cunfused's Content - Malwarebytes Forums

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Blue Screen View did not find anything. Attemps to fix the update failures as well as validating my copy of windows has not been successful. I also got a warning when I logged into my Gmail account that it may have been hacked a big red bar at the top of my email account said that my email had been accessed remotely. listed sources and asked if it was me not to worry. I couldn't recognize any of the sources so I changed my password. Still no commercials which is a plus.

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Something weird happened the other day. The computer starting cashing, then went to a blue screen and said something about a crash dump??

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

everything seems to be ok other than being prompted that I am not running genuine windows. when I try to resolve the issue the operation fails. Says "Update installation failed. Error information -0x80096001"

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

New Threat c:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\windows\Temporary Internet Files\Contents.IES\4QB7PQ74\in[1].htm Also says "Object does not exist or is inaccessible" Malwarbytes Scan Log- Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.18.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Rebekah :: REBEKAHS-LAPTOP [administrator] Protection: Enabled 3/18/2012 3:35:27 PM mbam-log-2012-03-18 (16-06-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229316 Time elapsed: 21 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> No action taken. (end)

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

AVG Resident Sheild Alert- File Name- c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL Threat Name- Trojan horse Proxy.ASMH When I try to remove the threat AVG says "Object does not exist or is inaccessible." I followed the theat to it location and deleted it and now I am running a Malwarebytes quick scan

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

I was downloading microsoft updates

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Computer just said that it is not running genuine windows ?? Windows directs me to their website to download Windows Activation Update, I download the program and ran it but it can't finish. Says "Update installation failed. Error information -0x80096001" Advice?

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Sorry last question, Do you need the Uninstall Log? Is AVG anti-virus good or should I go with something else?

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Again, thanks for your time. donation incoming.

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

so far no commercials. everything running smoothly. your lucky your on the other side of the world cause you would be getting a big hug. Can you provide me any links to torturials that can show me what I need to do to avoid these problems in the future?

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

I assume trurn firewalls, malwarebytes on. Any suggestions on anti-virus programs or anything else

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Internet is Working! Awesome. I haven't tried to open a browser or do anything. LOG- ComboFix 12-03-16.05 - Rebekah 03/18/2012 2:25.4.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2643 [GMT -7:00] Running from: C:\ComboFix.exe Command switches used :: c:\users\Rebekah\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --> c:\windows\system32\Drivers\afd.sys . ((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 ))))))))))))))))))))))))))))))) . . 2012-03-18 09:33 . 2012-03-18 09:33 -------- d-----w- c:\users\Mcx1-REBEKAHS-LAPTOP\AppData\Local\temp 2012-03-18 09:33 . 2012-03-18 09:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-18 09:33 . 2012-03-18 09:33 -------- d-----w- c:\users\Benny\AppData\Local\temp 2012-03-11 04:55 . 2012-03-11 04:55 -------- d-----w- c:\program files\ESET 2012-03-11 04:00 . 2012-03-11 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-11 04:00 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 13:32 . 2012-03-18 09:35 -------- d-----w- c:\users\Rebekah\AppData\Local\temp 2012-03-07 15:55 . 2010-11-20 08:42 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla 2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes 2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-01-14 03:35 . 2012-02-16 04:10 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-04 08:58 . 2012-02-16 04:10 442880 ----a-w- c:\windows\system32\ntshrui.dll 2011-12-30 05:27 . 2012-02-16 04:10 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968] . c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai NecUsbSevice REG_MULTI_SZ NecUsb . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs NICM EUSBMSD spcflt yukonwxp GameConsoleService z525mdfl PTproct . Contents of the 'Scheduled Tasks' folder . 2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msi.msn.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(544) c:\windows\system32\wsauth.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-03-18 02:38:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-18 09:38 ComboFix2.txt 2012-03-17 03:39 ComboFix3.txt 2012-03-10 13:32 ComboFix4.txt 2012-03-07 16:17 . Pre-Run: 68,500,701,184 bytes free Post-Run: 68,222,197,760 bytes free . - - End Of File - - F498AA6143E1A303C1EA657E93C464B2

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

New FSS Log- Farbar Service Scanner Version: 01-03-2012 Ran by Rebekah (administrator) on 17-03-2012 at 18:20:58 Running from "C:\Users\Rebekah\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. File Check: ======== C:\windows\system32\nsisvc.dll => MD5 is legit C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\windows\system32\dhcpcore.dll => MD5 is legit C:\windows\system32\Drivers\afd.sys [2011-06-15 17:41] - [2012-03-03 21:18] - 0338944 ____A () 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E C:\windows\system32\Drivers\tdx.sys => MD5 is legit C:\windows\system32\Drivers\tcpip.sys => MD5 is legit C:\windows\system32\dnsrslvr.dll => MD5 is legit C:\windows\system32\mpssvc.dll => MD5 is legit C:\windows\system32\bfe.dll => MD5 is legit C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\windows\system32\SDRSVC.dll => MD5 is legit C:\windows\system32\vssvc.exe => MD5 is legit C:\windows\system32\wscsvc.dll => MD5 is legit C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\windows\system32\wuaueng.dll => MD5 is legit C:\windows\system32\qmgr.dll => MD5 is legit C:\windows\system32\es.dll => MD5 is legit C:\windows\system32\cryptsvc.dll => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit **** End of log ****

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

still no internet. other than that things look good

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Ok, so I followed your directions but when I dragged CFScript.txt into ComboFix.exe, ComboFix said that it was outdated and asked if it should run a reduced scan. I may have messed up here but I figured the only way to update ComboFix since there is no internet connection on that computer was to delete then re-install it. When I did this it automatically ran a full scan and created a log. The next step I was going to do was drag CFScript.txt into ComboFix like you asked but I can't find it.. Thinking ComboFix deleted it during the system scan. So I tried following your instructions again thinking that now ComboFix is surely up to date, but when I try to drag CFScript.txt into ComboFix it says that this is a illegal operation on the registry. Here is the log from the accidental full scan I hope it is helpful- ComboFix 12-03-16.05 - Rebekah 03/16/2012 20:31:03.3.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2535 [GMT -7:00] Running from: C:\ComboFix.exe Command switches used :: c:\users\Rebekah\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --> c:\windows\System32\drivers\afd.sys . ((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 ))))))))))))))))))))))))))))))) . . 2012-03-11 04:55 . 2012-03-11 04:55 -------- d-----w- c:\program files\ESET 2012-03-11 04:00 . 2012-03-11 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-11 04:00 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 13:32 . 2012-03-17 03:38 -------- d-----w- c:\users\Rebekah\AppData\Local\temp 2012-03-07 15:55 . 2010-11-20 08:42 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla 2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes 2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-04 04:18 . 2011-06-16 00:41 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968] . c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai NecUsbSevice REG_MULTI_SZ NecUsb . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs NICM EUSBMSD spcflt yukonwxp GameConsoleService z525mdfl PTproct . Contents of the 'Scheduled Tasks' folder . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msi.msn.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(544) c:\windows\system32\wsauth.DLL . Completion time: 2012-03-16 20:39:47 ComboFix-quarantined-files.txt 2012-03-17 03:39 ComboFix2.txt 2012-03-10 13:32 ComboFix3.txt 2012-03-07 16:17 . Pre-Run: 68,640,759,808 bytes free Post-Run: 68,580,175,872 bytes free . - - End Of File - - B05579510DFDAEEF218E6042AE80F79B

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

It has been scanning for hours now. I have a highspeed connection. file size- 331kb After letting it sit for 5 hours. next I tried deleting the file and then reloading it again which is where I am at now started scanning at 5am my time. Is the problem because I am having to upload it from a flash drive. Reason being I dont have internet connection on other computer and this computer will not allow me to copy it anywhere. And, Really want to thank you for your help. Will definitely be donating when this is all finished.

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 19:54 on 14/03/2012 by Rebekah Administrator - Elevation successful ========== filefind ========== Searching for "*afd.sys*" C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [00:41 16/06/2011] [04:18 04/03/2012] 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E C:\Windows\System32\drivers\en-US\afd.sys.mui --a---- 14848 bytes [04:55 14/07/2009] [02:08 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4bbf167edfba3058_afd.sys.mui_ff192075 --a---- 14848 bytes [04:56 14/07/2009] [04:56 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a_afd.sys_084af4a8 --a---- 338944 bytes [00:48 16/06/2011] [00:41 16/06/2011] 9EBBBA55060F786F0FCAA3893BFA2806 C:\Windows\winsxs\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4bbf167edfba3058\afd.sys.mui --a---- 14848 bytes [04:55 14/07/2009] [02:08 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [22:51 26/03/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516 C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [00:41 16/06/2011] [04:18 04/03/2012] 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [00:41 16/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5 -= EOF =-

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

Farbar Service Scanner Version: 01-03-2012 Ran by Rebekah (administrator) on 13-03-2012 at 22:03:41 Running from "C:\Users\Rebekah\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. File Check: ======== C:\windows\system32\nsisvc.dll => MD5 is legit C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\windows\system32\dhcpcore.dll => MD5 is legit C:\windows\system32\Drivers\afd.sys [2011-06-15 17:41] - [2012-03-03 21:18] - 0338944 ____A () 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E C:\windows\system32\Drivers\tdx.sys => MD5 is legit C:\windows\system32\Drivers\tcpip.sys => MD5 is legit C:\windows\system32\dnsrslvr.dll => MD5 is legit C:\windows\system32\mpssvc.dll => MD5 is legit C:\windows\system32\bfe.dll => MD5 is legit C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\windows\system32\SDRSVC.dll => MD5 is legit C:\windows\system32\vssvc.exe => MD5 is legit C:\windows\system32\wscsvc.dll => MD5 is legit C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\windows\system32\wuaueng.dll => MD5 is legit C:\windows\system32\qmgr.dll => MD5 is legit C:\windows\system32\es.dll => MD5 is legit C:\windows\system32\cryptsvc.dll => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit **** End of log ****

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

<p> </p> <div>2012-03-10 13:23:14 . 2012-03-10 13:23:14 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt</div> <div>2012-03-07 16:16:57 . 2012-03-07 16:16:57 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-99147773.sys.reg.dat</div> <div>2012-03-07 16:16:57 . 2012-03-07 16:16:57 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-82789974.sys.reg.dat</div> <div>2012-03-07 16:16:57 . 2012-03-07 16:16:57 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-69114608.sys.reg.dat</div> <div>2012-03-07 16:16:50 . 2012-03-07 16:16:50 184 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ROC_roc_dec12.reg.dat</div> <div>2012-03-07 16:16:49 . 2012-03-07 16:16:49 166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SwitchBoard.reg.dat</div> <div>2012-03-07 16:16:49 . 2012-03-07 16:16:49 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AdobeCS5ServiceManager.reg.dat</div> <div>2012-03-07 16:16:48 . 2012-03-07 16:16:48 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2}.reg.dat</div> <div>2012-03-07 16:16:48 . 2012-03-07 16:16:48 249 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}.reg.dat</div> <div>2012-03-07 16:16:48 . 2012-03-07 16:16:48 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat</div> <div>2012-03-07 16:16:48 . 2012-03-07 16:16:48 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat</div> <div>2012-03-07 16:16:47 . 2012-03-07 16:16:47 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat</div> <div>2012-03-07 16:16:47 . 2012-03-07 16:16:47 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat</div> <div>2012-03-07 16:16:45 . 2012-03-07 16:16:45 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat</div> <div>2012-03-07 16:10:53 . 2012-03-07 16:10:53 3,923 ----a-w- C:\Qoobox\Quarantine\C\Windows\system\_svchost_.exe.zip</div> <div>2012-03-07 16:10:45 . 2012-03-07 16:10:53 7,680 ----a-w- C:\Qoobox\Quarantine\C\Windows\system\svchost.exe.vir</div> <div>2012-03-07 16:10:07 . 2012-03-07 16:10:07 1,952 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_PTproct.reg.dat</div> <div>2012-03-07 16:10:07 . 2012-03-07 16:10:07 1,842 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NecUsb.reg.dat</div> <div>2012-03-07 16:07:19 . 2012-03-07 16:07:19 2,500 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SPService.reg.dat</div> <div>2012-03-07 16:07:10 . 2012-03-10 13:28:00 14,422 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg</div> <div>2012-03-07 15:57:51 . 2012-03-07 15:57:51 858 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\version.vir</div> <div>2012-03-07 15:57:41 . 2012-03-07 15:57:41 2,048 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\@.vir</div> <div>2012-03-07 15:57:41 . 2012-03-07 15:57:51 297 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\cfg.ini.vir</div> <div>2012-03-07 15:57:41 . 2012-03-07 15:57:41 338,944 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\L\xadqgnnk.vir</div> <div>2012-03-07 15:57:41 . 2012-03-07 15:57:41 0 -c--a-we C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\1516076431.vir</div> <div>2012-03-06 04:19:45 . 2012-03-06 04:19:45 8 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\oemid.vir</div> <div>2012-03-05 15:54:20 . 2012-03-07 15:57:50 2,048 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\00000001.@.vir</div> <div>2012-03-04 09:00:52 . 2012-03-07 05:54:56 4,608 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\Desktop.ini.vir</div> <div>2012-03-04 09:00:42 . 2012-03-04 09:00:42 0 -c--a-we C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4092104190.vir</div> <div>2012-03-04 04:54:33 . 2012-03-10 13:23:14 639 ----a-w- C:\Qoobox\Quarantine\catchme.log</div> <div>2012-02-10 12:03:04 . 2012-03-07 15:57:51 66,560 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\80000000.@.vir</div> <div>2012-02-05 14:12:14 . 2012-03-07 15:57:51 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\dds_trash_log.cmd.vir</div> <div>2012-02-03 15:27:35 . 2012-02-03 15:27:35 53,248 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\FastUv32.dll.vir</div> <div>2012-02-03 15:27:34 . 2012-02-03 15:27:34 157,184 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\NUSB3w32.dll.vir</div> <div>2012-01-29 00:09:53 . 2012-03-07 15:57:51 73,216 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\80000032.@.vir</div> <div>2011-12-02 12:07:49 . 2012-03-07 15:57:52 224,768 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\00000002.@.vir</div> <div>2011-11-29 13:10:08 . 2012-03-07 15:57:50 12,800 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\80000004.@.vir</div> <div>2011-11-02 17:48:14 . 2012-03-07 15:57:50 1,024 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB4783$\4269206745\U\00000004.@.vir</div> <div>2011-04-14 21:49:15 . 2011-03-11 05:33:59 49,156 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\certstore.dat.vir</div> <div>2011-03-26 22:51:43 . 2010-11-20 08:42:32 78,336 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir</div> <div>2011-03-26 22:51:43 . 2010-11-20 08:42:32 78,336 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir_</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Anydlc.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\moufiltr.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\pavprsrv.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\pav_security.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\QPSched.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\tvald.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\UPATC.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\v124.dll.vir</div> <div>2009-07-13 23:19:28 . 2009-07-14 01:14:41 5,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\vaiomediaplatform-mobile-gateway.dll.vir</div> <div> </div>

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

lost internet connection after running comboFix. I have tried to re install the cisco software but no luck. next I was going to reset the router but am a little nervous of loosing a connection with the only good computer I have left.

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

<p>The laptop has no internet connection.</p> <p> </p> <p>I tried getting the latest update for malwarebytes but it said it was outdated. Also was not able do start the ESET online scanner.</p> <p> </p> <p>Here is the malwarebytes log-</p> <p> </p> <p> </p> <div>Malwarebytes Anti-Malware (Trial) 1.60.1.1000</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.01.13.04</div> <div> </div> <div>Windows 7 Service Pack 1 x86 NTFS</div> <div>Internet Explorer 8.0.7601.17514</div> <div>Rebekah :: REBEKAHS-LAPTOP [administrator]</div> <div> </div> <div>Protection: Disabled</div> <div> </div> <div>3/10/2012 8:01:43 PM</div> <div>mbam-log-2012-03-10 (20-01-43).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 212213</div> <div>Time elapsed: 6 minute(s), 23 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 1</div> <div>HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div>

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

new combofix log, thanks again for all your help on this, ComboFix 12-03-06.01 - Rebekah 03/10/2012 5:23.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2902 [GMT -8:00] Running from: C:\ComboFix.exe Command switches used :: c:\users\Benny\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\system32\dds_trash_log.cmd" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\$NtUninstallKB4783$\1516076431 c:\windows\system32\dds_trash_log.cmd . . ((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))))) . . 2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Rebekah\AppData\Local\temp 2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Mcx1-REBEKAHS-LAPTOP\AppData\Local\temp 2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-10 13:30 . 2012-03-10 13:30 -------- d-----w- c:\users\Benny\AppData\Local\temp 2012-03-07 15:55 . 2010-11-20 08:42 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla 2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes 2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-13 08:27 . 2012-02-13 08:27 -------- d-----w- c:\users\Benny\AppData\Local\DDMSettings 2012-02-10 04:05 . 2012-02-10 04:05 -------- d-----w- c:\users\Benny\AppData\Roaming\VMware 2012-02-10 04:03 . 2012-02-10 04:03 -------- d-----w- c:\users\Benny\AppData\Local\VMware 2012-02-10 03:54 . 2011-02-19 02:38 39984 ----a-w- c:\windows\system32\drivers\vmwvusb.sys 2012-02-10 03:53 . 2012-02-10 04:05 -------- d-----w- c:\programdata\VMware 2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\users\Rebekah\AppData\Local\VMware 2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\Common Files\VMware 2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\VMware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-04 04:18 . 2011-06-16 00:41 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-12-14 17:49 . 2011-01-28 04:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968] . c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-01 40776] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai NecUsbSevice REG_MULTI_SZ NecUsb . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs NICM EUSBMSD spcflt yukonwxp GameConsoleService z525mdfl PTproct . Contents of the 'Scheduled Tasks' folder . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msi.msn.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(544) c:\windows\system32\wsauth.DLL . Completion time: 2012-03-10 05:32:11 ComboFix-quarantined-files.txt 2012-03-10 13:32 ComboFix2.txt 2012-03-07 16:17 . Pre-Run: 66,312,720,384 bytes free Post-Run: 66,007,371,776 bytes free . - - End Of File - - 9F17B7E61D1D6694D8C2FDA58480F3D3

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

TDSSKiller Log- 20:11:59.0238 5292 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07 20:11:59.0753 5292 ============================================================ 20:11:59.0753 5292 Current date / time: 2012/03/03 20:11:59.0753 20:11:59.0753 5292 SystemInfo: 20:11:59.0753 5292 20:11:59.0753 5292 OS Version: 6.1.7601 ServicePack: 1.0 20:11:59.0753 5292 Product type: Workstation 20:11:59.0753 5292 ComputerName: REBEKAHS-LAPTOP 20:11:59.0753 5292 UserName: Rebekah 20:11:59.0753 5292 Windows directory: C:\windows 20:11:59.0753 5292 System windows directory: C:\windows 20:11:59.0753 5292 Processor architecture: Intel x86 20:11:59.0753 5292 Number of processors: 4 20:11:59.0753 5292 Page size: 0x1000 20:11:59.0753 5292 Boot type: Normal boot 20:11:59.0753 5292 ============================================================ 20:12:03.0528 5292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:12:03.0528 5292 \Device\Harddisk0\DR0: 20:12:03.0528 5292 MBR used 20:12:03.0528 5292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x222C844C 20:12:03.0528 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x236FAC4C, BlocksNum 0x16C8ABE4 20:12:03.0762 5292 Initialize success 20:12:03.0762 5292 ============================================================ 20:14:01.0417 0620 ============================================================ 20:14:01.0417 0620 Scan started 20:14:01.0417 0620 Mode: Manual; SigCheck; TDLFS; 20:14:01.0417 0620 ============================================================ 20:14:10.0122 0620 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 20:14:10.0247 0620 1394ohci - ok 20:14:10.0434 0620 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 20:14:10.0465 0620 ACPI - ok 20:14:10.0512 0620 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 20:14:10.0575 0620 AcpiPmi - ok 20:14:10.0777 0620 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 20:14:10.0809 0620 adp94xx - ok 20:14:10.0855 0620 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 20:14:10.0871 0620 adpahci - ok 20:14:10.0887 0620 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 20:14:10.0902 0620 adpu320 - ok 20:14:11.0089 0620 AFD (8fc69a5aa8a9fecc7f18a3addaa3ab7e) C:\windows\system32\drivers\afd.sys 20:14:11.0105 0620 Suspicious file (Forged): C:\windows\system32\drivers\afd.sys. Real md5: 8fc69a5aa8a9fecc7f18a3addaa3ab7e, Fake md5: 9ebbba55060f786f0fcaa3893bfa2806 20:14:11.0105 0620 AFD ( Virus.Win32.ZAccess.c ) - infected 20:14:11.0105 0620 AFD - detected Virus.Win32.ZAccess.c (0) 20:14:11.0136 0620 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 20:14:11.0152 0620 agp440 - ok 20:14:11.0292 0620 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 20:14:11.0308 0620 aic78xx - ok 20:14:11.0542 0620 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 20:14:11.0542 0620 aliide - ok 20:14:11.0573 0620 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 20:14:11.0589 0620 amdagp - ok 20:14:11.0885 0620 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 20:14:11.0901 0620 amdide - ok 20:14:11.0947 0620 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 20:14:11.0979 0620 AmdK8 - ok 20:14:12.0150 0620 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 20:14:12.0181 0620 AmdPPM - ok 20:14:12.0369 0620 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys 20:14:12.0384 0620 amdsata - ok 20:14:12.0447 0620 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 20:14:12.0462 0620 amdsbs - ok 20:14:12.0509 0620 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys 20:14:12.0509 0620 amdxata - ok 20:14:12.0696 0620 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 20:14:12.0821 0620 AppID - ok 20:14:13.0024 0620 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 20:14:13.0024 0620 arc - ok 20:14:13.0055 0620 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 20:14:13.0071 0620 arcsas - ok 20:14:13.0211 0620 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys 20:14:13.0726 0620 ArcSoftKsUFilter - ok 20:14:14.0334 0620 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 20:14:14.0365 0620 AsyncMac - ok 20:14:14.0506 0620 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 20:14:14.0521 0620 atapi - ok 20:14:14.0615 0620 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys 20:14:14.0724 0620 athr - ok 20:14:14.0943 0620 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\windows\system32\DRIVERS\AVGIDSEH.Sys 20:14:14.0989 0620 AVGIDSEH - ok 20:14:15.0208 0620 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\windows\system32\DRIVERS\avgtdix.sys 20:14:15.0223 0620 Avgtdix - ok 20:14:15.0442 0620 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 20:14:15.0473 0620 b06bdrv - ok 20:14:16.0066 0620 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 20:14:16.0097 0620 b57nd60x - ok 20:14:16.0284 0620 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 20:14:16.0331 0620 Beep - ok 20:14:16.0503 0620 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 20:14:16.0534 0620 blbdrive - ok 20:14:16.0846 0620 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 20:14:16.0908 0620 bowser - ok 20:14:16.0971 0620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 20:14:17.0002 0620 BrFiltLo - ok 20:14:17.0158 0620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 20:14:17.0205 0620 BrFiltUp - ok 20:14:17.0423 0620 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 20:14:17.0454 0620 Brserid - ok 20:14:18.0047 0620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 20:14:18.0078 0620 BrSerWdm - ok 20:14:18.0219 0620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 20:14:18.0250 0620 BrUsbMdm - ok 20:14:18.0281 0620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 20:14:18.0297 0620 BrUsbSer - ok 20:14:18.0499 0620 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 20:14:18.0531 0620 BthEnum - ok 20:14:18.0577 0620 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 20:14:18.0593 0620 BTHMODEM - ok 20:14:18.0640 0620 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 20:14:18.0687 0620 BthPan - ok 20:14:18.0780 0620 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 20:14:18.0811 0620 BTHPORT - ok 20:14:18.0983 0620 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 20:14:18.0999 0620 BTHUSB - ok 20:14:19.0186 0620 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 20:14:19.0233 0620 cdfs - ok 20:14:19.0451 0620 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys 20:14:19.0498 0620 cdrom - ok 20:14:19.0560 0620 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 20:14:19.0591 0620 circlass - ok 20:14:20.0512 0620 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 20:14:20.0527 0620 CLFS - ok 20:14:20.0824 0620 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 20:14:20.0839 0620 CmBatt - ok 20:14:20.0886 0620 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 20:14:20.0902 0620 cmdide - ok 20:14:20.0964 0620 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys 20:14:20.0980 0620 CNG - ok 20:14:21.0011 0620 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 20:14:21.0027 0620 Compbatt - ok 20:14:21.0073 0620 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys 20:14:21.0089 0620 CompositeBus - ok 20:14:21.0136 0620 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 20:14:21.0151 0620 crcdisk - ok 20:14:21.0214 0620 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 20:14:21.0261 0620 DfsC - ok 20:14:21.0276 0620 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 20:14:21.0339 0620 discache - ok 20:14:21.0385 0620 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 20:14:21.0385 0620 Disk - ok 20:14:21.0463 0620 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys 20:14:21.0495 0620 Dot4 - ok 20:14:21.0557 0620 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys 20:14:21.0573 0620 Dot4Print - ok 20:14:21.0822 0620 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys 20:14:21.0853 0620 dot4usb - ok 20:14:21.0900 0620 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 20:14:21.0931 0620 drmkaud - ok 20:14:22.0072 0620 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 20:14:22.0103 0620 DXGKrnl - ok 20:14:22.0212 0620 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 20:14:22.0321 0620 ebdrv - ok 20:14:22.0477 0620 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 20:14:22.0493 0620 elxstor - ok 20:14:22.0555 0620 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 20:14:22.0571 0620 ErrDev - ok 20:14:22.0618 0620 EUCR (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS 20:14:22.0633 0620 EUCR - ok 20:14:22.0665 0620 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 20:14:22.0711 0620 exfat - ok 20:14:22.0743 0620 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 20:14:22.0789 0620 fastfat - ok 20:14:22.0977 0620 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 20:14:23.0008 0620 fdc - ok 20:14:23.0039 0620 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 20:14:23.0055 0620 FileInfo - ok 20:14:23.0070 0620 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 20:14:23.0101 0620 Filetrace - ok 20:14:23.0133 0620 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 20:14:23.0148 0620 flpydisk - ok 20:14:23.0257 0620 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 20:14:23.0289 0620 FltMgr - ok 20:14:23.0335 0620 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 20:14:23.0335 0620 FsDepends - ok 20:14:23.0413 0620 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys 20:14:23.0429 0620 fssfltr - ok 20:14:23.0476 0620 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys 20:14:23.0491 0620 Fs_Rec - ok 20:14:23.0554 0620 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 20:14:23.0569 0620 fvevol - ok 20:14:23.0850 0620 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 20:14:23.0866 0620 gagp30kx - ok 20:14:24.0022 0620 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 20:14:24.0022 0620 GEARAspiWDM - ok 20:14:24.0209 0620 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 20:14:24.0225 0620 hcw85cir - ok 20:14:24.0303 0620 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 20:14:24.0334 0620 HdAudAddService - ok 20:14:24.0381 0620 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys 20:14:24.0412 0620 HDAudBus - ok 20:14:24.0568 0620 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys 20:14:24.0599 0620 HECI - ok 20:14:24.0630 0620 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 20:14:24.0661 0620 HidBatt - ok 20:14:24.0693 0620 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 20:14:24.0708 0620 HidBth - ok 20:14:24.0755 0620 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 20:14:24.0771 0620 HidIr - ok 20:14:24.0973 0620 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys 20:14:24.0989 0620 HidUsb - ok 20:14:25.0223 0620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 20:14:25.0223 0620 HpSAMD - ok 20:14:25.0301 0620 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 20:14:25.0348 0620 HTTP - ok 20:14:25.0379 0620 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 20:14:25.0379 0620 hwpolicy - ok 20:14:25.0457 0620 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys 20:14:25.0488 0620 i8042prt - ok 20:14:26.0284 0620 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys 20:14:26.0299 0620 iaStorV - ok 20:14:26.0627 0620 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys 20:14:26.0923 0620 igfx - ok 20:14:27.0095 0620 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 20:14:27.0111 0620 iirsp - ok 20:14:27.0157 0620 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys 20:14:27.0204 0620 Impcd - ok 20:14:27.0454 0620 IntcAzAudAddService (d0a6c0ceb3b74a91884f804ff4f031c0) C:\windows\system32\drivers\RTKVHDA.sys 20:14:27.0532 0620 IntcAzAudAddService - ok 20:14:27.0579 0620 IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys 20:14:27.0859 0620 IntcDAud - ok 20:14:28.0483 0620 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 20:14:28.0499 0620 intelide - ok 20:14:28.0686 0620 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 20:14:28.0717 0620 intelppm - ok 20:14:28.0920 0620 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 20:14:28.0967 0620 IpFilterDriver - ok 20:14:29.0061 0620 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 20:14:29.0107 0620 IPMIDRV - ok 20:14:29.0201 0620 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 20:14:29.0232 0620 IPNAT - ok 20:14:29.0482 0620 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 20:14:29.0513 0620 IRENUM - ok 20:14:29.0544 0620 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 20:14:29.0560 0620 isapnp - ok 20:14:29.0872 0620 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 20:14:29.0887 0620 iScsiPrt - ok 20:14:30.0418 0620 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys 20:14:30.0449 0620 kbdclass - ok 20:14:30.0589 0620 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys 20:14:30.0605 0620 kbdhid - ok 20:14:30.0636 0620 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys 20:14:30.0652 0620 KSecDD - ok 20:14:30.0683 0620 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys 20:14:30.0699 0620 KSecPkg - ok 20:14:30.0761 0620 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 20:14:30.0792 0620 lltdio - ok 20:14:30.0979 0620 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 20:14:30.0995 0620 LSI_FC - ok 20:14:31.0011 0620 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 20:14:31.0011 0620 LSI_SAS - ok 20:14:31.0042 0620 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 20:14:31.0042 0620 LSI_SAS2 - ok 20:14:31.0073 0620 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 20:14:31.0073 0620 LSI_SCSI - ok 20:14:31.0120 0620 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 20:14:31.0151 0620 luafv - ok 20:14:31.0479 0620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys 20:14:31.0494 0620 MBAMProtector - ok 20:14:31.0806 0620 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys 20:14:31.0822 0620 MBAMSwissArmy - ok 20:14:31.0884 0620 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 20:14:31.0884 0620 megasas - ok 20:14:31.0993 0620 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 20:14:32.0009 0620 MegaSR - ok 20:14:32.0181 0620 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 20:14:32.0212 0620 Modem - ok 20:14:32.0259 0620 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 20:14:32.0274 0620 monitor - ok 20:14:32.0446 0620 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 20:14:32.0461 0620 mouclass - ok 20:14:32.0524 0620 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 20:14:32.0539 0620 mouhid - ok 20:14:32.0680 0620 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 20:14:32.0695 0620 mountmgr - ok 20:14:32.0742 0620 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 20:14:32.0758 0620 mpio - ok 20:14:32.0820 0620 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 20:14:32.0867 0620 mpsdrv - ok 20:14:32.0929 0620 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 20:14:32.0945 0620 MRxDAV - ok 20:14:33.0007 0620 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 20:14:33.0054 0620 mrxsmb - ok 20:14:33.0101 0620 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 20:14:33.0117 0620 mrxsmb10 - ok 20:14:33.0179 0620 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 20:14:33.0210 0620 mrxsmb20 - ok 20:14:33.0241 0620 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 20:14:33.0257 0620 msahci - ok 20:14:33.0351 0620 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 20:14:33.0366 0620 msdsm - ok 20:14:33.0460 0620 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 20:14:33.0491 0620 Msfs - ok 20:14:33.0507 0620 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 20:14:33.0569 0620 mshidkmdf - ok 20:14:33.0616 0620 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 20:14:33.0631 0620 msisadrv - ok 20:14:33.0772 0620 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 20:14:33.0803 0620 MSKSSRV - ok 20:14:33.0819 0620 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 20:14:33.0865 0620 MSPCLOCK - ok 20:14:33.0881 0620 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 20:14:33.0912 0620 MSPQM - ok 20:14:33.0943 0620 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 20:14:33.0959 0620 MsRPC - ok 20:14:34.0021 0620 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys 20:14:34.0021 0620 mssmbios - ok 20:14:34.0068 0620 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 20:14:34.0100 0620 MSTEE - ok 20:14:34.0131 0620 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 20:14:34.0146 0620 MTConfig - ok 20:14:34.0178 0620 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 20:14:34.0178 0620 Mup - ok 20:14:34.0318 0620 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 20:14:34.0365 0620 NativeWifiP - ok 20:14:34.0458 0620 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 20:14:34.0474 0620 NDIS - ok 20:14:34.0614 0620 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 20:14:34.0661 0620 NdisCap - ok 20:14:34.0692 0620 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 20:14:34.0724 0620 NdisTapi - ok 20:14:34.0895 0620 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 20:14:34.0958 0620 Ndisuio - ok 20:14:35.0004 0620 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 20:14:35.0020 0620 NdisWan - ok 20:14:35.0067 0620 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 20:14:35.0114 0620 NDProxy - ok 20:14:35.0316 0620 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 20:14:35.0363 0620 NetBIOS - ok 20:14:35.0410 0620 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 20:14:35.0457 0620 NetBT - ok 20:14:35.0597 0620 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 20:14:35.0628 0620 nfrd960 - ok 20:14:35.0675 0620 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 20:14:35.0722 0620 Npfs - ok 20:14:35.0800 0620 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 20:14:35.0831 0620 nsiproxy - ok 20:14:35.0956 0620 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys 20:14:36.0018 0620 Ntfs - ok 20:14:36.0206 0620 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 20:14:36.0252 0620 Null - ok 20:14:36.0315 0620 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys 20:14:36.0330 0620 nvraid - ok 20:14:36.0362 0620 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys 20:14:36.0377 0620 nvstor - ok 20:14:36.0440 0620 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 20:14:36.0455 0620 nv_agp - ok 20:14:36.0502 0620 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 20:14:36.0627 0620 ohci1394 - ok 20:14:36.0876 0620 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 20:14:36.0908 0620 Parport - ok 20:14:37.0032 0620 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys 20:14:37.0048 0620 partmgr - ok 20:14:37.0095 0620 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 20:14:37.0126 0620 Parvdm - ok 20:14:37.0204 0620 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys 20:14:37.0235 0620 pci - ok 20:14:37.0298 0620 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys 20:14:37.0298 0620 pciide - ok 20:14:37.0344 0620 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 20:14:37.0360 0620 pcmcia - ok 20:14:37.0376 0620 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 20:14:37.0391 0620 pcw - ok 20:14:37.0422 0620 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 20:14:37.0485 0620 PEAUTH - ok 20:14:37.0703 0620 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 20:14:37.0750 0620 PptpMiniport - ok 20:14:37.0781 0620 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 20:14:37.0797 0620 Processor - ok 20:14:37.0953 0620 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 20:14:38.0015 0620 Psched - ok 20:14:38.0265 0620 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 20:14:38.0312 0620 ql2300 - ok 20:14:38.0358 0620 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 20:14:38.0358 0620 ql40xx - ok 20:14:38.0390 0620 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 20:14:38.0405 0620 QWAVEdrv - ok 20:14:38.0452 0620 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 20:14:38.0483 0620 RasAcd - ok 20:14:38.0514 0620 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 20:14:38.0561 0620 RasAgileVpn - ok 20:14:38.0608 0620 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 20:14:38.0670 0620 Rasl2tp - ok 20:14:38.0826 0620 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 20:14:38.0873 0620 RasPppoe - ok 20:14:38.0904 0620 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 20:14:38.0936 0620 RasSstp - ok 20:14:38.0967 0620 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys 20:14:39.0014 0620 rdbss - ok 20:14:39.0029 0620 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 20:14:39.0060 0620 rdpbus - ok 20:14:39.0107 0620 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys 20:14:39.0154 0620 RDPCDD - ok 20:14:39.0310 0620 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 20:14:39.0341 0620 RDPENCDD - ok 20:14:39.0372 0620 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 20:14:39.0419 0620 RDPREFMP - ok 20:14:39.0466 0620 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys 20:14:39.0513 0620 RDPWD - ok 20:14:39.0653 0620 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys 20:14:39.0669 0620 rdyboost - ok 20:14:39.0731 0620 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 20:14:39.0747 0620 RFCOMM - ok 20:14:39.0794 0620 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 20:14:39.0840 0620 rspndr - ok 20:14:39.0981 0620 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\windows\system32\DRIVERS\Rt86win7.sys 20:14:39.0996 0620 RTL8167 - ok 20:14:40.0043 0620 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys 20:14:40.0074 0620 sbp2port - ok 20:14:40.0106 0620 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys 20:14:40.0152 0620 scfilter - ok 20:14:40.0340 0620 sdbus (0328be1c7f1cba23848179f8762e391c) C:\windows\system32\drivers\sdbus.sys 20:14:40.0371 0620 sdbus - ok 20:14:40.0565 0620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 20:14:40.0623 0620 secdrv - ok 20:14:40.0786 0620 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 20:14:40.0803 0620 Serenum - ok 20:14:40.0820 0620 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 20:14:40.0851 0620 Serial - ok 20:14:40.0910 0620 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 20:14:40.0926 0620 sermouse - ok 20:14:40.0975 0620 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys 20:14:41.0007 0620 sffdisk - ok 20:14:41.0018 0620 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys 20:14:41.0037 0620 sffp_mmc - ok 20:14:41.0065 0620 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys 20:14:41.0089 0620 sffp_sd - ok 20:14:41.0126 0620 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 20:14:41.0139 0620 sfloppy - ok 20:14:41.0189 0620 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys 20:14:41.0199 0620 sisagp - ok 20:14:41.0230 0620 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 20:14:41.0238 0620 SiSRaid2 - ok 20:14:41.0265 0620 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 20:14:41.0275 0620 SiSRaid4 - ok 20:14:41.0303 0620 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 20:14:41.0338 0620 Smb - ok 20:14:41.0389 0620 smserial (19301c27f3425dc39f6c599f527e507d) C:\windows\system32\DRIVERS\smserial.sys 20:14:41.0447 0620 smserial - ok 20:14:41.0616 0620 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 20:14:41.0630 0620 spldr - ok 20:14:41.0732 0620 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys 20:14:41.0818 0620 srv - ok 20:14:41.0983 0620 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys 20:14:42.0003 0620 srv2 - ok 20:14:42.0026 0620 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys 20:14:42.0051 0620 srvnet - ok 20:14:42.0192 0620 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 20:14:42.0204 0620 stexstor - ok 20:14:42.0273 0620 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys 20:14:42.0283 0620 swenum - ok 20:14:42.0384 0620 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys 20:14:42.0442 0620 Tcpip - ok 20:14:42.0616 0620 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys 20:14:42.0646 0620 TCPIP6 - ok 20:14:42.0700 0620 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys 20:14:42.0734 0620 tcpipreg - ok 20:14:42.0773 0620 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys 20:14:42.0813 0620 TDPIPE - ok 20:14:42.0836 0620 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys 20:14:42.0863 0620 TDTCP - ok 20:14:42.0924 0620 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys 20:14:42.0972 0620 tdx - ok 20:14:43.0129 0620 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys 20:14:43.0129 0620 TermDD - ok 20:14:43.0207 0620 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys 20:14:43.0238 0620 tssecsrv - ok 20:14:43.0394 0620 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys 20:14:43.0425 0620 TsUsbFlt - ok 20:14:43.0472 0620 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys 20:14:43.0519 0620 tunnel - ok 20:14:43.0550 0620 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 20:14:43.0566 0620 uagp35 - ok 20:14:43.0737 0620 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys 20:14:43.0784 0620 udfs - ok 20:14:43.0862 0620 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys 20:14:43.0878 0620 uliagpkx - ok 20:14:43.0925 0620 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys 20:14:43.0940 0620 umbus - ok 20:14:44.0003 0620 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 20:14:44.0034 0620 UmPass - ok 20:14:44.0221 0620 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys 20:14:44.0237 0620 USBAAPL - ok 20:14:44.0283 0620 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys 20:14:44.0299 0620 usbccgp - ok 20:14:44.0377 0620 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys 20:14:44.0408 0620 usbcir - ok 20:14:44.0486 0620 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys 20:14:44.0517 0620 usbehci - ok 20:14:44.0595 0620 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys 20:14:44.0627 0620 usbhub - ok 20:14:44.0642 0620 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys 20:14:44.0673 0620 usbohci - ok 20:14:44.0720 0620 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 20:14:44.0736 0620 usbprint - ok 20:14:44.0767 0620 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 20:14:44.0798 0620 usbscan - ok 20:14:44.0845 0620 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS 20:14:44.0876 0620 USBSTOR - ok 20:14:44.0892 0620 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys 20:14:44.0923 0620 usbuhci - ok 20:14:45.0095 0620 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys 20:14:45.0126 0620 usbvideo - ok 20:14:45.0282 0620 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys 20:14:45.0297 0620 vdrvroot - ok 20:14:45.0329 0620 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 20:14:45.0360 0620 vga - ok 20:14:45.0391 0620 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 20:14:45.0422 0620 VgaSave - ok 20:14:45.0594 0620 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys 20:14:45.0609 0620 vhdmp - ok 20:14:45.0750 0620 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys 20:14:45.0765 0620 viaagp - ok 20:14:45.0812 0620 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 20:14:45.0828 0620 ViaC7 - ok 20:14:45.0875 0620 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys 20:14:45.0890 0620 viaide - ok 20:14:45.0953 0620 vmwvusb (6ba3ed102ab24310a0259c8f9e29d5b8) C:\windows\system32\Drivers\vmwvusb.sys 20:14:45.0968 0620 vmwvusb - ok 20:14:46.0015 0620 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys 20:14:46.0031 0620 volmgr - ok 20:14:46.0077 0620 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 20:14:46.0093 0620 volmgrx - ok 20:14:46.0155 0620 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys 20:14:46.0171 0620 volsnap - ok 20:14:46.0218 0620 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 20:14:46.0218 0620 vsmraid - ok 20:14:46.0436 0620 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 20:14:46.0467 0620 vwifibus - ok 20:14:46.0483 0620 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 20:14:46.0514 0620 vwififlt - ok 20:14:46.0545 0620 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys 20:14:46.0561 0620 vwifimp - ok 20:14:46.0592 0620 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 20:14:46.0608 0620 WacomPen - ok 20:14:46.0670 0620 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 20:14:46.0717 0620 WANARP - ok 20:14:46.0733 0620 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 20:14:46.0748 0620 Wanarpv6 - ok 20:14:47.0169 0620 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 20:14:47.0169 0620 Wd - ok 20:14:47.0216 0620 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 20:14:47.0232 0620 Wdf01000 - ok 20:14:47.0294 0620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 20:14:47.0325 0620 WfpLwf - ok 20:14:47.0357 0620 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 20:14:47.0372 0620 WIMMount - ok 20:14:47.0466 0620 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys 20:14:47.0481 0620 WinUsb - ok 20:14:47.0669 0620 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys 20:14:47.0700 0620 WmiAcpi - ok 20:14:47.0762 0620 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 20:14:47.0793 0620 ws2ifsl - ok 20:14:48.0027 0620 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys 20:14:48.0074 0620 WudfPf - ok 20:14:48.0168 0620 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys 20:14:48.0199 0620 WUDFRd - ok 20:14:48.0308 0620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 20:14:48.0683 0620 \Device\Harddisk0\DR0 - ok 20:14:48.0698 0620 Boot (0x1200) (0ab899dd9894b18e69f3f1cfeee1cb74) \Device\Harddisk0\DR0\Partition0 20:14:48.0698 0620 \Device\Harddisk0\DR0\Partition0 - ok 20:14:48.0729 0620 Boot (0x1200) (a297ab96b028923b7df0bbdb100dd367) \Device\Harddisk0\DR0\Partition1 20:14:48.0729 0620 \Device\Harddisk0\DR0\Partition1 - ok 20:14:48.0729 0620 ============================================================ 20:14:48.0729 0620 Scan finished 20:14:48.0729 0620 ============================================================ 20:14:48.0745 3852 Detected object count: 1 20:14:48.0745 3852 Actual detected object count: 1 20:17:10.0153 3852 C:\windows\system32\drivers\afd.sys - copied to quarantine 20:17:20.0543 3852 Backup copy not found, trying to cure infected file.. 20:17:20.0574 3852 Cure success, using it.. 20:17:20.0605 3852 C:\windows\system32\drivers\afd.sys - will be cured on reboot 20:17:24.0427 3852 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure 20:18:14.0456 5288 Deinitialize success ComboFix Log- ComboFix 12-03-06.01 - Rebekah 03/07/2012 7:59.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2661 [GMT -8:00] Running from: c:\users\Rebekah\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\$NtUninstallKB4783$\4092104190 c:\windows\$NtUninstallKB4783$\4269206745\@ c:\windows\$NtUninstallKB4783$\4269206745\cfg.ini c:\windows\$NtUninstallKB4783$\4269206745\Desktop.ini c:\windows\$NtUninstallKB4783$\4269206745\L\xadqgnnk c:\windows\$NtUninstallKB4783$\4269206745\oemid c:\windows\$NtUninstallKB4783$\4269206745\U\00000001.@ c:\windows\$NtUninstallKB4783$\4269206745\U\00000002.@ c:\windows\$NtUninstallKB4783$\4269206745\U\00000004.@ c:\windows\$NtUninstallKB4783$\4269206745\U\80000000.@ c:\windows\$NtUninstallKB4783$\4269206745\U\80000004.@ c:\windows\$NtUninstallKB4783$\4269206745\U\80000032.@ c:\windows\$NtUninstallKB4783$\4269206745\version c:\windows\system\svchost.exe c:\windows\system32\Anydlc.dll c:\windows\system32\certstore.dat c:\windows\system32\FastUv32.dll c:\windows\system32\moufiltr.dll c:\windows\system32\NUSB3w32.dll c:\windows\system32\pav_security.dll c:\windows\system32\pavprsrv.dll c:\windows\system32\QPSched.dll c:\windows\system32\tvald.dll c:\windows\system32\UPATC.dll c:\windows\system32\v124.dll c:\windows\system32\vaiomediaplatform-mobile-gateway.dll . Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected Restored copy from - The cat found it . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_SPService -------\Service_NecUsb -------\Service_PTproct . . ((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))) . . 2012-03-07 16:10 . 2012-03-07 16:13 -------- d-----w- c:\users\Rebekah\AppData\Local\temp 2012-03-07 16:10 . 2012-03-07 16:10 -------- d-----w- c:\users\Mcx1-REBEKAHS-LAPTOP\AppData\Local\temp 2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla 2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes 2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-13 08:27 . 2012-02-13 08:27 -------- d-----w- c:\users\Benny\AppData\Local\DDMSettings 2012-02-10 04:05 . 2012-02-10 04:05 -------- d-----w- c:\users\Benny\AppData\Roaming\VMware 2012-02-10 04:03 . 2012-02-10 04:03 -------- d-----w- c:\users\Benny\AppData\Local\VMware 2012-02-10 03:54 . 2011-02-19 02:38 39984 ----a-w- c:\windows\system32\drivers\vmwvusb.sys 2012-02-10 03:53 . 2012-02-10 04:05 -------- d-----w- c:\programdata\VMware 2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\users\Rebekah\AppData\Local\VMware 2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\Common Files\VMware 2012-02-10 03:53 . 2012-02-10 03:53 -------- d-----w- c:\program files\VMware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-07 15:57 . 2012-02-05 14:12 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-03-04 04:18 . 2011-06-16 00:41 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-12-14 17:49 . 2011-01-28 04:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968] . c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-01 40776] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai NecUsbSevice REG_MULTI_SZ NecUsb . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs NICM EUSBMSD spcflt yukonwxp GameConsoleService z525mdfl PTproct . Contents of the 'Scheduled Tasks' folder . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msi.msn.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file) HKLM-Run-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe HKLM-Run-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe SafeBoot-69114608.sys SafeBoot-82789974.sys SafeBoot-99147773.sys . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**¨FM€6] "LP_LastUpdateTime"="0" "LP_LastCheckTime"=dword:4f512a1e . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fb,c6,d4,0a,ff,ba,46,ba,52,79,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fb,c6,d4,0a,ff,ba,46,ba,52,79,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(580) c:\windows\system32\wsauth.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-03-07 08:17:30 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-07 16:17 . Pre-Run: 64,465,801,216 bytes free Post-Run: 66,606,153,728 bytes free . - - End Of File - - 261588BBE42D39DE83EF88BA4EF39D75

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

here are the logs- TDSSKiller.2.7.18.0_03.03.2012_20.11.59_log.txt ComboFix.txt

cannot remove malware

cunfused replied to cunfused's topic in Resolved Malware Removal Logs

can't connect to the internet now troubleshooting says """Windows could not automatically detect this network's proxy settings""" will try and put logs on flash drive and upload on a different computer

Events

Profiles

Forums

Everything posted by cunfused

Important Information