0595 2720 DPS - ok
13:33:07.0623 2720 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:33:07.0642 2720 drmkaud - ok
13:33:07.0701 2720 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:33:07.0729 2720 DXGKrnl - ok
13:33:07.0745 2720 EagleX64 - ok
13:33:07.0760 2720 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:33:07.0793 2720 EapHost - ok
13:33:07.0844 2720 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:33:07.0916 2720 ebdrv - ok
13:33:07.0956 2720 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:33:07.0982 2720 EFS - ok
13:33:08.0019 2720 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:33:08.0055 2720 ehRecvr - ok
13:33:08.0072 2720 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:33:08.0088 2720 ehSched - ok
13:33:08.0113 2720 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:33:08.0132 2720 elxstor - ok
13:33:08.0136 2720 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:33:08.0150 2720 ErrDev - ok
13:33:08.0204 2720 [ 932C05033053ADA2404FD836C9AB2C70 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
13:33:08.0219 2720 EuMusDesignVirtualAudioCableWdm - ok
13:33:08.0244 2720 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:33:08.0281 2720 EventSystem - ok
13:33:08.0299 2720 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:33:08.0333 2720 exfat - ok
13:33:08.0345 2720 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:33:08.0378 2720 fastfat - ok
13:33:08.0399 2720 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:33:08.0442 2720 Fax - ok
13:33:08.0447 2720 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:33:08.0461 2720 fdc - ok
13:33:08.0478 2720 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:33:08.0509 2720 fdPHost - ok
13:33:08.0518 2720 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:33:08.0549 2720 FDResPub - ok
13:33:08.0562 2720 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:33:08.0575 2720 FileInfo - ok
13:33:08.0591 2720 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:33:08.0623 2720 Filetrace - ok
13:33:08.0628 2720 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:33:08.0642 2720 flpydisk - ok
13:33:08.0656 2720 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:33:08.0674 2720 FltMgr - ok
13:33:08.0717 2720 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:33:08.0765 2720 FontCache - ok
13:33:08.0803 2720 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:08.0815 2720 FontCache3.0.0.0 - ok
13:33:08.0834 2720 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:33:08.0847 2720 FsDepends - ok
13:33:08.0869 2720 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:33:08.0884 2720 Fs_Rec - ok
13:33:08.0907 2720 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:33:08.0923 2720 fvevol - ok
13:33:08.0942 2720 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:33:08.0953 2720 gagp30kx - ok
13:33:08.0985 2720 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:33:09.0026 2720 gpsvc - ok
13:33:09.0073 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:09.0084 2720 gupdate - ok
13:33:09.0097 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:09.0107 2720 gupdatem - ok
13:33:09.0126 2720 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:33:09.0139 2720 gusvc - ok
13:33:09.0177 2720 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:33:09.0192 2720 hamachi - ok
13:33:09.0211 2720 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:33:09.0235 2720 hcw85cir - ok
13:33:09.0257 2720 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:09.0274 2720 HDAudBus - ok
13:33:09.0287 2720 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:33:09.0301 2720 HidBatt - ok
13:33:09.0311 2720 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:33:09.0328 2720 HidBth - ok
13:33:09.0338 2720 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:33:09.0354 2720 HidIr - ok
13:33:09.0378 2720 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:33:09.0413 2720 hidserv - ok
13:33:09.0461 2720 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:33:09.0476 2720 HidUsb - ok
13:33:09.0486 2720 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:33:09.0519 2720 hkmsvc - ok
13:33:09.0532 2720 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:33:09.0561 2720 HomeGroupListener - ok
13:33:09.0588 2720 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:33:09.0605 2720 HomeGroupProvider - ok
13:33:09.0623 2720 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:33:09.0638 2720 HpSAMD - ok
13:33:09.0660 2720 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:33:09.0699 2720 HTTP - ok
13:33:09.0710 2720 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:33:09.0723 2720 hwpolicy - ok
13:33:09.0747 2720 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:33:09.0761 2720 i8042prt - ok
13:33:09.0780 2720 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:33:09.0797 2720 iaStorV - ok
13:33:09.0829 2720 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:09.0852 2720 idsvc - ok
13:33:09.0869 2720 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:33:09.0881 2720 iirsp - ok
13:33:09.0908 2720 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:33:09.0949 2720 IKEEXT - ok
13:33:10.0015 2720 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:33:10.0073 2720 IntcAzAudAddService - ok
13:33:10.0089 2720 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:33:10.0100 2720 intelide - ok
13:33:10.0105 2720 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:33:10.0119 2720 intelppm - ok
13:33:10.0131 2720 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:33:10.0164 2720 IPBusEnum - ok
13:33:10.0174 2720 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:10.0204 2720 IpFilterDriver - ok
13:33:10.0224 2720 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:33:10.0267 2720 iphlpsvc - ok
13:33:10.0272 2720 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:33:10.0286 2720 IPMIDRV - ok
13:33:10.0291 2720 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:33:10.0323 2720 IPNAT - ok
13:33:10.0339 2720 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:33:10.0357 2720 IRENUM - ok
13:33:10.0361 2720 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:33:10.0373 2720 isapnp - ok
13:33:10.0393 2720 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:33:10.0409 2720 iScsiPrt - ok
13:33:10.0424 2720 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
13:33:10.0441 2720 k57nd60a - ok
13:33:10.0463 2720 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:10.0475 2720 kbdclass - ok
13:33:10.0491 2720 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:10.0505 2720 kbdhid - ok
13:33:10.0520 2720 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:33:10.0534 2720 KeyIso - ok
13:33:10.0569 2720 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:33:10.0583 2720 KSecDD - ok
13:33:10.0594 2720 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:33:10.0608 2720 KSecPkg - ok
13:33:10.0633 2720 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:33:10.0664 2720 ksthunk - ok
13:33:10.0695 2720 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:33:10.0731 2720 KtmRm - ok
13:33:10.0752 2720 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:33:10.0787 2720 LanmanServer - ok
13:33:10.0808 2720 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:33:10.0841 2720 LanmanWorkstation - ok
13:33:10.0871 2720 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:33:10.0903 2720 lltdio - ok
13:33:10.0925 2720 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:33:10.0963 2720 lltdsvc - ok
13:33:10.0975 2720 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:33:11.0008 2720 lmhosts - ok
13:33:11.0034 2720 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:33:11.0047 2720 LSI_FC - ok
13:33:11.0110 2720 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:33:11.0148 2720 LSI_SAS - ok
13:33:11.0169 2720 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:33:11.0182 2720 LSI_SAS2 - ok
13:33:11.0197 2720 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:33:11.0217 2720 LSI_SCSI - ok
13:33:11.0234 2720 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:33:11.0266 2720 luafv - ok
13:33:11.0318 2720 [ F6963E48385A5637FC4E51DC0F8234A0 ] lxebCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
13:33:11.0331 2720 lxebCATSCustConnectService - ok
13:33:11.0339 2720 lxeb_device - ok
13:33:11.0374 2720 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
13:33:11.0397 2720 ManyCam - ok
13:33:11.0412 2720 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
13:33:11.0429 2720 mcaudrv_simple - ok
13:33:11.0447 2720 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:33:11.0463 2720 Mcx2Svc - ok
13:33:11.0490 2720 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:33:11.0502 2720 megasas - ok
13:33:11.0525 2720 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:33:11.0541 2720 MegaSR - ok
13:33:11.0563 2720 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:33:11.0596 2720 MMCSS - ok
13:33:11.0611 2720 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:33:11.0645 2720 Modem - ok
13:33:11.0661 2720 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:33:11.0677 2720 monitor - ok
13:33:11.0714 2720 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:33:11.0726 2720 mouclass - ok
13:33:11.0742 2720 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:33:11.0756 2720 mouhid - ok
13:33:11.0777 2720 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:33:11.0791 2720 mountmgr - ok
13:33:11.0824 2720 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:33:11.0836 2720 MozillaMaintenance - ok
13:33:11.0854 2720 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:33:11.0868 2720 mpio - ok
13:33:11.0886 2720 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:33:11.0918 2720 mpsdrv - ok
13:33:11.0943 2720 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:33:11.0984 2720 MpsSvc - ok
13:33:12.0003 2720 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:33:12.0022 2720 MRxDAV - ok
13:33:12.0046 2720 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:12.0075 2720 mrxsmb - ok
13:33:12.0089 2720 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:12.0105 2720 mrxsmb10 - ok
13:33:12.0113 2720 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:12.0127 2720 mrxsmb20 - ok
13:33:12.0146 2720 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:33:12.0157 2720 msahci - ok
13:33:12.0192 2720 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
13:33:12.0205 2720 MSCamSvc - ok
13:33:12.0218 2720 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:33:12.0231 2720 msdsm - ok
13:33:12.0258 2720 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:33:12.0275 2720 MSDTC - ok
13:33:12.0292 2720 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:33:12.0335 2720 Msfs - ok
13:33:12.0352 2720 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:33:12.0423 2720 mshidkmdf - ok
13:33:12.0555 2720 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
13:33:12.0568 2720 MSHUSBVideo - ok
13:33:12.0611 2720 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:33:12.0624 2720 msisadrv - ok
13:33:12.0720 2720 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:33:12.0754 2720 MSiSCSI - ok
13:33:12.0757 2720 msiserver - ok
13:33:12.0811 2720 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:33:12.0844 2720 MSKSSRV - ok
13:33:12.0906 2720 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:12.0945 2720 MSPCLOCK - ok
13:33:12.0962 2720 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:33:12.0994 2720 MSPQM - ok
13:33:13.0047 2720 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:33:13.0075 2720 MsRPC - ok
13:33:13.0091 2720 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:13.0104 2720 mssmbios - ok
13:33:13.0116 2720 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:33:13.0151 2720 MSTEE - ok
13:33:13.0160 2720 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:33:13.0199 2720 MTConfig - ok
13:33:13.0215 2720 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:33:13.0240 2720 Mup - ok
13:33:13.0268 2720 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:33:13.0309 2720 napagent - ok
13:33:13.0420 2720 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:33:13.0512 2720 NativeWifiP - ok
13:33:13.0726 2720 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:33:13.0793 2720 NDIS - ok
13:33:13.0905 2720 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:13.0943 2720 NdisCap - ok
13:33:14.0056 2720 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:14.0098 2720 NdisTapi - ok
13:33:14.0234 2720 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:14.0266 2720 Ndisuio - ok
13:33:14.0360 2720 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:14.0408 2720 NdisWan - ok
13:33:14.0437 2720 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:33:14.0472 2720 NDProxy - ok
13:33:14.0581 2720 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:33:14.0615 2720 NetBIOS - ok
13:33:14.0683 2720 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:33:14.0719 2720 NetBT - ok
13:33:14.0766 2720 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:33:14.0780 2720 Netlogon - ok
13:33:14.0929 2720 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:33:14.0993 2720 Netman - ok
13:33:15.0087 2720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:15.0101 2720 NetMsmqActivator - ok
13:33:15.0106 2720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:15.0117 2720 NetPipeActivator - ok
13:33:15.0158 2720 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:33:15.0198 2720 netprofm - ok
13:33:15.0202 2720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:15.0214 2720 NetTcpActivator - ok
13:33:15.0218 2720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:15.0229 2720 NetTcpPortSharing - ok
13:33:15.0254 2720 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:33:15.0270 2720 nfrd960 - ok
13:33:15.0352 2720 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:33:15.0390 2720 NlaSvc - ok
13:33:15.0408 2720 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:33:15.0441 2720 Npfs - ok
13:33:15.0462 2720 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:33:15.0498 2720 nsi - ok
13:33:15.0537 2720 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:33:15.0568 2720 nsiproxy - ok
13:33:15.0886 2720 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:33:15.0933 2720 Ntfs - ok
13:33:15.0969 2720 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:33:16.0000 2720 Null - ok
13:33:16.0079 2720 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:33:16.0100 2720 nvraid - ok
13:33:16.0160 2720 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:33:16.0272 2720 nvstor - ok
13:33:16.0300 2720 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:33:16.0313 2720 nv_agp - ok
13:33:16.0340 2720 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:33:16.0359 2720 ohci1394 - ok
13:33:16.0485 2720 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:16.0510 2720 ose - ok
13:33:17.0143 2720 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:33:17.0282 2720 osppsvc - ok
13:33:17.0411 2720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:33:17.0489 2720 p2pimsvc - ok
13:33:17.0593 2720 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:33:17.0646 2720 p2psvc - ok
13:33:17.0706 2720 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:33:17.0722 2720 Parport - ok
13:33:17.0748 2720 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:33:17.0766 2720 partmgr - ok
13:33:17.0820 2720 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:33:17.0898 2720 PcaSvc - ok
13:33:17.0964 2720 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:33:17.0987 2720 pci - ok
13:33:18.0034 2720 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:33:18.0050 2720 pciide - ok
13:33:18.0068 2720 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:33:18.0083 2720 pcmcia - ok
13:33:18.0100 2720 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:33:18.0112 2720 pcw - ok
13:33:18.0185 2720 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:33:18.0233 2720 PEAUTH - ok
13:33:19.0144 2720 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:33:19.0166 2720 PerfHost - ok
13:33:19.0399 2720 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:33:19.0478 2720 pla - ok
13:33:19.0583 2720 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:33:19.0636 2720 PlugPlay - ok
13:33:19.0708 2720 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:33:19.0733 2720 PNRPAutoReg - ok
13:33:19.0815 2720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:33:19.0836 2720 PNRPsvc - ok
13:33:20.0040 2720 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:33:20.0109 2720 PolicyAgent - ok
13:33:20.0188 2720 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
13:33:20.0232 2720 Power - ok
13:33:20.0325 2720 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:33:20.0358 2720 PptpMiniport - ok
13:33:20.0391 2720 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:33:20.0406 2720 Processor - ok
13:33:20.0511 2720 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:33:20.0565 2720 ProfSvc - ok
13:33:20.0577 2720 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:33:20.0590 2720 ProtectedStorage - ok
13:33:20.0616 2720 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:33:20.0651 2720 Psched - ok
13:33:20.0733 2720 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:33:20.0749 2720 PxHlpa64 - ok
13:33:21.0168 2720 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:33:21.0237 2720 ql2300 - ok
13:33:21.0306 2720 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:33:21.0322 2720 ql40xx - ok
13:33:21.0492 2720 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:33:21.0552 2720 QWAVE - ok
13:33:21.0594 2720 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:33:21.0612 2720 QWAVEdrv - ok
13:33:21.0623 2720 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:33:21.0656 2720 RasAcd - ok
13:33:21.0691 2720 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:21.0724 2720 RasAgileVpn - ok
13:33:21.0740 2720 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:33:21.0773 2720 RasAuto - ok
13:33:21.0798 2720 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:21.0829 2720 Rasl2tp - ok
13:33:21.0867 2720 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:33:21.0905 2720 RasMan - ok
13:33:21.0929 2720 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:21.0961 2720 RasPppoe - ok
13:33:21.0987 2720 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:33:22.0019 2720 RasSstp - ok
13:33:22.0040 2720 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:33:22.0072 2720 rdbss - ok
13:33:22.0082 2720 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:33:22.0112 2720 rdpbus - ok
13:33:22.0126 2720 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:22.0157 2720 RDPCDD - ok
13:33:22.0180 2720 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:33:22.0211 2720 RDPENCDD - ok
13:33:22.0227 2720 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:33:22.0258 2720 RDPREFMP - ok
13:33:22.0300 2720 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:33:22.0321 2720 RDPWD - ok
13:33:22.0343 2720 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:33:22.0357 2720 rdyboost - ok
13:33:22.0380 2720 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:33:22.0414 2720 RemoteAccess - ok
13:33:22.0430 2720 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:33:22.0463 2720 RemoteRegistry - ok
13:33:22.0477 2720 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:33:22.0513 2720 RpcEptMapper - ok
13:33:22.0547 2720 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:33:22.0564 2720 RpcLocator - ok
13:33:22.0581 2720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:33:22.0617 2720 RpcSs - ok
13:33:22.0641 2720 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:33:22.0672 2720 rspndr - ok
13:33:22.0684 2720 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:33:22.0696 2720 SamSs - ok
13:33:22.0708 2720 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:33:22.0720 2720 sbp2port - ok
13:33:22.0733 2720 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:33:22.0767 2720 SCardSvr - ok
13:33:22.0782 2720 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:33:22.0812 2720 scfilter - ok
13:33:22.0832 2720 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:33:22.0890 2720 Schedule - ok
13:33:22.0908 2720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:33:22.0937 2720 SCPolicySvc - ok
13:33:22.0943 2720 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:33:22.0968 2720 SDRSVC - ok
13:33:22.0981 2720 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:33:23.0012 2720 secdrv - ok
13:33:23.0023 2720 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:33:23.0054 2720 seclogon - ok
13:33:23.0071 2720 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:33:23.0103 2720 SENS - ok
13:33:23.0114 2720 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:33:23.0135 2720 SensrSvc - ok
13:33:23.0152 2720 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:33:23.0165 2720 Serenum - ok
13:33:23.0185 2720 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:33:23.0199 2720 Serial - ok
13:33:23.0228 2720 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:33:23.0248 2720 sermouse - ok
13:33:23.0272 2720 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:33:23.0304 2720 SessionEnv - ok
13:33:23.0308 2720 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:33:23.0323 2720 sffdisk - ok
13:33:23.0326 2720 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:33:23.0341 2720 sffp_mmc - ok
13:33:23.0345 2720 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:33:23.0360 2720 sffp_sd - ok
13:33:23.0364 2720 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:33:23.0377 2720 sfloppy - ok
13:33:23.0425 2720 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
13:33:23.0474 2720 Sftfs - ok
13:33:23.0502 2720 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:33:23.0519 2720 sftlist - ok
13:33:23.0546 2720 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:33:23.0560 2720 Sftplay - ok
13:33:23.0575 2720 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:33:23.0585 2720 Sftredir - ok
13:33:23.0656 2720 [ 421C30C8E686DC41E64881269982B382 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:33:23.0683 2720 SftService - ok
13:33:23.0695 2720 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
13:33:23.0705 2720 Sftvol - ok
13:33:23.0716 2720 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:33:23.0728 2720 sftvsa - ok
13:33:23.0775 2720 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:33:23.0810 2720 SharedAccess - ok
13:33:23.0844 2720 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:33:23.0880 2720 ShellHWDetection - ok
13:33:23.0904 2720 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:33:23.0916 2720 SiSRaid2 - ok
13:33:23.0920 2720 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:33:23.0932 2720 SiSRaid4 - ok
13:33:24.0031 2720 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:33:24.0101 2720 Skype C2C Service - ok
13:33:24.0155 2720 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:33:24.0167 2720 SkypeUpdate - ok
13:33:24.0191 2720 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:33:24.0223 2720 Smb - ok
13:33:24.0246 2720 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:33:24.0261 2720 SNMPTRAP - ok
13:33:24.0270 2720 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:33:24.0281 2720 spldr - ok
13:33:24.0326 2720 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:33:24.0358 2720 Spooler - ok
13:33:24.0420 2720 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:33:24.0519 2720 sppsvc - ok
13:33:24.0532 2720 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:33:24.0565 2720 sppuinotify - ok
13:33:24.0587 2720 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:33:24.0618 2720 srv - ok
13:33:24.0637 2720 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:33:24.0654 2720 srv2 - ok
13:33:24.0669 2720 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:33:24.0683 2720 srvnet - ok
13:33:24.0707 2720 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:33:24.0741 2720 SSDPSRV - ok
13:33:24.0758 2720 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:33:24.0792 2720 SstpSvc - ok
13:33:24.0810 2720 Steam Client Service - ok
13:33:24.0828 2720 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:33:24.0840 2720 stexstor - ok
13:33:24.0867 2720 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:33:24.0892 2720 stisvc - ok
13:33:24.0907 2720 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:33:24.0918 2720 swenum - ok
13:33:24.0933 2720 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:33:24.0971 2720 swprv - ok
13:33:25.0005 2720 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:33:25.0059 2720 SysMain - ok
13:33:25.0072 2720 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:33:25.0091 2720 TabletInputService - ok
13:33:25.0105 2720 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:33:25.0140 2720 TapiSrv - ok
13:33:25.0153 2720 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:33:25.0185 2720 TBS - ok
13:33:25.0253 2720 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:33:25.0309 2720 Tcpip - ok
13:33:25.0353 2720 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:33:25.0385 2720 TCPIP6 - ok
13:33:25.0410 2720 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:33:25.0439 2720 tcpipreg - ok
13:33:25.0453 2720 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:33:25.0473 2720 TDPIPE - ok
13:33:25.0486 2720 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:33:25.0500 2720 TDTCP - ok
13:33:25.0513 2720 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:33:25.0544 2720 tdx - ok
13:33:25.0654 2720 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:33:25.0694 2720 TeamViewer7 - ok
13:33:25.0717 2720 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:33:25.0729 2720 TermDD - ok
13:33:25.0760 2720 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:33:25.0799 2720 TermService - ok
13:33:25.0825 2720 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:33:25.0844 2720 Themes - ok
13:33:25.0867 2720 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:33:25.0897 2720 THREADORDER - ok
13:33:25.0915 2720 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:33:25.0948 2720 TrkWks - ok
13:33:25.0985 2720 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:33:26.0018 2720 TrustedInstaller - ok
13:33:26.0042 2720 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:26.0071 2720 tssecsrv - ok
13:33:26.0090 2720 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:33:26.0110 2720 TsUsbFlt - ok
13:33:26.0120 2720 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:33:26.0133 2720 TsUsbGD - ok
13:33:26.0163 2720 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:33:26.0195 2720 tunnel - ok
13:33:26.0206 2720 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:33:26.0219 2720 uagp35 - ok
13:33:26.0233 2720 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:33:26.0266 2720 udfs - ok
13:33:26.0280 2720 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:33:26.0296 2720 UI0Detect - ok
13:33:26.0311 2720 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:33:26.0323 2720 uliagpkx - ok
13:33:26.0343 2720 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:33:26.0356 2720 umbus - ok
13:33:26.0363 2720 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:33:26.0377 2720 UmPass - ok
13:33:26.0392 2720 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:33:26.0428 2720 upnphost - ok
13:33:26.0462 2720 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:33:26.0478 2720 usbaudio - ok
13:33:26.0512 2720 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:26.0534 2720 usbccgp - ok
13:33:26.0549 2720 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:33:26.0565 2720 usbcir - ok
13:33:26.0585 2720 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:33:26.0600 2720 usbehci - ok
13:33:26.0710 2720 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:33:26.0739 2720 usbhub - ok
13:33:26.0751 2720 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:33:26.0763 2720 usbohci - ok
13:33:26.0778 2720 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:33:26.0793 2720 usbprint - ok
13:33:26.0812 2720 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:33:26.0828 2720 usbscan - ok
13:33:26.0845 2720 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:26.0859 2720 USBSTOR - ok
13:33:26.0865 2720 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:33:26.0878 2720 usbuhci - ok
13:33:26.0906 2720 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:33:26.0922 2720 usbvideo - ok
13:33:26.0941 2720 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:33:26.0974 2720 UxSms - ok
13:33:26.0988 2720 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:33:27.0000 2720 VaultSvc - ok
13:33:27.0021 2720 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:33:27.0032 2720 vdrvroot - ok
13:33:27.0056 2720 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:33:27.0093 2720 vds - ok
13:33:27.0112 2720 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:27.0129 2720 vga - ok
13:33:27.0136 2720 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:33:27.0167 2720 VgaSave - ok
13:33:27.0180 2720 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:33:27.0194 2720 vhdmp - ok
13:33:27.0210 2720 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:33:27.0221 2720 viaide - ok
13:33:27.0235 2720 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:33:27.0247 2720 volmgr - ok
13:33:27.0261 2720 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:33:27.0277 2720 volmgrx - ok
13:33:27.0291 2720 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:33:27.0307 2720 volsnap - ok
13:33:27.0324 2720 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:33:27.0337 2720 vsmraid - ok
13:33:27.0367 2720 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:33:27.0426 2720 VSS - ok
13:33:27.0446 2720 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:33:27.0461 2720 vwifibus - ok
13:33:27.0477 2720 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:33:27.0513 2720 W32Time - ok
13:33:27.0526 2720 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:33:27.0539 2720 WacomPen - ok
13:33:27.0570 2720 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:33:27.0600 2720 WANARP - ok
13:33:27.0612 2720 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:33:27.0645 2720 Wanarpv6 - ok
13:33:27.0699 2720 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:33:27.0735 2720 WatAdminSvc - ok
13:33:27.0777 2720 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:33:27.0804 2720 wbengine - ok
13:33:27.0809 2720 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:33:27.0829 2720 WbioSrvc - ok
13:33:27.0865 2720 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:33:27.0886 2720 wcncsvc - ok
13:33:27.0939 2720 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:33:27.0955 2720 WcsPlugInService - ok
13:33:27.0986 2720 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:33:27.0997 2720 Wd - ok
13:33:28.0015 2720 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:33:28.0033 2720 Wdf01000 - ok
13:33:28.0047 2720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:33:28.0065 2720 WdiServiceHost - ok
13:33:28.0070 2720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:33:28.0088 2720 WdiSystemHost - ok
13:33:28.0098 2720 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:33:28.0118 2720 WebClient - ok
13:33:28.0130 2720 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:33:28.0164 2720 Wecsvc - ok
13:33:28.0179 2720 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:33:28.0211 2720 wercplsupport - ok
13:33:28.0233 2720 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:33:28.0266 2720 WerSvc - ok
13:33:28.0297 2720 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:28.0327 2720 WfpLwf - ok
13:33:28.0359 2720 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:33:28.0371 2720 WimFltr - ok
13:33:28.0381 2720 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:33:28.0392 2720 WIMMount - ok
13:33:28.0407 2720 WinDefend - ok
13:33:28.0414 2720 WinHttpAutoProxySvc - ok
13:33:28.0478 2720 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:33:28.0511 2720 Winmgmt - ok
13:33:28.0558 2720 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:33:28.0605 2720 WinRM - ok
13:33:28.0655 2720 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:33:28.0669 2720 WinUsb - ok
13:33:28.0694 2720 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:33:28.0721 2720 Wlansvc - ok
13:33:28.0783 2720 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:33:28.0795 2720 wlcrasvc - ok
13:33:28.0848 2720 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:33:28.0883 2720 wlidsvc - ok
13:33:28.0906 2720 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:33:28.0918 2720 WmiAcpi - ok
13:33:28.0949 2720 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:33:28.0963 2720 wmiApSrv - ok
13:33:28.0981 2720 WMPNetworkSvc - ok
13:33:29.0006 2720 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:33:29.0019 2720 WPCSvc - ok
13:33:29.0029 2720 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:33:29.0045 2720 WPDBusEnum - ok
13:33:29.0060 2720 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:33:29.0089 2720 ws2ifsl - ok
13:33:29.0102 2720 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:33:29.0121 2720 wscsvc - ok
13:33:29.0124 2720 WSearch - ok
13:33:29.0195 2720 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:33:29.0236 2720 wuauserv - ok
13:33:29.0249 2720 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:33:29.0278 2720 WudfPf - ok
13:33:29.0302 2720 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:29.0331 2720 WUDFRd - ok
13:33:29.0339 2720 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:33:29.0370 2720 wudfsvc - ok
13:33:29.0381 2720 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:33:29.0401 2720 WwanSvc - ok
13:33:29.0422 2720 ================ Scan global ===============================
13:33:29.0447 2720 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:33:29.0485 2720 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:33:29.0493 2720 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:33:29.0516 2720 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:33:29.0536 2720 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:33:29.0540 2720 [Global] - ok
13:33:29.0540 2720 ================ Scan MBR ==================================
13:33:29.0543 2720 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:33:29.0545 2720 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:33:29.0596 2720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:33:29.0596 2720 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:33:29.0669 2720 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:33:29.0669 2720 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:33:29.0670 2720 ================ Scan VBR ==================================
13:33:29.0673 2720 [ CBC702B32DBA01F2A7C9659AF7B3343D ] \Device\Harddisk0\DR0\Partition1
13:33:29.0674 2720 \Device\Harddisk0\DR0\Partition1 - ok
13:33:29.0693 2720 [ 62BDE3B5B3027436305ABECCBE91CF49 ] \Device\Harddisk0\DR0\Partition2
13:33:29.0695 2720 \Device\Harddisk0\DR0\Partition2 - ok
13:33:29.0695 2720 ============================================================
13:33:29.0695 2720 Scan finished
13:33:29.0695 2720 ============================================================
13:33:29.0705 4568 Detected object count: 2
13:33:29.0705 4568 Actual detected object count: 2
13:33:33.0113 4568 \Device\Harddisk0\DR0\# - copied to quarantine
13:33:33.0114 4568 \Device\Harddisk0\DR0 - copied to quarantine
13:33:33.0186 4568 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:33:33.0223 4568 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:33:33.0308 4568 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:33:33.0320 4568 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:33:33.0321 4568 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:33:33.0323 4568 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:33:33.0325 4568 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:33:33.0327 4568 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:33:33.0330 4568 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:33:33.0332 4568 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:33:33.0334 4568 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:33:33.0335 4568 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:33:33.0365 4568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:33:33.0372 4568 \Device\Harddisk0\DR0 - ok
13:33:33.0391 4568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:33:33.0391 4568 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:33:33.0391 4568 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:33:34.0742 4100 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-02 13:40:29
-----------------------------
13:40:29.425 OS Version: Windows x64 6.1.7601 Service Pack 1
13:40:29.425 Number of processors: 2 586 0x603
13:40:29.426 ComputerName: SHADOWSKEITH-PC UserName: Skeith
13:40:31.114 Initialize success
13:40:31.191 AVAST engine defs: 12110201
13:40:45.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:40:45.255 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
13:40:45.303 Disk 0 MBR read successfully
13:40:45.306 Disk 0 MBR scan
13:40:45.309 Disk 0 Windows VISTA default MBR code
13:40:45.313 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
13:40:45.342 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
13:40:45.357 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461728 MB offset 31145984
13:40:45.378 Disk 0 scanning C:\Windows\system32\drivers
13:40:56.642 Service scanning
13:41:16.821 Modules scanning
13:41:16.830 Disk 0 trace - called modules:
13:41:16.851 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:41:16.855 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004639060]
13:41:16.859 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045d5680]
13:41:17.487 AVAST engine scan C:\Windows
13:41:22.691 AVAST engine scan C:\Windows\system32
13:44:03.316 AVAST engine scan C:\Windows\system32\drivers
13:44:15.504 AVAST engine scan C:\Users\Skeith
13:49:00.453 Disk 0 MBR has been saved successfully to "C:\Users\Skeith\Desktop\MBR.dat"
13:49:00.454 The log file has been saved successfully to "C:\Users\Skeith\Desktop\aswMBR.txt"

Edited by Sotyr, 02 November 2012 - 06:02 PM.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:47 AM

Posted 02 November 2012 - 06:14 PM

Hello again,

I ran malwarebytes only thing detected was in TDSSKiller quarintine, But I believe it's gone, so thank you so much bloopie!

My pleasure! :) But please try not to run tools without my instruction.

It was TDSSKiller that removed the infection called Pihar, or the "Partition Rootkit". But there should still be a remnant on the machine we should remove. Please follow the next steps:

==========

Step :step1:

I will need to see the MBAM log from the scan you ran. It can be found in the "Logs" tab with the date of the run. Please copy and paste the log here.

==========

Step :step2:


  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

==========

In your next reply, please include the following:

  • The MBAM log you ran earlier
  • The Result.txt from ListParts
  • Everything running okay otherwise?

bloopie

#7 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 02 November 2012 - 08:06 PM

Sorry about that, Also theres no MBAM log didn't apply any action or click save logs. But here are the other ones
And yes so far but I haven't really been on it except for here and that stuff. Been on the Wii's internet.

ListParts by Farbar Version: 30-10-2012
Ran by Skeith (administrator) on 02-11-2012 at 16:35:06
Windows 7 (X64)
Running From: C:\Users\Skeith\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 50%
Total physical RAM: 3838.98 MB
Available physical RAM: 1899.75 MB
Total Pagefile: 7676.14 MB
Available Pagefile: 5735.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:282.62 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 3072 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 450 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy Boot

======================================================================================================

****** End Of Log ******

Edited by Sotyr, 02 November 2012 - 08:08 PM.


#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:47 AM

Posted 02 November 2012 - 08:18 PM

Hi again,

Please run a quick scan with your resident avast! antivirus program and let me know if it removes anything. If it does, please try to let me know exactly what it removes.

Then we'll finish up, okay?

bloopie

#9 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 02 November 2012 - 08:54 PM

Ran a quick scan, and avast found nothing.

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:47 AM

Posted 03 November 2012 - 11:14 AM

Hi again,

Okay it seems to be gone. Just a couple of more scans:

==========

Step :step1:

please download DDS by sUBs from one of the following links if you've deleted your previous copy. Save it to your desktop.
DDS.com
DDS.pif
  • Double click on the DDS icon, allow it to run.
  • Mark the option attach.txt.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open both logfiles.
  • You can find them on your desktop as well.
  • Please post the content of attach.txt with your next reply.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

Step :step2:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

In your next reply, please include the following:

  • The attach.txt from DDS
  • The ESET log

bloopie

#11 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 03 November 2012 - 02:45 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Edited by Sotyr, 03 November 2012 - 02:45 PM.


#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:47 AM

Posted 03 November 2012 - 03:24 PM

Hi again,

Was that the whole ESET log?

Also, were you able to get the attach.txt?

bloopie

#13 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 03 November 2012 - 05:17 PM

Yes it is, And I guess the attach file didn't attach.

Attached Files



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:47 AM

Posted 03 November 2012 - 09:01 PM

Hi again,

Good, that means that ESET didn't find anything, but I must issue a warning:

:step1: Warning

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start orb > Programs and Features.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

Step :step2:

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586.exe (or jre-7u9-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

==========

Did you have any trouble with the above steps?

If you have no other issues, we can then close this out in the important uninstall next post. :)

bloopie

#15 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 03 November 2012 - 09:16 PM

Well before the finish there /was/ a virus list. It detected 20 and I have /another/ log of that, But it's different and isn't saved in that place.

C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.30.45\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.30.45\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.32.57\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.32.57\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.32.57\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.32.57\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.32.57\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\02.11.2012_13.32.57\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdigddddcgcdidbgbgbgddedcddge\background.html Win32/BHO.OEI trojan
C:\Users\Skeith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q3TK3HE0\afr[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Skeith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q3TK3HE0\afr[2].htm HTML/ScrInject.B.Gen virus
C:\Users\Skeith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TG8TD3DI\afr[2].htm HTML/ScrInject.B.Gen virus
C:\Users\Skeith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4b87730a-5b732e4a a variant of Java/JShrink.A application
C:\Users\Skeith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4b87730a-73974dfa-temp a variant of Java/JShrink.A application
C:\Users\Skeith\AppData\Roaming\Mozilla\Firefox\Profiles\1uyfdlyt.default\extensions\goppxpncos@goppxpncos.org.xpi JS/Redirector.NCA trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users