Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys and pci.sys RootKits


  • Please log in to reply
24 replies to this topic

#1 DarthSparty

DarthSparty

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 September 2013 - 10:00 PM

I ran AVG scan the other day and noticed 7 rootkits popped up.  This is one of those viruses that installed some 3rd party sketchy search engine, home page and toolbars into Chrome. 

The file location for all 7 are "";"C:\Windows\System32\Drivers\spdj.sys"

 

The 7 infections are:

"Inline hook ataport.SYS DllUnload -> spdj.sys +0x5E360"

"atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> spdj.sys +0x2D35C"
"atapi.sys, hooked import ataport.SYS AtaPortReadPortUchar -> spdj.sys +0x2D224"
"atapi.sys, hooked import ataport.SYS AtaPortWritePortUchar -> spdj.sys +0x2DA24"
"atapi.sys, hooked import ataport.SYS AtaPortWritePortBufferUshort -> spdj.sys +0x2DBA0"
"pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spdj.sys +0x62650"
"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spdj.sys +0x625DC"
 
----------------------------------------------------------------------------------------------------

 

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 1.6.0_39
Run by Jim at 22:25:07 on 2013-09-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.1757 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\iTunesKeys\iTunesKeys.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:50370
uWinlogon: Shell = explorer.exe,C:\Users\Jim\AppData\Roaming\Microsoft\Windows\shell.exe
uWindows: Load = C:\Users\Jim\AppData\Local\Temp\dwm.exe
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Jim\AppData\Local\TopArcadeHits\Toparcadehits.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{32EEA8F7-3466-4384-AA5F-42AF1B62DFC7} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{32EEA8F7-3466-4384-AA5F-42AF1B62DFC7}\2456C6B696E6E233936423 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{32EEA8F7-3466-4384-AA5F-42AF1B62DFC7}\350796865627 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{55AF8003-521D-464A-A3AB-4D5AD8F4B6C9} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{55AF8003-521D-464A-A3AB-4D5AD8F4B6C9}\35F61607562737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{55AF8003-521D-464A-A3AB-4D5AD8F4B6C9}\4656661657C647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{55AF8003-521D-464A-A3AB-4D5AD8F4B6C9}\7716C6C637 : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{55AF8003-521D-464A-A3AB-4D5AD8F4B6C9}\775656460296370216775637F6D656 : DHCPNameServer = 192.168.2.1 207.72.128.5 207.72.128.4 198.108.1.42
TCP: Interfaces\{55AF8003-521D-464A-A3AB-4D5AD8F4B6C9}\77F6E6D65616E6 : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{B3F37DE7-8973-4246-9159-BC3D399E38CF} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\5lgdidr0.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff11.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff12.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff13.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_39.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-11 46368]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-3-19 8704]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2011-10-24 66328]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-8-30 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater17.0.1;vToolbarUpdater17.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [?]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-11-5 1847296]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-6-12 97040]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-9-21 19544]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 2061856]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-4-21 65536]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2073-10-27 15:55:34 2404352 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe
2073-10-27 15:55:34 1835008 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
2073-10-27 15:55:34 1118208 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
2013-09-17 17:12:11 -------- d-----w- C:\AdwCleaner
2013-09-17 17:09:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-09-17 17:09:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-09-17 15:55:45 -------- d-----w- C:\Windows\System32\ljkb
2013-09-15 06:12:54 -------- d-----w- C:\Program Files (x86)\Plasma Pong
2013-09-15 06:11:18 -------- d-----w- C:\Users\Jim\AppData\Local\TopArcadeHits
2013-09-15 00:57:12 -------- d-----w- C:\Program Files (x86)\Remote Mouse
2013-09-11 22:43:04 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 22:43:00 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-11 22:43:00 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-11 22:43:00 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-09-11 22:43:00 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-09-11 22:32:47 -------- d-----w- C:\Users\Jim\AppData\Local\AVG SafeGuard toolbar
2013-09-11 22:30:51 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-09-11 22:30:42 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-09-11 22:30:36 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-30 21:40:18 -------- d-----w- C:\Program Files (x86)\SQUARE ENIX
.
==================== Find3M  ====================
.
2013-09-20 01:26:40 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-20 01:26:40 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-09-19 17:18:06 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-11 22:57:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 22:57:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-09 08:54:22 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-09-09 08:54:22 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-08-15 22:35:31 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 22:26:21.37 ===============
 

 

 

 
 

 

 

 

 

 

 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 September 2013 - 10:02 PM

Thanks guys for looking at it!



#3 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 21 September 2013 - 12:33 PM

*BUMP*



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 23 September 2013 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#5 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 24 September 2013 - 05:13 PM

Hey Nasdaq, thanks for the response.

 

Here is the TDSS report

 

18:07:53.0231 5392  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:07:53.0593 5392  ============================================================
18:07:53.0593 5392  Current date / time: 2013/09/24 18:07:53.0593
18:07:53.0593 5392  SystemInfo:
18:07:53.0593 5392  
18:07:53.0593 5392  OS Version: 6.1.7601 ServicePack: 1.0
18:07:53.0593 5392  Product type: Workstation
18:07:53.0593 5392  ComputerName: JIM-PC
18:07:53.0593 5392  UserName: Jim
18:07:53.0593 5392  Windows directory: C:\Windows
18:07:53.0593 5392  System windows directory: C:\Windows
18:07:53.0593 5392  Running under WOW64
18:07:53.0593 5392  Processor architecture: Intel x64
18:07:53.0593 5392  Number of processors: 2
18:07:53.0593 5392  Page size: 0x1000
18:07:53.0593 5392  Boot type: Normal boot
18:07:53.0593 5392  ============================================================
18:07:54.0502 5392  Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:07:54.0509 5392  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:07:54.0513 5392  ============================================================
18:07:54.0513 5392  \Device\Harddisk0\DR0:
18:07:54.0514 5392  MBR partitions:
18:07:54.0514 5392  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
18:07:54.0514 5392  \Device\Harddisk1\DR1:
18:07:54.0514 5392  MBR partitions:
18:07:54.0514 5392  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
18:07:54.0514 5392  ============================================================
18:07:54.0541 5392  C: <-> \Device\Harddisk1\DR1\Partition1
18:07:54.0541 5392  D: <-> \Device\Harddisk0\DR0\Partition1
18:07:54.0541 5392  ============================================================
18:07:54.0542 5392  Initialize success
18:07:54.0542 5392  ============================================================
18:08:03.0019 3228  ============================================================
18:08:03.0019 3228  Scan started
18:08:03.0019 3228  Mode: Manual; SigCheck; TDLFS; 
18:08:03.0019 3228  ============================================================
18:08:03.0646 3228  ================ Scan system memory ========================
18:08:03.0646 3228  System memory - ok
18:08:03.0647 3228  ================ Scan services =============================
18:08:03.0792 3228  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:08:03.0900 3228  1394ohci - ok
18:08:03.0935 3228  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:08:03.0949 3228  ACPI - ok
18:08:03.0978 3228  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:08:04.0059 3228  AcpiPmi - ok
18:08:04.0293 3228  [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:08:04.0305 3228  AdobeFlashPlayerUpdateSvc - ok
18:08:04.0354 3228  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:08:04.0369 3228  adp94xx - ok
18:08:04.0392 3228  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:08:04.0405 3228  adpahci - ok
18:08:04.0425 3228  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:08:04.0437 3228  adpu320 - ok
18:08:04.0467 3228  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:08:04.0610 3228  AeLookupSvc - ok
18:08:04.0658 3228  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:08:04.0715 3228  AFD - ok
18:08:04.0749 3228  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:08:04.0759 3228  agp440 - ok
18:08:04.0772 3228  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:08:04.0818 3228  ALG - ok
18:08:04.0847 3228  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:08:04.0857 3228  aliide - ok
18:08:04.0885 3228  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:08:04.0896 3228  amdide - ok
18:08:04.0911 3228  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:08:04.0966 3228  AmdK8 - ok
18:08:04.0973 3228  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:08:05.0011 3228  AmdPPM - ok
18:08:05.0052 3228  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:08:05.0064 3228  amdsata - ok
18:08:05.0082 3228  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:08:05.0095 3228  amdsbs - ok
18:08:05.0120 3228  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:08:05.0131 3228  amdxata - ok
18:08:05.0194 3228  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:08:05.0346 3228  AppID - ok
18:08:05.0361 3228  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:08:05.0416 3228  AppIDSvc - ok
18:08:05.0456 3228  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:08:05.0506 3228  Appinfo - ok
18:08:05.0562 3228  [ ACB095E7E1663F1B83A41C22C5D75F90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:08:05.0572 3228  Apple Mobile Device - ok
18:08:05.0606 3228  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:08:05.0659 3228  AppMgmt - ok
18:08:05.0683 3228  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:08:05.0695 3228  arc - ok
18:08:05.0708 3228  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:08:05.0720 3228  arcsas - ok
18:08:05.0833 3228  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:08:05.0843 3228  aspnet_state - ok
18:08:05.0862 3228  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:08:05.0921 3228  AsyncMac - ok
18:08:05.0947 3228  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:08:05.0957 3228  atapi - ok
18:08:06.0027 3228  [ 36322190763845975E0D001E90687BF2 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
18:08:06.0097 3228  athur - ok
18:08:06.0148 3228  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:08:06.0196 3228  AudioEndpointBuilder - ok
18:08:06.0226 3228  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:08:06.0257 3228  AudioSrv - ok
18:08:06.0449 3228  [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:08:06.0523 3228  AVGIDSAgent - ok
18:08:06.0576 3228  [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:08:06.0588 3228  AVGIDSDriver - ok
18:08:06.0630 3228  [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:08:06.0639 3228  AVGIDSFilter - ok
18:08:06.0667 3228  [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
18:08:06.0676 3228  AVGIDSHA - ok
18:08:06.0711 3228  [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
18:08:06.0723 3228  Avgldx64 - ok
18:08:06.0745 3228  [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
18:08:06.0754 3228  Avgmfx64 - ok
18:08:06.0804 3228  [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
18:08:06.0812 3228  Avgrkx64 - ok
18:08:06.0849 3228  [ A441A655D6D9DDDDBA11994530F84981 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
18:08:06.0862 3228  Avgtdia - ok
18:08:06.0933 3228  [ E6BA4620F82391AA693FEDE369EEF70D ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
18:08:06.0948 3228  avgtp - ok
18:08:07.0063 3228  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:08:07.0073 3228  avgwd - ok
18:08:07.0198 3228  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:08:07.0284 3228  AxInstSV - ok
18:08:07.0318 3228  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:08:07.0346 3228  b06bdrv - ok
18:08:07.0372 3228  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:08:07.0406 3228  b57nd60a - ok
18:08:07.0442 3228  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:08:07.0493 3228  BDESVC - ok
18:08:07.0505 3228  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:08:07.0564 3228  Beep - ok
18:08:07.0630 3228  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:08:07.0676 3228  BFE - ok
18:08:07.0710 3228  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:08:07.0760 3228  BITS - ok
18:08:07.0785 3228  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:08:07.0817 3228  blbdrive - ok
18:08:07.0871 3228  [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:08:07.0881 3228  Bonjour Service - ok
18:08:07.0922 3228  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:08:07.0949 3228  bowser - ok
18:08:07.0995 3228  [ AD5D76B93B7A277CBDB964BF678F9633 ] BRA_Scheduler   C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
18:08:08.0015 3228  BRA_Scheduler ( UnsignedFile.Multi.Generic ) - warning
18:08:08.0015 3228  BRA_Scheduler - detected UnsignedFile.Multi.Generic (1)
18:08:08.0032 3228  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:08:08.0090 3228  BrFiltLo - ok
18:08:08.0104 3228  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:08:08.0131 3228  BrFiltUp - ok
18:08:08.0159 3228  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:08:08.0202 3228  Browser - ok
18:08:08.0232 3228  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
18:08:08.0288 3228  Brserid - ok
18:08:08.0324 3228  [ 34F6C504B150F99DAE69D7073D2A4DF4 ] BrSerIf         C:\Windows\system32\DRIVERS\BrSerIf.sys
18:08:08.0366 3228  BrSerIf - ok
18:08:08.0376 3228  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:08:08.0410 3228  BrSerWdm - ok
18:08:08.0427 3228  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:08:08.0477 3228  BrUsbMdm - ok
18:08:08.0480 3228  [ 601CB966FFFEBC6806626DC8E7AA0EF2 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
18:08:08.0492 3228  BrUsbSer - ok
18:08:08.0515 3228  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:08:08.0542 3228  BTHMODEM - ok
18:08:08.0574 3228  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:08:08.0602 3228  bthserv - ok
18:08:08.0616 3228  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:08:08.0662 3228  cdfs - ok
18:08:08.0717 3228  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:08:08.0753 3228  cdrom - ok
18:08:08.0802 3228  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:08:08.0851 3228  CertPropSvc - ok
18:08:08.0883 3228  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:08:08.0897 3228  circlass - ok
18:08:08.0920 3228  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:08:08.0934 3228  CLFS - ok
18:08:08.0978 3228  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:08:08.0988 3228  clr_optimization_v2.0.50727_32 - ok
18:08:09.0019 3228  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:08:09.0028 3228  clr_optimization_v2.0.50727_64 - ok
18:08:09.0097 3228  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:08:09.0107 3228  clr_optimization_v4.0.30319_32 - ok
18:08:09.0137 3228  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:08:09.0146 3228  clr_optimization_v4.0.30319_64 - ok
18:08:09.0160 3228  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:08:09.0195 3228  CmBatt - ok
18:08:09.0220 3228  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:08:09.0230 3228  cmdide - ok
18:08:09.0269 3228  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:08:09.0298 3228  CNG - ok
18:08:09.0316 3228  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:08:09.0327 3228  Compbatt - ok
18:08:09.0354 3228  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:08:09.0380 3228  CompositeBus - ok
18:08:09.0400 3228  COMSysApp - ok
18:08:09.0414 3228  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:08:09.0424 3228  crcdisk - ok
18:08:09.0463 3228  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:08:09.0514 3228  CryptSvc - ok
18:08:09.0551 3228  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:08:09.0616 3228  CSC - ok
18:08:09.0653 3228  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:08:09.0686 3228  CscService - ok
18:08:09.0731 3228  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:08:09.0777 3228  DcomLaunch - ok
18:08:09.0822 3228  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:08:09.0864 3228  defragsvc - ok
18:08:09.0898 3228  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:08:09.0942 3228  DfsC - ok
18:08:09.0993 3228  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:08:10.0041 3228  Dhcp - ok
18:08:10.0049 3228  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:08:10.0082 3228  discache - ok
18:08:10.0120 3228  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:08:10.0130 3228  Disk - ok
18:08:10.0159 3228  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:08:10.0185 3228  Dnscache - ok
18:08:10.0209 3228  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:08:10.0254 3228  dot3svc - ok
18:08:10.0282 3228  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:08:10.0327 3228  DPS - ok
18:08:10.0363 3228  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:08:10.0391 3228  drmkaud - ok
18:08:10.0431 3228  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:08:10.0451 3228  DXGKrnl - ok
18:08:10.0472 3228  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:08:10.0520 3228  EapHost - ok
18:08:10.0597 3228  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:08:10.0648 3228  ebdrv - ok
18:08:10.0686 3228  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:08:10.0755 3228  EFS - ok
18:08:10.0794 3228  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:08:10.0854 3228  ehRecvr - ok
18:08:10.0877 3228  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:08:10.0921 3228  ehSched - ok
18:08:10.0948 3228  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:08:10.0964 3228  elxstor - ok
18:08:10.0993 3228  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:08:11.0021 3228  ErrDev - ok
18:08:11.0055 3228  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:08:11.0099 3228  EventSystem - ok
18:08:11.0120 3228  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:08:11.0149 3228  exfat - ok
18:08:11.0164 3228  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:08:11.0215 3228  fastfat - ok
18:08:11.0282 3228  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:08:11.0333 3228  Fax - ok
18:08:11.0344 3228  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:08:11.0355 3228  fdc - ok
18:08:11.0363 3228  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:08:11.0410 3228  fdPHost - ok
18:08:11.0431 3228  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:08:11.0483 3228  FDResPub - ok
18:08:11.0505 3228  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:08:11.0516 3228  FileInfo - ok
18:08:11.0528 3228  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:08:11.0576 3228  Filetrace - ok
18:08:11.0647 3228  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:08:11.0671 3228  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:08:11.0671 3228  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:08:11.0689 3228  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:08:11.0722 3228  flpydisk - ok
18:08:11.0769 3228  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:08:11.0782 3228  FltMgr - ok
18:08:11.0822 3228  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:08:11.0872 3228  FontCache - ok
18:08:11.0921 3228  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:08:11.0930 3228  FontCache3.0.0.0 - ok
18:08:11.0948 3228  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:08:11.0959 3228  FsDepends - ok
18:08:11.0994 3228  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:08:12.0004 3228  Fs_Rec - ok
18:08:12.0044 3228  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:08:12.0058 3228  fvevol - ok
18:08:12.0102 3228  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:08:12.0113 3228  gagp30kx - ok
18:08:12.0137 3228  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:12.0145 3228  GEARAspiWDM - ok
18:08:12.0184 3228  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:08:12.0252 3228  gpsvc - ok
18:08:12.0366 3228  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:12.0378 3228  gupdate - ok
18:08:12.0432 3228  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:12.0441 3228  gupdatem - ok
18:08:12.0496 3228  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
18:08:12.0505 3228  hamachi - ok
18:08:12.0607 3228  [ 3FD2090563AAA835C554FEFF728D5509 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:08:12.0637 3228  Hamachi2Svc - ok
18:08:12.0657 3228  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:08:12.0675 3228  hcw85cir - ok
18:08:12.0721 3228  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:08:12.0759 3228  HdAudAddService - ok
18:08:12.0794 3228  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:08:12.0826 3228  HDAudBus - ok
18:08:12.0829 3228  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:08:12.0847 3228  HidBatt - ok
18:08:12.0866 3228  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:08:12.0895 3228  HidBth - ok
18:08:12.0911 3228  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:08:12.0943 3228  HidIr - ok
18:08:12.0972 3228  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:08:12.0999 3228  hidserv - ok
18:08:13.0043 3228  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:08:13.0072 3228  HidUsb - ok
18:08:13.0155 3228  [ C7F37B5BF7BBDE161E4256ED08E79108 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
18:08:13.0181 3228  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
18:08:13.0182 3228  HiPatchService - detected UnsignedFile.Multi.Generic (1)
18:08:13.0210 3228  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:08:13.0261 3228  hkmsvc - ok
18:08:13.0299 3228  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:08:13.0324 3228  HomeGroupListener - ok
18:08:13.0357 3228  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:08:13.0383 3228  HomeGroupProvider - ok
18:08:13.0413 3228  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:08:13.0424 3228  HpSAMD - ok
18:08:13.0476 3228  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:08:13.0530 3228  HTTP - ok
18:08:13.0561 3228  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:08:13.0572 3228  hwpolicy - ok
18:08:13.0599 3228  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:08:13.0619 3228  i8042prt - ok
18:08:13.0636 3228  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:08:13.0650 3228  iaStorV - ok
18:08:13.0692 3228  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:08:13.0710 3228  idsvc - ok
18:08:13.0744 3228  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:08:13.0754 3228  iirsp - ok
18:08:13.0785 3228  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:08:13.0819 3228  IKEEXT - ok
18:08:13.0855 3228  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:08:13.0865 3228  intelide - ok
18:08:13.0900 3228  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:08:13.0935 3228  intelppm - ok
18:08:13.0966 3228  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:08:13.0994 3228  IPBusEnum - ok
18:08:14.0024 3228  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:14.0065 3228  IpFilterDriver - ok
18:08:14.0109 3228  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:08:14.0167 3228  iphlpsvc - ok
18:08:14.0195 3228  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:08:14.0220 3228  IPMIDRV - ok
18:08:14.0252 3228  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:08:14.0302 3228  IPNAT - ok
18:08:14.0382 3228  [ DC115BD67A913F71A77C7C72C1E64C0A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:08:14.0397 3228  iPod Service - ok
18:08:14.0426 3228  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:08:14.0494 3228  IRENUM - ok
18:08:14.0518 3228  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:08:14.0529 3228  isapnp - ok
18:08:14.0559 3228  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:08:14.0572 3228  iScsiPrt - ok
18:08:14.0585 3228  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:08:14.0596 3228  kbdclass - ok
18:08:14.0640 3228  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:08:14.0651 3228  kbdhid - ok
18:08:14.0659 3228  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:08:14.0670 3228  KeyIso - ok
18:08:14.0704 3228  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:08:14.0715 3228  KSecDD - ok
18:08:14.0746 3228  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:08:14.0758 3228  KSecPkg - ok
18:08:14.0765 3228  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:08:14.0806 3228  ksthunk - ok
18:08:14.0845 3228  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:08:14.0896 3228  KtmRm - ok
18:08:14.0940 3228  [ 71366A5E898EE044A0AFF2DC3ABAEC60 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
18:08:14.0949 3228  L1E - ok
18:08:14.0972 3228  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:08:15.0017 3228  LanmanServer - ok
18:08:15.0055 3228  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:08:15.0083 3228  LanmanWorkstation - ok
18:08:15.0116 3228  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
18:08:15.0125 3228  LGBusEnum - ok
18:08:15.0163 3228  [ 1AF3A5A9BC310C88F2EFCEBD08D381AB ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
18:08:15.0173 3228  LGSHidFilt - ok
18:08:15.0195 3228  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
18:08:15.0203 3228  LGVirHid - ok
18:08:15.0229 3228  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:08:15.0278 3228  lltdio - ok
18:08:15.0312 3228  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:08:15.0361 3228  lltdsvc - ok
18:08:15.0364 3228  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:08:15.0402 3228  lmhosts - ok
18:08:15.0428 3228  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:08:15.0439 3228  LSI_FC - ok
18:08:15.0450 3228  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:08:15.0461 3228  LSI_SAS - ok
18:08:15.0477 3228  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:08:15.0487 3228  LSI_SAS2 - ok
18:08:15.0498 3228  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:08:15.0509 3228  LSI_SCSI - ok
18:08:15.0534 3228  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:08:15.0562 3228  luafv - ok
18:08:15.0590 3228  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:08:15.0603 3228  Mcx2Svc - ok
18:08:15.0622 3228  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:08:15.0632 3228  megasas - ok
18:08:15.0654 3228  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:08:15.0667 3228  MegaSR - ok
18:08:15.0694 3228  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:08:15.0739 3228  MMCSS - ok
18:08:15.0742 3228  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:08:15.0784 3228  Modem - ok
18:08:15.0818 3228  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:08:15.0845 3228  monitor - ok
18:08:15.0904 3228  [ FC44AD48746FFA5FD640EF1260AB5EC2 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
18:08:15.0914 3228  MotioninJoyXFilter - ok
18:08:15.0934 3228  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:08:15.0945 3228  mouclass - ok
18:08:15.0959 3228  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:08:15.0994 3228  mouhid - ok
18:08:16.0022 3228  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:08:16.0034 3228  mountmgr - ok
18:08:16.0063 3228  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:08:16.0075 3228  mpio - ok
18:08:16.0089 3228  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:08:16.0120 3228  mpsdrv - ok
18:08:16.0158 3228  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:08:16.0209 3228  MpsSvc - ok
18:08:16.0247 3228  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:08:16.0276 3228  MRxDAV - ok
18:08:16.0310 3228  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:16.0346 3228  mrxsmb - ok
18:08:16.0374 3228  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:16.0401 3228  mrxsmb10 - ok
18:08:16.0421 3228  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:16.0452 3228  mrxsmb20 - ok
18:08:16.0477 3228  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:08:16.0487 3228  msahci - ok
18:08:16.0501 3228  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:08:16.0513 3228  msdsm - ok
18:08:16.0523 3228  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:08:16.0549 3228  MSDTC - ok
18:08:16.0581 3228  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:08:16.0631 3228  Msfs - ok
18:08:16.0653 3228  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:08:16.0699 3228  mshidkmdf - ok
18:08:16.0725 3228  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:08:16.0736 3228  msisadrv - ok
18:08:16.0774 3228  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:08:16.0821 3228  MSiSCSI - ok
18:08:16.0824 3228  msiserver - ok
18:08:16.0855 3228  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:08:16.0906 3228  MSKSSRV - ok
18:08:16.0933 3228  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:16.0975 3228  MSPCLOCK - ok
18:08:16.0992 3228  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:08:17.0021 3228  MSPQM - ok
18:08:17.0075 3228  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:08:17.0090 3228  MsRPC - ok
18:08:17.0150 3228  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:08:17.0161 3228  mssmbios - ok
18:08:17.0164 3228  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:08:17.0210 3228  MSTEE - ok
18:08:17.0226 3228  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:08:17.0237 3228  MTConfig - ok
18:08:17.0297 3228  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
18:08:17.0351 3228  MTsensor - ok
18:08:17.0405 3228  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:08:17.0416 3228  Mup - ok
18:08:17.0569 3228  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:08:17.0607 3228  napagent - ok
18:08:17.0633 3228  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:08:17.0671 3228  NativeWifiP - ok
18:08:17.0712 3228  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:08:17.0735 3228  NDIS - ok
18:08:17.0749 3228  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:08:17.0777 3228  NdisCap - ok
18:08:17.0792 3228  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:17.0838 3228  NdisTapi - ok
18:08:17.0858 3228  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:17.0905 3228  Ndisuio - ok
18:08:17.0941 3228  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:17.0990 3228  NdisWan - ok
18:08:18.0033 3228  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:08:18.0060 3228  NDProxy - ok
18:08:18.0082 3228  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:08:18.0125 3228  NetBIOS - ok
18:08:18.0153 3228  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:08:18.0205 3228  NetBT - ok
18:08:18.0231 3228  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:08:18.0242 3228  Netlogon - ok
18:08:18.0270 3228  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:08:18.0306 3228  Netman - ok
18:08:18.0343 3228  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:08:18.0353 3228  NetMsmqActivator - ok
18:08:18.0371 3228  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:08:18.0380 3228  NetPipeActivator - ok
18:08:18.0399 3228  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:08:18.0445 3228  netprofm - ok
18:08:18.0486 3228  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:08:18.0496 3228  NetTcpActivator - ok
18:08:18.0499 3228  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:08:18.0509 3228  NetTcpPortSharing - ok
18:08:18.0535 3228  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:08:18.0546 3228  nfrd960 - ok
18:08:18.0568 3228  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:08:18.0595 3228  NlaSvc - ok
18:08:18.0617 3228  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:08:18.0646 3228  Npfs - ok
18:08:18.0649 3228  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:08:18.0696 3228  nsi - ok
18:08:18.0713 3228  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:08:18.0740 3228  nsiproxy - ok
18:08:18.0803 3228  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:08:18.0831 3228  Ntfs - ok
18:08:18.0845 3228  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:08:18.0889 3228  Null - ok
18:08:18.0938 3228  [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:08:18.0949 3228  NVHDA - ok
18:08:19.0170 3228  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:08:19.0301 3228  nvlddmkm - ok
18:08:19.0330 3228  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:08:19.0341 3228  nvraid - ok
18:08:19.0363 3228  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:08:19.0374 3228  nvstor - ok
18:08:19.0422 3228  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:08:19.0440 3228  nvsvc - ok
18:08:19.0545 3228  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:08:19.0572 3228  nvUpdatusService - ok
18:08:19.0593 3228  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:08:19.0605 3228  nv_agp - ok
18:08:19.0629 3228  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:08:19.0660 3228  ohci1394 - ok
18:08:19.0681 3228  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:08:19.0708 3228  p2pimsvc - ok
18:08:19.0730 3228  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:08:19.0744 3228  p2psvc - ok
18:08:19.0753 3228  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:08:19.0786 3228  Parport - ok
18:08:19.0822 3228  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:08:19.0833 3228  partmgr - ok
18:08:19.0926 3228  [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter        C:\Program Files\PeerBlock\pbfilter.sys
18:08:19.0940 3228  pbfilter - ok
18:08:19.0952 3228  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:08:19.0970 3228  PcaSvc - ok
18:08:19.0986 3228  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:08:19.0998 3228  pci - ok
18:08:20.0021 3228  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:08:20.0032 3228  pciide - ok
18:08:20.0046 3228  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:08:20.0059 3228  pcmcia - ok
18:08:20.0073 3228  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:08:20.0083 3228  pcw - ok
18:08:20.0098 3228  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:08:20.0141 3228  PEAUTH - ok
18:08:20.0186 3228  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:08:20.0228 3228  PeerDistSvc - ok
18:08:20.0306 3228  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:08:20.0318 3228  PerfHost - ok
18:08:20.0377 3228  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:08:20.0428 3228  pla - ok
18:08:20.0469 3228  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:08:20.0489 3228  PlugPlay - ok
18:08:20.0509 3228  PnkBstrA - ok
18:08:20.0520 3228  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:08:20.0549 3228  PNRPAutoReg - ok
18:08:20.0580 3228  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:08:20.0593 3228  PNRPsvc - ok
18:08:20.0631 3228  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:08:20.0680 3228  PolicyAgent - ok
18:08:20.0707 3228  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:08:20.0749 3228  Power - ok
18:08:20.0801 3228  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:08:20.0844 3228  PptpMiniport - ok
18:08:20.0876 3228  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:08:20.0887 3228  Processor - ok
18:08:20.0908 3228  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:08:20.0934 3228  ProfSvc - ok
18:08:20.0949 3228  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:08:20.0960 3228  ProtectedStorage - ok
18:08:20.0992 3228  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:08:21.0020 3228  Psched - ok
18:08:21.0059 3228  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:08:21.0085 3228  ql2300 - ok
18:08:21.0101 3228  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:08:21.0113 3228  ql40xx - ok
18:08:21.0131 3228  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:08:21.0147 3228  QWAVE - ok
18:08:21.0156 3228  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:08:21.0185 3228  QWAVEdrv - ok
18:08:21.0207 3228  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:08:21.0252 3228  RasAcd - ok
18:08:21.0287 3228  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:08:21.0315 3228  RasAgileVpn - ok
18:08:21.0332 3228  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:08:21.0378 3228  RasAuto - ok
18:08:21.0411 3228  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:21.0453 3228  Rasl2tp - ok
18:08:21.0488 3228  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:08:21.0533 3228  RasMan - ok
18:08:21.0554 3228  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:21.0595 3228  RasPppoe - ok
18:08:21.0621 3228  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:08:21.0663 3228  RasSstp - ok
18:08:21.0704 3228  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:08:21.0734 3228  rdbss - ok
18:08:21.0739 3228  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:08:21.0752 3228  rdpbus - ok
18:08:21.0764 3228  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:21.0804 3228  RDPCDD - ok
18:08:21.0836 3228  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:08:21.0854 3228  RDPDR - ok
18:08:21.0879 3228  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:08:21.0908 3228  RDPENCDD - ok
18:08:21.0913 3228  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:08:21.0940 3228  RDPREFMP - ok
18:08:21.0976 3228  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:08:22.0038 3228  RDPWD - ok
18:08:22.0067 3228  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:08:22.0079 3228  rdyboost - ok
18:08:22.0107 3228  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:08:22.0149 3228  RemoteAccess - ok
18:08:22.0174 3228  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:08:22.0203 3228  RemoteRegistry - ok
18:08:22.0217 3228  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:08:22.0267 3228  RpcEptMapper - ok
18:08:22.0300 3228  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:08:22.0326 3228  RpcLocator - ok
18:08:22.0368 3228  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:08:22.0400 3228  RpcSs - ok
18:08:22.0414 3228  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:08:22.0442 3228  rspndr - ok
18:08:22.0506 3228  [ 3ECD3CA61FFC54B0D93F8B19161B83DA ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
18:08:22.0515 3228  RTCore64 - ok
18:08:22.0641 3228  [ CFBABCC8E8B72F9D1693FF583A09C79B ] RTL85n64        C:\Windows\system32\DRIVERS\RTL85n64.sys
18:08:22.0671 3228  RTL85n64 - ok
18:08:22.0719 3228  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:08:22.0794 3228  s3cap - ok
18:08:22.0823 3228  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:08:22.0834 3228  SamSs - ok
18:08:22.0858 3228  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:08:22.0869 3228  sbp2port - ok
18:08:22.0899 3228  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:08:22.0943 3228  SCardSvr - ok
18:08:23.0002 3228  [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
18:08:23.0011 3228  SCDEmu - ok
18:08:23.0046 3228  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:08:23.0092 3228  scfilter - ok
18:08:23.0147 3228  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:08:23.0199 3228  Schedule - ok
18:08:23.0224 3228  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:08:23.0251 3228  SCPolicySvc - ok
18:08:23.0284 3228  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:08:23.0325 3228  SDRSVC - ok
18:08:23.0362 3228  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:08:23.0412 3228  secdrv - ok
18:08:23.0446 3228  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:08:23.0479 3228  seclogon - ok
18:08:23.0483 3228  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:08:23.0532 3228  SENS - ok
18:08:23.0556 3228  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:08:23.0603 3228  SensrSvc - ok
18:08:23.0614 3228  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:08:23.0638 3228  Serenum - ok
18:08:23.0670 3228  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:08:23.0681 3228  Serial - ok
18:08:23.0697 3228  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:08:23.0721 3228  sermouse - ok
18:08:23.0761 3228  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:08:23.0808 3228  SessionEnv - ok
18:08:23.0848 3228  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:08:23.0873 3228  sffdisk - ok
18:08:23.0888 3228  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:08:23.0921 3228  sffp_mmc - ok
18:08:23.0945 3228  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:08:23.0971 3228  sffp_sd - ok
18:08:23.0996 3228  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:08:24.0026 3228  sfloppy - ok
18:08:24.0062 3228  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:08:24.0113 3228  SharedAccess - ok
18:08:24.0152 3228  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:08:24.0182 3228  ShellHWDetection - ok
18:08:24.0202 3228  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:08:24.0212 3228  SiSRaid2 - ok
18:08:24.0225 3228  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:08:24.0236 3228  SiSRaid4 - ok
18:08:24.0253 3228  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:08:24.0295 3228  Smb - ok
18:08:24.0337 3228  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:08:24.0367 3228  SNMPTRAP - ok
18:08:24.0384 3228  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:08:24.0394 3228  spldr - ok
18:08:24.0439 3228  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:08:24.0482 3228  Spooler - ok
18:08:24.0564 3228  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:08:24.0642 3228  sppsvc - ok
18:08:24.0661 3228  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:08:24.0704 3228  sppuinotify - ok
18:08:24.0758 3228  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
18:08:24.0759 3228  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
18:08:24.0760 3228  sptd ( LockedFile.Multi.Generic ) - warning
18:08:24.0760 3228  sptd - detected LockedFile.Multi.Generic (1)
18:08:24.0795 3228  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:08:24.0833 3228  srv - ok
18:08:24.0853 3228  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:08:24.0883 3228  srv2 - ok
18:08:24.0906 3228  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:08:24.0931 3228  srvnet - ok
18:08:24.0958 3228  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:08:25.0006 3228  SSDPSRV - ok
18:08:25.0031 3228  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:08:25.0075 3228  SstpSvc - ok
18:08:25.0155 3228  [ 3DBF9D2E5DE3A72B37AB27ABB79FEE69 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:08:25.0170 3228  Steam Client Service - ok
18:08:25.0264 3228  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:08:25.0278 3228  Stereo Service - ok
18:08:25.0299 3228  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:08:25.0310 3228  stexstor - ok
18:08:25.0362 3228  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:08:25.0400 3228  stisvc - ok
18:08:25.0433 3228  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:08:25.0443 3228  storflt - ok
18:08:25.0460 3228  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:08:25.0502 3228  StorSvc - ok
18:08:25.0528 3228  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:08:25.0538 3228  storvsc - ok
18:08:25.0570 3228  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:08:25.0580 3228  swenum - ok
18:08:25.0601 3228  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:08:25.0652 3228  swprv - ok
18:08:25.0706 3228  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:08:25.0757 3228  SysMain - ok
18:08:25.0790 3228  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:08:25.0807 3228  TabletInputService - ok
18:08:25.0837 3228  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:08:25.0867 3228  TapiSrv - ok
18:08:25.0882 3228  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:08:25.0925 3228  TBS - ok
18:08:25.0990 3228  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:08:26.0035 3228  Tcpip - ok
18:08:26.0090 3228  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:08:26.0121 3228  TCPIP6 - ok
18:08:26.0155 3228  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:08:26.0195 3228  tcpipreg - ok
18:08:26.0234 3228  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:08:26.0253 3228  TDPIPE - ok
18:08:26.0271 3228  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:08:26.0294 3228  TDTCP - ok
18:08:26.0315 3228  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:08:26.0358 3228  tdx - ok
18:08:26.0380 3228  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:08:26.0391 3228  TermDD - ok
18:08:26.0427 3228  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:08:26.0482 3228  TermService - ok
18:08:26.0499 3228  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:08:26.0531 3228  Themes - ok
18:08:26.0565 3228  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:08:26.0594 3228  THREADORDER - ok
18:08:26.0613 3228  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:08:26.0644 3228  TrkWks - ok
18:08:26.0701 3228  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:08:26.0750 3228  TrustedInstaller - ok
18:08:26.0785 3228  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:26.0830 3228  tssecsrv - ok
18:08:26.0860 3228  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:08:26.0909 3228  TsUsbFlt - ok
18:08:26.0952 3228  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:08:26.0979 3228  tunnel - ok
18:08:26.0999 3228  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:08:27.0011 3228  uagp35 - ok
18:08:27.0053 3228  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:08:27.0104 3228  udfs - ok
18:08:27.0162 3228  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:08:27.0196 3228  UI0Detect - ok
18:08:27.0220 3228  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:08:27.0231 3228  uliagpkx - ok
18:08:27.0270 3228  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:08:27.0281 3228  umbus - ok
18:08:27.0290 3228  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:08:27.0316 3228  UmPass - ok
18:08:27.0338 3228  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:08:27.0367 3228  UmRdpService - ok
18:08:27.0390 3228  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:08:27.0436 3228  upnphost - ok
18:08:27.0494 3228  [ 5CF1EAD086176DD3348E920A40BED03D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:08:27.0537 3228  USBAAPL64 - ok
18:08:27.0565 3228  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:08:27.0597 3228  usbaudio - ok
18:08:27.0627 3228  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:08:27.0666 3228  usbccgp - ok
18:08:27.0700 3228  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:08:27.0729 3228  usbcir - ok
18:08:27.0750 3228  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:08:27.0762 3228  usbehci - ok
18:08:27.0795 3228  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:08:27.0822 3228  usbhub - ok
18:08:27.0865 3228  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:08:27.0888 3228  usbohci - ok
18:08:27.0912 3228  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:08:27.0945 3228  usbprint - ok
18:08:27.0993 3228  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:08:28.0007 3228  usbscan - ok
18:08:28.0020 3228  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:28.0052 3228  USBSTOR - ok
18:08:28.0078 3228  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:08:28.0108 3228  usbuhci - ok
18:08:28.0138 3228  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:08:28.0168 3228  UxSms - ok
18:08:28.0181 3228  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:08:28.0192 3228  VaultSvc - ok
18:08:28.0217 3228  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:08:28.0227 3228  vdrvroot - ok
18:08:28.0302 3228  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:08:28.0333 3228  vds - ok
18:08:28.0348 3228  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:28.0382 3228  vga - ok
18:08:28.0408 3228  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:08:28.0435 3228  VgaSave - ok
18:08:28.0465 3228  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:08:28.0477 3228  vhdmp - ok
18:08:28.0500 3228  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:08:28.0511 3228  viaide - ok
18:08:28.0538 3228  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:08:28.0550 3228  vmbus - ok
18:08:28.0561 3228  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:08:28.0571 3228  VMBusHID - ok
18:08:28.0584 3228  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:08:28.0595 3228  volmgr - ok
18:08:28.0620 3228  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:08:28.0634 3228  volmgrx - ok
18:08:28.0645 3228  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:08:28.0658 3228  volsnap - ok
18:08:28.0684 3228  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:08:28.0695 3228  vsmraid - ok
18:08:28.0749 3228  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:08:28.0789 3228  VSS - ok
18:08:28.0819 3228  vToolbarUpdater17.0.1 - ok
18:08:28.0837 3228  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:08:28.0850 3228  vwifibus - ok
18:08:28.0885 3228  [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:08:28.0914 3228  VWiFiFlt - ok
18:08:28.0947 3228  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:08:28.0980 3228  vwifimp - ok
18:08:29.0007 3228  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:08:29.0048 3228  W32Time - ok
18:08:29.0063 3228  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:08:29.0074 3228  WacomPen - ok
18:08:29.0101 3228  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:08:29.0149 3228  WANARP - ok
18:08:29.0171 3228  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:08:29.0198 3228  Wanarpv6 - ok
18:08:29.0252 3228  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:08:29.0275 3228  WatAdminSvc - ok
18:08:29.0325 3228  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:08:29.0371 3228  wbengine - ok
18:08:29.0389 3228  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:08:29.0406 3228  WbioSrvc - ok
18:08:29.0438 3228  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:08:29.0471 3228  wcncsvc - ok
18:08:29.0496 3228  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:08:29.0519 3228  WcsPlugInService - ok
18:08:29.0531 3228  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:08:29.0541 3228  Wd - ok
18:08:29.0584 3228  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
18:08:29.0631 3228  WDC_SAM - ok
18:08:29.0677 3228  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:08:29.0697 3228  Wdf01000 - ok
18:08:29.0710 3228  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:08:29.0792 3228  WdiServiceHost - ok
18:08:29.0795 3228  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:08:29.0811 3228  WdiSystemHost - ok
18:08:29.0841 3228  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:08:29.0877 3228  WebClient - ok
18:08:29.0899 3228  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:08:29.0942 3228  Wecsvc - ok
18:08:29.0966 3228  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:08:30.0007 3228  wercplsupport - ok
18:08:30.0040 3228  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:08:30.0086 3228  WerSvc - ok
18:08:30.0107 3228  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:08:30.0153 3228  WfpLwf - ok
18:08:30.0173 3228  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:08:30.0184 3228  WIMMount - ok
18:08:30.0204 3228  WinDefend - ok
18:08:30.0221 3228  WinHttpAutoProxySvc - ok
18:08:30.0266 3228  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:08:30.0317 3228  Winmgmt - ok
18:08:30.0380 3228  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:08:30.0438 3228  WinRM - ok
18:08:30.0488 3228  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:08:30.0528 3228  Wlansvc - ok
18:08:30.0656 3228  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:08:30.0690 3228  wlidsvc - ok
18:08:30.0710 3228  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:08:30.0736 3228  WmiAcpi - ok
18:08:30.0757 3228  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:08:30.0770 3228  wmiApSrv - ok
18:08:30.0773 3228  WMPNetworkSvc - ok
18:08:30.0784 3228  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:08:30.0800 3228  WPCSvc - ok
18:08:30.0820 3228  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:08:30.0850 3228  WPDBusEnum - ok
18:08:30.0875 3228  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:08:30.0921 3228  ws2ifsl - ok
18:08:30.0944 3228  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:08:30.0981 3228  wscsvc - ok
18:08:30.0984 3228  WSearch - ok
18:08:31.0060 3228  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:08:31.0107 3228  wuauserv - ok
18:08:31.0138 3228  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:08:31.0173 3228  WudfPf - ok
18:08:31.0197 3228  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:31.0226 3228  WUDFRd - ok
18:08:31.0259 3228  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:08:31.0290 3228  wudfsvc - ok
18:08:31.0323 3228  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:08:31.0347 3228  WwanSvc - ok
18:08:31.0395 3228  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:08:31.0404 3228  xusb21 - ok
18:08:31.0457 3228  ================ Scan global ===============================
18:08:31.0482 3228  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:08:31.0517 3228  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:08:31.0523 3228  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:08:31.0544 3228  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:08:31.0572 3228  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:08:31.0574 3228  [Global] - ok
18:08:31.0575 3228  ================ Scan MBR ==================================
18:08:31.0577 3228  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:08:31.0775 3228  \Device\Harddisk0\DR0 - ok
18:08:31.0785 3228  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:08:32.0035 3228  \Device\Harddisk1\DR1 - ok
18:08:32.0035 3228  ================ Scan VBR ==================================
18:08:32.0037 3228  [ CA60AE0B287937DEFE5D5C7D8D9D2E41 ] \Device\Harddisk0\DR0\Partition1
18:08:32.0038 3228  \Device\Harddisk0\DR0\Partition1 - ok
18:08:32.0040 3228  [ 316648C9756B3EA184F3A4178CFD9E3F ] \Device\Harddisk1\DR1\Partition1
18:08:32.0041 3228  \Device\Harddisk1\DR1\Partition1 - ok
18:08:32.0042 3228  ============================================================
18:08:32.0042 3228  Scan finished
18:08:32.0042 3228  ============================================================
18:08:32.0049 2248  Detected object count: 4
18:08:32.0049 2248  Actual detected object count: 4
18:10:19.0819 2248  BRA_Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:19.0819 2248  BRA_Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:10:19.0820 2248  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:19.0820 2248  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:10:19.0820 2248  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:19.0820 2248  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:10:19.0821 2248  sptd ( LockedFile.Multi.Generic ) - skipped by user
18:10:19.0821 2248  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 


#6 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 24 September 2013 - 05:28 PM

Here is that Avast report, with attached data

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-24 18:15:02
-----------------------------
18:15:02.319    OS Version: Windows x64 6.1.7601 Service Pack 1
18:15:02.319    Number of processors: 2 586 0x1706
18:15:02.320    ComputerName: JIM-PC  UserName: Jim
18:15:03.914    Initialize success
18:15:55.066    AVAST engine defs: 13092401
18:16:04.144    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6
18:16:04.146    Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 78167MB BusType: 3
18:16:04.148    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-7
18:16:04.150    Disk 1 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 3
18:16:04.168    Disk 1 MBR read successfully
18:16:04.170    Disk 1 MBR scan
18:16:04.174    Disk 1 Windows 7 default MBR code
18:16:04.176    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476929 MB offset 63
18:16:04.200    Disk 1 scanning C:\Windows\system32\drivers
18:16:15.254    Service scanning
18:16:33.777    Modules scanning
18:16:33.783    Disk 1 trace - called modules:
18:16:33.799    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046bc2c0]<<spco.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
18:16:34.127    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800499a790]
18:16:34.131    3 CLASSPNP.SYS[fffff88001a1843f] -> nt!IofCallDriver -> [0xfffffa800483e520]
18:16:34.135    5 ACPI.sys[fffff880011967a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-7[0xfffffa800483b060]
18:16:34.139    \Driver\atapi[0xfffffa80047ea060] -> IRP_MJ_CREATE -> 0xfffffa80046bc2c0
18:16:36.281    AVAST engine scan C:\Windows
18:16:38.647    AVAST engine scan C:\Windows\system32
18:20:52.823    AVAST engine scan C:\Windows\system32\drivers
18:21:04.801    AVAST engine scan C:\Users\Jim
18:26:25.558    Disk 1 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
18:26:25.564    The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
 
 

 



#7 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 24 September 2013 - 05:29 PM

Oops, here is the data

 

Attached Files

  • Attached File  MBR.zip   545bytes   1 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 25 September 2013 - 08:46 AM

Exactly what I was looking for.

Now run the aswMBR.exe tool. Select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully or MBR fixed successfully"
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally this time and post the log.


Run the ComboFix tool again and post the log also.

Please let me know what problem persists.

#9 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 25 September 2013 - 09:27 PM

nasadq, when I run the scan, Fix is greyed out.  I do not believe it was before, but it is now.  FixMBR is available though.  Don't think I want that.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 26 September 2013 - 08:26 AM

That's the only option I can see for now.

Let check it further.

Please download MBRCheck.exe and save it to your desktop - not a folder on the desktop - save it directly to the desktop.

  • * Be sure to disable your security programs.
    * Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    * A window will open on your desktop.
    * if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    * If nothing unusual is found just press Enter
    * A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    * In your next reply, please include the log from MBRChecker.

====

#11 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 26 September 2013 - 04:46 PM

Nadaq, I appreciate all your help. I ran MBR Check, I don't think anything was found.  I also ran aswMBR again, and same issues.  This is strange because the first time I ran is FIX was an option, as well as when I run it on my laptop.  

 

Here is the MBR Check report 

 

MBRCheck, version 1.2.3
© 2010, AD
 
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5QL-E
Logical Drives Mask: 0x0000003d
 
Kernel Drivers (total 168):
  0x03201000 \SystemRoot\system32\ntoskrnl.exe
  0x037E7000 \SystemRoot\system32\hal.dll
  0x00BD4000 \SystemRoot\system32\kdcom.dll
  0x00CD3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D22000 \SystemRoot\system32\PSHED.dll
  0x00D36000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00EF6000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00FB8000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x01000000 \SystemRoot\System32\Drivers\spiq.sys
  0x01126000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x0112F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x0115E000 \SystemRoot\system32\drivers\ACPI.sys
  0x011B5000 \SystemRoot\system32\drivers\msisadrv.sys
  0x011BF000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x011CC000 \SystemRoot\system32\drivers\pci.sys
  0x00FC8000 \SystemRoot\System32\drivers\partmgr.sys
  0x00FDD000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E5C000 \SystemRoot\system32\drivers\pciide.sys
  0x00E63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00E8D000 \SystemRoot\system32\drivers\vmbus.sys
  0x00EC9000 \SystemRoot\system32\drivers\winhv.sys
  0x00EDD000 \SystemRoot\system32\drivers\atapi.sys
  0x00D94000 \SystemRoot\system32\drivers\ataport.SYS
  0x00EE6000 \SystemRoot\system32\drivers\amdxata.sys
  0x0126D000 \SystemRoot\system32\drivers\fltmgr.sys
  0x012B9000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01438000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x012CD000 \SystemRoot\System32\Drivers\msrpc.sys
  0x015DA000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x0132B000 \SystemRoot\System32\Drivers\cng.sys
  0x01400000 \SystemRoot\System32\drivers\pcw.sys
  0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01637000 \SystemRoot\system32\drivers\ndis.sys
  0x01729000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01789000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01800000 \SystemRoot\System32\drivers\tcpip.sys
  0x017B3000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01600000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x0139D000 \SystemRoot\system32\drivers\volsnap.sys
  0x01610000 \SystemRoot\System32\Drivers\spldr.sys
  0x01200000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01618000 \SystemRoot\System32\Drivers\mup.sys
  0x0162A000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x00DBE000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x0141B000 \SystemRoot\system32\DRIVERS\disk.sys
  0x0123A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x013E9000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
  0x015F5000 \SystemRoot\system32\DRIVERS\avgidsha.sys
  0x02CCE000 \SystemRoot\system32\drivers\cdrom.sys
  0x02CF8000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
  0x02D08000 \SystemRoot\System32\Drivers\Null.SYS
  0x02D11000 \SystemRoot\System32\Drivers\Beep.SYS
  0x02D18000 \??\C:\Windows\system32\drivers\avgtpx64.sys
  0x02D27000 \SystemRoot\System32\drivers\vga.sys
  0x02D35000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x02D5A000 \SystemRoot\System32\drivers\watchdog.sys
  0x02D6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x02D73000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x02D7C000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x02D85000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x02D90000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x02DA1000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x02DC3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02C00000 \SystemRoot\system32\DRIVERS\avgtdia.sys
  0x02C62000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03A30000 \SystemRoot\system32\drivers\afd.sys
  0x03AB9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03AC2000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03AE8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03AFE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03B0D000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03B2A000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03B45000 \SystemRoot\system32\drivers\termdd.sys
  0x03B59000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0x03B73000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03BC4000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03BD0000 \SystemRoot\system32\drivers\mssmbios.sys
  0x03BDB000 \SystemRoot\System32\drivers\discache.sys
  0x040F5000 \SystemRoot\system32\drivers\csc.sys
  0x04178000 \SystemRoot\System32\Drivers\dfsc.sys
  0x04196000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x041A7000 \SystemRoot\system32\DRIVERS\avgldx64.sys
  0x04000000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04026000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0486A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x05311000 \SystemRoot\System32\Drivers\nvBridge.kmd
  0x03CC7000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03C46000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x03C6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x05313000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x03C77000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x03C88000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x03C95000 \SystemRoot\system32\DRIVERS\L1E62x64.sys
  0x03DBB000 \SystemRoot\system32\drivers\1394ohci.sys
  0x03CA7000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x03CB4000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x05369000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x05375000 \SystemRoot\system32\drivers\i8042prt.sys
  0x05393000 \SystemRoot\system32\drivers\kbdclass.sys
  0x053A2000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x053B2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x053C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x053EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0403C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0484A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x03CBC000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x0405D000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x03DF9000 \SystemRoot\system32\drivers\swenum.sys
  0x0406C000 \SystemRoot\system32\drivers\ks.sys
  0x03DFB000 \SystemRoot\system32\drivers\LGBusEnum.sys
  0x040AF000 \SystemRoot\system32\drivers\umbus.sys
  0x0568B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x056E5000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x056F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05705000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x05737000 \SystemRoot\system32\drivers\portcls.sys
  0x05774000 \SystemRoot\system32\drivers\drmk.sys
  0x05796000 \SystemRoot\system32\drivers\ksthunk.sys
  0x0579C000 \SystemRoot\system32\drivers\HdAudio.sys
  0x05600000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x0561B000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x0561D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x0563A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x05648000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x05661000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x0566A000 \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
  0x040C1000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x068C6000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x000D0000 \SystemRoot\System32\win32k.sys
  0x0690A000 \SystemRoot\System32\drivers\Dxapi.sys
  0x06916000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00490000 \SystemRoot\System32\TSDDD.dll
  0x00760000 \SystemRoot\System32\cdd.dll
  0x00990000 \SystemRoot\System32\ATMFD.DLL
  0x06924000 \SystemRoot\system32\drivers\luafv.sys
  0x06947000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x0695C000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x069AF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x069C2000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x03466000 \SystemRoot\system32\drivers\HTTP.sys
  0x0352F000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x0354D000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x03565000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x03592000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x03424000 \SystemRoot\system32\DRIVERS\avgidsfiltera.sys
  0x06800000 \SystemRoot\system32\drivers\peauth.sys
  0x0342F000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x08A18000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x08A49000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x08A5B000 \SystemRoot\system32\drivers\LGVirHid.sys
  0x08A5E000 \SystemRoot\system32\drivers\kbdhid.sys
  0x08A6C000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
  0x08A99000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x08B02000 \SystemRoot\System32\DRIVERS\srv.sys
  0x08B9A000 \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
  0x08BD6000 \SystemRoot\system32\drivers\WudfPf.sys
  0x08BA0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x0A306000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77090000 \Windows\System32\ntdll.dll
  0x47B70000 \Windows\System32\smss.exe
  0xFF3B0000 \Windows\System32\apisetschema.dll
 
Processes (total 71):
       0 System Idle Process
       4 System
     332 C:\Windows\System32\smss.exe
     660 csrss.exe
     728 C:\Windows\System32\wininit.exe
     740 csrss.exe
     796 C:\Windows\System32\services.exe
     804 C:\Windows\System32\lsass.exe
     812 C:\Windows\System32\lsm.exe
     868 C:\Windows\System32\winlogon.exe
     976 C:\Windows\System32\svchost.exe
     380 C:\Windows\System32\nvvsvc.exe
     392 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
     676 C:\Windows\System32\svchost.exe
     808 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\svchost.exe
    1332 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1340 C:\Windows\System32\nvvsvc.exe
    1436 C:\Windows\System32\svchost.exe
    1604 C:\Windows\System32\spoolsv.exe
    1712 C:\Windows\System32\svchost.exe
    1848 C:\Windows\System32\taskhost.exe
    1912 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1984 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
     352 C:\Windows\System32\dwm.exe
    1456 C:\Windows\explorer.exe
    1768 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2028 C:\Windows\System32\svchost.exe
    2056 C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    2316 C:\Program Files\Logitech Gaming Software\LCore.exe
    2336 C:\Program Files\Windows Sidebar\sidebar.exe
    2360 C:\Windows\System32\taskeng.exe
    2476 C:\Windows\SysWOW64\PnkBstrA.exe
    2500 C:\Windows\System32\svchost.exe
    2580 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    2600 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2660 C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    2704 C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    2720 C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
    2944 C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
    1572 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    1784 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3108 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3540 C:\Windows\System32\SearchIndexer.exe
    3972 WUDFHost.exe
    3980 C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
    3732 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4052 C:\Windows\System32\svchost.exe
    4892 dllhost.exe
    4064 C:\Windows\System32\audiodg.exe
    4940 C:\Windows\System32\taskeng.exe
    3604 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    4332 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    3768 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    5116 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    3416 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    3388 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    1744 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    4628 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    5092 C:\Program Files (x86)\iTunesKeys\iTunesKeys.exe
    1688 C:\Program Files (x86)\iTunes\iTunes.exe
    3960 C:\Windows\System32\SearchProtocolHost.exe
    5032 C:\Windows\System32\SearchFilterHost.exe
    3632 C:\Program Files\iPod\bin\iPodService.exe
    4796 C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
    5056 C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    4780 C:\Users\Jim\Desktop\MBRCheck.exe
    2116 C:\Windows\System32\conhost.exe
    4452 C:\Windows\System32\dllhost.exe
 
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
 
PhysicalDrive1 Model Number: WDCWD5000AACS-00ZUB0, Rev: 01.01B01
PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0
 
      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
     76 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
 
 
Done!


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 27 September 2013 - 08:20 AM

If FIX now available?

I need to know what options are available FIX of FixMBR
I may have to get advice from an expert on this before suggesting any action.

p.s.
Is this a DELL computer?

#13 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 27 September 2013 - 02:32 PM

Fix is still greyed out.  FixMBR is available.

It is not a Dell computer, it is a custom built. 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 28 September 2013 - 06:48 AM

I ran AVG scan the other day and noticed 7 rootkits popped up. This is one of those viruses that installed some 3rd party sketchy search engine, home page and toolbars into Chrome.
The file location for all 7 are "";"C:\Windows\System32\Drivers\spdj.sys"


I requested a Combofix log in my post No 8.
Can you please run the tool and post a fresh log.
You may be prompted to update the tool please do.

If ComboFix reports a rootkit we may be able to used the FixMBR function.

#15 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 03 October 2013 - 01:50 PM

Sorry for the slow response.  I never saw anything about combofix.  I just ran it.

 

ComboFix 13-10-03.03 - Jim 10/03/2013  14:35:40.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2557 [GMT -4:00]
Running from: c:\users\Jim\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jim\AppData\Local\TopArcadeHits
c:\users\Jim\AppData\Local\TopArcadeHits\tah.config
c:\users\Jim\AppData\Local\TopArcadeHits\ToPArcadehits.dll
c:\users\Jim\AppData\Local\TopArcadeHits\uninstaller.exe
c:\users\Jim\AppData\Local\TopArcadeHits\updater.exe
c:\users\Jim\AppData\Roaming\Microsoft\stor.cfg
c:\users\Jim\AppData\Roaming\mIRC\logs\status.log
c:\users\Jim\pizda_bkurl.dat
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\system
c:\windows\Tasks\TopArcadeHits.job
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-03 to 2013-10-03  )))))))))))))))))))))))))))))))
.
.
2073-10-27 15:55 . 2009-10-03 23:32 1118208 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
2073-10-27 15:55 . 2009-10-03 23:32 1835008 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
2073-10-27 15:55 . 2009-10-03 23:31 2404352 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe
2013-10-03 18:44 . 2013-10-03 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-01 22:24 . 2013-10-01 22:24 -------- d-----w- c:\users\Jim\AppData\Local\NVIDIA
2013-10-01 22:16 . 2013-10-01 22:16 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-10-01 22:14 . 2013-10-01 22:14 -------- d-----w- c:\users\UpdatusUser.Jim-PC
2013-10-01 04:55 . 2013-10-01 04:55 -------- d-----w- c:\programdata\Package Cache
2013-09-17 17:12 . 2013-09-17 17:13 -------- d-----w- C:\AdwCleaner
2013-09-17 17:09 . 2013-09-17 21:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-09-17 17:09 . 2013-09-17 17:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-09-17 15:55 . 2013-09-17 15:55 -------- d-----w- c:\windows\system32\ljkb
2013-09-15 06:12 . 2013-09-15 06:12 -------- d-----w- c:\program files (x86)\Plasma Pong
2013-09-15 00:57 . 2013-09-15 00:57 -------- d-----w- c:\program files (x86)\Remote Mouse
2013-09-12 05:17 . 2013-09-12 05:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-11 22:43 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 22:43 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-11 22:43 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-09-11 22:43 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-11 22:43 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-11 22:32 . 2013-09-11 22:32 -------- d-----w- c:\users\Jim\AppData\Local\AVG SafeGuard toolbar
2013-09-11 22:30 . 2013-09-11 22:29 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-09-11 22:30 . 2013-09-17 16:39 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-09-11 22:30 . 2013-09-11 22:30 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-03 18:18 . 2013-01-20 22:53 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-03 18:18 . 2010-04-21 23:23 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-03 18:10 . 2011-12-25 03:23 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-01 04:56 . 2010-04-21 23:16 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-12 08:58 . 2013-02-26 04:32 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2013-02-26 04:32 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-02-26 04:32 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-02-26 04:32 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-12 08:58 . 2013-02-26 04:32 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 08:58 . 2013-02-26 04:32 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-12 08:58 . 2013-02-26 04:32 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-12 07:25 . 2010-07-31 13:52 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2010-07-31 13:52 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2010-07-31 13:52 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-12 07:25 . 2010-07-31 13:52 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2010-04-03 22:42 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 04:29 . 2010-04-19 05:41 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-11 22:57 . 2013-03-12 05:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 22:57 . 2013-03-12 05:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 22:06 . 2012-05-15 21:35 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-09 08:54 . 2011-06-11 05:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-09 08:54 . 2011-06-11 05:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-15 22:35 . 2012-02-22 23:27 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-08-02 01:48 . 2013-09-11 22:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 22:42 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 22:42 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 22:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 22:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 22:42 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 22:42 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 22:42 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 22:42 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 22:42 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 22:42 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 22:42 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 22:42 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 22:42 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 22:42 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 22:42 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe [2011-9-29 512000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater17.0.1;vToolbarUpdater17.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 22:57]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 19:41]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 19:41]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883625445-4219461378-3858388289-1000Core.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 09:14]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883625445-4219461378-3858388289-1000UA.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 09:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50370
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\5lgdidr0.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\Jim\AppData\Local\TopArcadeHits\Toparcadehits.dll
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 4 Beta\pbsvc.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Jim\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3883625445-4219461378-3858388289-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:47,92,d5,fa,64,34,f5,f9,88,77,4b,5e,fd,16,c5,ab,4a,b0,75,1a,dc,dd,4c,
   1e,8e,c6,12,f8,c8,79,6a,61,87,80,bf,8e,5c,63,ff,5d,84,1d,8e,55,63,f1,a6,e5,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-03  14:47:29
ComboFix-quarantined-files.txt  2013-10-03 18:47
.
Pre-Run: 24,091,676,672 bytes free
Post-Run: 24,146,567,168 bytes free
.
- - End Of File - - A65DB527A81FD74186BC936A87922519
8F558EB6672622401DA993E1E865C861





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users