Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess rootkit - Random Popups - Reminder your computer is not


  • This topic is locked This topic is locked
31 replies to this topic

#1 Kiwee

Kiwee

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 04 September 2013 - 05:50 PM

I'm trying to help my neighbours who have random popups appearing.  There description of the actual popups is a little vague but one I did notice was "Reminder your computer is not backed up"  It did not look like a Nortons popup to me and apparently there are lots of others that show.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by El Rose Stud at 10:39:50 on 2013-09-05
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.64.1033.18.1791.809 [GMT 12:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trademe.co.nz/
uSearch Bar = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=1&o=vp32&d=1006&m=aspire_x1800
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=1&o=vp32&d=1006&m=aspire_x1800
uWinlogon: Shell = c:\users\el rose stud\appdata\roaming\ebzbg.exe,explorer.exe,c:\recycler\s-1-5-21-2724394737-8552066653-035940086-0510\yv8g67.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [xsnni1] c:\windows\system32\6s7sni0.exe
uRun: [fkkffk] c:\windows\system32\upfupk6f.exe
uRun: [rwbw1] c:\windows\system32\g0lbgbrrl.exe
uRun: [uuppj] c:\windows\system32\uupj9e0z.exe
uRun: [grrll07] c:\windows\system32\lbr1gwwbb.exe
uRun: [kzpzk] c:\windows\system32\7ffzz2f.exe
uRun: [lvfaf8a] c:\windows\system32\fflvqv74.exe
uRun: [wmmr5] c:\windows\system32\rbwgwwr4rrr.exe
uRun: [gbrrm1] c:\windows\system32\1bb5w2m.exe
uRun: [zzeezz] c:\windows\system32\zeoeo3zt.exe
uRun: [toeojee] c:\windows\system32\1teejto.exe
uRun: [uejuuj] c:\windows\system32\t5zzo5oeez5.exe
uRun: [jjyoy4] c:\windows\system32\tyotottj.exe
uRun: [iicicii] c:\windows\system32\xxic40cisc.exe
uRun: [brhbwmw] c:\windows\system32\rm6hm7bb.exe
uRun: [grggbr] c:\windows\system32\gwmmggbrrm.exe
uRun: [hwwrr] c:\windows\system32\brrmb9w0.exe
uRun: [rmmhw] c:\windows\system32\r2mhww1hhc.exe
uRun: [aavqql1] c:\windows\system32\vllfv9qq.exe
uRun: [gbvvq] c:\windows\system32\vv6qlgg7bv.exe
uRun: [vvvqq] c:\windows\system32\ql1gaavl98g.exe
uRun: [qkkfv98] c:\windows\system32\qk4fvqkaav.exe
uRun: [fvkaa1k] c:\windows\system32\ffvvpf9aa.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Windows Print Spooler] c:\users\el rose stud\appdata\roaming\temp\spoolsv.exe
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /systray /nologon
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Baubico] "c:\users\el rose stud\appdata\roaming\cius\igyza.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector"

updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
StartupFolder: c:\users\elrose~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{88DEC9B9-E573-4634-B668-ED3BB6074735} : DHCPNameServer = 10.1.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings

--verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\el rose stud\appdata\roaming\mozilla\firefox\profiles\21lsf77h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.trademe.co.nz/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\utilitychest_49ei\installr\1.bin\NP49EISb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-4-8 32808]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2006-10-11 75048]
R2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;c:\program files\acer arcade deluxe\acer homemedia

connect\kernel\dms\CLMSMonitorService.exe [2006-10-11 58664]
R2 CyberLink Media Server Service;CyberLink Media Server Service;c:\program files\acer arcade deluxe\acer homemedia connect\kernel\dms\CLMSServer.exe [2006-

10-11 288120]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-10 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-10 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-10 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-28 306736]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-24 144632]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-8 144672]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-7-3 245760]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 gupdate1ca390b24a3cb3b;Google Update Service (gupdate1ca390b24a3cb3b);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-24 50424]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-1-13 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-1-13 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-1-13 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-6-1 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-6-1 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-6-1 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-6-1 109864]
.
=============== Created Last 30 ================
.
2013-09-03 14:12:44    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{a7264ab7-f635-49e0-bede-b65b779e0762}

\offreg.dll
2013-09-03 13:57:40    7166848    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{a7264ab7-f635-49e0-bede-b65b779e0762}

\mpengine.dll
2013-08-17 08:32:40    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-14 15:00:49    --------    d-----w-    c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-08-21 03:03:39    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 03:03:39    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 10:40:32.09 ===============
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 05 September 2013 - 06:15 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 05 September 2013 - 04:46 PM

Hi Marius, here are the results:

 

09:41:01.0028 4608  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:41:01.0898 4608  ============================================================
09:41:01.0898 4608  Current date / time: 2013/09/06 09:41:01.0898
09:41:01.0898 4608  SystemInfo:
09:41:01.0898 4608  
09:41:01.0898 4608  OS Version: 6.0.6001 ServicePack: 1.0
09:41:01.0898 4608  Product type: Workstation
09:41:01.0898 4608  ComputerName: HOME
09:41:01.0898 4608  UserName: El Rose Stud
09:41:01.0898 4608  Windows directory: C:\Windows
09:41:01.0898 4608  System windows directory: C:\Windows
09:41:01.0898 4608  Processor architecture: Intel x86
09:41:01.0898 4608  Number of processors: 2
09:41:01.0898 4608  Page size: 0x1000
09:41:01.0898 4608  Boot type: Normal boot
09:41:01.0898 4608  ============================================================
09:41:02.0895 4608  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:41:02.0934 4608  ============================================================
09:41:02.0934 4608  \Device\Harddisk0\DR0:
09:41:02.0935 4608  MBR partitions:
09:41:02.0935 4608  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x11A16800
09:41:02.0935 4608  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A17000, BlocksNum 0x11A17000
09:41:02.0935 4608  ============================================================
09:41:03.0020 4608  C: <-> \Device\Harddisk0\DR0\Partition1
09:41:03.0057 4608  D: <-> \Device\Harddisk0\DR0\Partition2
09:41:03.0057 4608  ============================================================
09:41:03.0057 4608  Initialize success
09:41:03.0057 4608  ============================================================
09:41:05.0580 2388  ============================================================
09:41:05.0580 2388  Scan started
09:41:05.0580 2388  Mode: Manual;
09:41:05.0580 2388  ============================================================
09:41:07.0697 2388  ================ Scan system memory ========================
09:41:07.0697 2388  System memory - ok
09:41:07.0698 2388  ================ Scan services =============================
09:41:07.0915 2388  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:41:07.0920 2388  ACPI - ok
09:41:07.0977 2388  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:41:07.0981 2388  AdobeFlashPlayerUpdateSvc - ok
09:41:08.0029 2388  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:41:08.0036 2388  adp94xx - ok
09:41:08.0067 2388  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:41:08.0073 2388  adpahci - ok
09:41:08.0093 2388  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:41:08.0095 2388  adpu160m - ok
09:41:08.0118 2388  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:41:08.0122 2388  adpu320 - ok
09:41:08.0163 2388  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:41:08.0164 2388  AeLookupSvc - ok
09:41:08.0212 2388  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
09:41:08.0217 2388  AFD - ok
09:41:08.0241 2388  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:41:08.0243 2388  agp440 - ok
09:41:08.0258 2388  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:41:08.0260 2388  aic78xx - ok
09:41:08.0283 2388  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
09:41:08.0285 2388  ALG - ok
09:41:08.0298 2388  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:41:08.0300 2388  aliide - ok
09:41:08.0324 2388  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:41:08.0326 2388  amdagp - ok
09:41:08.0340 2388  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:41:08.0341 2388  amdide - ok
09:41:08.0361 2388  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
09:41:08.0363 2388  AmdK7 - ok
09:41:08.0376 2388  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:41:08.0378 2388  AmdK8 - ok
09:41:08.0415 2388  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
09:41:08.0417 2388  Appinfo - ok
09:41:08.0529 2388  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:41:08.0586 2388  Apple Mobile Device - ok
09:41:08.0614 2388  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
09:41:08.0617 2388  arc - ok
09:41:08.0654 2388  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:41:08.0656 2388  arcsas - ok
09:41:08.0695 2388  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:41:08.0697 2388  AsyncMac - ok
09:41:08.0714 2388  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:41:08.0714 2388  atapi - ok
09:41:08.0748 2388  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:41:08.0753 2388  AudioEndpointBuilder - ok
09:41:08.0761 2388  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:41:08.0763 2388  Audiosrv - ok
09:41:08.0868 2388  [ 75F59E6C8806719CBB67D3E73F376CA8 ] BackupStack     C:\Program Files\MyPC Backup\BackupStack.exe
09:41:08.0869 2388  BackupStack - ok
09:41:08.0979 2388  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:41:08.0982 2388  BBSvc - ok
09:41:09.0020 2388  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:41:09.0025 2388  BBUpdate - ok
09:41:09.0055 2388  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:41:09.0057 2388  Beep - ok
09:41:09.0092 2388  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
09:41:09.0098 2388  BFE - ok
09:41:09.0130 2388  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
09:41:09.0136 2388  BITS - ok
09:41:09.0169 2388  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:41:09.0171 2388  blbdrive - ok
09:41:09.0328 2388  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:41:09.0356 2388  Bonjour Service - ok
09:41:09.0381 2388  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:41:09.0383 2388  bowser - ok
09:41:09.0417 2388  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:41:09.0418 2388  BrFiltLo - ok
09:41:09.0433 2388  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:41:09.0435 2388  BrFiltUp - ok
09:41:09.0455 2388  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
09:41:09.0457 2388  Browser - ok
09:41:09.0481 2388  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:41:09.0483 2388  Brserid - ok
09:41:09.0495 2388  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:41:09.0553 2388  BrSerWdm - ok
09:41:09.0588 2388  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:41:09.0593 2388  BrUsbMdm - ok
09:41:09.0623 2388  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:41:09.0626 2388  BrUsbSer - ok
09:41:09.0705 2388  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
09:41:09.0710 2388  BrYNSvc - ok
09:41:09.0734 2388  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:41:09.0735 2388  BTHMODEM - ok
09:41:09.0772 2388  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:41:09.0775 2388  cdfs - ok
09:41:09.0789 2388  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:41:09.0792 2388  cdrom - ok
09:41:09.0834 2388  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
09:41:09.0836 2388  CertPropSvc - ok
09:41:09.0860 2388  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
09:41:09.0862 2388  circlass - ok
09:41:09.0887 2388  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
09:41:09.0892 2388  CLFS - ok
09:41:10.0016 2388  [ E3F539A0A831B4CC6A62DD8F570761F4 ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
09:41:10.0025 2388  CLHNService - ok
09:41:10.0094 2388  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:41:10.0096 2388  clr_optimization_v2.0.50727_32 - ok
09:41:10.0121 2388  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:41:10.0122 2388  cmdide - ok
09:41:10.0143 2388  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:41:10.0144 2388  Compbatt - ok
09:41:10.0151 2388  COMSysApp - ok
09:41:10.0181 2388  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:41:10.0182 2388  crcdisk - ok
09:41:10.0203 2388  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:41:10.0208 2388  Crusoe - ok
09:41:10.0249 2388  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:41:10.0250 2388  CryptSvc - ok
09:41:10.0302 2388  [ 9FD96AFED226918A6ED8D0BAF9C2B398 ] CyberLink Media Server Monitor Service C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
09:41:10.0303 2388  CyberLink Media Server Monitor Service - ok
09:41:10.0329 2388  [ 051E8D7AC7B1902BD32060AB7ED6E449 ] CyberLink Media Server Service C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
09:41:10.0334 2388  CyberLink Media Server Service - ok
09:41:10.0370 2388  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:41:10.0375 2388  DcomLaunch - ok
09:41:10.0418 2388  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:41:10.0420 2388  DfsC - ok
09:41:10.0486 2388  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
09:41:10.0526 2388  DFSR - ok
09:41:10.0625 2388  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:41:10.0630 2388  Dhcp - ok
09:41:10.0658 2388  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
09:41:10.0660 2388  disk - ok
09:41:10.0693 2388  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:41:10.0695 2388  Dnscache - ok
09:41:10.0719 2388  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:41:10.0723 2388  dot3svc - ok
09:41:10.0740 2388  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
09:41:10.0744 2388  DPS - ok
09:41:10.0764 2388  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:41:10.0765 2388  drmkaud - ok
09:41:10.0796 2388  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:41:10.0806 2388  DXGKrnl - ok
09:41:10.0827 2388  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
09:41:10.0830 2388  E1G60 - ok
09:41:10.0857 2388  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
09:41:10.0859 2388  EapHost - ok
09:41:10.0903 2388  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:41:10.0906 2388  Ecache - ok
09:41:10.0990 2388  [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:41:11.0007 2388  ehRecvr - ok
09:41:11.0019 2388  [ A3D94C93333619458AF4BDE7531234C5 ] ehSched         C:\Windows\ehome\ehsched.exe
09:41:11.0022 2388  ehSched - ok
09:41:11.0050 2388  [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart         C:\Windows\ehome\ehstart.dll
09:41:11.0052 2388  ehstart - ok
09:41:11.0094 2388  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:41:11.0100 2388  elxstor - ok
09:41:11.0156 2388  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:41:11.0173 2388  EMDMgmt - ok
09:41:11.0196 2388  enytgxacmeplqt - ok
09:41:11.0217 2388  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:41:11.0219 2388  ErrDev - ok
09:41:11.0259 2388  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
09:41:11.0261 2388  EventSystem - ok
09:41:11.0295 2388  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
09:41:11.0299 2388  exfat - ok
09:41:11.0321 2388  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:41:11.0327 2388  fastfat - ok
09:41:11.0354 2388  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:41:11.0356 2388  fdc - ok
09:41:11.0384 2388  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:41:11.0386 2388  fdPHost - ok
09:41:11.0402 2388  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:41:11.0404 2388  FDResPub - ok
09:41:11.0424 2388  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:41:11.0426 2388  FileInfo - ok
09:41:11.0441 2388  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:41:11.0443 2388  Filetrace - ok
09:41:11.0463 2388  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:41:11.0464 2388  flpydisk - ok
09:41:11.0484 2388  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:41:11.0493 2388  FltMgr - ok
09:41:11.0563 2388  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:41:11.0567 2388  FontCache3.0.0.0 - ok
09:41:11.0609 2388  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:41:11.0610 2388  Fs_Rec - ok
09:41:11.0641 2388  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:41:11.0644 2388  gagp30kx - ok
09:41:11.0680 2388  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:41:11.0681 2388  GEARAspiWDM - ok
09:41:11.0716 2388  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
09:41:11.0733 2388  gpsvc - ok
09:41:11.0852 2388  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca390b24a3cb3b C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:11.0857 2388  gupdate1ca390b24a3cb3b - ok
09:41:11.0882 2388  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:11.0884 2388  gupdatem - ok
09:41:11.0918 2388  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:41:11.0921 2388  gusvc - ok
09:41:11.0956 2388  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:41:11.0961 2388  HdAudAddService - ok
09:41:11.0987 2388  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:41:11.0988 2388  HDAudBus - ok
09:41:12.0008 2388  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:41:12.0010 2388  HidBth - ok
09:41:12.0033 2388  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:41:12.0035 2388  HidIr - ok
09:41:12.0064 2388  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
09:41:12.0066 2388  hidserv - ok
09:41:12.0079 2388  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:41:12.0081 2388  HidUsb - ok
09:41:12.0099 2388  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:41:12.0102 2388  hkmsvc - ok
09:41:12.0129 2388  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:41:12.0131 2388  HpCISSs - ok
09:41:12.0239 2388  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:41:12.0279 2388  HTTP - ok
09:41:12.0309 2388  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:41:12.0310 2388  i2omp - ok
09:41:12.0347 2388  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:41:12.0349 2388  i8042prt - ok
09:41:12.0373 2388  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:41:12.0377 2388  iaStorV - ok
09:41:12.0549 2388  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:41:12.0641 2388  idsvc - ok
09:41:12.0677 2388  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:41:12.0679 2388  iirsp - ok
09:41:12.0723 2388  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
09:41:12.0731 2388  IKEEXT - ok
09:41:12.0805 2388  [ 84ED2154239F9D013BBD3220755ADA8B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:41:12.0871 2388  IntcAzAudAddService - ok
09:41:12.0900 2388  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:41:12.0902 2388  intelide - ok
09:41:12.0930 2388  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:41:12.0932 2388  intelppm - ok
09:41:12.0953 2388  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:41:12.0956 2388  IPBusEnum - ok
09:41:12.0981 2388  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:41:12.0983 2388  IpFilterDriver - ok
09:41:13.0023 2388  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:41:13.0028 2388  iphlpsvc - ok
09:41:13.0035 2388  IpInIp - ok
09:41:13.0061 2388  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:41:13.0063 2388  IPMIDRV - ok
09:41:13.0086 2388  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:41:13.0089 2388  IPNAT - ok
09:41:13.0125 2388  [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:41:13.0142 2388  iPod Service - ok
09:41:13.0157 2388  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:41:13.0158 2388  IRENUM - ok
09:41:13.0186 2388  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:41:13.0188 2388  isapnp - ok
09:41:13.0220 2388  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:41:13.0223 2388  iScsiPrt - ok
09:41:13.0249 2388  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:41:13.0251 2388  iteatapi - ok
09:41:13.0269 2388  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:41:13.0270 2388  iteraid - ok
09:41:13.0289 2388  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:41:13.0291 2388  kbdclass - ok
09:41:13.0308 2388  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:41:13.0310 2388  kbdhid - ok
09:41:13.0322 2388  Suspicious service (NoAccess): kbiwkmeqiuejxf
09:41:13.0325 2388  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - infected
09:41:13.0325 2388  kbiwkmeqiuejxf - detected Rootkit.Win32.TDSS.tdl2 (0)
09:41:13.0347 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
09:41:13.0348 2388  KeyIso - ok
09:41:13.0399 2388  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:41:13.0416 2388  KSecDD - ok
09:41:13.0448 2388  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:41:13.0455 2388  KtmRm - ok
09:41:13.0498 2388  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:41:13.0540 2388  LanmanServer - ok
09:41:13.0615 2388  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:41:13.0621 2388  LanmanWorkstation - ok
09:41:13.0650 2388  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:41:13.0652 2388  lltdio - ok
09:41:13.0677 2388  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:41:13.0681 2388  lltdsvc - ok
09:41:13.0697 2388  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:41:13.0700 2388  lmhosts - ok
09:41:13.0726 2388  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:41:13.0729 2388  LSI_FC - ok
09:41:13.0747 2388  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:41:13.0750 2388  LSI_SAS - ok
09:41:13.0763 2388  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:41:13.0765 2388  LSI_SCSI - ok
09:41:13.0791 2388  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
09:41:13.0794 2388  luafv - ok
09:41:13.0822 2388  [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
09:41:13.0824 2388  LVPr2Mon - ok
09:41:13.0892 2388  [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:41:13.0896 2388  LVPrcSrv - ok
09:41:13.0930 2388  [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:41:13.0933 2388  Mcx2Svc - ok
09:41:13.0975 2388  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:41:13.0977 2388  megasas - ok
09:41:14.0019 2388  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:41:14.0026 2388  MegaSR - ok
09:41:14.0057 2388  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
09:41:14.0060 2388  MMCSS - ok
09:41:14.0079 2388  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
09:41:14.0081 2388  Modem - ok
09:41:14.0105 2388  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:41:14.0106 2388  monitor - ok
09:41:14.0122 2388  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:41:14.0130 2388  mouclass - ok
09:41:14.0143 2388  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:41:14.0144 2388  mouhid - ok
09:41:14.0159 2388  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:41:14.0161 2388  MountMgr - ok
09:41:14.0212 2388  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:41:14.0214 2388  MozillaMaintenance - ok
09:41:14.0252 2388  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:41:14.0255 2388  mpio - ok
09:41:14.0276 2388  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:41:14.0278 2388  mpsdrv - ok
09:41:14.0300 2388  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:41:14.0305 2388  MpsSvc - ok
09:41:14.0330 2388  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:41:14.0331 2388  Mraid35x - ok
09:41:14.0360 2388  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:41:14.0362 2388  MRxDAV - ok
09:41:14.0406 2388  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:41:14.0415 2388  mrxsmb - ok
09:41:14.0461 2388  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:41:14.0465 2388  mrxsmb10 - ok
09:41:14.0482 2388  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:41:14.0492 2388  mrxsmb20 - ok
09:41:14.0533 2388  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
09:41:14.0536 2388  msahci - ok
09:41:14.0582 2388  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:41:14.0586 2388  msdsm - ok
09:41:14.0607 2388  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
09:41:14.0611 2388  MSDTC - ok
09:41:14.0637 2388  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:41:14.0639 2388  Msfs - ok
09:41:14.0656 2388  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:41:14.0657 2388  msisadrv - ok
09:41:14.0702 2388  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:41:14.0705 2388  MSiSCSI - ok
09:41:14.0711 2388  msiserver - ok
09:41:14.0749 2388  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:41:14.0751 2388  MSKSSRV - ok
09:41:14.0772 2388  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:41:14.0773 2388  MSPCLOCK - ok
09:41:14.0801 2388  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:41:14.0802 2388  MSPQM - ok
09:41:14.0824 2388  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:41:14.0828 2388  MsRPC - ok
09:41:14.0843 2388  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:41:14.0845 2388  mssmbios - ok
09:41:14.0863 2388  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:41:14.0865 2388  MSTEE - ok
09:41:14.0880 2388  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
09:41:14.0882 2388  Mup - ok
09:41:14.0915 2388  [ 2DE94E435C3EFDE58C7B1856D4F20724 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:41:14.0917 2388  mwlPSDFilter - ok
09:41:14.0929 2388  [ 61920A7146EED3D903DBBB8EC295AF76 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:41:14.0930 2388  mwlPSDNServ - ok
09:41:14.0946 2388  [ E0F49721E68EBD2983E84C44FADA6665 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:41:14.0948 2388  mwlPSDVDisk - ok
09:41:14.0999 2388  [ 77F8AD024059A9A8E17E654B887D1EF0 ] MWLService      C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
09:41:15.0015 2388  MWLService - ok
09:41:15.0047 2388  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
09:41:15.0056 2388  napagent - ok
09:41:15.0123 2388  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:41:15.0128 2388  NativeWifiP - ok
09:41:15.0171 2388  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:41:15.0188 2388  NDIS - ok
09:41:15.0200 2388  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:41:15.0201 2388  NdisTapi - ok
09:41:15.0220 2388  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:41:15.0222 2388  Ndisuio - ok
09:41:15.0239 2388  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:41:15.0241 2388  NdisWan - ok
09:41:15.0253 2388  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:41:15.0256 2388  NDProxy - ok
09:41:15.0275 2388  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:41:15.0277 2388  NetBIOS - ok
09:41:15.0294 2388  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:41:15.0298 2388  netbt - ok
09:41:15.0312 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
09:41:15.0314 2388  Netlogon - ok
09:41:15.0367 2388  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
09:41:15.0384 2388  Netman - ok
09:41:15.0399 2388  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
09:41:15.0404 2388  netprofm - ok
09:41:15.0437 2388  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:41:15.0441 2388  NetTcpPortSharing - ok
09:41:15.0490 2388  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:41:15.0492 2388  nfrd960 - ok
09:41:15.0524 2388  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:41:15.0528 2388  NlaSvc - ok
09:41:15.0568 2388  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:41:15.0575 2388  Npfs - ok
09:41:15.0605 2388  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
09:41:15.0608 2388  nsi - ok
09:41:15.0623 2388  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:41:15.0627 2388  nsiproxy - ok
09:41:15.0667 2388  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:41:15.0691 2388  Ntfs - ok
09:41:15.0757 2388  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
09:41:15.0759 2388  NTIBackupSvc - ok
09:41:15.0803 2388  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
09:41:15.0805 2388  NTIDrvr - ok
09:41:15.0815 2388  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
09:41:15.0819 2388  NTISchedulerSvc - ok
09:41:15.0850 2388  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
09:41:15.0851 2388  ntrigdigi - ok
09:41:15.0876 2388  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
09:41:15.0878 2388  Null - ok
09:41:15.0925 2388  [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:41:15.0959 2388  NVENETFD - ok
09:41:15.0982 2388  [ 723931A765E8CDDF7FFCB42F5A72CE79 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
09:41:15.0984 2388  NVHDA - ok
09:41:16.0389 2388  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:41:16.0554 2388  nvlddmkm - ok
09:41:16.0597 2388  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:41:16.0599 2388  nvraid - ok
09:41:16.0615 2388  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:41:16.0618 2388  nvstor - ok
09:41:16.0650 2388  [ BB4DD678706510D9249EED1DA0219900 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
09:41:16.0651 2388  nvstor32 - ok
09:41:16.0732 2388  [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:41:16.0766 2388  nvsvc - ok
09:41:16.0871 2388  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:41:16.0896 2388  nvUpdatusService - ok
09:41:16.0920 2388  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:41:16.0923 2388  nv_agp - ok
09:41:16.0929 2388  NwlnkFlt - ok
09:41:16.0938 2388  NwlnkFwd - ok
09:41:16.0968 2388  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
09:41:16.0970 2388  ohci1394 - ok
09:41:16.0998 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:41:17.0016 2388  p2pimsvc - ok
09:41:17.0041 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:41:17.0046 2388  p2psvc - ok
09:41:17.0091 2388  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
09:41:17.0094 2388  Parport - ok
09:41:17.0118 2388  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:41:17.0120 2388  partmgr - ok
09:41:17.0136 2388  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:41:17.0177 2388  Parvdm - ok
09:41:17.0212 2388  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:41:17.0215 2388  PcaSvc - ok
09:41:17.0237 2388  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
09:41:17.0240 2388  pci - ok
09:41:17.0261 2388  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
09:41:17.0263 2388  pciide - ok
09:41:17.0292 2388  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:41:17.0295 2388  pcmcia - ok
09:41:17.0407 2388  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
09:41:17.0415 2388  PDFProFiltSrvPP - ok
09:41:17.0444 2388  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:41:17.0462 2388  PEAUTH - ok
09:41:17.0579 2388  [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V32.SYS
09:41:17.0620 2388  PID_PEPI - ok
09:41:17.0680 2388  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
09:41:17.0707 2388  pla - ok
09:41:17.0732 2388  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:41:17.0736 2388  PlugPlay - ok
09:41:17.0756 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:41:17.0762 2388  PNRPAutoReg - ok
09:41:17.0781 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:41:17.0787 2388  PNRPsvc - ok
09:41:17.0852 2388  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:41:17.0859 2388  PolicyAgent - ok
09:41:17.0896 2388  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:41:17.0898 2388  PptpMiniport - ok
09:41:17.0926 2388  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
09:41:17.0928 2388  Processor - ok
09:41:17.0960 2388  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:41:17.0964 2388  ProfSvc - ok
09:41:17.0978 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:41:17.0979 2388  ProtectedStorage - ok
09:41:17.0995 2388  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:41:17.0998 2388  PSched - ok
09:41:18.0037 2388  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:41:18.0145 2388  ql2300 - ok
09:41:18.0167 2388  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:41:18.0171 2388  ql40xx - ok
09:41:18.0224 2388  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
09:41:18.0230 2388  QWAVE - ok
09:41:18.0252 2388  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:41:18.0254 2388  QWAVEdrv - ok
09:41:18.0318 2388  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
09:41:18.0322 2388  RapiMgr - ok
09:41:18.0351 2388  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:41:18.0353 2388  RasAcd - ok
09:41:18.0375 2388  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
09:41:18.0379 2388  RasAuto - ok
09:41:18.0402 2388  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:41:18.0405 2388  Rasl2tp - ok
09:41:18.0424 2388  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
09:41:18.0430 2388  RasMan - ok
09:41:18.0440 2388  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:41:18.0441 2388  RasPppoe - ok
09:41:18.0455 2388  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:41:18.0458 2388  RasSstp - ok
09:41:18.0478 2388  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:41:18.0482 2388  rdbss - ok
09:41:18.0489 2388  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:41:18.0490 2388  RDPCDD - ok
09:41:18.0519 2388  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:41:18.0552 2388  rdpdr - ok
09:41:18.0558 2388  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:41:18.0560 2388  RDPENCDD - ok
09:41:18.0584 2388  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:41:18.0589 2388  RDPWD - ok
09:41:18.0626 2388  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:41:18.0629 2388  RemoteAccess - ok
09:41:18.0651 2388  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:41:18.0656 2388  RemoteRegistry - ok
09:41:18.0720 2388  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
09:41:18.0725 2388  RichVideo - ok
09:41:18.0751 2388  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
09:41:18.0753 2388  RpcLocator - ok
09:41:18.0775 2388  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
09:41:18.0780 2388  RpcSs - ok
09:41:18.0810 2388  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:41:18.0812 2388  rspndr - ok
09:41:18.0862 2388  [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus        C:\Windows\system32\DRIVERS\s1018bus.sys
09:41:18.0864 2388  s1018bus - ok
09:41:18.0908 2388  [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl       C:\Windows\system32\DRIVERS\s1018mdfl.sys
09:41:18.0910 2388  s1018mdfl - ok
09:41:18.0944 2388  [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm        C:\Windows\system32\DRIVERS\s1018mdm.sys
09:41:18.0947 2388  s1018mdm - ok
09:41:18.0972 2388  [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt       C:\Windows\system32\DRIVERS\s1018mgmt.sys
09:41:18.0974 2388  s1018mgmt - ok
09:41:18.0998 2388  [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5        C:\Windows\system32\DRIVERS\s1018nd5.sys
09:41:19.0000 2388  s1018nd5 - ok
09:41:19.0038 2388  [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex       C:\Windows\system32\DRIVERS\s1018obex.sys
09:41:19.0044 2388  s1018obex - ok
09:41:19.0093 2388  [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic       C:\Windows\system32\DRIVERS\s1018unic.sys
09:41:19.0096 2388  s1018unic - ok
09:41:19.0119 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
09:41:19.0120 2388  SamSs - ok
09:41:19.0160 2388  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:41:19.0165 2388  sbp2port - ok
09:41:19.0209 2388  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:41:19.0213 2388  SCardSvr - ok
09:41:19.0273 2388  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
09:41:19.0291 2388  Schedule - ok
09:41:19.0304 2388  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:41:19.0305 2388  SCPolicySvc - ok
09:41:19.0322 2388  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:41:19.0326 2388  SDRSVC - ok
09:41:19.0346 2388  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:41:19.0348 2388  secdrv - ok
09:41:19.0363 2388  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
09:41:19.0366 2388  seclogon - ok
09:41:19.0385 2388  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
09:41:19.0395 2388  SENS - ok
09:41:19.0413 2388  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:41:19.0414 2388  Serenum - ok
09:41:19.0436 2388  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:41:19.0439 2388  Serial - ok
09:41:19.0452 2388  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:41:19.0454 2388  sermouse - ok
09:41:19.0491 2388  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:41:19.0505 2388  SessionEnv - ok
09:41:19.0519 2388  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:41:19.0526 2388  sffdisk - ok
09:41:19.0574 2388  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:41:19.0576 2388  sffp_mmc - ok
09:41:19.0592 2388  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:41:19.0594 2388  sffp_sd - ok
09:41:19.0609 2388  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:41:19.0612 2388  sfloppy - ok
09:41:19.0637 2388  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:41:19.0643 2388  SharedAccess - ok
09:41:19.0696 2388  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:41:19.0702 2388  ShellHWDetection - ok
09:41:19.0728 2388  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:41:19.0730 2388  sisagp - ok
09:41:19.0746 2388  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:41:19.0747 2388  SiSRaid2 - ok
09:41:19.0766 2388  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:41:19.0769 2388  SiSRaid4 - ok
09:41:19.0818 2388  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:41:19.0822 2388  SkypeUpdate - ok
09:41:19.0909 2388  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
09:41:19.0949 2388  slsvc - ok
09:41:19.0966 2388  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:41:19.0969 2388  SLUINotify - ok
09:41:19.0994 2388  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:41:19.0997 2388  Smb - ok
09:41:20.0016 2388  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:41:20.0018 2388  SNMPTRAP - ok
09:41:20.0035 2388  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
09:41:20.0041 2388  spldr - ok
09:41:20.0094 2388  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
09:41:20.0100 2388  Spooler - ok
09:41:20.0128 2388  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:41:20.0134 2388  srv - ok
09:41:20.0175 2388  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:41:20.0178 2388  srv2 - ok
09:41:20.0195 2388  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:41:20.0205 2388  srvnet - ok
09:41:20.0233 2388  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:41:20.0238 2388  SSDPSRV - ok
09:41:20.0253 2388  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:41:20.0258 2388  SstpSvc - ok
09:41:20.0294 2388  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
09:41:20.0311 2388  stisvc - ok
09:41:20.0335 2388  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:41:20.0337 2388  swenum - ok
09:41:20.0358 2388  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
09:41:20.0367 2388  swprv - ok
09:41:20.0396 2388  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:41:20.0398 2388  Symc8xx - ok
09:41:20.0413 2388  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:41:20.0415 2388  Sym_hi - ok
09:41:20.0429 2388  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:41:20.0431 2388  Sym_u3 - ok
09:41:20.0462 2388  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
09:41:20.0479 2388  SysMain - ok
09:41:20.0496 2388  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:41:20.0500 2388  TabletInputService - ok
09:41:20.0524 2388  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:41:20.0530 2388  TapiSrv - ok
09:41:20.0556 2388  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
09:41:20.0559 2388  TBS - ok
09:41:20.0676 2388  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:41:20.0709 2388  Tcpip - ok
09:41:20.0743 2388  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:41:20.0748 2388  Tcpip6 - ok
09:41:20.0768 2388  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:41:20.0770 2388  tcpipreg - ok
09:41:20.0785 2388  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:41:20.0787 2388  TDPIPE - ok
09:41:20.0805 2388  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:41:20.0808 2388  TDTCP - ok
09:41:20.0834 2388  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:41:20.0836 2388  tdx - ok
09:41:20.0853 2388  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:41:20.0863 2388  TermDD - ok
09:41:20.0913 2388  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
09:41:20.0917 2388  TermService - ok
09:41:20.0937 2388  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
09:41:20.0941 2388  Themes - ok
09:41:20.0954 2388  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
09:41:20.0956 2388  THREADORDER - ok
09:41:20.0978 2388  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
09:41:20.0982 2388  TrkWks - ok
09:41:21.0022 2388  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:41:21.0024 2388  TrustedInstaller - ok
09:41:21.0039 2388  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:41:21.0041 2388  tssecsrv - ok
09:41:21.0067 2388  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:41:21.0069 2388  tunmp - ok
09:41:21.0077 2388  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:41:21.0078 2388  tunnel - ok
09:41:21.0101 2388  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:41:21.0103 2388  uagp35 - ok
09:41:21.0141 2388  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
09:41:21.0142 2388  UBHelper - ok
09:41:21.0168 2388  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:41:21.0173 2388  udfs - ok
09:41:21.0209 2388  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:41:21.0213 2388  UI0Detect - ok
09:41:21.0233 2388  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:41:21.0235 2388  uliagpkx - ok
09:41:21.0262 2388  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:41:21.0267 2388  uliahci - ok
09:41:21.0289 2388  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:41:21.0292 2388  UlSata - ok
09:41:21.0315 2388  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:41:21.0317 2388  ulsata2 - ok
09:41:21.0339 2388  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:41:21.0340 2388  umbus - ok
09:41:21.0362 2388  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
09:41:21.0368 2388  upnphost - ok
09:41:21.0438 2388  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
09:41:21.0441 2388  USBAAPL - ok
09:41:21.0480 2388  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:41:21.0483 2388  usbccgp - ok
09:41:21.0506 2388  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:41:21.0509 2388  usbcir - ok
09:41:21.0535 2388  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:41:21.0538 2388  usbehci - ok
09:41:21.0592 2388  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:41:21.0596 2388  usbhub - ok
09:41:21.0621 2388  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:41:21.0622 2388  usbohci - ok
09:41:21.0650 2388  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:41:21.0652 2388  usbprint - ok
09:41:21.0670 2388  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:41:21.0672 2388  usbscan - ok
09:41:21.0692 2388  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:41:21.0694 2388  USBSTOR - ok
09:41:21.0712 2388  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:41:21.0715 2388  usbuhci - ok
09:41:21.0756 2388  [ EE181A08E09DB23CF4A49B46A1E66BB8 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
09:41:21.0760 2388  usb_rndisx - ok
09:41:21.0792 2388  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
09:41:21.0795 2388  UxSms - ok
09:41:21.0810 2388  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
09:41:21.0827 2388  vds - ok
09:41:21.0842 2388  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:41:21.0844 2388  vga - ok
09:41:21.0867 2388  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:41:21.0869 2388  VgaSave - ok
09:41:21.0891 2388  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:41:21.0894 2388  viaagp - ok
09:41:21.0914 2388  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:41:21.0916 2388  ViaC7 - ok
09:41:21.0941 2388  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
09:41:21.0943 2388  viaide - ok
09:41:21.0964 2388  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:41:21.0966 2388  volmgr - ok
09:41:22.0006 2388  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:41:22.0011 2388  volmgrx - ok
09:41:22.0028 2388  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:41:22.0030 2388  volsnap - ok
09:41:22.0053 2388  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:41:22.0056 2388  vsmraid - ok
09:41:22.0134 2388  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
09:41:22.0193 2388  VSS - ok
09:41:22.0210 2388  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
09:41:22.0217 2388  W32Time - ok
09:41:22.0238 2388  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:41:22.0239 2388  WacomPen - ok
09:41:22.0270 2388  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:41:22.0272 2388  Wanarp - ok
09:41:22.0277 2388  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:41:22.0278 2388  Wanarpv6 - ok
09:41:22.0351 2388  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
09:41:22.0356 2388  WcesComm - ok
09:41:22.0382 2388  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:41:22.0399 2388  wcncsvc - ok
09:41:22.0414 2388  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:41:22.0417 2388  WcsPlugInService - ok
09:41:22.0434 2388  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
09:41:22.0436 2388  Wd - ok
09:41:22.0455 2388  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:41:22.0463 2388  Wdf01000 - ok
09:41:22.0481 2388  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:41:22.0491 2388  WdiServiceHost - ok
09:41:22.0557 2388  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:41:22.0560 2388  WdiSystemHost - ok
09:41:22.0576 2388  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
09:41:22.0583 2388  WebClient - ok
09:41:22.0634 2388  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:41:22.0639 2388  Wecsvc - ok
09:41:22.0663 2388  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:41:22.0666 2388  wercplsupport - ok
09:41:22.0687 2388  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:41:22.0691 2388  WerSvc - ok
09:41:22.0735 2388  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:41:22.0740 2388  WinDefend - ok
09:41:22.0747 2388  WinHttpAutoProxySvc - ok
09:41:22.0837 2388  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:41:22.0842 2388  Winmgmt - ok
09:41:22.0881 2388  [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM           C:\Windows\system32\WsmSvc.dll
09:41:22.0903 2388  WinRM - ok
09:41:22.0952 2388  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:41:22.0969 2388  Wlansvc - ok
09:41:22.0998 2388  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:41:23.0001 2388  WmiAcpi - ok
09:41:23.0044 2388  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:41:23.0047 2388  wmiApSrv - ok
09:41:23.0102 2388  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:41:23.0128 2388  WMPNetworkSvc - ok
09:41:23.0145 2388  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:41:23.0150 2388  WPCSvc - ok
09:41:23.0163 2388  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:41:23.0167 2388  WPDBusEnum - ok
09:41:23.0207 2388  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:41:23.0209 2388  WpdUsb - ok
09:41:23.0238 2388  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:41:23.0240 2388  ws2ifsl - ok
09:41:23.0260 2388  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
09:41:23.0264 2388  wscsvc - ok
09:41:23.0270 2388  WSearch - ok
09:41:23.0346 2388  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:41:23.0379 2388  wuauserv - ok
09:41:23.0397 2388  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:41:23.0400 2388  WUDFRd - ok
09:41:23.0413 2388  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:41:23.0416 2388  wudfsvc - ok
09:41:23.0439 2388  ================ Scan global ===============================
09:41:23.0458 2388  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:41:23.0505 2388  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:41:23.0520 2388  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:41:23.0631 2388  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
09:41:23.0664 2388  [Global] - ok
09:41:23.0664 2388  ================ Scan MBR ==================================
09:41:23.0677 2388  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:41:24.0448 2388  \Device\Harddisk0\DR0 - ok
09:41:24.0448 2388  ================ Scan VBR ==================================
09:41:24.0464 2388  [ 6BF9A4A73C5909B767417DC845A16C96 ] \Device\Harddisk0\DR0\Partition1
09:41:24.0466 2388  \Device\Harddisk0\DR0\Partition1 - ok
09:41:24.0485 2388  [ 4B7D46013675EE9C6A8FD6837A1AEAF5 ] \Device\Harddisk0\DR0\Partition2
09:41:24.0487 2388  \Device\Harddisk0\DR0\Partition2 - ok
09:41:24.0487 2388  ============================================================
09:41:24.0487 2388  Scan finished
09:41:24.0487 2388  ============================================================
09:41:24.0503 4816  Detected object count: 1
09:41:24.0503 4816  Actual detected object count: 1
09:41:52.0997 4816  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - skipped by user
09:41:52.0997 4816  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Skip
09:42:13.0568 3976  Deinitialize success
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 05 September 2013 - 11:58 PM

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • When the scan is finished, select cure for the following entry.

    Rootkit.Win32.TDSS.tdl2
    
  • Hit continue.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 06 September 2013 - 04:54 AM

Hi there here is the result:

 

 

09:41:01.0028 4608  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:41:01.0898 4608  ============================================================
09:41:01.0898 4608  Current date / time: 2013/09/06 09:41:01.0898
09:41:01.0898 4608  SystemInfo:
09:41:01.0898 4608  
09:41:01.0898 4608  OS Version: 6.0.6001 ServicePack: 1.0
09:41:01.0898 4608  Product type: Workstation
09:41:01.0898 4608  ComputerName: HOME
09:41:01.0898 4608  UserName: El Rose Stud
09:41:01.0898 4608  Windows directory: C:\Windows
09:41:01.0898 4608  System windows directory: C:\Windows
09:41:01.0898 4608  Processor architecture: Intel x86
09:41:01.0898 4608  Number of processors: 2
09:41:01.0898 4608  Page size: 0x1000
09:41:01.0898 4608  Boot type: Normal boot
09:41:01.0898 4608  ============================================================
09:41:02.0895 4608  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:41:02.0934 4608  ============================================================
09:41:02.0934 4608  \Device\Harddisk0\DR0:
09:41:02.0935 4608  MBR partitions:
09:41:02.0935 4608  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x11A16800
09:41:02.0935 4608  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A17000, BlocksNum 0x11A17000
09:41:02.0935 4608  ============================================================
09:41:03.0020 4608  C: <-> \Device\Harddisk0\DR0\Partition1
09:41:03.0057 4608  D: <-> \Device\Harddisk0\DR0\Partition2
09:41:03.0057 4608  ============================================================
09:41:03.0057 4608  Initialize success
09:41:03.0057 4608  ============================================================
09:41:05.0580 2388  ============================================================
09:41:05.0580 2388  Scan started
09:41:05.0580 2388  Mode: Manual;
09:41:05.0580 2388  ============================================================
09:41:07.0697 2388  ================ Scan system memory ========================
09:41:07.0697 2388  System memory - ok
09:41:07.0698 2388  ================ Scan services =============================
09:41:07.0915 2388  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:41:07.0920 2388  ACPI - ok
09:41:07.0977 2388  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:41:07.0981 2388  AdobeFlashPlayerUpdateSvc - ok
09:41:08.0029 2388  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:41:08.0036 2388  adp94xx - ok
09:41:08.0067 2388  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:41:08.0073 2388  adpahci - ok
09:41:08.0093 2388  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:41:08.0095 2388  adpu160m - ok
09:41:08.0118 2388  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:41:08.0122 2388  adpu320 - ok
09:41:08.0163 2388  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:41:08.0164 2388  AeLookupSvc - ok
09:41:08.0212 2388  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
09:41:08.0217 2388  AFD - ok
09:41:08.0241 2388  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:41:08.0243 2388  agp440 - ok
09:41:08.0258 2388  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:41:08.0260 2388  aic78xx - ok
09:41:08.0283 2388  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
09:41:08.0285 2388  ALG - ok
09:41:08.0298 2388  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:41:08.0300 2388  aliide - ok
09:41:08.0324 2388  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:41:08.0326 2388  amdagp - ok
09:41:08.0340 2388  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:41:08.0341 2388  amdide - ok
09:41:08.0361 2388  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
09:41:08.0363 2388  AmdK7 - ok
09:41:08.0376 2388  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:41:08.0378 2388  AmdK8 - ok
09:41:08.0415 2388  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
09:41:08.0417 2388  Appinfo - ok
09:41:08.0529 2388  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:41:08.0586 2388  Apple Mobile Device - ok
09:41:08.0614 2388  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
09:41:08.0617 2388  arc - ok
09:41:08.0654 2388  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:41:08.0656 2388  arcsas - ok
09:41:08.0695 2388  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:41:08.0697 2388  AsyncMac - ok
09:41:08.0714 2388  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:41:08.0714 2388  atapi - ok
09:41:08.0748 2388  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:41:08.0753 2388  AudioEndpointBuilder - ok
09:41:08.0761 2388  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:41:08.0763 2388  Audiosrv - ok
09:41:08.0868 2388  [ 75F59E6C8806719CBB67D3E73F376CA8 ] BackupStack     C:\Program Files\MyPC Backup\BackupStack.exe
09:41:08.0869 2388  BackupStack - ok
09:41:08.0979 2388  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:41:08.0982 2388  BBSvc - ok
09:41:09.0020 2388  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:41:09.0025 2388  BBUpdate - ok
09:41:09.0055 2388  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:41:09.0057 2388  Beep - ok
09:41:09.0092 2388  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
09:41:09.0098 2388  BFE - ok
09:41:09.0130 2388  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
09:41:09.0136 2388  BITS - ok
09:41:09.0169 2388  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:41:09.0171 2388  blbdrive - ok
09:41:09.0328 2388  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:41:09.0356 2388  Bonjour Service - ok
09:41:09.0381 2388  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:41:09.0383 2388  bowser - ok
09:41:09.0417 2388  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:41:09.0418 2388  BrFiltLo - ok
09:41:09.0433 2388  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:41:09.0435 2388  BrFiltUp - ok
09:41:09.0455 2388  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
09:41:09.0457 2388  Browser - ok
09:41:09.0481 2388  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:41:09.0483 2388  Brserid - ok
09:41:09.0495 2388  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:41:09.0553 2388  BrSerWdm - ok
09:41:09.0588 2388  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:41:09.0593 2388  BrUsbMdm - ok
09:41:09.0623 2388  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:41:09.0626 2388  BrUsbSer - ok
09:41:09.0705 2388  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
09:41:09.0710 2388  BrYNSvc - ok
09:41:09.0734 2388  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:41:09.0735 2388  BTHMODEM - ok
09:41:09.0772 2388  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:41:09.0775 2388  cdfs - ok
09:41:09.0789 2388  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:41:09.0792 2388  cdrom - ok
09:41:09.0834 2388  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
09:41:09.0836 2388  CertPropSvc - ok
09:41:09.0860 2388  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
09:41:09.0862 2388  circlass - ok
09:41:09.0887 2388  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
09:41:09.0892 2388  CLFS - ok
09:41:10.0016 2388  [ E3F539A0A831B4CC6A62DD8F570761F4 ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
09:41:10.0025 2388  CLHNService - ok
09:41:10.0094 2388  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:41:10.0096 2388  clr_optimization_v2.0.50727_32 - ok
09:41:10.0121 2388  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:41:10.0122 2388  cmdide - ok
09:41:10.0143 2388  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:41:10.0144 2388  Compbatt - ok
09:41:10.0151 2388  COMSysApp - ok
09:41:10.0181 2388  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:41:10.0182 2388  crcdisk - ok
09:41:10.0203 2388  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:41:10.0208 2388  Crusoe - ok
09:41:10.0249 2388  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:41:10.0250 2388  CryptSvc - ok
09:41:10.0302 2388  [ 9FD96AFED226918A6ED8D0BAF9C2B398 ] CyberLink Media Server Monitor Service C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
09:41:10.0303 2388  CyberLink Media Server Monitor Service - ok
09:41:10.0329 2388  [ 051E8D7AC7B1902BD32060AB7ED6E449 ] CyberLink Media Server Service C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
09:41:10.0334 2388  CyberLink Media Server Service - ok
09:41:10.0370 2388  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:41:10.0375 2388  DcomLaunch - ok
09:41:10.0418 2388  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:41:10.0420 2388  DfsC - ok
09:41:10.0486 2388  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
09:41:10.0526 2388  DFSR - ok
09:41:10.0625 2388  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:41:10.0630 2388  Dhcp - ok
09:41:10.0658 2388  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
09:41:10.0660 2388  disk - ok
09:41:10.0693 2388  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:41:10.0695 2388  Dnscache - ok
09:41:10.0719 2388  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:41:10.0723 2388  dot3svc - ok
09:41:10.0740 2388  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
09:41:10.0744 2388  DPS - ok
09:41:10.0764 2388  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:41:10.0765 2388  drmkaud - ok
09:41:10.0796 2388  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:41:10.0806 2388  DXGKrnl - ok
09:41:10.0827 2388  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
09:41:10.0830 2388  E1G60 - ok
09:41:10.0857 2388  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
09:41:10.0859 2388  EapHost - ok
09:41:10.0903 2388  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:41:10.0906 2388  Ecache - ok
09:41:10.0990 2388  [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:41:11.0007 2388  ehRecvr - ok
09:41:11.0019 2388  [ A3D94C93333619458AF4BDE7531234C5 ] ehSched         C:\Windows\ehome\ehsched.exe
09:41:11.0022 2388  ehSched - ok
09:41:11.0050 2388  [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart         C:\Windows\ehome\ehstart.dll
09:41:11.0052 2388  ehstart - ok
09:41:11.0094 2388  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:41:11.0100 2388  elxstor - ok
09:41:11.0156 2388  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:41:11.0173 2388  EMDMgmt - ok
09:41:11.0196 2388  enytgxacmeplqt - ok
09:41:11.0217 2388  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:41:11.0219 2388  ErrDev - ok
09:41:11.0259 2388  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
09:41:11.0261 2388  EventSystem - ok
09:41:11.0295 2388  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
09:41:11.0299 2388  exfat - ok
09:41:11.0321 2388  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:41:11.0327 2388  fastfat - ok
09:41:11.0354 2388  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:41:11.0356 2388  fdc - ok
09:41:11.0384 2388  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:41:11.0386 2388  fdPHost - ok
09:41:11.0402 2388  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:41:11.0404 2388  FDResPub - ok
09:41:11.0424 2388  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:41:11.0426 2388  FileInfo - ok
09:41:11.0441 2388  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:41:11.0443 2388  Filetrace - ok
09:41:11.0463 2388  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:41:11.0464 2388  flpydisk - ok
09:41:11.0484 2388  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:41:11.0493 2388  FltMgr - ok
09:41:11.0563 2388  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:41:11.0567 2388  FontCache3.0.0.0 - ok
09:41:11.0609 2388  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:41:11.0610 2388  Fs_Rec - ok
09:41:11.0641 2388  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:41:11.0644 2388  gagp30kx - ok
09:41:11.0680 2388  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:41:11.0681 2388  GEARAspiWDM - ok
09:41:11.0716 2388  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
09:41:11.0733 2388  gpsvc - ok
09:41:11.0852 2388  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca390b24a3cb3b C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:11.0857 2388  gupdate1ca390b24a3cb3b - ok
09:41:11.0882 2388  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:11.0884 2388  gupdatem - ok
09:41:11.0918 2388  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:41:11.0921 2388  gusvc - ok
09:41:11.0956 2388  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:41:11.0961 2388  HdAudAddService - ok
09:41:11.0987 2388  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:41:11.0988 2388  HDAudBus - ok
09:41:12.0008 2388  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:41:12.0010 2388  HidBth - ok
09:41:12.0033 2388  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:41:12.0035 2388  HidIr - ok
09:41:12.0064 2388  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
09:41:12.0066 2388  hidserv - ok
09:41:12.0079 2388  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:41:12.0081 2388  HidUsb - ok
09:41:12.0099 2388  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:41:12.0102 2388  hkmsvc - ok
09:41:12.0129 2388  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:41:12.0131 2388  HpCISSs - ok
09:41:12.0239 2388  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:41:12.0279 2388  HTTP - ok
09:41:12.0309 2388  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:41:12.0310 2388  i2omp - ok
09:41:12.0347 2388  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:41:12.0349 2388  i8042prt - ok
09:41:12.0373 2388  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:41:12.0377 2388  iaStorV - ok
09:41:12.0549 2388  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:41:12.0641 2388  idsvc - ok
09:41:12.0677 2388  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:41:12.0679 2388  iirsp - ok
09:41:12.0723 2388  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
09:41:12.0731 2388  IKEEXT - ok
09:41:12.0805 2388  [ 84ED2154239F9D013BBD3220755ADA8B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:41:12.0871 2388  IntcAzAudAddService - ok
09:41:12.0900 2388  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:41:12.0902 2388  intelide - ok
09:41:12.0930 2388  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:41:12.0932 2388  intelppm - ok
09:41:12.0953 2388  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:41:12.0956 2388  IPBusEnum - ok
09:41:12.0981 2388  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:41:12.0983 2388  IpFilterDriver - ok
09:41:13.0023 2388  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:41:13.0028 2388  iphlpsvc - ok
09:41:13.0035 2388  IpInIp - ok
09:41:13.0061 2388  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:41:13.0063 2388  IPMIDRV - ok
09:41:13.0086 2388  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:41:13.0089 2388  IPNAT - ok
09:41:13.0125 2388  [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:41:13.0142 2388  iPod Service - ok
09:41:13.0157 2388  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:41:13.0158 2388  IRENUM - ok
09:41:13.0186 2388  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:41:13.0188 2388  isapnp - ok
09:41:13.0220 2388  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:41:13.0223 2388  iScsiPrt - ok
09:41:13.0249 2388  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:41:13.0251 2388  iteatapi - ok
09:41:13.0269 2388  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:41:13.0270 2388  iteraid - ok
09:41:13.0289 2388  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:41:13.0291 2388  kbdclass - ok
09:41:13.0308 2388  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:41:13.0310 2388  kbdhid - ok
09:41:13.0322 2388  Suspicious service (NoAccess): kbiwkmeqiuejxf
09:41:13.0325 2388  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - infected
09:41:13.0325 2388  kbiwkmeqiuejxf - detected Rootkit.Win32.TDSS.tdl2 (0)
09:41:13.0347 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
09:41:13.0348 2388  KeyIso - ok
09:41:13.0399 2388  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:41:13.0416 2388  KSecDD - ok
09:41:13.0448 2388  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:41:13.0455 2388  KtmRm - ok
09:41:13.0498 2388  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:41:13.0540 2388  LanmanServer - ok
09:41:13.0615 2388  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:41:13.0621 2388  LanmanWorkstation - ok
09:41:13.0650 2388  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:41:13.0652 2388  lltdio - ok
09:41:13.0677 2388  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:41:13.0681 2388  lltdsvc - ok
09:41:13.0697 2388  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:41:13.0700 2388  lmhosts - ok
09:41:13.0726 2388  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:41:13.0729 2388  LSI_FC - ok
09:41:13.0747 2388  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:41:13.0750 2388  LSI_SAS - ok
09:41:13.0763 2388  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:41:13.0765 2388  LSI_SCSI - ok
09:41:13.0791 2388  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
09:41:13.0794 2388  luafv - ok
09:41:13.0822 2388  [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
09:41:13.0824 2388  LVPr2Mon - ok
09:41:13.0892 2388  [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:41:13.0896 2388  LVPrcSrv - ok
09:41:13.0930 2388  [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:41:13.0933 2388  Mcx2Svc - ok
09:41:13.0975 2388  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:41:13.0977 2388  megasas - ok
09:41:14.0019 2388  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:41:14.0026 2388  MegaSR - ok
09:41:14.0057 2388  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
09:41:14.0060 2388  MMCSS - ok
09:41:14.0079 2388  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
09:41:14.0081 2388  Modem - ok
09:41:14.0105 2388  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:41:14.0106 2388  monitor - ok
09:41:14.0122 2388  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:41:14.0130 2388  mouclass - ok
09:41:14.0143 2388  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:41:14.0144 2388  mouhid - ok
09:41:14.0159 2388  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:41:14.0161 2388  MountMgr - ok
09:41:14.0212 2388  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:41:14.0214 2388  MozillaMaintenance - ok
09:41:14.0252 2388  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:41:14.0255 2388  mpio - ok
09:41:14.0276 2388  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:41:14.0278 2388  mpsdrv - ok
09:41:14.0300 2388  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:41:14.0305 2388  MpsSvc - ok
09:41:14.0330 2388  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:41:14.0331 2388  Mraid35x - ok
09:41:14.0360 2388  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:41:14.0362 2388  MRxDAV - ok
09:41:14.0406 2388  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:41:14.0415 2388  mrxsmb - ok
09:41:14.0461 2388  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:41:14.0465 2388  mrxsmb10 - ok
09:41:14.0482 2388  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:41:14.0492 2388  mrxsmb20 - ok
09:41:14.0533 2388  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
09:41:14.0536 2388  msahci - ok
09:41:14.0582 2388  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:41:14.0586 2388  msdsm - ok
09:41:14.0607 2388  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
09:41:14.0611 2388  MSDTC - ok
09:41:14.0637 2388  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:41:14.0639 2388  Msfs - ok
09:41:14.0656 2388  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:41:14.0657 2388  msisadrv - ok
09:41:14.0702 2388  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:41:14.0705 2388  MSiSCSI - ok
09:41:14.0711 2388  msiserver - ok
09:41:14.0749 2388  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:41:14.0751 2388  MSKSSRV - ok
09:41:14.0772 2388  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:41:14.0773 2388  MSPCLOCK - ok
09:41:14.0801 2388  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:41:14.0802 2388  MSPQM - ok
09:41:14.0824 2388  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:41:14.0828 2388  MsRPC - ok
09:41:14.0843 2388  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:41:14.0845 2388  mssmbios - ok
09:41:14.0863 2388  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:41:14.0865 2388  MSTEE - ok
09:41:14.0880 2388  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
09:41:14.0882 2388  Mup - ok
09:41:14.0915 2388  [ 2DE94E435C3EFDE58C7B1856D4F20724 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:41:14.0917 2388  mwlPSDFilter - ok
09:41:14.0929 2388  [ 61920A7146EED3D903DBBB8EC295AF76 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:41:14.0930 2388  mwlPSDNServ - ok
09:41:14.0946 2388  [ E0F49721E68EBD2983E84C44FADA6665 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:41:14.0948 2388  mwlPSDVDisk - ok
09:41:14.0999 2388  [ 77F8AD024059A9A8E17E654B887D1EF0 ] MWLService      C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
09:41:15.0015 2388  MWLService - ok
09:41:15.0047 2388  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
09:41:15.0056 2388  napagent - ok
09:41:15.0123 2388  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:41:15.0128 2388  NativeWifiP - ok
09:41:15.0171 2388  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:41:15.0188 2388  NDIS - ok
09:41:15.0200 2388  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:41:15.0201 2388  NdisTapi - ok
09:41:15.0220 2388  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:41:15.0222 2388  Ndisuio - ok
09:41:15.0239 2388  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:41:15.0241 2388  NdisWan - ok
09:41:15.0253 2388  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:41:15.0256 2388  NDProxy - ok
09:41:15.0275 2388  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:41:15.0277 2388  NetBIOS - ok
09:41:15.0294 2388  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:41:15.0298 2388  netbt - ok
09:41:15.0312 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
09:41:15.0314 2388  Netlogon - ok
09:41:15.0367 2388  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
09:41:15.0384 2388  Netman - ok
09:41:15.0399 2388  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
09:41:15.0404 2388  netprofm - ok
09:41:15.0437 2388  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:41:15.0441 2388  NetTcpPortSharing - ok
09:41:15.0490 2388  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:41:15.0492 2388  nfrd960 - ok
09:41:15.0524 2388  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:41:15.0528 2388  NlaSvc - ok
09:41:15.0568 2388  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:41:15.0575 2388  Npfs - ok
09:41:15.0605 2388  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
09:41:15.0608 2388  nsi - ok
09:41:15.0623 2388  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:41:15.0627 2388  nsiproxy - ok
09:41:15.0667 2388  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:41:15.0691 2388  Ntfs - ok
09:41:15.0757 2388  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
09:41:15.0759 2388  NTIBackupSvc - ok
09:41:15.0803 2388  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
09:41:15.0805 2388  NTIDrvr - ok
09:41:15.0815 2388  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
09:41:15.0819 2388  NTISchedulerSvc - ok
09:41:15.0850 2388  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
09:41:15.0851 2388  ntrigdigi - ok
09:41:15.0876 2388  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
09:41:15.0878 2388  Null - ok
09:41:15.0925 2388  [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:41:15.0959 2388  NVENETFD - ok
09:41:15.0982 2388  [ 723931A765E8CDDF7FFCB42F5A72CE79 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
09:41:15.0984 2388  NVHDA - ok
09:41:16.0389 2388  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:41:16.0554 2388  nvlddmkm - ok
09:41:16.0597 2388  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:41:16.0599 2388  nvraid - ok
09:41:16.0615 2388  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:41:16.0618 2388  nvstor - ok
09:41:16.0650 2388  [ BB4DD678706510D9249EED1DA0219900 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
09:41:16.0651 2388  nvstor32 - ok
09:41:16.0732 2388  [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:41:16.0766 2388  nvsvc - ok
09:41:16.0871 2388  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:41:16.0896 2388  nvUpdatusService - ok
09:41:16.0920 2388  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:41:16.0923 2388  nv_agp - ok
09:41:16.0929 2388  NwlnkFlt - ok
09:41:16.0938 2388  NwlnkFwd - ok
09:41:16.0968 2388  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
09:41:16.0970 2388  ohci1394 - ok
09:41:16.0998 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:41:17.0016 2388  p2pimsvc - ok
09:41:17.0041 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:41:17.0046 2388  p2psvc - ok
09:41:17.0091 2388  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
09:41:17.0094 2388  Parport - ok
09:41:17.0118 2388  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:41:17.0120 2388  partmgr - ok
09:41:17.0136 2388  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:41:17.0177 2388  Parvdm - ok
09:41:17.0212 2388  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:41:17.0215 2388  PcaSvc - ok
09:41:17.0237 2388  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
09:41:17.0240 2388  pci - ok
09:41:17.0261 2388  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
09:41:17.0263 2388  pciide - ok
09:41:17.0292 2388  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:41:17.0295 2388  pcmcia - ok
09:41:17.0407 2388  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
09:41:17.0415 2388  PDFProFiltSrvPP - ok
09:41:17.0444 2388  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:41:17.0462 2388  PEAUTH - ok
09:41:17.0579 2388  [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V32.SYS
09:41:17.0620 2388  PID_PEPI - ok
09:41:17.0680 2388  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
09:41:17.0707 2388  pla - ok
09:41:17.0732 2388  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:41:17.0736 2388  PlugPlay - ok
09:41:17.0756 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:41:17.0762 2388  PNRPAutoReg - ok
09:41:17.0781 2388  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:41:17.0787 2388  PNRPsvc - ok
09:41:17.0852 2388  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:41:17.0859 2388  PolicyAgent - ok
09:41:17.0896 2388  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:41:17.0898 2388  PptpMiniport - ok
09:41:17.0926 2388  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
09:41:17.0928 2388  Processor - ok
09:41:17.0960 2388  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:41:17.0964 2388  ProfSvc - ok
09:41:17.0978 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:41:17.0979 2388  ProtectedStorage - ok
09:41:17.0995 2388  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:41:17.0998 2388  PSched - ok
09:41:18.0037 2388  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:41:18.0145 2388  ql2300 - ok
09:41:18.0167 2388  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:41:18.0171 2388  ql40xx - ok
09:41:18.0224 2388  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
09:41:18.0230 2388  QWAVE - ok
09:41:18.0252 2388  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:41:18.0254 2388  QWAVEdrv - ok
09:41:18.0318 2388  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
09:41:18.0322 2388  RapiMgr - ok
09:41:18.0351 2388  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:41:18.0353 2388  RasAcd - ok
09:41:18.0375 2388  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
09:41:18.0379 2388  RasAuto - ok
09:41:18.0402 2388  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:41:18.0405 2388  Rasl2tp - ok
09:41:18.0424 2388  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
09:41:18.0430 2388  RasMan - ok
09:41:18.0440 2388  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:41:18.0441 2388  RasPppoe - ok
09:41:18.0455 2388  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:41:18.0458 2388  RasSstp - ok
09:41:18.0478 2388  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:41:18.0482 2388  rdbss - ok
09:41:18.0489 2388  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:41:18.0490 2388  RDPCDD - ok
09:41:18.0519 2388  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:41:18.0552 2388  rdpdr - ok
09:41:18.0558 2388  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:41:18.0560 2388  RDPENCDD - ok
09:41:18.0584 2388  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:41:18.0589 2388  RDPWD - ok
09:41:18.0626 2388  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:41:18.0629 2388  RemoteAccess - ok
09:41:18.0651 2388  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:41:18.0656 2388  RemoteRegistry - ok
09:41:18.0720 2388  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
09:41:18.0725 2388  RichVideo - ok
09:41:18.0751 2388  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
09:41:18.0753 2388  RpcLocator - ok
09:41:18.0775 2388  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
09:41:18.0780 2388  RpcSs - ok
09:41:18.0810 2388  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:41:18.0812 2388  rspndr - ok
09:41:18.0862 2388  [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus        C:\Windows\system32\DRIVERS\s1018bus.sys
09:41:18.0864 2388  s1018bus - ok
09:41:18.0908 2388  [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl       C:\Windows\system32\DRIVERS\s1018mdfl.sys
09:41:18.0910 2388  s1018mdfl - ok
09:41:18.0944 2388  [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm        C:\Windows\system32\DRIVERS\s1018mdm.sys
09:41:18.0947 2388  s1018mdm - ok
09:41:18.0972 2388  [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt       C:\Windows\system32\DRIVERS\s1018mgmt.sys
09:41:18.0974 2388  s1018mgmt - ok
09:41:18.0998 2388  [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5        C:\Windows\system32\DRIVERS\s1018nd5.sys
09:41:19.0000 2388  s1018nd5 - ok
09:41:19.0038 2388  [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex       C:\Windows\system32\DRIVERS\s1018obex.sys
09:41:19.0044 2388  s1018obex - ok
09:41:19.0093 2388  [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic       C:\Windows\system32\DRIVERS\s1018unic.sys
09:41:19.0096 2388  s1018unic - ok
09:41:19.0119 2388  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
09:41:19.0120 2388  SamSs - ok
09:41:19.0160 2388  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:41:19.0165 2388  sbp2port - ok
09:41:19.0209 2388  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:41:19.0213 2388  SCardSvr - ok
09:41:19.0273 2388  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
09:41:19.0291 2388  Schedule - ok
09:41:19.0304 2388  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:41:19.0305 2388  SCPolicySvc - ok
09:41:19.0322 2388  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:41:19.0326 2388  SDRSVC - ok
09:41:19.0346 2388  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:41:19.0348 2388  secdrv - ok
09:41:19.0363 2388  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
09:41:19.0366 2388  seclogon - ok
09:41:19.0385 2388  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
09:41:19.0395 2388  SENS - ok
09:41:19.0413 2388  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:41:19.0414 2388  Serenum - ok
09:41:19.0436 2388  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:41:19.0439 2388  Serial - ok
09:41:19.0452 2388  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:41:19.0454 2388  sermouse - ok
09:41:19.0491 2388  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:41:19.0505 2388  SessionEnv - ok
09:41:19.0519 2388  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:41:19.0526 2388  sffdisk - ok
09:41:19.0574 2388  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:41:19.0576 2388  sffp_mmc - ok
09:41:19.0592 2388  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:41:19.0594 2388  sffp_sd - ok
09:41:19.0609 2388  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:41:19.0612 2388  sfloppy - ok
09:41:19.0637 2388  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:41:19.0643 2388  SharedAccess - ok
09:41:19.0696 2388  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:41:19.0702 2388  ShellHWDetection - ok
09:41:19.0728 2388  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:41:19.0730 2388  sisagp - ok
09:41:19.0746 2388  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:41:19.0747 2388  SiSRaid2 - ok
09:41:19.0766 2388  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:41:19.0769 2388  SiSRaid4 - ok
09:41:19.0818 2388  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:41:19.0822 2388  SkypeUpdate - ok
09:41:19.0909 2388  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
09:41:19.0949 2388  slsvc - ok
09:41:19.0966 2388  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:41:19.0969 2388  SLUINotify - ok
09:41:19.0994 2388  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:41:19.0997 2388  Smb - ok
09:41:20.0016 2388  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:41:20.0018 2388  SNMPTRAP - ok
09:41:20.0035 2388  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
09:41:20.0041 2388  spldr - ok
09:41:20.0094 2388  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
09:41:20.0100 2388  Spooler - ok
09:41:20.0128 2388  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:41:20.0134 2388  srv - ok
09:41:20.0175 2388  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:41:20.0178 2388  srv2 - ok
09:41:20.0195 2388  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:41:20.0205 2388  srvnet - ok
09:41:20.0233 2388  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:41:20.0238 2388  SSDPSRV - ok
09:41:20.0253 2388  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:41:20.0258 2388  SstpSvc - ok
09:41:20.0294 2388  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
09:41:20.0311 2388  stisvc - ok
09:41:20.0335 2388  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:41:20.0337 2388  swenum - ok
09:41:20.0358 2388  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
09:41:20.0367 2388  swprv - ok
09:41:20.0396 2388  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:41:20.0398 2388  Symc8xx - ok
09:41:20.0413 2388  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:41:20.0415 2388  Sym_hi - ok
09:41:20.0429 2388  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:41:20.0431 2388  Sym_u3 - ok
09:41:20.0462 2388  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
09:41:20.0479 2388  SysMain - ok
09:41:20.0496 2388  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:41:20.0500 2388  TabletInputService - ok
09:41:20.0524 2388  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:41:20.0530 2388  TapiSrv - ok
09:41:20.0556 2388  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
09:41:20.0559 2388  TBS - ok
09:41:20.0676 2388  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:41:20.0709 2388  Tcpip - ok
09:41:20.0743 2388  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:41:20.0748 2388  Tcpip6 - ok
09:41:20.0768 2388  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:41:20.0770 2388  tcpipreg - ok
09:41:20.0785 2388  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:41:20.0787 2388  TDPIPE - ok
09:41:20.0805 2388  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:41:20.0808 2388  TDTCP - ok
09:41:20.0834 2388  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:41:20.0836 2388  tdx - ok
09:41:20.0853 2388  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:41:20.0863 2388  TermDD - ok
09:41:20.0913 2388  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
09:41:20.0917 2388  TermService - ok
09:41:20.0937 2388  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
09:41:20.0941 2388  Themes - ok
09:41:20.0954 2388  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
09:41:20.0956 2388  THREADORDER - ok
09:41:20.0978 2388  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
09:41:20.0982 2388  TrkWks - ok
09:41:21.0022 2388  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:41:21.0024 2388  TrustedInstaller - ok
09:41:21.0039 2388  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:41:21.0041 2388  tssecsrv - ok
09:41:21.0067 2388  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:41:21.0069 2388  tunmp - ok
09:41:21.0077 2388  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:41:21.0078 2388  tunnel - ok
09:41:21.0101 2388  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:41:21.0103 2388  uagp35 - ok
09:41:21.0141 2388  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
09:41:21.0142 2388  UBHelper - ok
09:41:21.0168 2388  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:41:21.0173 2388  udfs - ok
09:41:21.0209 2388  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:41:21.0213 2388  UI0Detect - ok
09:41:21.0233 2388  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:41:21.0235 2388  uliagpkx - ok
09:41:21.0262 2388  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:41:21.0267 2388  uliahci - ok
09:41:21.0289 2388  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:41:21.0292 2388  UlSata - ok
09:41:21.0315 2388  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:41:21.0317 2388  ulsata2 - ok
09:41:21.0339 2388  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:41:21.0340 2388  umbus - ok
09:41:21.0362 2388  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
09:41:21.0368 2388  upnphost - ok
09:41:21.0438 2388  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
09:41:21.0441 2388  USBAAPL - ok
09:41:21.0480 2388  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:41:21.0483 2388  usbccgp - ok
09:41:21.0506 2388  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:41:21.0509 2388  usbcir - ok
09:41:21.0535 2388  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:41:21.0538 2388  usbehci - ok
09:41:21.0592 2388  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:41:21.0596 2388  usbhub - ok
09:41:21.0621 2388  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:41:21.0622 2388  usbohci - ok
09:41:21.0650 2388  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:41:21.0652 2388  usbprint - ok
09:41:21.0670 2388  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:41:21.0672 2388  usbscan - ok
09:41:21.0692 2388  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:41:21.0694 2388  USBSTOR - ok
09:41:21.0712 2388  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:41:21.0715 2388  usbuhci - ok
09:41:21.0756 2388  [ EE181A08E09DB23CF4A49B46A1E66BB8 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
09:41:21.0760 2388  usb_rndisx - ok
09:41:21.0792 2388  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
09:41:21.0795 2388  UxSms - ok
09:41:21.0810 2388  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
09:41:21.0827 2388  vds - ok
09:41:21.0842 2388  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:41:21.0844 2388  vga - ok
09:41:21.0867 2388  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:41:21.0869 2388  VgaSave - ok
09:41:21.0891 2388  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:41:21.0894 2388  viaagp - ok
09:41:21.0914 2388  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:41:21.0916 2388  ViaC7 - ok
09:41:21.0941 2388  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
09:41:21.0943 2388  viaide - ok
09:41:21.0964 2388  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:41:21.0966 2388  volmgr - ok
09:41:22.0006 2388  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:41:22.0011 2388  volmgrx - ok
09:41:22.0028 2388  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:41:22.0030 2388  volsnap - ok
09:41:22.0053 2388  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:41:22.0056 2388  vsmraid - ok
09:41:22.0134 2388  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
09:41:22.0193 2388  VSS - ok
09:41:22.0210 2388  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
09:41:22.0217 2388  W32Time - ok
09:41:22.0238 2388  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:41:22.0239 2388  WacomPen - ok
09:41:22.0270 2388  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:41:22.0272 2388  Wanarp - ok
09:41:22.0277 2388  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:41:22.0278 2388  Wanarpv6 - ok
09:41:22.0351 2388  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
09:41:22.0356 2388  WcesComm - ok
09:41:22.0382 2388  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:41:22.0399 2388  wcncsvc - ok
09:41:22.0414 2388  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:41:22.0417 2388  WcsPlugInService - ok
09:41:22.0434 2388  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
09:41:22.0436 2388  Wd - ok
09:41:22.0455 2388  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:41:22.0463 2388  Wdf01000 - ok
09:41:22.0481 2388  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:41:22.0491 2388  WdiServiceHost - ok
09:41:22.0557 2388  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:41:22.0560 2388  WdiSystemHost - ok
09:41:22.0576 2388  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
09:41:22.0583 2388  WebClient - ok
09:41:22.0634 2388  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:41:22.0639 2388  Wecsvc - ok
09:41:22.0663 2388  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:41:22.0666 2388  wercplsupport - ok
09:41:22.0687 2388  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:41:22.0691 2388  WerSvc - ok
09:41:22.0735 2388  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:41:22.0740 2388  WinDefend - ok
09:41:22.0747 2388  WinHttpAutoProxySvc - ok
09:41:22.0837 2388  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:41:22.0842 2388  Winmgmt - ok
09:41:22.0881 2388  [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM           C:\Windows\system32\WsmSvc.dll
09:41:22.0903 2388  WinRM - ok
09:41:22.0952 2388  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:41:22.0969 2388  Wlansvc - ok
09:41:22.0998 2388  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:41:23.0001 2388  WmiAcpi - ok
09:41:23.0044 2388  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:41:23.0047 2388  wmiApSrv - ok
09:41:23.0102 2388  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:41:23.0128 2388  WMPNetworkSvc - ok
09:41:23.0145 2388  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:41:23.0150 2388  WPCSvc - ok
09:41:23.0163 2388  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:41:23.0167 2388  WPDBusEnum - ok
09:41:23.0207 2388  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:41:23.0209 2388  WpdUsb - ok
09:41:23.0238 2388  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:41:23.0240 2388  ws2ifsl - ok
09:41:23.0260 2388  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
09:41:23.0264 2388  wscsvc - ok
09:41:23.0270 2388  WSearch - ok
09:41:23.0346 2388  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:41:23.0379 2388  wuauserv - ok
09:41:23.0397 2388  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:41:23.0400 2388  WUDFRd - ok
09:41:23.0413 2388  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:41:23.0416 2388  wudfsvc - ok
09:41:23.0439 2388  ================ Scan global ===============================
09:41:23.0458 2388  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:41:23.0505 2388  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:41:23.0520 2388  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:41:23.0631 2388  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
09:41:23.0664 2388  [Global] - ok
09:41:23.0664 2388  ================ Scan MBR ==================================
09:41:23.0677 2388  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:41:24.0448 2388  \Device\Harddisk0\DR0 - ok
09:41:24.0448 2388  ================ Scan VBR ==================================
09:41:24.0464 2388  [ 6BF9A4A73C5909B767417DC845A16C96 ] \Device\Harddisk0\DR0\Partition1
09:41:24.0466 2388  \Device\Harddisk0\DR0\Partition1 - ok
09:41:24.0485 2388  [ 4B7D46013675EE9C6A8FD6837A1AEAF5 ] \Device\Harddisk0\DR0\Partition2
09:41:24.0487 2388  \Device\Harddisk0\DR0\Partition2 - ok
09:41:24.0487 2388  ============================================================
09:41:24.0487 2388  Scan finished
09:41:24.0487 2388  ============================================================
09:41:24.0503 4816  Detected object count: 1
09:41:24.0503 4816  Actual detected object count: 1
09:41:52.0997 4816  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - skipped by user
09:41:52.0997 4816  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Skip
09:42:13.0568 3976  Deinitialize success
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 06 September 2013 - 05:01 AM

User select action: Skip

 

You skipped the removal. Mark the threat to cure and retry!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 06 September 2013 - 07:49 PM

Sorry, I pasted the wrong log.  One thing though I couldn't see Cure as an option, the only thing I could see was delete so I selected that (fingers crossed)

 

Mike

 

21:43:19.0076 5388  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:43:20.0097 5388  ============================================================
21:43:20.0097 5388  Current date / time: 2013/09/06 21:43:20.0097
21:43:20.0097 5388  SystemInfo:
21:43:20.0097 5388  
21:43:20.0097 5388  OS Version: 6.0.6001 ServicePack: 1.0
21:43:20.0097 5388  Product type: Workstation
21:43:20.0097 5388  ComputerName: HOME
21:43:20.0098 5388  UserName: El Rose Stud
21:43:20.0098 5388  Windows directory: C:\Windows
21:43:20.0098 5388  System windows directory: C:\Windows
21:43:20.0098 5388  Processor architecture: Intel x86
21:43:20.0098 5388  Number of processors: 2
21:43:20.0098 5388  Page size: 0x1000
21:43:20.0098 5388  Boot type: Normal boot
21:43:20.0098 5388  ============================================================
21:43:21.0243 5388  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:43:21.0249 5388  ============================================================
21:43:21.0249 5388  \Device\Harddisk0\DR0:
21:43:21.0259 5388  MBR partitions:
21:43:21.0259 5388  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x11A16800
21:43:21.0259 5388  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A17000, BlocksNum 0x11A17000
21:43:21.0259 5388  ============================================================
21:43:21.0341 5388  C: <-> \Device\Harddisk0\DR0\Partition1
21:43:21.0421 5388  D: <-> \Device\Harddisk0\DR0\Partition2
21:43:21.0421 5388  ============================================================
21:43:21.0422 5388  Initialize success
21:43:21.0422 5388  ============================================================
21:43:30.0280 1760  ============================================================
21:43:30.0281 1760  Scan started
21:43:30.0281 1760  Mode: Manual;
21:43:30.0281 1760  ============================================================
21:43:31.0368 1760  ================ Scan system memory ========================
21:43:31.0368 1760  System memory - ok
21:43:31.0368 1760  ================ Scan services =============================
21:43:31.0519 1760  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:43:31.0523 1760  ACPI - ok
21:43:31.0589 1760  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:43:31.0593 1760  AdobeFlashPlayerUpdateSvc - ok
21:43:31.0641 1760  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:43:31.0648 1760  adp94xx - ok
21:43:31.0671 1760  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:43:31.0677 1760  adpahci - ok
21:43:31.0696 1760  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:43:31.0699 1760  adpu160m - ok
21:43:31.0722 1760  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:43:31.0725 1760  adpu320 - ok
21:43:31.0766 1760  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:43:31.0768 1760  AeLookupSvc - ok
21:43:31.0815 1760  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
21:43:31.0821 1760  AFD - ok
21:43:31.0844 1760  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:43:31.0846 1760  agp440 - ok
21:43:31.0861 1760  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:43:31.0863 1760  aic78xx - ok
21:43:31.0887 1760  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:43:31.0912 1760  ALG - ok
21:43:31.0927 1760  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:43:31.0928 1760  aliide - ok
21:43:31.0952 1760  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:43:31.0954 1760  amdagp - ok
21:43:31.0977 1760  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:43:31.0978 1760  amdide - ok
21:43:31.0998 1760  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:43:32.0000 1760  AmdK7 - ok
21:43:32.0013 1760  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:43:32.0014 1760  AmdK8 - ok
21:43:32.0052 1760  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:43:32.0054 1760  Appinfo - ok
21:43:32.0141 1760  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:43:32.0143 1760  Apple Mobile Device - ok
21:43:32.0176 1760  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
21:43:32.0179 1760  arc - ok
21:43:32.0216 1760  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:43:32.0218 1760  arcsas - ok
21:43:32.0258 1760  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:43:32.0259 1760  AsyncMac - ok
21:43:32.0276 1760  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:43:32.0276 1760  atapi - ok
21:43:32.0335 1760  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:43:32.0340 1760  AudioEndpointBuilder - ok
21:43:32.0348 1760  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:43:32.0350 1760  Audiosrv - ok
21:43:32.0438 1760  [ 75F59E6C8806719CBB67D3E73F376CA8 ] BackupStack     C:\Program Files\MyPC Backup\BackupStack.exe
21:43:32.0439 1760  BackupStack - ok
21:43:32.0511 1760  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:43:32.0514 1760  BBSvc - ok
21:43:32.0558 1760  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:43:32.0562 1760  BBUpdate - ok
21:43:32.0592 1760  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:43:32.0593 1760  Beep - ok
21:43:32.0629 1760  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
21:43:32.0635 1760  BFE - ok
21:43:32.0667 1760  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
21:43:32.0684 1760  BITS - ok
21:43:32.0707 1760  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:43:32.0708 1760  blbdrive - ok
21:43:32.0785 1760  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:43:32.0791 1760  Bonjour Service - ok
21:43:32.0818 1760  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:43:32.0819 1760  bowser - ok
21:43:32.0837 1760  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:43:32.0838 1760  BrFiltLo - ok
21:43:32.0854 1760  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:43:32.0856 1760  BrFiltUp - ok
21:43:32.0883 1760  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:43:32.0892 1760  Browser - ok
21:43:32.0926 1760  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:43:32.0929 1760  Brserid - ok
21:43:32.0940 1760  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:43:32.0943 1760  BrSerWdm - ok
21:43:32.0967 1760  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:43:32.0969 1760  BrUsbMdm - ok
21:43:32.0985 1760  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:43:32.0988 1760  BrUsbSer - ok
21:43:33.0067 1760  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
21:43:33.0072 1760  BrYNSvc - ok
21:43:33.0096 1760  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:43:33.0098 1760  BTHMODEM - ok
21:43:33.0126 1760  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:43:33.0128 1760  cdfs - ok
21:43:33.0143 1760  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:43:33.0146 1760  cdrom - ok
21:43:33.0188 1760  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
21:43:33.0189 1760  CertPropSvc - ok
21:43:33.0214 1760  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
21:43:33.0216 1760  circlass - ok
21:43:33.0241 1760  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
21:43:33.0245 1760  CLFS - ok
21:43:33.0353 1760  [ E3F539A0A831B4CC6A62DD8F570761F4 ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
21:43:33.0357 1760  CLHNService - ok
21:43:33.0423 1760  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:43:33.0425 1760  clr_optimization_v2.0.50727_32 - ok
21:43:33.0458 1760  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:43:33.0459 1760  cmdide - ok
21:43:33.0480 1760  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:43:33.0481 1760  Compbatt - ok
21:43:33.0488 1760  COMSysApp - ok
21:43:33.0498 1760  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:43:33.0499 1760  crcdisk - ok
21:43:33.0516 1760  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:43:33.0517 1760  Crusoe - ok
21:43:33.0552 1760  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:43:33.0555 1760  CryptSvc - ok
21:43:33.0605 1760  [ 9FD96AFED226918A6ED8D0BAF9C2B398 ] CyberLink Media Server Monitor Service C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
21:43:33.0608 1760  CyberLink Media Server Monitor Service - ok
21:43:33.0633 1760  [ 051E8D7AC7B1902BD32060AB7ED6E449 ] CyberLink Media Server Service C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
21:43:33.0638 1760  CyberLink Media Server Service - ok
21:43:33.0674 1760  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:43:33.0684 1760  DcomLaunch - ok
21:43:33.0730 1760  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:43:33.0731 1760  DfsC - ok
21:43:33.0798 1760  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
21:43:33.0834 1760  DFSR - ok
21:43:33.0869 1760  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:43:33.0874 1760  Dhcp - ok
21:43:33.0921 1760  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
21:43:33.0921 1760  disk - ok
21:43:33.0947 1760  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:43:33.0949 1760  Dnscache - ok
21:43:33.0973 1760  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:43:33.0977 1760  dot3svc - ok
21:43:34.0002 1760  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:43:34.0006 1760  DPS - ok
21:43:34.0026 1760  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:43:34.0028 1760  drmkaud - ok
21:43:34.0058 1760  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:43:34.0068 1760  DXGKrnl - ok
21:43:34.0098 1760  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:43:34.0100 1760  E1G60 - ok
21:43:34.0127 1760  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:43:34.0129 1760  EapHost - ok
21:43:34.0157 1760  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:43:34.0159 1760  Ecache - ok
21:43:34.0210 1760  [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:43:34.0217 1760  ehRecvr - ok
21:43:34.0232 1760  [ A3D94C93333619458AF4BDE7531234C5 ] ehSched         C:\Windows\ehome\ehsched.exe
21:43:34.0234 1760  ehSched - ok
21:43:34.0254 1760  [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart         C:\Windows\ehome\ehstart.dll
21:43:34.0255 1760  ehstart - ok
21:43:34.0298 1760  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:43:34.0306 1760  elxstor - ok
21:43:34.0352 1760  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:43:34.0369 1760  EMDMgmt - ok
21:43:34.0388 1760  enytgxacmeplqt - ok
21:43:34.0413 1760  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:43:34.0414 1760  ErrDev - ok
21:43:34.0446 1760  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
21:43:34.0451 1760  EventSystem - ok
21:43:34.0482 1760  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
21:43:34.0485 1760  exfat - ok
21:43:34.0508 1760  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:43:34.0512 1760  fastfat - ok
21:43:34.0533 1760  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:43:34.0536 1760  fdc - ok
21:43:34.0562 1760  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:43:34.0565 1760  fdPHost - ok
21:43:34.0597 1760  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:43:34.0599 1760  FDResPub - ok
21:43:34.0619 1760  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:43:34.0621 1760  FileInfo - ok
21:43:34.0636 1760  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:43:34.0638 1760  Filetrace - ok
21:43:34.0650 1760  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:43:34.0652 1760  flpydisk - ok
21:43:34.0672 1760  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:43:34.0675 1760  FltMgr - ok
21:43:34.0726 1760  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:43:34.0727 1760  FontCache3.0.0.0 - ok
21:43:34.0746 1760  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:43:34.0748 1760  Fs_Rec - ok
21:43:34.0770 1760  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:43:34.0772 1760  gagp30kx - ok
21:43:34.0809 1760  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:43:34.0810 1760  GEARAspiWDM - ok
21:43:34.0845 1760  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
21:43:34.0862 1760  gpsvc - ok
21:43:34.0932 1760  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca390b24a3cb3b C:\Program Files\Google\Update\GoogleUpdate.exe
21:43:34.0935 1760  gupdate1ca390b24a3cb3b - ok
21:43:34.0944 1760  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:43:34.0945 1760  gupdatem - ok
21:43:34.0989 1760  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:43:34.0992 1760  gusvc - ok
21:43:35.0027 1760  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:43:35.0031 1760  HdAudAddService - ok
21:43:35.0057 1760  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:43:35.0059 1760  HDAudBus - ok
21:43:35.0079 1760  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:43:35.0081 1760  HidBth - ok
21:43:35.0104 1760  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:43:35.0106 1760  HidIr - ok
21:43:35.0126 1760  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
21:43:35.0128 1760  hidserv - ok
21:43:35.0142 1760  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:43:35.0143 1760  HidUsb - ok
21:43:35.0161 1760  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:43:35.0164 1760  hkmsvc - ok
21:43:35.0183 1760  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:43:35.0184 1760  HpCISSs - ok
21:43:35.0223 1760  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:43:35.0230 1760  HTTP - ok
21:43:35.0254 1760  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:43:35.0256 1760  i2omp - ok
21:43:35.0292 1760  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:43:35.0296 1760  i8042prt - ok
21:43:35.0327 1760  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:43:35.0332 1760  iaStorV - ok
21:43:35.0396 1760  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:43:35.0417 1760  idsvc - ok
21:43:35.0439 1760  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:43:35.0441 1760  iirsp - ok
21:43:35.0468 1760  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
21:43:35.0477 1760  IKEEXT - ok
21:43:35.0677 1760  [ 84ED2154239F9D013BBD3220755ADA8B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:43:35.0725 1760  IntcAzAudAddService - ok
21:43:35.0754 1760  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:43:35.0755 1760  intelide - ok
21:43:35.0793 1760  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:43:35.0795 1760  intelppm - ok
21:43:35.0815 1760  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:43:35.0818 1760  IPBusEnum - ok
21:43:35.0843 1760  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:43:35.0845 1760  IpFilterDriver - ok
21:43:35.0900 1760  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:43:35.0905 1760  iphlpsvc - ok
21:43:35.0911 1760  IpInIp - ok
21:43:35.0932 1760  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:43:35.0935 1760  IPMIDRV - ok
21:43:35.0957 1760  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:43:35.0959 1760  IPNAT - ok
21:43:36.0012 1760  [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:43:36.0030 1760  iPod Service - ok
21:43:36.0044 1760  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:43:36.0046 1760  IRENUM - ok
21:43:36.0065 1760  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:43:36.0067 1760  isapnp - ok
21:43:36.0099 1760  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:43:36.0103 1760  iScsiPrt - ok
21:43:36.0128 1760  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:43:36.0130 1760  iteatapi - ok
21:43:36.0148 1760  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:43:36.0149 1760  iteraid - ok
21:43:36.0168 1760  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:43:36.0170 1760  kbdclass - ok
21:43:36.0179 1760  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:43:36.0181 1760  kbdhid - ok
21:43:36.0193 1760  Suspicious service (NoAccess): kbiwkmeqiuejxf
21:43:36.0196 1760  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - infected
21:43:36.0196 1760  kbiwkmeqiuejxf - detected Rootkit.Win32.TDSS.tdl2 (0)
21:43:36.0217 1760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
21:43:36.0219 1760  KeyIso - ok
21:43:36.0242 1760  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:43:36.0258 1760  KSecDD - ok
21:43:36.0294 1760  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:43:36.0311 1760  KtmRm - ok
21:43:36.0352 1760  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:43:36.0358 1760  LanmanServer - ok
21:43:36.0385 1760  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:43:36.0390 1760  LanmanWorkstation - ok
21:43:36.0421 1760  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:43:36.0423 1760  lltdio - ok
21:43:36.0448 1760  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:43:36.0452 1760  lltdsvc - ok
21:43:36.0468 1760  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:43:36.0470 1760  lmhosts - ok
21:43:36.0497 1760  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:43:36.0500 1760  LSI_FC - ok
21:43:36.0518 1760  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:43:36.0521 1760  LSI_SAS - ok
21:43:36.0533 1760  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:43:36.0536 1760  LSI_SCSI - ok
21:43:36.0562 1760  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:43:36.0565 1760  luafv - ok
21:43:36.0593 1760  [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:43:36.0594 1760  LVPr2Mon - ok
21:43:36.0655 1760  [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:43:36.0658 1760  LVPrcSrv - ok
21:43:36.0692 1760  [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:43:36.0695 1760  Mcx2Svc - ok
21:43:36.0738 1760  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:43:36.0740 1760  megasas - ok
21:43:36.0782 1760  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:43:36.0788 1760  MegaSR - ok
21:43:36.0820 1760  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:43:36.0824 1760  MMCSS - ok
21:43:36.0850 1760  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:43:36.0852 1760  Modem - ok
21:43:36.0876 1760  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:43:36.0878 1760  monitor - ok
21:43:36.0893 1760  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:43:36.0895 1760  mouclass - ok
21:43:36.0903 1760  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:43:36.0905 1760  mouhid - ok
21:43:36.0921 1760  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:43:36.0922 1760  MountMgr - ok
21:43:36.0974 1760  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:43:36.0977 1760  MozillaMaintenance - ok
21:43:37.0015 1760  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:43:37.0017 1760  mpio - ok
21:43:37.0038 1760  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:43:37.0040 1760  mpsdrv - ok
21:43:37.0062 1760  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:43:37.0070 1760  MpsSvc - ok
21:43:37.0100 1760  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:43:37.0102 1760  Mraid35x - ok
21:43:37.0122 1760  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:43:37.0124 1760  MRxDAV - ok
21:43:37.0169 1760  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:43:37.0172 1760  mrxsmb - ok
21:43:37.0215 1760  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:43:37.0219 1760  mrxsmb10 - ok
21:43:37.0229 1760  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:43:37.0231 1760  mrxsmb20 - ok
21:43:37.0254 1760  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
21:43:37.0256 1760  msahci - ok
21:43:37.0278 1760  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:43:37.0281 1760  msdsm - ok
21:43:37.0295 1760  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:43:37.0299 1760  MSDTC - ok
21:43:37.0316 1760  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:43:37.0317 1760  Msfs - ok
21:43:37.0335 1760  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:43:37.0336 1760  msisadrv - ok
21:43:37.0373 1760  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:43:37.0380 1760  MSiSCSI - ok
21:43:37.0386 1760  msiserver - ok
21:43:37.0420 1760  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:43:37.0421 1760  MSKSSRV - ok
21:43:37.0443 1760  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:43:37.0444 1760  MSPCLOCK - ok
21:43:37.0472 1760  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:43:37.0473 1760  MSPQM - ok
21:43:37.0495 1760  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:43:37.0498 1760  MsRPC - ok
21:43:37.0514 1760  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:43:37.0517 1760  mssmbios - ok
21:43:37.0533 1760  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:43:37.0536 1760  MSTEE - ok
21:43:37.0551 1760  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:43:37.0552 1760  Mup - ok
21:43:37.0586 1760  [ 2DE94E435C3EFDE58C7B1856D4F20724 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:43:37.0587 1760  mwlPSDFilter - ok
21:43:37.0600 1760  [ 61920A7146EED3D903DBBB8EC295AF76 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:43:37.0602 1760  mwlPSDNServ - ok
21:43:37.0617 1760  [ E0F49721E68EBD2983E84C44FADA6665 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:43:37.0619 1760  mwlPSDVDisk - ok
21:43:37.0645 1760  [ 77F8AD024059A9A8E17E654B887D1EF0 ] MWLService      C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:43:37.0651 1760  MWLService - ok
21:43:37.0676 1760  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
21:43:37.0683 1760  napagent - ok
21:43:37.0724 1760  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:43:37.0727 1760  NativeWifiP - ok
21:43:37.0758 1760  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:43:37.0767 1760  NDIS - ok
21:43:37.0779 1760  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:43:37.0781 1760  NdisTapi - ok
21:43:37.0799 1760  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:43:37.0801 1760  Ndisuio - ok
21:43:37.0818 1760  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:43:37.0820 1760  NdisWan - ok
21:43:37.0832 1760  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:43:37.0835 1760  NDProxy - ok
21:43:37.0846 1760  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:43:37.0847 1760  NetBIOS - ok
21:43:37.0865 1760  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:43:37.0869 1760  netbt - ok
21:43:37.0883 1760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
21:43:37.0885 1760  Netlogon - ok
21:43:37.0938 1760  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:43:37.0963 1760  Netman - ok
21:43:37.0978 1760  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:43:37.0984 1760  netprofm - ok
21:43:38.0017 1760  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:43:38.0020 1760  NetTcpPortSharing - ok
21:43:38.0078 1760  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:43:38.0079 1760  nfrd960 - ok
21:43:38.0110 1760  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:43:38.0117 1760  NlaSvc - ok
21:43:38.0139 1760  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:43:38.0140 1760  Npfs - ok
21:43:38.0151 1760  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:43:38.0154 1760  nsi - ok
21:43:38.0169 1760  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:43:38.0171 1760  nsiproxy - ok
21:43:38.0205 1760  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:43:38.0229 1760  Ntfs - ok
21:43:38.0302 1760  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:43:38.0304 1760  NTIBackupSvc - ok
21:43:38.0341 1760  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
21:43:38.0342 1760  NTIDrvr - ok
21:43:38.0353 1760  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:43:38.0356 1760  NTISchedulerSvc - ok
21:43:38.0387 1760  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:43:38.0389 1760  ntrigdigi - ok
21:43:38.0413 1760  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:43:38.0415 1760  Null - ok
21:43:38.0462 1760  [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:43:38.0488 1760  NVENETFD - ok
21:43:38.0511 1760  [ 723931A765E8CDDF7FFCB42F5A72CE79 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
21:43:38.0513 1760  NVHDA - ok
21:43:38.0973 1760  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:43:39.0153 1760  nvlddmkm - ok
21:43:39.0184 1760  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:43:39.0191 1760  nvraid - ok
21:43:39.0219 1760  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:43:39.0221 1760  nvstor - ok
21:43:39.0254 1760  [ BB4DD678706510D9249EED1DA0219900 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
21:43:39.0255 1760  nvstor32 - ok
21:43:39.0304 1760  [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:43:39.0345 1760  nvsvc - ok
21:43:39.0458 1760  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:43:39.0484 1760  nvUpdatusService - ok
21:43:39.0508 1760  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:43:39.0510 1760  nv_agp - ok
21:43:39.0516 1760  NwlnkFlt - ok
21:43:39.0525 1760  NwlnkFwd - ok
21:43:39.0556 1760  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:43:39.0562 1760  ohci1394 - ok
21:43:39.0611 1760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:43:39.0628 1760  p2pimsvc - ok
21:43:39.0650 1760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:43:39.0656 1760  p2psvc - ok
21:43:39.0687 1760  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:43:39.0689 1760  Parport - ok
21:43:39.0714 1760  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:43:39.0715 1760  partmgr - ok
21:43:39.0732 1760  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:43:39.0733 1760  Parvdm - ok
21:43:39.0749 1760  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:43:39.0752 1760  PcaSvc - ok
21:43:39.0766 1760  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
21:43:39.0770 1760  pci - ok
21:43:39.0791 1760  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
21:43:39.0791 1760  pciide - ok
21:43:39.0813 1760  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:43:39.0816 1760  pcmcia - ok
21:43:39.0901 1760  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
21:43:39.0907 1760  PDFProFiltSrvPP - ok
21:43:39.0957 1760  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:43:39.0974 1760  PEAUTH - ok
21:43:40.0067 1760  [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V32.SYS
21:43:40.0115 1760  PID_PEPI - ok
21:43:40.0168 1760  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:43:40.0200 1760  pla - ok
21:43:40.0227 1760  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:43:40.0233 1760  PlugPlay - ok
21:43:40.0252 1760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:43:40.0258 1760  PNRPAutoReg - ok
21:43:40.0277 1760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:43:40.0283 1760  PNRPsvc - ok
21:43:40.0309 1760  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:43:40.0315 1760  PolicyAgent - ok
21:43:40.0342 1760  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:43:40.0344 1760  PptpMiniport - ok
21:43:40.0364 1760  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
21:43:40.0365 1760  Processor - ok
21:43:40.0397 1760  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:43:40.0402 1760  ProfSvc - ok
21:43:40.0415 1760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:43:40.0417 1760  ProtectedStorage - ok
21:43:40.0433 1760  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:43:40.0437 1760  PSched - ok
21:43:40.0484 1760  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:43:40.0509 1760  ql2300 - ok
21:43:40.0530 1760  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:43:40.0533 1760  ql40xx - ok
21:43:40.0571 1760  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:43:40.0577 1760  QWAVE - ok
21:43:40.0590 1760  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:43:40.0591 1760  QWAVEdrv - ok
21:43:40.0656 1760  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
21:43:40.0659 1760  RapiMgr - ok
21:43:40.0689 1760  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:43:40.0690 1760  RasAcd - ok
21:43:40.0712 1760  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:43:40.0717 1760  RasAuto - ok
21:43:40.0732 1760  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:43:40.0734 1760  Rasl2tp - ok
21:43:40.0754 1760  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
21:43:40.0760 1760  RasMan - ok
21:43:40.0766 1760  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:43:40.0768 1760  RasPppoe - ok
21:43:40.0784 1760  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:43:40.0787 1760  RasSstp - ok
21:43:40.0807 1760  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:43:40.0811 1760  rdbss - ok
21:43:40.0817 1760  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:43:40.0819 1760  RDPCDD - ok
21:43:40.0848 1760  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:43:40.0852 1760  rdpdr - ok
21:43:40.0858 1760  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:43:40.0860 1760  RDPENCDD - ok
21:43:40.0881 1760  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:43:40.0922 1760  RDPWD - ok
21:43:40.0963 1760  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:43:40.0966 1760  RemoteAccess - ok
21:43:40.0981 1760  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:43:40.0985 1760  RemoteRegistry - ok
21:43:41.0058 1760  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:43:41.0063 1760  RichVideo - ok
21:43:41.0080 1760  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:43:41.0082 1760  RpcLocator - ok
21:43:41.0104 1760  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
21:43:41.0109 1760  RpcSs - ok
21:43:41.0131 1760  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:43:41.0133 1760  rspndr - ok
21:43:41.0183 1760  [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus        C:\Windows\system32\DRIVERS\s1018bus.sys
21:43:41.0185 1760  s1018bus - ok
21:43:41.0221 1760  [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl       C:\Windows\system32\DRIVERS\s1018mdfl.sys
21:43:41.0223 1760  s1018mdfl - ok
21:43:41.0257 1760  [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm        C:\Windows\system32\DRIVERS\s1018mdm.sys
21:43:41.0260 1760  s1018mdm - ok
21:43:41.0284 1760  [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt       C:\Windows\system32\DRIVERS\s1018mgmt.sys
21:43:41.0287 1760  s1018mgmt - ok
21:43:41.0311 1760  [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5        C:\Windows\system32\DRIVERS\s1018nd5.sys
21:43:41.0312 1760  s1018nd5 - ok
21:43:41.0350 1760  [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex       C:\Windows\system32\DRIVERS\s1018obex.sys
21:43:41.0353 1760  s1018obex - ok
21:43:41.0398 1760  [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic       C:\Windows\system32\DRIVERS\s1018unic.sys
21:43:41.0400 1760  s1018unic - ok
21:43:41.0423 1760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
21:43:41.0424 1760  SamSs - ok
21:43:41.0456 1760  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:43:41.0458 1760  sbp2port - ok
21:43:41.0489 1760  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:43:41.0492 1760  SCardSvr - ok
21:43:41.0536 1760  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
21:43:41.0554 1760  Schedule - ok
21:43:41.0567 1760  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:43:41.0568 1760  SCPolicySvc - ok
21:43:41.0584 1760  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:43:41.0588 1760  SDRSVC - ok
21:43:41.0601 1760  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:43:41.0603 1760  secdrv - ok
21:43:41.0618 1760  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:43:41.0621 1760  seclogon - ok
21:43:41.0632 1760  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
21:43:41.0635 1760  SENS - ok
21:43:41.0650 1760  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:43:41.0652 1760  Serenum - ok
21:43:41.0674 1760  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:43:41.0676 1760  Serial - ok
21:43:41.0690 1760  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:43:41.0692 1760  sermouse - ok
21:43:41.0721 1760  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:43:41.0725 1760  SessionEnv - ok
21:43:41.0740 1760  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:43:41.0742 1760  sffdisk - ok
21:43:41.0754 1760  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:43:41.0756 1760  sffp_mmc - ok
21:43:41.0780 1760  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:43:41.0781 1760  sffp_sd - ok
21:43:41.0797 1760  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:43:41.0799 1760  sfloppy - ok
21:43:41.0824 1760  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:43:41.0830 1760  SharedAccess - ok
21:43:41.0893 1760  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:43:41.0934 1760  ShellHWDetection - ok
21:43:41.0957 1760  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:43:41.0959 1760  sisagp - ok
21:43:41.0975 1760  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:43:41.0977 1760  SiSRaid2 - ok
21:43:42.0004 1760  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:43:42.0007 1760  SiSRaid4 - ok
21:43:42.0048 1760  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:43:42.0051 1760  SkypeUpdate - ok
21:43:42.0114 1760  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
21:43:42.0163 1760  slsvc - ok
21:43:42.0187 1760  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:43:42.0190 1760  SLUINotify - ok
21:43:42.0215 1760  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:43:42.0218 1760  Smb - ok
21:43:42.0237 1760  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:43:42.0240 1760  SNMPTRAP - ok
21:43:42.0256 1760  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:43:42.0257 1760  spldr - ok
21:43:42.0290 1760  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
21:43:42.0294 1760  Spooler - ok
21:43:42.0315 1760  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:43:42.0325 1760  srv - ok
21:43:42.0363 1760  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:43:42.0365 1760  srv2 - ok
21:43:42.0384 1760  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:43:42.0386 1760  srvnet - ok
21:43:42.0412 1760  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:43:42.0417 1760  SSDPSRV - ok
21:43:42.0433 1760  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:43:42.0437 1760  SstpSvc - ok
21:43:42.0465 1760  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
21:43:42.0482 1760  stisvc - ok
21:43:42.0506 1760  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:43:42.0508 1760  swenum - ok
21:43:42.0528 1760  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
21:43:42.0544 1760  swprv - ok
21:43:42.0567 1760  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:43:42.0569 1760  Symc8xx - ok
21:43:42.0584 1760  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:43:42.0586 1760  Sym_hi - ok
21:43:42.0600 1760  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:43:42.0602 1760  Sym_u3 - ok
21:43:42.0633 1760  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
21:43:42.0651 1760  SysMain - ok
21:43:42.0667 1760  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:43:42.0670 1760  TabletInputService - ok
21:43:42.0687 1760  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:43:42.0693 1760  TapiSrv - ok
21:43:42.0709 1760  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:43:42.0719 1760  TBS - ok
21:43:42.0771 1760  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:43:42.0793 1760  Tcpip - ok
21:43:42.0821 1760  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:43:42.0829 1760  Tcpip6 - ok
21:43:42.0847 1760  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:43:42.0849 1760  tcpipreg - ok
21:43:42.0865 1760  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:43:42.0866 1760  TDPIPE - ok
21:43:42.0885 1760  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:43:42.0926 1760  TDTCP - ok
21:43:42.0947 1760  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:43:42.0949 1760  tdx - ok
21:43:42.0959 1760  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:43:42.0961 1760  TermDD - ok
21:43:42.0992 1760  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
21:43:43.0000 1760  TermService - ok
21:43:43.0025 1760  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
21:43:43.0028 1760  Themes - ok
21:43:43.0042 1760  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:43:43.0043 1760  THREADORDER - ok
21:43:43.0057 1760  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:43:43.0062 1760  TrkWks - ok
21:43:43.0101 1760  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:43:43.0103 1760  TrustedInstaller - ok
21:43:43.0119 1760  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:43:43.0120 1760  tssecsrv - ok
21:43:43.0146 1760  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:43:43.0148 1760  tunmp - ok
21:43:43.0156 1760  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:43:43.0158 1760  tunnel - ok
21:43:43.0181 1760  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:43:43.0182 1760  uagp35 - ok
21:43:43.0220 1760  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:43:43.0221 1760  UBHelper - ok
21:43:43.0248 1760  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:43:43.0252 1760  udfs - ok
21:43:43.0289 1760  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:43:43.0292 1760  UI0Detect - ok
21:43:43.0313 1760  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:43:43.0315 1760  uliagpkx - ok
21:43:43.0342 1760  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:43:43.0346 1760  uliahci - ok
21:43:43.0369 1760  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:43:43.0371 1760  UlSata - ok
21:43:43.0394 1760  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:43:43.0397 1760  ulsata2 - ok
21:43:43.0418 1760  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:43:43.0420 1760  umbus - ok
21:43:43.0440 1760  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:43:43.0456 1760  upnphost - ok
21:43:43.0500 1760  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:43:43.0502 1760  USBAAPL - ok
21:43:43.0527 1760  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:43:43.0529 1760  usbccgp - ok
21:43:43.0552 1760  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:43:43.0555 1760  usbcir - ok
21:43:43.0589 1760  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:43:43.0591 1760  usbehci - ok
21:43:43.0605 1760  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:43:43.0609 1760  usbhub - ok
21:43:43.0625 1760  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:43:43.0627 1760  usbohci - ok
21:43:43.0654 1760  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:43:43.0656 1760  usbprint - ok
21:43:43.0666 1760  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:43:43.0668 1760  usbscan - ok
21:43:43.0688 1760  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:43:43.0690 1760  USBSTOR - ok
21:43:43.0708 1760  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:43:43.0711 1760  usbuhci - ok
21:43:43.0752 1760  [ EE181A08E09DB23CF4A49B46A1E66BB8 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
21:43:43.0754 1760  usb_rndisx - ok
21:43:43.0772 1760  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
21:43:43.0775 1760  UxSms - ok
21:43:43.0797 1760  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
21:43:43.0805 1760  vds - ok
21:43:43.0830 1760  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:43:43.0832 1760  vga - ok
21:43:43.0838 1760  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:43:43.0840 1760  VgaSave - ok
21:43:43.0862 1760  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:43:43.0865 1760  viaagp - ok
21:43:43.0885 1760  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:43:43.0935 1760  ViaC7 - ok
21:43:43.0962 1760  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:43:43.0964 1760  viaide - ok
21:43:43.0977 1760  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:43:43.0978 1760  volmgr - ok
21:43:43.0994 1760  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:43:43.0998 1760  volmgrx - ok
21:43:44.0016 1760  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:43:44.0020 1760  volsnap - ok
21:43:44.0041 1760  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:43:44.0044 1760  vsmraid - ok
21:43:44.0081 1760  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
21:43:44.0106 1760  VSS - ok
21:43:44.0123 1760  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
21:43:44.0130 1760  W32Time - ok
21:43:44.0151 1760  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:43:44.0153 1760  WacomPen - ok
21:43:44.0175 1760  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:43:44.0177 1760  Wanarp - ok
21:43:44.0182 1760  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:43:44.0183 1760  Wanarpv6 - ok
21:43:44.0238 1760  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
21:43:44.0244 1760  WcesComm - ok
21:43:44.0278 1760  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:43:44.0287 1760  wcncsvc - ok
21:43:44.0302 1760  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:43:44.0305 1760  WcsPlugInService - ok
21:43:44.0322 1760  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
21:43:44.0323 1760  Wd - ok
21:43:44.0351 1760  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:43:44.0358 1760  Wdf01000 - ok
21:43:44.0370 1760  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:43:44.0375 1760  WdiServiceHost - ok
21:43:44.0382 1760  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:43:44.0385 1760  WdiSystemHost - ok
21:43:44.0431 1760  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
21:43:44.0436 1760  WebClient - ok
21:43:44.0457 1760  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:43:44.0462 1760  Wecsvc - ok
21:43:44.0476 1760  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:43:44.0480 1760  wercplsupport - ok
21:43:44.0500 1760  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:43:44.0504 1760  WerSvc - ok
21:43:44.0565 1760  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:43:44.0572 1760  WinDefend - ok
21:43:44.0581 1760  WinHttpAutoProxySvc - ok
21:43:44.0633 1760  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:43:44.0636 1760  Winmgmt - ok
21:43:44.0669 1760  [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM           C:\Windows\system32\WsmSvc.dll
21:43:44.0692 1760  WinRM - ok
21:43:44.0740 1760  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:43:44.0757 1760  Wlansvc - ok
21:43:44.0786 1760  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:43:44.0788 1760  WmiAcpi - ok
21:43:44.0824 1760  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:43:44.0828 1760  wmiApSrv - ok
21:43:44.0882 1760  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:43:44.0915 1760  WMPNetworkSvc - ok
21:43:44.0933 1760  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:43:44.0938 1760  WPCSvc - ok
21:43:44.0951 1760  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:43:44.0955 1760  WPDBusEnum - ok
21:43:44.0995 1760  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:43:44.0997 1760  WpdUsb - ok
21:43:45.0026 1760  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:43:45.0028 1760  ws2ifsl - ok
21:43:45.0048 1760  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
21:43:45.0051 1760  wscsvc - ok
21:43:45.0057 1760  WSearch - ok
21:43:45.0109 1760  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:43:45.0145 1760  wuauserv - ok
21:43:45.0160 1760  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:43:45.0163 1760  WUDFRd - ok
21:43:45.0176 1760  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:43:45.0180 1760  wudfsvc - ok
21:43:45.0202 1760  ================ Scan global ===============================
21:43:45.0229 1760  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:43:45.0276 1760  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:43:45.0291 1760  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:43:45.0319 1760  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
21:43:45.0326 1760  [Global] - ok
21:43:45.0329 1760  ================ Scan MBR ==================================
21:43:45.0340 1760  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:43:45.0685 1760  \Device\Harddisk0\DR0 - ok
21:43:45.0685 1760  ================ Scan VBR ==================================
21:43:45.0689 1760  [ 6BF9A4A73C5909B767417DC845A16C96 ] \Device\Harddisk0\DR0\Partition1
21:43:45.0691 1760  \Device\Harddisk0\DR0\Partition1 - ok
21:43:45.0715 1760  [ 4B7D46013675EE9C6A8FD6837A1AEAF5 ] \Device\Harddisk0\DR0\Partition2
21:43:45.0717 1760  \Device\Harddisk0\DR0\Partition2 - ok
21:43:45.0717 1760  ============================================================
21:43:45.0717 1760  Scan finished
21:43:45.0717 1760  ============================================================
21:43:45.0732 5856  Detected object count: 1
21:43:45.0732 5856  Actual detected object count: 1
21:45:38.0951 5856  C:\Windows\system32\drivers\kbiwkmxsxtwfcw.sys - will be deleted on reboot
21:45:38.0951 5856  C:\Windows\system32\kbiwkmuioqtprp.dll - will be deleted on reboot
21:45:38.0951 5856  C:\Windows\system32\kbiwkmrmtvppyn.dat - will be deleted on reboot
21:45:38.0951 5856  C:\Windows\system32\kbiwkmqmdtdcdn.dll - will be deleted on reboot
21:45:38.0974 5856  C:\Windows\system32\kbiwkmqcfyhose.dat - will be deleted on reboot
21:45:38.0974 5856  HKLM\SYSTEM\ControlSet001\services\kbiwkmeqiuejxf - will be deleted on reboot
21:45:39.0000 5856  HKLM\SYSTEM\ControlSet002\services\kbiwkmeqiuejxf - will be deleted on reboot
21:45:39.0011 5856  C:\Windows\system32\drivers\kbiwkmxsxtwfcw.sys - will be deleted on reboot
21:45:39.0011 5856  kbiwkmeqiuejxf ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Delete
21:45:53.0384 0844  Deinitialize success
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 08 September 2013 - 11:51 PM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 11 September 2013 - 09:53 PM

Thanks again for your help with this,  Log file follows:

 

ComboFix 13-09-10.03 - El Rose Stud 12/09/2013  14:25:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.64.1033.18.1791.670 [GMT 12:00]
Running from: d:\mike\Virus Scan\Combofix\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\@
c:\$recycle.bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\L\00000004.@
c:\$recycle.bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\00000004.@
c:\$recycle.bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\00000008.@
c:\$recycle.bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\000000cb.@
c:\$recycle.bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\80000000.@
c:\$recycle.bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\80000032.@
c:\programdata\Sm5M6OaD.exe.b
c:\programdata\Sm5M6OaD.exe_.b
c:\users\El Rose Stud\AppData\Local\Temp\ppcrlui_3308_2
c:\users\El Rose Stud\AppData\Roaming\Emubxe
c:\users\El Rose Stud\AppData\Roaming\Emubxe\ylfil.fai
c:\users\El Rose Stud\AppData\Roaming\Emubxe\ylfil.tmp
c:\users\El Rose Stud\AppData\Roaming\Lowauz
c:\users\El Rose Stud\AppData\Roaming\Lowauz\mikan.ucm
c:\users\El Rose Stud\AppData\Roaming\Qouxl
c:\users\El Rose Stud\AppData\Roaming\Qouxl\quiw.axy
c:\users\El Rose Stud\AppData\Roaming\Ryzouh
c:\users\El Rose Stud\AppData\Roaming\Ryzouh\ytpiu.zyo
c:\users\El Rose Stud\AppData\Roaming\Temp\spoolsv.exe
c:\users\ELROSE~1\AppData\Local\Temp\ppcrlui_3308_2
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\sysprep\CRYPTBASE.dll
c:\windows\TEMP\logishrd\LVPrcInj03.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-12 to 2013-09-12  )))))))))))))))))))))))))))))))
.
.
2013-09-12 02:33 . 2013-09-12 02:37    --------    d-----w-    c:\users\El Rose Stud\AppData\Local\temp
2013-09-12 02:33 . 2013-09-12 02:33    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-09-12 02:33 . 2013-09-12 02:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-12 02:33 . 2013-09-12 02:33    --------    d-----w-    c:\users\sandra\AppData\Local\temp
2013-09-12 02:33 . 2013-09-12 02:33    --------    d-----w-    c:\users\sandra.home\AppData\Local\temp
2013-09-12 02:33 . 2013-09-12 02:33    --------    d-----w-    c:\users\Elle\AppData\Local\temp
2013-09-11 14:29 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E06983BF-FA0A-472E-A8A9-5CF125715319}\mpengine.dll
2013-09-06 09:45 . 2013-09-06 09:45    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-08-17 08:32 . 2013-08-17 23:44    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-14 15:00 . 2013-09-11 15:04    --------    d-----w-    c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 01:03 . 2013-05-13 00:43    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-11 01:03 . 2012-03-18 03:47    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05    40496    ----a-w-    c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 68856]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-03-27 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-27 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-07 2780432]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-18 2629632]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
.
c:\users\El Rose Stud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-4-8 1934376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 06:22    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-13 01:03]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 09:25]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 09:25]
.
2012-04-19 c:\windows\Tasks\User_Feed_Synchronization-{2C3BD83D-F17E-4B9F-A584-06A31BFBD8CB}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.trademe.co.nz/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.trademe.co.nz/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-xsnni1 - c:\windows\system32\6s7sni0.exe
HKCU-Run-fkkffk - c:\windows\system32\upfupk6f.exe
HKCU-Run-rwbw1 - c:\windows\system32\g0lbgbrrl.exe
HKCU-Run-uuppj - c:\windows\system32\uupj9e0z.exe
HKCU-Run-grrll07 - c:\windows\system32\lbr1gwwbb.exe
HKCU-Run-kzpzk - c:\windows\system32\7ffzz2f.exe
HKCU-Run-lvfaf8a - c:\windows\system32\fflvqv74.exe
HKCU-Run-wmmr5 - c:\windows\system32\rbwgwwr4rrr.exe
HKCU-Run-gbrrm1 - c:\windows\system32\1bb5w2m.exe
HKCU-Run-zzeezz - c:\windows\system32\zeoeo3zt.exe
HKCU-Run-toeojee - c:\windows\system32\1teejto.exe
HKCU-Run-uejuuj - c:\windows\system32\t5zzo5oeez5.exe
HKCU-Run-jjyoy4 - c:\windows\system32\tyotottj.exe
HKCU-Run-iicicii - c:\windows\system32\xxic40cisc.exe
HKCU-Run-brhbwmw - c:\windows\system32\rm6hm7bb.exe
HKCU-Run-grggbr - c:\windows\system32\gwmmggbrrm.exe
HKCU-Run-hwwrr - c:\windows\system32\brrmb9w0.exe
HKCU-Run-rmmhw - c:\windows\system32\r2mhww1hhc.exe
HKCU-Run-aavqql1 - c:\windows\system32\vllfv9qq.exe
HKCU-Run-gbvvq - c:\windows\system32\vv6qlgg7bv.exe
HKCU-Run-vvvqq - c:\windows\system32\ql1gaavl98g.exe
HKCU-Run-qkkfv98 - c:\windows\system32\qk4fvqkaav.exe
HKCU-Run-fvkaa1k - c:\windows\system32\ffvvpf9aa.exe
HKCU-Run-Windows Print Spooler - c:\users\El Rose Stud\AppData\Roaming\Temp\spoolsv.exe
HKCU-Run-Baubico - c:\users\El Rose Stud\AppData\Roaming\Cius\igyza.exe
SafeBoot-61029950.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files\Advanced System Protector\unins000.exe
AddRemove-SP_8187691c - c:\program files\VaudiX\uninstall.exe
AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-12 14:38
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(8076)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\MyPC Backup\BackupStack.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2013-09-12  14:44:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-12 02:44
.
Pre-Run: 57,304,014,848 bytes free
Post-Run: 58,505,060,352 bytes free
.
- - End Of File - - EA536C8A87D42F63B160ACAA1C02B461
5C616939100B85E558DA92B899A0FC36
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 12 September 2013 - 12:30 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 13 September 2013 - 06:51 PM

Results as follows:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.12.10

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
El Rose Stud :: HOME [administrator]

13/09/2013 10:38:30 p.m.
mbam-log-2013-09-13 (22-38-30).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Heuristics/Extra | P2P
Objects scanned: 264018
Time elapsed: 3 hour(s), 26 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.10844 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10844 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\Backup (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Files Detected: 87
C:\Program Files\FrostWire\OpenCandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Custom.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Readme.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.dat (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.ico (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1328mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1329update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1330update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1331update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1332update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1333update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1334update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1335update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1336update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1337update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1338update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1339update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1340update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1341update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1342update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1377mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1378update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1379update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1380update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1381update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1382update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1383update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1384update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1385update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1386update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1387update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1398mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1399update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1400update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1401update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1402update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1403update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1404update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1405update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1406update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1426mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1427update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1428update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1429update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1430update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1431update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1432update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1433update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1434update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1435update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1436update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1437update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\914completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\80000000.@.vir (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\sysprep\CRYPTBASE.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74254d72-6422f6aa (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\ASPStartupManagerErrorLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10844\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_04-05-13_05-50-04.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_26-06-13_05-42-59.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\AppData\Roaming\Systweak\Advanced System Protector\Logs\SMLog.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\El Rose Stud\Documents\FrostWire\Saved\Drop Dead Gorgeous - Knife Vs. Face_ Round 1.zip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\FLV Direct Player.lnk (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

(end)
 

 

 

 

 

 

 

C:\Program Files\Reg Clean Pro Removal Tool\RegCleanProRemovalTool.exe    a variant of Win32/SecurityStronghold.A application
C:\Program Files\UtilityChest_49EI\Installr\1.bin\49EIPlug.dll    Win32/Toolbar.MyWebSearch application
C:\Program Files\UtilityChest_49EI\Installr\1.bin\49EZSETP.dll    a variant of Win32/Toolbar.MyWebSearch.Q application
C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll    Win32/Toolbar.MyWebSearch application
C:\Program Files\Windows Live\Messenger\riched20.dll    Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\00000008.@.vir    Win32/Conedex.T trojan
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\80000032.@.vir    Win32/Sirefef.FV trojan
C:\Users\El Rose Stud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74254d72-2f783ada    Java/Exploit.Agent.OBY trojan
C:\Users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\prefs.js    JS/SecurityDisabler.A.Gen application
C:\Users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\prefs.js.BAK    JS/SecurityDisabler.A.Gen application
C:\Users\El Rose Stud\Desktop\fjhdyfhsn.bat    BAT/KillFiles.NCB trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\Preview-T-5118941-01 forever lil whayn.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\T-5118941-01 forever lil whayn.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\T-5306214-psychosocial slipknot [extended concert version].mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\T-5999329-face drop sean kingston hot new track.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\bright side of life greatest hit 2009.wma    WMA/TrojanDownloader.Wimad.NAG trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\jimmy barnes bonus track feat Madonna.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\slipknock new remix.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\slipknock.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\slipknot psychosocial bonus track feat Madonna.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\st elmos fire remix feat the black eyed peas.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Downloads\RegCleanProRemovalTool.exe    multiple threats
C:\Users\El Rose Stud\Music\pic898.pif    Win32/Inject.NDA trojan
C:\Users\Elle\Desktop\LimeWireWin.exe    multiple threats
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 15 September 2013 - 06:42 AM

Well, Slipknot is a nice band but you should stop downloading files from peer to peer networks as this is the fastest way to get infected today!

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 15 September 2013 - 07:17 PM

Thanks.  The teenagers in this house are not good at following requests not to do things on here.  I'll have to see if I can prevent them from installing new programs on here once this is fixed.

 

Here is the latest log:

 

 

ComboFix 13-09-14.01 - El Rose Stud 16/09/2013  10:46:55.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.64.1033.18.1791.915 [GMT 12:00]
Running from: d:\mike\Virus Scan\Combofix\ComboFix.exe
Command switches used :: d:\mike\Virus Scan\Combofix\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Windows Live\Messenger\riched20.dll"
"c:\users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\prefs.js"
"c:\users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\prefs.js.BAK"
"c:\users\El Rose Stud\Desktop\fjhdyfhsn.bat"
"c:\users\El Rose Stud\Documents\FrostWire\Incomplete\Preview-T-5118941-01 forever lil whayn.au"
"c:\users\El Rose Stud\Documents\FrostWire\Incomplete\T-5118941-01 forever lil whayn.au"
"c:\users\El Rose Stud\Documents\FrostWire\Incomplete\T-5306214-psychosocial slipknot [extended concert version].mp3"
"c:\users\El Rose Stud\Documents\FrostWire\Incomplete\T-5999329-face drop sean kingston hot new track.mp3"
"c:\users\El Rose Stud\Documents\FrostWire\Saved\bright side of life greatest hit 2009.wma"
"c:\users\El Rose Stud\Documents\FrostWire\Saved\jimmy barnes bonus track feat Madonna.au"
"c:\users\El Rose Stud\Documents\FrostWire\Saved\slipknock new remix.au"
"c:\users\El Rose Stud\Documents\FrostWire\Saved\slipknock.au"
"c:\users\El Rose Stud\Documents\FrostWire\Saved\slipknot psychosocial bonus track feat Madonna.au"
"c:\users\El Rose Stud\Documents\FrostWire\Saved\st elmos fire remix feat the black eyed peas.mp3"
"c:\users\El Rose Stud\Downloads\RegCleanProRemovalTool.exe"
"c:\users\El Rose Stud\Music\pic898.pif"
"c:\users\Elle\Desktop\LimeWireWin.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Reg Clean Pro Removal Tool
c:\program files\Reg Clean Pro Removal Tool\cache.db
c:\program files\Reg Clean Pro Removal Tool\database.db
c:\program files\Reg Clean Pro Removal Tool\lastscan.txt
c:\program files\Reg Clean Pro Removal Tool\log.db
c:\program files\Reg Clean Pro Removal Tool\RegCleanProRemovalTool.exe
c:\program files\Reg Clean Pro Removal Tool\solve.dat
c:\program files\Reg Clean Pro Removal Tool\unins000.dat
c:\program files\Reg Clean Pro Removal Tool\unins000.exe
c:\program files\UtilityChest_49EI
c:\program files\UtilityChest_49EI\Installr\1.bin\49EIPlug.dll
c:\program files\UtilityChest_49EI\Installr\1.bin\49EZSETP.dll
c:\program files\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-16 to 2013-09-16  )))))))))))))))))))))))))))))))
.
.
2013-09-15 22:55 . 2013-09-16 00:09    --------    d-----w-    c:\users\El Rose Stud\AppData\Local\temp
2013-09-15 22:55 . 2013-09-15 22:59    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-09-15 22:55 . 2013-09-15 22:55    --------    d-----w-    c:\users\sandra\AppData\Local\temp
2013-09-15 22:55 . 2013-09-15 22:55    --------    d-----w-    c:\users\sandra.home\AppData\Local\temp
2013-09-15 22:55 . 2013-09-15 22:55    --------    d-----w-    c:\users\Elle\AppData\Local\temp
2013-09-15 22:55 . 2013-09-15 22:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-13 22:15 . 2013-09-13 22:15    --------    d-----w-    c:\program files\ESET
2013-09-13 17:30 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FF5B564-D3C4-44FE-8B13-11F9227A9C82}\mpengine.dll
2013-09-13 10:38 . 2013-09-13 10:38    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-06 09:45 . 2013-09-06 09:45    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-08-17 08:32 . 2013-08-17 23:44    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 05:03 . 2013-05-13 00:43    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-14 05:03 . 2012-03-18 03:47    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05    40496    ----a-w-    c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 04:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 68856]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-03-27 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-27 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-07 2780432]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-18 2629632]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
.
c:\users\El Rose Stud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-4-8 1934376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 06:22    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-13 05:03]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 09:25]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 09:25]
.
2012-04-19 c:\windows\Tasks\User_Feed_Synchronization-{2C3BD83D-F17E-4B9F-A584-06A31BFBD8CB}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.trademe.co.nz/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.trademe.co.nz/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Reg Clean Pro Removal Tool_is1 - c:\program files\Reg Clean Pro Removal Tool\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-16 12:09
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(8136)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\MyPC Backup\BackupStack.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Nuance\PaperPort\NuanceWDS.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-09-16  12:12:28 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-16 00:12
ComboFix2.txt  2013-09-12 02:44
.
Pre-Run: 56,655,458,304 bytes free
Post-Run: 56,600,879,104 bytes free
.
- - End Of File - - 900F875A2362932D506FD34E4BFB1E63
5C616939100B85E558DA92B899A0FC36
 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 16 September 2013 - 03:37 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:05 AM

Posted 17 September 2013 - 07:25 PM

Log follows:

 

 

 

C:\Program Files\Windows Live\Messenger\riched20.dll    Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\00000008.@.vir    Win32/Conedex.T trojan
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1371311046-699996760-777523849-1000\$3ff23c7b88d5febaa41795a7de927932\U\80000032.@.vir    Win32/Sirefef.FV trojan
C:\Qoobox\Quarantine\C\Program Files\Reg Clean Pro Removal Tool\RegCleanProRemovalTool.exe.vir    a variant of Win32/SecurityStronghold.A application
C:\Qoobox\Quarantine\C\Program Files\UtilityChest_49EI\Installr\1.bin\49EIPlug.dll.vir    Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\UtilityChest_49EI\Installr\1.bin\49EZSETP.dll.vir    a variant of Win32/Toolbar.MyWebSearch.Q application
C:\Qoobox\Quarantine\C\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll.vir    Win32/Toolbar.MyWebSearch application
C:\Users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\prefs.js    JS/SecurityDisabler.A.Gen application
C:\Users\El Rose Stud\AppData\Roaming\Mozilla\Firefox\Profiles\21lsf77h.default\prefs.js.BAK    JS/SecurityDisabler.A.Gen application
C:\Users\El Rose Stud\Desktop\fjhdyfhsn.bat    BAT/KillFiles.NCB trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\Preview-T-5118941-01 forever lil whayn.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\T-5118941-01 forever lil whayn.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\T-5306214-psychosocial slipknot [extended concert version].mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Incomplete\T-5999329-face drop sean kingston hot new track.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\bright side of life greatest hit 2009.wma    WMA/TrojanDownloader.Wimad.NAG trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\jimmy barnes bonus track feat Madonna.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\slipknock new remix.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\slipknock.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\slipknot psychosocial bonus track feat Madonna.au    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Documents\FrostWire\Saved\st elmos fire remix feat the black eyed peas.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\El Rose Stud\Downloads\RegCleanProRemovalTool.exe    multiple threats
C:\Users\El Rose Stud\Music\pic898.pif    Win32/Inject.NDA trojan
C:\Users\Elle\Desktop\LimeWireWin.exe    multiple threats
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users