Jump to content

zauper

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have some kind of malware which is generating .js files in the folder: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5, which is different from my true temp files. It generates those files (hidden, i only spot them on MBAM scans) inside folders inside that folder. However, those files are hidden in a manner that I don't seem to be unable to unhide. Here are the requested logs: DDS -- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Zauper at 9:50:49 on 2012-09-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6392 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe C:\Program Files (x86)\Logmein\x64\RaMaint.exe C:\Program Files (x86)\Logmein\x64\LogMeIn.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files (x86)\Logmein\x64\LogMeInSystray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Zauper\Desktop\TDSSKiller.exe C:\Windows\system32\wbengine.exe C:\Windows\System32\vds.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [CCProxy] C:\CCProxy\CCProxy.exe uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [utopia Angel] "C:\Utopia\Angel\Angel.exe" uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Google Update] "C:\Users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" dRun: [VerCheck] "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" StartupFolder: C:\Users\Zauper\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) LSP: mswsock.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0D9206FB-8156-45E3-AF6E-0D7CFB4016D1} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BC65B2B2-B3CA-4086-9859-163208BF2983} : DhcpNameServer = 192.168.1.1 71.252.0.12 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun-x64: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Zauper\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe [2011-6-8 375208] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\Logmein\x64\rainfo.sys [2011-1-11 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-16 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-4 676936] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-22 2358656] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-28 113120] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-09-23 13:29:01 328704 ----a-w- C:\Windows\System32\services.exe 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-12 23:19:58 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2012-07-12 23:19:58 80800 ----a-w- C:\Windows\System32\LMIinit.dll 2012-07-12 23:19:58 34720 ----a-w- C:\Windows\System32\LMIport.dll . ============= FINISH: 9:53:07.03 =============== Attach ---------------------------------------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/24/2011 6:17:26 PM System Uptime: 9/23/2012 9:28:56 AM (0 hours ago) . Motherboard: ASRock | | P67 Extreme4 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | CPUSocket | 3267/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 0.028 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is FIXED (NTFS) - 932 GiB total, 849.393 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_70231849&REV_01\4&18E591E5&0&00E5 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_70231849&REV_01\4&18E591E5&0&00E5 Service: . Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_70231849&REV_01\4&211C806E&0&00E6 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_70231849&REV_01\4&211C806E&0&00E6 Service: . Class GUID: Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_1C221849&REV_05\3&11583659&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_1C221849&REV_05\3&11583659&0&FB Service: . ==== System Restore Points =================== . RP117: 9/16/2012 2:45:45 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . 7-Zip 4.65 Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCProxy 7.2 Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Crusader Kings II Diablo III Diablo III Beta Dominions 3 (remove only) Dominions 3 Demo (remove only) ESET Online Scanner v3 Google Chrome Guild Wars 2 Heroes of Newerth HydraVision Java Auto Updater Java 6 Update 22 Java 6 Update 29 League of Legends LogMeIn Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSI Afterburner 2.0.0 Mumble 1.2.3 OpenOffice.org 3.3 Opera 11.51 Pando Media Booster Razer StarCraft II Realtek Ethernet Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skins Spotify Spybot - Search & Destroy Steam TeamViewer 6 TP-LINK Driver Installation Program TP-LINK Wireless Client Utility Trillian Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WinDirStat 1.1.2 World of Warcraft World of Warcraft Beta . ==== Event Viewer Messages From Past Week ======== . 9/16/2012 1:06:25 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. . ==== End Of File ===========================
  2. It looks like I hit the disinfect button a few times by accident. Sorry, should I run it again and select delete? Status: Disinfected (events: 5) 4/17/2012 1:58:45 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.lx C:\Documents and Settings\Zauper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\3a8d4910-60a4ea43 High 4/17/2012 1:58:45 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.lx C:\Documents and Settings\Zauper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\3a8d4910-60a4ea43/Inc.class High 4/17/2012 2:07:45 PM Disinfected Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\[4]-Submit_2012-04-15_09.50.51.zip High 4/17/2012 2:07:45 PM Disinfected Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\[4]-Submit_2012-04-15_09.50.51.zip/SysNative/comprcfg64.dll High 4/17/2012 2:07:45 PM Disinfected Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\[4]-Submit_2012-04-15_09.50.51.zip/SysWow64/comprcfg.dll High Status: Deleted (events: 8) 4/17/2012 2:07:49 PM Deleted Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\C\Windows\System32\comprcfg64.dll.vir High 4/17/2012 2:13:29 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\12.04.2012_08.09.24\mbr0000\mbr0000\tsk0000.dta High 4/17/2012 2:13:29 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\12.04.2012_08.09.24\mbr0000\mbr0000\tsk0001.dta High 4/17/2012 2:13:29 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\12.04.2012_08.09.24\mbr0000\mbr0000\tsk0001.dta//mbr High 4/17/2012 2:13:28 PM Deleted Trojan program Backdoor.Win64.ZAccess.bh C:\TDSSKiller_Quarantine\12.04.2012_09.11.34\zaea0000\svc0000\tsk0000.dta High 4/17/2012 2:22:54 PM Deleted Trojan program HEUR:Backdoor.Win64.Generic C:\Windows\System32\consrv.dll High 4/17/2012 2:26:02 PM Deleted Trojan program HEUR:Trojan.Script.Iframer C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\greatpethealth_com[1].htm High 4/17/2012 2:26:34 PM Deleted Trojan program HEUR:Trojan.Script.Iframer C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\greatpethealth_com[1].htm High
  3. Hi Maniac, Here are the logs: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.17.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zauper :: JEFF-DESKTOP [administrator] 4/16/2012 11:16:14 PM mbam-log-2012-04-16 (23-16-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207760 Time elapsed: 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK Oddly, this appears to be the only logfile generated. It found 33 threats. The location you specified did not exist. This log is located at: C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  4. Hi Maniac, Here is the log file: ComboFix 12-04-12.01 - Zauper 04/15/2012 9:51.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6507 [GMT -4:00] Running from: c:\users\Zauper\Desktop\ComboFix.exe Command switches used :: c:\users\Zauper\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\comprcfg64.dll c:\windows\SysWow64\comprcfg.dll . . ((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 ))))))))))))))))))))))))))))))) . . 2012-04-15 13:53 . 2012-04-15 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-15 09:22 . 2012-04-15 09:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0BABB98-F643-4458-ADD0-61B85F8AC193}\offreg.dll 2012-04-13 09:22 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0BABB98-F643-4458-ADD0-61B85F8AC193}\mpengine.dll 2012-04-12 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-12 12:10 . 2012-04-12 14:01 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-11 14:22 . 2012-04-12 13:26 -------- d-----w- c:\program files\CCleaner 2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\Malwarebytes 2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\programdata\Malwarebytes 2012-04-04 23:15 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-04 23:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 07:03 . 2012-04-03 07:03 -------- d-----w- c:\windows\Sun 2012-03-30 23:41 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-03-30 23:41 . 2012-04-15 13:47 -------- d-----w- c:\program files (x86)\Steam 2012-03-30 23:41 . 2008-10-15 10:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll 2012-03-29 16:05 . 2012-03-29 16:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-29 16:05 . 2012-03-29 16:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-25 11:57 . 2012-04-12 13:26 -------- d-----w- c:\users\Zauper\.android 2012-03-25 03:49 . 2012-04-12 13:23 -------- d-----w- c:\program files\SAMSUNG 2012-03-25 03:49 . 2012-03-25 03:49 -------- d-----w- c:\programdata\Samsung 2012-03-20 21:05 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\OpenOffice.org 2012-03-20 21:04 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-25 15:21 . 2011-11-08 13:33 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-03-25 15:21 . 2011-11-08 13:33 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 06:38 . 2012-03-14 01:29 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-14 01:29 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-14 01:29 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-14 01:29 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-16 04:24 . 2012-02-16 04:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-02-10 06:36 . 2012-03-14 01:29 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-14 01:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-07 23:36 . 2011-06-27 11:33 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-07 23:36 . 2011-06-27 11:33 34688 ----a-w- c:\windows\system32\LMIport.dll 2012-02-07 23:36 . 2011-06-27 11:33 80768 ----a-w- c:\windows\system32\LMIinit.dll 2012-02-03 04:34 . 2012-03-14 01:30 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 06:38 . 2012-03-14 01:29 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-14 01:29 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-14 01:29 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-04-14_18.14.14 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-04-14 18:19 33342 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-15 13:48 33192 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-24 22:11 . 2012-04-15 13:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-24 22:11 . 2012-04-14 11:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-24 22:11 . 2012-04-14 11:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-07-24 22:11 . 2012-04-15 13:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-15 13:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-04-14 11:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-04-15 11:23 93792 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-07-24 22:26 . 2012-04-15 13:48 5452 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050225780-2745342631-42872574-1000_UserData.bin + 2012-04-15 13:53 . 2012-04-15 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-15 13:53 . 2012-04-15 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-14 18:13 . 2012-04-14 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-04-12 22:35 672450 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-15 13:52 672450 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-15 13:52 125182 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-04-12 22:35 125182 c:\windows\system32\perfc009.dat + 2009-07-14 05:12 . 2012-04-14 18:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2012-04-12 22:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2012-04-15 13:53 280144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-04-14 18:13 280144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-09-05 20:51 . 2012-04-15 13:53 15999688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4050225780-2745342631-42872574-1000-8192.dat - 2011-09-05 20:51 . 2012-04-14 18:13 15999688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4050225780-2745342631-42872574-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "CCProxy"="c:\ccproxy\CCProxy.exe" [2011-03-28 1165312] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-25 3077528] "Utopia Angel"="c:\utopia\Angel\Angel.exe" [bU] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-30 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer StarcraftII Driver"="c:\program files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray" [X] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 98304] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "VerCheck"="c:\windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" [2012-04-11 46592] . c:\users\Zauper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\Logmein\x64\LMIGuardianSvc.exe [2012-02-07 375176] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\Logmein\x64\RaInfo.sys [2011-01-11 15928] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000Core.job - c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26] . 2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000UA.job - c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files (x86)\Logmein\x64\LogMeInSystray.exe" [2011-01-11 57928] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-15 09:55:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-15 13:55 ComboFix2.txt 2012-04-14 18:15 ComboFix3.txt 2012-04-12 22:18 ComboFix4.txt 2012-04-12 13:17 . Pre-Run: 7,776,079,872 bytes free Post-Run: 7,742,906,368 bytes free . - - End Of File - - 31AD71408F6F8E1A402B1D1A27C0667B Upload was successful
  5. When I copy/paste into notepad, it looks like this: http://forums.malwarebytes.org/index.php?showtopic=108505KillAll::Collect::c:\windows\SysWow64\comprcfg.dllc:\windows\system32\comprcfg64.dllFireFox::FF - ProfilePath - c:\users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\FF - prefs.js: network.proxy.type - 0FF - user.js: extensions.funmoods_i.newTab - falseFF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=FF - user.js: extensions.funmoods_i.id - a4615e2600000000000054e6fc9aa47aFF - user.js: extensions.funmoods_i.instlDay - 15387FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:34FF - user.js: extensions.funmoods_i.prtnrId - funmoodsFF - user.js: extensions.funmoods_i.prdct - funmoodsFF - user.js: extensions.funmoods_i.aflt - axlFF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods_i.tlbrId - baseFF - user.js: extensions.funmoods_i.instlRef -FF - user.js: extensions.funmoods_i.dfltLng -FF - user.js: extensions.funmoods_i.excTlbr - falseJavaClearCache:: Does this make a difference? If so, I can copy each line individually.
  6. Hi, I did follow your instructions -- copied the text into notepad, saved it on my desktop, closed out of all programs, and dragged the CFScript.txt onto combofix. When I pasted the text into notepad, it lost all formatting, so it didn't have any of the character returns/etc. Is that what you expected to have happen? I'll try again in either case after I hear from you.
  7. Thanks for your help! Apparently i'm getting a 'post too long' error, so i'm going to attach the log. ComboFix.txt
  8. Reboot fixed that. Here's the combofix log: ComboFix 12-04-12.01 - Zauper 04/12/2012 10:04:24.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6616 [GMT -4:00] Running from: c:\users\Zauper\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\utopia\Angel\Angel.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\assembly\temp\@ c:\windows\assembly\temp\cfg.ini c:\windows\isRS-000.tmp c:\windows\svchost.exe c:\windows\System64 c:\windows\SysWow64\config\systemprofile\Appdata\local\svcxdcl32.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 ))))))))))))))))))))))))))))))) . . 2012-04-12 12:10 . 2012-04-12 14:01 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-11 14:22 . 2012-04-12 13:26 -------- d-----w- c:\program files\CCleaner 2012-04-10 08:32 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67AE8DC8-F468-41F6-B3FC-D895D4C38709}\mpengine.dll 2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\Malwarebytes 2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\programdata\Malwarebytes 2012-04-04 23:15 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-04 23:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 19:41 . 2012-04-03 19:53 87552 ------w- c:\windows\SysWow64\comprcfg.dll 2012-04-03 19:41 . 2012-04-03 19:53 101888 ----a-w- c:\windows\system32\comprcfg64.dll 2012-04-03 07:03 . 2012-04-03 07:03 -------- d-----w- c:\windows\Sun 2012-03-30 23:41 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-03-30 23:41 . 2012-04-12 22:11 -------- d-----w- c:\program files (x86)\Steam 2012-03-30 23:41 . 2008-10-15 10:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-03-30 23:41 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll 2012-03-29 16:05 . 2012-03-29 16:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-29 16:05 . 2012-03-29 16:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-25 11:57 . 2012-04-12 13:26 -------- d-----w- c:\users\Zauper\.android 2012-03-25 03:49 . 2012-04-12 13:23 -------- d-----w- c:\program files\SAMSUNG 2012-03-25 03:49 . 2012-03-25 03:49 -------- d-----w- c:\programdata\Samsung 2012-03-20 21:05 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\OpenOffice.org 2012-03-20 21:04 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-25 15:21 . 2011-11-08 13:33 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-03-25 15:21 . 2011-11-08 13:33 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-02-23 13:18 . 2010-11-21 03:27 279656 ----a-w- c:\windows\system32\MpSigStub.exe 2012-02-16 04:24 . 2012-02-16 04:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-02-07 23:36 . 2011-06-27 11:33 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-07 23:36 . 2011-06-27 11:33 34688 ----a-w- c:\windows\system32\LMIport.dll 2012-02-07 23:36 . 2011-06-27 11:33 80768 ----a-w- c:\windows\system32\LMIinit.dll 2012-01-14 04:06 . 2012-02-15 23:03 3145728 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "CCProxy"="c:\ccproxy\CCProxy.exe" [2011-03-28 1165312] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-25 3077528] "Utopia Angel"="c:\utopia\Angel\Angel.exe" [bU] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-30 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer StarcraftII Driver"="c:\program files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray" [X] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 98304] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "VerCheck"="c:\windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" [2012-04-11 46592] . c:\users\Zauper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\Logmein\x64\LMIGuardianSvc.exe [2012-02-07 375176] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\Logmein\x64\RaInfo.sys [2011-01-11 15928] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000Core.job - c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000UA.job - c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files (x86)\Logmein\x64\LogMeInSystray.exe" [2011-01-11 57928] "combofix"="c:\combofix\CF1970.3XE" [2010-11-21 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\ FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q= FF - user.js: extensions.funmoods_i.id - a4615e2600000000000054e6fc9aa47a FF - user.js: extensions.funmoods_i.instlDay - 15387 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:34 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-Run-Svc2dll - c:\windows\system32\config\systemprofile\AppData\Local\svcxdcl32.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-12 18:18:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-12 22:18 ComboFix2.txt 2012-04-12 13:17 . Pre-Run: 7,814,381,568 bytes free Post-Run: 7,277,109,248 bytes free . - - End Of File - - 32E0EC28FF8668A69E87EE28C3A6CC6E
  9. Scratch that, that was my own stupidity. Apparently I had not yet rebooted after combo fix ended and just thought I had because I had told it to via logmein. Now I'm getting errors any time I try to do anything, telling me that the registry key is marked for deletion. I'll probably have to restore from earlier today if I can't get this working.
  10. Hi Maniac, I've done what you asked, and when I booted back up, my desktop was all hidden again (but unhide.exe once again brought it back). However, I did not get a C:/ combofix.txt file after it finished running. Should I run it again to get a log? Beyond that, I ran MBAM after I rebooted after combofix, and it encountered more spyware. TDSKiller log: 10:00:13.0706 6012 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 10:00:14.0065 6012 ============================================================ 10:00:14.0065 6012 Current date / time: 2012/04/12 10:00:14.0065 10:00:14.0065 6012 SystemInfo: 10:00:14.0065 6012 10:00:14.0065 6012 OS Version: 6.1.7601 ServicePack: 1.0 10:00:14.0065 6012 Product type: Workstation 10:00:14.0065 6012 ComputerName: JEFF-DESKTOP 10:00:14.0065 6012 UserName: Zauper 10:00:14.0065 6012 Windows directory: C:\Windows 10:00:14.0065 6012 System windows directory: C:\Windows 10:00:14.0065 6012 Running under WOW64 10:00:14.0065 6012 Processor architecture: Intel x64 10:00:14.0065 6012 Number of processors: 4 10:00:14.0065 6012 Page size: 0x1000 10:00:14.0065 6012 Boot type: Normal boot 10:00:14.0065 6012 ============================================================ 10:00:14.0346 6012 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:00:14.0362 6012 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:00:14.0377 6012 \Device\Harddisk0\DR0: 10:00:14.0377 6012 MBR used 10:00:14.0377 6012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800 10:00:14.0377 6012 \Device\Harddisk1\DR1: 10:00:14.0377 6012 MBR used 10:00:14.0377 6012 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 10:00:14.0393 6012 Initialize success 10:00:14.0393 6012 ============================================================ 10:00:23.0295 3480 ============================================================ 10:00:23.0295 3480 Scan started 10:00:23.0295 3480 Mode: Manual; SigCheck; TDLFS; 10:00:23.0295 3480 ============================================================ 10:00:23.0420 3480 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys 10:00:23.0466 3480 1394ohci - ok 10:00:23.0482 3480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:00:23.0498 3480 ACPI - ok 10:00:23.0498 3480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:00:23.0529 3480 AcpiPmi - ok 10:00:23.0529 3480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 10:00:23.0544 3480 AdobeARMservice - ok 10:00:23.0560 3480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 10:00:23.0576 3480 adp94xx - ok 10:00:23.0591 3480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 10:00:23.0607 3480 adpahci - ok 10:00:23.0622 3480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 10:00:23.0638 3480 adpu320 - ok 10:00:23.0638 3480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 10:00:23.0700 3480 AeLookupSvc - ok 10:00:23.0716 3480 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 10:00:23.0732 3480 AFD - ok 10:00:23.0747 3480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:00:23.0747 3480 agp440 - ok 10:00:23.0763 3480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 10:00:23.0778 3480 ALG - ok 10:00:23.0778 3480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:00:23.0794 3480 aliide - ok 10:00:23.0794 3480 AMD External Events Utility (582a40970d43628b9f60dcd18500c051) C:\Windows\system32\atiesrxx.exe 10:00:23.0841 3480 AMD External Events Utility - ok 10:00:23.0841 3480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:00:23.0856 3480 amdide - ok 10:00:23.0856 3480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 10:00:23.0872 3480 AmdK8 - ok 10:00:23.0981 3480 amdkmdag (c8a09b711d0f332cf6fc75fbf7f539ba) C:\Windows\system32\DRIVERS\atikmdag.sys 10:00:24.0122 3480 amdkmdag - ok 10:00:24.0122 3480 amdkmdap (285da456fd69a2c99dd641bd3353ec9a) C:\Windows\system32\DRIVERS\atikmpag.sys 10:00:24.0137 3480 amdkmdap - ok 10:00:24.0137 3480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 10:00:24.0153 3480 AmdPPM - ok 10:00:24.0153 3480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 10:00:24.0168 3480 amdsata - ok 10:00:24.0168 3480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 10:00:24.0184 3480 amdsbs - ok 10:00:24.0184 3480 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 10:00:24.0184 3480 amdxata - ok 10:00:24.0200 3480 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:00:24.0278 3480 AppID - ok 10:00:24.0293 3480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 10:00:24.0309 3480 AppIDSvc - ok 10:00:24.0324 3480 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 10:00:24.0340 3480 Appinfo - ok 10:00:24.0356 3480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 10:00:24.0356 3480 arc - ok 10:00:24.0356 3480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 10:00:24.0371 3480 arcsas - ok 10:00:24.0371 3480 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 10:00:24.0387 3480 aspnet_state - ok 10:00:24.0387 3480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:00:24.0418 3480 AsyncMac - ok 10:00:24.0434 3480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:00:24.0434 3480 atapi - ok 10:00:24.0465 3480 athr (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys 10:00:24.0496 3480 athr - ok 10:00:24.0512 3480 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:00:24.0558 3480 AudioEndpointBuilder - ok 10:00:24.0574 3480 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:00:24.0590 3480 AudioSrv - ok 10:00:24.0605 3480 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 10:00:24.0621 3480 AxInstSV - ok 10:00:24.0636 3480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 10:00:24.0652 3480 b06bdrv - ok 10:00:24.0652 3480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:00:24.0668 3480 b57nd60a - ok 10:00:24.0683 3480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 10:00:24.0683 3480 BDESVC - ok 10:00:24.0699 3480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:00:24.0714 3480 Beep - ok 10:00:24.0730 3480 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 10:00:24.0761 3480 BITS - ok 10:00:24.0761 3480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:00:24.0777 3480 blbdrive - ok 10:00:24.0777 3480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:00:24.0792 3480 bowser - ok 10:00:24.0808 3480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 10:00:24.0839 3480 BrFiltLo - ok 10:00:24.0855 3480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 10:00:24.0870 3480 BrFiltUp - ok 10:00:24.0870 3480 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 10:00:24.0917 3480 Browser - ok 10:00:24.0933 3480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:00:24.0948 3480 Brserid - ok 10:00:24.0948 3480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:00:24.0964 3480 BrSerWdm - ok 10:00:24.0964 3480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:00:24.0980 3480 BrUsbMdm - ok 10:00:24.0980 3480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:00:24.0995 3480 BrUsbSer - ok 10:00:25.0011 3480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 10:00:25.0011 3480 BTHMODEM - ok 10:00:25.0026 3480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 10:00:25.0042 3480 bthserv - ok 10:00:25.0058 3480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:00:25.0073 3480 cdfs - ok 10:00:25.0089 3480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 10:00:25.0089 3480 cdrom - ok 10:00:25.0104 3480 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:00:25.0120 3480 CertPropSvc - ok 10:00:25.0136 3480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 10:00:25.0136 3480 circlass - ok 10:00:25.0151 3480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:00:25.0151 3480 CLFS - ok 10:00:25.0167 3480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:00:25.0167 3480 clr_optimization_v2.0.50727_32 - ok 10:00:25.0167 3480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:00:25.0182 3480 clr_optimization_v2.0.50727_64 - ok 10:00:25.0182 3480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:00:25.0182 3480 clr_optimization_v4.0.30319_32 - ok 10:00:25.0198 3480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:00:25.0198 3480 clr_optimization_v4.0.30319_64 - ok 10:00:25.0214 3480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 10:00:25.0214 3480 CmBatt - ok 10:00:25.0214 3480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:00:25.0229 3480 cmdide - ok 10:00:25.0245 3480 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 10:00:25.0245 3480 CNG - ok 10:00:25.0260 3480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 10:00:25.0260 3480 Compbatt - ok 10:00:25.0276 3480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 10:00:25.0276 3480 CompositeBus - ok 10:00:25.0292 3480 COMSysApp - ok 10:00:25.0292 3480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 10:00:25.0307 3480 crcdisk - ok 10:00:25.0307 3480 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 10:00:25.0338 3480 CryptSvc - ok 10:00:25.0338 3480 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys 10:00:25.0354 3480 ctxusbm - ok 10:00:25.0354 3480 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:00:25.0416 3480 DcomLaunch - ok 10:00:25.0416 3480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 10:00:25.0448 3480 defragsvc - ok 10:00:25.0463 3480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:00:25.0479 3480 DfsC - ok 10:00:25.0494 3480 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys 10:00:25.0494 3480 dg_ssudbus - ok 10:00:25.0510 3480 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 10:00:25.0541 3480 Dhcp - ok 10:00:25.0557 3480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:00:25.0572 3480 discache - ok 10:00:25.0588 3480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 10:00:25.0588 3480 Disk - ok 10:00:25.0588 3480 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 10:00:25.0604 3480 Dnscache - ok 10:00:25.0619 3480 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 10:00:25.0635 3480 dot3svc - ok 10:00:25.0635 3480 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 10:00:25.0666 3480 DPS - ok 10:00:25.0666 3480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:00:25.0682 3480 drmkaud - ok 10:00:25.0697 3480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:00:25.0713 3480 DXGKrnl - ok 10:00:25.0713 3480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 10:00:25.0744 3480 EapHost - ok 10:00:25.0775 3480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 10:00:25.0822 3480 ebdrv - ok 10:00:25.0822 3480 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 10:00:25.0838 3480 EFS - ok 10:00:25.0838 3480 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 10:00:25.0853 3480 ehRecvr - ok 10:00:25.0853 3480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 10:00:25.0869 3480 ehSched - ok 10:00:25.0884 3480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 10:00:25.0900 3480 elxstor - ok 10:00:25.0916 3480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:00:25.0916 3480 ErrDev - ok 10:00:25.0931 3480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 10:00:25.0962 3480 EventSystem - ok 10:00:25.0962 3480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:00:25.0994 3480 exfat - ok 10:00:25.0994 3480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:00:26.0025 3480 fastfat - ok 10:00:26.0040 3480 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 10:00:26.0056 3480 Fax - ok 10:00:26.0056 3480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 10:00:26.0072 3480 fdc - ok 10:00:26.0072 3480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 10:00:26.0118 3480 fdPHost - ok 10:00:26.0118 3480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 10:00:26.0150 3480 FDResPub - ok 10:00:26.0150 3480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:00:26.0150 3480 FileInfo - ok 10:00:26.0165 3480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:00:26.0181 3480 Filetrace - ok 10:00:26.0196 3480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 10:00:26.0196 3480 flpydisk - ok 10:00:26.0212 3480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:00:26.0212 3480 FltMgr - ok 10:00:26.0228 3480 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 10:00:26.0274 3480 FontCache - ok 10:00:26.0274 3480 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:00:26.0274 3480 FontCache3.0.0.0 - ok 10:00:26.0290 3480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:00:26.0306 3480 FsDepends - ok 10:00:26.0306 3480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 10:00:26.0321 3480 Fs_Rec - ok 10:00:26.0321 3480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:00:26.0337 3480 fvevol - ok 10:00:26.0352 3480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 10:00:26.0352 3480 gagp30kx - ok 10:00:26.0368 3480 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 10:00:26.0399 3480 gpsvc - ok 10:00:26.0415 3480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:00:26.0430 3480 hcw85cir - ok 10:00:26.0430 3480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 10:00:26.0446 3480 HdAudAddService - ok 10:00:26.0462 3480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:00:26.0477 3480 HDAudBus - ok 10:00:26.0493 3480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 10:00:26.0493 3480 HidBatt - ok 10:00:26.0508 3480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 10:00:26.0508 3480 HidBth - ok 10:00:26.0524 3480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 10:00:26.0540 3480 HidIr - ok 10:00:26.0540 3480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 10:00:26.0571 3480 hidserv - ok 10:00:26.0571 3480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 10:00:26.0586 3480 HidUsb - ok 10:00:26.0586 3480 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 10:00:26.0633 3480 hkmsvc - ok 10:00:26.0649 3480 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 10:00:26.0649 3480 HomeGroupListener - ok 10:00:26.0664 3480 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 10:00:26.0680 3480 HomeGroupProvider - ok 10:00:26.0680 3480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:00:26.0696 3480 HpSAMD - ok 10:00:26.0711 3480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:00:26.0742 3480 HTTP - ok 10:00:26.0758 3480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:00:26.0758 3480 hwpolicy - ok 10:00:26.0774 3480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 10:00:26.0774 3480 i8042prt - ok 10:00:26.0789 3480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:00:26.0805 3480 iaStorV - ok 10:00:26.0836 3480 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:00:26.0867 3480 idsvc - ok 10:00:26.0867 3480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 10:00:26.0883 3480 iirsp - ok 10:00:26.0898 3480 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 10:00:26.0945 3480 IKEEXT - ok 10:00:26.0961 3480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:00:26.0961 3480 intelide - ok 10:00:26.0961 3480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:00:26.0976 3480 intelppm - ok 10:00:26.0976 3480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 10:00:27.0008 3480 IPBusEnum - ok 10:00:27.0023 3480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:00:27.0039 3480 IpFilterDriver - ok 10:00:27.0054 3480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:00:27.0054 3480 IPMIDRV - ok 10:00:27.0070 3480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:00:27.0101 3480 IPNAT - ok 10:00:27.0117 3480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:00:27.0117 3480 IRENUM - ok 10:00:27.0132 3480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:00:27.0132 3480 isapnp - ok 10:00:27.0148 3480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:00:27.0148 3480 iScsiPrt - ok 10:00:27.0164 3480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 10:00:27.0164 3480 kbdclass - ok 10:00:27.0179 3480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 10:00:27.0179 3480 kbdhid - ok 10:00:27.0195 3480 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:00:27.0195 3480 KeyIso - ok 10:00:27.0210 3480 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 10:00:27.0210 3480 KSecDD - ok 10:00:27.0226 3480 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 10:00:27.0242 3480 KSecPkg - ok 10:00:27.0242 3480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:00:27.0273 3480 ksthunk - ok 10:00:27.0273 3480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 10:00:27.0304 3480 KtmRm - ok 10:00:27.0320 3480 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 10:00:27.0335 3480 LanmanServer - ok 10:00:27.0351 3480 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 10:00:27.0366 3480 LanmanWorkstation - ok 10:00:27.0382 3480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:00:27.0398 3480 lltdio - ok 10:00:27.0413 3480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 10:00:27.0429 3480 lltdsvc - ok 10:00:27.0444 3480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 10:00:27.0460 3480 lmhosts - ok 10:00:27.0460 3480 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe 10:00:27.0476 3480 LMIGuardianSvc - ok 10:00:27.0476 3480 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\Logmein\x64\RaInfo.sys 10:00:27.0476 3480 LMIInfo - ok 10:00:27.0491 3480 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\Logmein\x64\RaMaint.exe 10:00:27.0491 3480 LMIMaint - ok 10:00:27.0491 3480 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys 10:00:27.0507 3480 lmimirr - ok 10:00:27.0507 3480 LMIRfsClientNP - ok 10:00:27.0522 3480 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys 10:00:27.0522 3480 LMIRfsDriver - ok 10:00:27.0522 3480 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\Logmein\x64\LogMeIn.exe 10:00:27.0538 3480 LogMeIn - ok 10:00:27.0538 3480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 10:00:27.0554 3480 LSI_FC - ok 10:00:27.0554 3480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 10:00:27.0569 3480 LSI_SAS - ok 10:00:27.0569 3480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 10:00:27.0585 3480 LSI_SAS2 - ok 10:00:27.0585 3480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 10:00:27.0585 3480 LSI_SCSI - ok 10:00:27.0600 3480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:00:27.0616 3480 luafv - ok 10:00:27.0632 3480 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 10:00:27.0632 3480 Mcx2Svc - ok 10:00:27.0647 3480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 10:00:27.0647 3480 megasas - ok 10:00:27.0663 3480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 10:00:27.0663 3480 MegaSR - ok 10:00:27.0678 3480 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 10:00:27.0678 3480 MEIx64 - ok 10:00:27.0694 3480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:00:27.0710 3480 MMCSS - ok 10:00:27.0725 3480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:00:27.0741 3480 Modem - ok 10:00:27.0741 3480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:00:27.0756 3480 monitor - ok 10:00:27.0756 3480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 10:00:27.0772 3480 mouclass - ok 10:00:27.0772 3480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:00:27.0788 3480 mouhid - ok 10:00:27.0788 3480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:00:27.0803 3480 mountmgr - ok 10:00:27.0834 3480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:00:27.0850 3480 mpio - ok 10:00:27.0850 3480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:00:27.0881 3480 mpsdrv - ok 10:00:27.0897 3480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:00:27.0912 3480 MRxDAV - ok 10:00:27.0928 3480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:00:27.0928 3480 mrxsmb - ok 10:00:27.0944 3480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:00:27.0959 3480 mrxsmb10 - ok 10:00:27.0959 3480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:00:27.0975 3480 mrxsmb20 - ok 10:00:27.0990 3480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:00:28.0006 3480 msahci - ok 10:00:28.0006 3480 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:00:28.0022 3480 msdsm - ok 10:00:28.0037 3480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 10:00:28.0053 3480 MSDTC - ok 10:00:28.0068 3480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:00:28.0100 3480 Msfs - ok 10:00:28.0100 3480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:00:28.0131 3480 mshidkmdf - ok 10:00:28.0131 3480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:00:28.0131 3480 msisadrv - ok 10:00:28.0146 3480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 10:00:28.0162 3480 MSiSCSI - ok 10:00:28.0178 3480 msiserver - ok 10:00:28.0178 3480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:00:28.0209 3480 MSKSSRV - ok 10:00:28.0209 3480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:00:28.0240 3480 MSPCLOCK - ok 10:00:28.0240 3480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:00:28.0271 3480 MSPQM - ok 10:00:28.0271 3480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:00:28.0287 3480 MsRPC - ok 10:00:28.0302 3480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 10:00:28.0302 3480 mssmbios - ok 10:00:28.0302 3480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:00:28.0334 3480 MSTEE - ok 10:00:28.0334 3480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 10:00:28.0349 3480 MTConfig - ok 10:00:28.0349 3480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:00:28.0365 3480 Mup - ok 10:00:28.0365 3480 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 10:00:28.0396 3480 napagent - ok 10:00:28.0412 3480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:00:28.0427 3480 NativeWifiP - ok 10:00:28.0443 3480 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:00:28.0458 3480 NDIS - ok 10:00:28.0458 3480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:00:28.0490 3480 NdisCap - ok 10:00:28.0490 3480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:00:28.0505 3480 NdisTapi - ok 10:00:28.0521 3480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:00:28.0536 3480 Ndisuio - ok 10:00:28.0552 3480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:00:28.0583 3480 NdisWan - ok 10:00:28.0583 3480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:00:28.0630 3480 NDProxy - ok 10:00:28.0646 3480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:00:28.0661 3480 NetBIOS - ok 10:00:28.0677 3480 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:00:28.0692 3480 NetBT - ok 10:00:28.0708 3480 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:00:28.0708 3480 Netlogon - ok 10:00:28.0724 3480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 10:00:28.0739 3480 Netman - ok 10:00:28.0755 3480 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:00:28.0755 3480 NetMsmqActivator - ok 10:00:28.0755 3480 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:00:28.0755 3480 NetPipeActivator - ok 10:00:28.0770 3480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 10:00:28.0802 3480 netprofm - ok 10:00:28.0817 3480 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:00:28.0833 3480 NetTcpActivator - ok 10:00:28.0833 3480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:00:28.0833 3480 NetTcpPortSharing - ok 10:00:28.0848 3480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 10:00:28.0848 3480 nfrd960 - ok 10:00:28.0864 3480 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 10:00:28.0895 3480 NlaSvc - ok 10:00:28.0895 3480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:00:28.0942 3480 Npfs - ok 10:00:28.0942 3480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 10:00:28.0973 3480 nsi - ok 10:00:28.0973 3480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:00:28.0989 3480 nsiproxy - ok 10:00:29.0020 3480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:00:29.0051 3480 Ntfs - ok 10:00:29.0051 3480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:00:29.0082 3480 Null - ok 10:00:29.0082 3480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:00:29.0098 3480 nvraid - ok 10:00:29.0098 3480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:00:29.0114 3480 nvstor - ok 10:00:29.0114 3480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:00:29.0129 3480 nv_agp - ok 10:00:29.0129 3480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:00:29.0145 3480 ohci1394 - ok 10:00:29.0145 3480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:00:29.0160 3480 p2pimsvc - ok 10:00:29.0176 3480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 10:00:29.0192 3480 p2psvc - ok 10:00:29.0207 3480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 10:00:29.0223 3480 Parport - ok 10:00:29.0223 3480 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 10:00:29.0238 3480 partmgr - ok 10:00:29.0254 3480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 10:00:29.0270 3480 PcaSvc - ok 10:00:29.0285 3480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:00:29.0301 3480 pci - ok 10:00:29.0301 3480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:00:29.0316 3480 pciide - ok 10:00:29.0332 3480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 10:00:29.0348 3480 pcmcia - ok 10:00:29.0348 3480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:00:29.0363 3480 pcw - ok 10:00:29.0379 3480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:00:29.0426 3480 PEAUTH - ok 10:00:29.0426 3480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 10:00:29.0441 3480 PerfHost - ok 10:00:29.0457 3480 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 10:00:29.0535 3480 pla - ok 10:00:29.0550 3480 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 10:00:29.0566 3480 PlugPlay - ok 10:00:29.0582 3480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 10:00:29.0597 3480 PNRPAutoReg - ok 10:00:29.0597 3480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:00:29.0628 3480 PNRPsvc - ok 10:00:29.0628 3480 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 10:00:29.0691 3480 PolicyAgent - ok 10:00:29.0706 3480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 10:00:29.0753 3480 Power - ok 10:00:29.0753 3480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:00:29.0784 3480 PptpMiniport - ok 10:00:29.0831 3480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 10:00:29.0831 3480 Processor - ok 10:00:29.0847 3480 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 10:00:29.0878 3480 ProfSvc - ok 10:00:29.0878 3480 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:00:29.0894 3480 ProtectedStorage - ok 10:00:29.0894 3480 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:00:29.0940 3480 Psched - ok 10:00:29.0956 3480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 10:00:30.0003 3480 ql2300 - ok 10:00:30.0003 3480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 10:00:30.0018 3480 ql40xx - ok 10:00:30.0034 3480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 10:00:30.0050 3480 QWAVE - ok 10:00:30.0065 3480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:00:30.0081 3480 QWAVEdrv - ok 10:00:30.0081 3480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:00:30.0112 3480 RasAcd - ok 10:00:30.0128 3480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:00:30.0143 3480 RasAgileVpn - ok 10:00:30.0159 3480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 10:00:30.0174 3480 RasAuto - ok 10:00:30.0190 3480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:00:30.0206 3480 Rasl2tp - ok 10:00:30.0221 3480 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 10:00:30.0252 3480 RasMan - ok 10:00:30.0252 3480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:00:30.0284 3480 RasPppoe - ok 10:00:30.0299 3480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:00:30.0315 3480 RasSstp - ok 10:00:30.0330 3480 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:00:30.0346 3480 rdbss - ok 10:00:30.0362 3480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 10:00:30.0362 3480 rdpbus - ok 10:00:30.0377 3480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:00:30.0393 3480 RDPCDD - ok 10:00:30.0408 3480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:00:30.0424 3480 RDPENCDD - ok 10:00:30.0440 3480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:00:30.0455 3480 RDPREFMP - ok 10:00:30.0455 3480 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 10:00:30.0486 3480 RDPWD - ok 10:00:30.0486 3480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:00:30.0502 3480 rdyboost - ok 10:00:30.0502 3480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 10:00:30.0533 3480 RemoteAccess - ok 10:00:30.0533 3480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 10:00:30.0564 3480 RemoteRegistry - ok 10:00:30.0564 3480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 10:00:30.0596 3480 RpcEptMapper - ok 10:00:30.0596 3480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 10:00:30.0596 3480 RpcLocator - ok 10:00:30.0611 3480 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:00:30.0658 3480 RpcSs - ok 10:00:30.0658 3480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:00:30.0689 3480 rspndr - ok 10:00:30.0705 3480 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:\Windows\system32\DRIVERS\Rtlh64.sys 10:00:30.0705 3480 RTL8169 - ok 10:00:30.0720 3480 RzSynapse (bedafaf4524c00edc068de3adf151f9d) C:\Windows\system32\DRIVERS\RzSynapse.sys 10:00:30.0720 3480 RzSynapse - ok 10:00:30.0736 3480 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:00:30.0736 3480 SamSs - ok 10:00:30.0752 3480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:00:30.0752 3480 sbp2port - ok 10:00:30.0767 3480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 10:00:30.0783 3480 SCardSvr - ok 10:00:30.0830 3480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:00:30.0861 3480 scfilter - ok 10:00:30.0876 3480 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 10:00:30.0908 3480 Schedule - ok 10:00:30.0923 3480 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:00:30.0939 3480 SCPolicySvc - ok 10:00:30.0954 3480 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 10:00:30.0954 3480 SDRSVC - ok 10:00:30.0970 3480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:00:30.0986 3480 secdrv - ok 10:00:30.0986 3480 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 10:00:31.0017 3480 seclogon - ok 10:00:31.0017 3480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 10:00:31.0032 3480 SENS - ok 10:00:31.0048 3480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 10:00:31.0048 3480 SensrSvc - ok 10:00:31.0064 3480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 10:00:31.0064 3480 Serenum - ok 10:00:31.0079 3480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 10:00:31.0079 3480 Serial - ok 10:00:31.0095 3480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 10:00:31.0095 3480 sermouse - ok 10:00:31.0110 3480 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 10:00:31.0157 3480 SessionEnv - ok 10:00:31.0173 3480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:00:31.0188 3480 sffdisk - ok 10:00:31.0188 3480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:00:31.0204 3480 sffp_mmc - ok 10:00:31.0204 3480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:00:31.0220 3480 sffp_sd - ok 10:00:31.0220 3480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 10:00:31.0235 3480 sfloppy - ok 10:00:31.0235 3480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 10:00:31.0266 3480 SharedAccess - ok 10:00:31.0282 3480 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 10:00:31.0298 3480 ShellHWDetection - ok 10:00:31.0313 3480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 10:00:31.0313 3480 SiSRaid2 - ok 10:00:31.0329 3480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 10:00:31.0329 3480 SiSRaid4 - ok 10:00:31.0344 3480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:00:31.0376 3480 Smb - ok 10:00:31.0407 3480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 10:00:31.0407 3480 SNMPTRAP - ok 10:00:31.0422 3480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:00:31.0422 3480 spldr - ok 10:00:31.0438 3480 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 10:00:31.0469 3480 Spooler - ok 10:00:31.0532 3480 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 10:00:31.0641 3480 sppsvc - ok 10:00:31.0641 3480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 10:00:31.0672 3480 sppuinotify - ok 10:00:31.0688 3480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:00:31.0703 3480 srv - ok 10:00:31.0719 3480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:00:31.0719 3480 srv2 - ok 10:00:31.0734 3480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:00:31.0750 3480 srvnet - ok 10:00:31.0766 3480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 10:00:31.0812 3480 SSDPSRV - ok 10:00:31.0844 3480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 10:00:31.0890 3480 SstpSvc - ok 10:00:31.0890 3480 Steam Client Service - ok 10:00:31.0906 3480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 10:00:31.0906 3480 stexstor - ok 10:00:31.0922 3480 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 10:00:31.0953 3480 stisvc - ok 10:00:31.0968 3480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 10:00:31.0968 3480 swenum - ok 10:00:31.0984 3480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 10:00:32.0015 3480 swprv - ok 10:00:32.0031 3480 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 10:00:32.0062 3480 SysMain - ok 10:00:32.0078 3480 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 10:00:32.0078 3480 TabletInputService - ok 10:00:32.0093 3480 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 10:00:32.0124 3480 TapiSrv - ok 10:00:32.0124 3480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 10:00:32.0156 3480 TBS - ok 10:00:32.0187 3480 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 10:00:32.0218 3480 Tcpip - ok 10:00:32.0249 3480 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 10:00:32.0280 3480 TCPIP6 - ok 10:00:32.0296 3480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:00:32.0312 3480 tcpipreg - ok 10:00:32.0327 3480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:00:32.0327 3480 TDPIPE - ok 10:00:32.0343 3480 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 10:00:32.0358 3480 TDTCP - ok 10:00:32.0374 3480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:00:32.0390 3480 tdx - ok 10:00:32.0405 3480 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 10:00:32.0436 3480 TeamViewer6 - ok 10:00:32.0452 3480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 10:00:32.0452 3480 TermDD - ok 10:00:32.0468 3480 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 10:00:32.0514 3480 TermService - ok 10:00:32.0514 3480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 10:00:32.0530 3480 Themes - ok 10:00:32.0530 3480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:00:32.0577 3480 THREADORDER - ok 10:00:32.0577 3480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 10:00:32.0608 3480 TrkWks - ok 10:00:32.0608 3480 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 10:00:32.0624 3480 TrustedInstaller - ok 10:00:32.0639 3480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:00:32.0655 3480 tssecsrv - ok 10:00:32.0670 3480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:00:32.0670 3480 TsUsbFlt - ok 10:00:32.0686 3480 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 10:00:32.0686 3480 TsUsbGD - ok 10:00:32.0702 3480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:00:32.0733 3480 tunnel - ok 10:00:32.0748 3480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 10:00:32.0748 3480 uagp35 - ok 10:00:32.0764 3480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:00:32.0780 3480 udfs - ok 10:00:32.0795 3480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 10:00:32.0795 3480 UI0Detect - ok 10:00:32.0826 3480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:00:32.0842 3480 uliagpkx - ok 10:00:32.0842 3480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 10:00:32.0858 3480 umbus - ok 10:00:32.0873 3480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 10:00:32.0889 3480 UmPass - ok 10:00:32.0904 3480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 10:00:32.0936 3480 upnphost - ok 10:00:32.0951 3480 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 10:00:32.0951 3480 usbaudio - ok 10:00:32.0967 3480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:00:32.0967 3480 usbccgp - ok 10:00:32.0982 3480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:00:32.0998 3480 usbcir - ok 10:00:32.0998 3480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:00:33.0014 3480 usbehci - ok 10:00:33.0014 3480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:00:33.0029 3480 usbhub - ok 10:00:33.0045 3480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 10:00:33.0060 3480 usbohci - ok 10:00:33.0060 3480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 10:00:33.0076 3480 usbprint - ok 10:00:33.0076 3480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:00:33.0092 3480 USBSTOR - ok 10:00:33.0107 3480 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:00:33.0107 3480 usbuhci - ok 10:00:33.0123 3480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 10:00:33.0138 3480 UxSms - ok 10:00:33.0154 3480 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:00:33.0154 3480 VaultSvc - ok 10:00:33.0170 3480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:00:33.0170 3480 vdrvroot - ok 10:00:33.0185 3480 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 10:00:33.0232 3480 vds - ok 10:00:33.0248 3480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:00:33.0263 3480 vga - ok 10:00:33.0263 3480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:00:33.0310 3480 VgaSave - ok 10:00:33.0326 3480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:00:33.0326 3480 vhdmp - ok 10:00:33.0341 3480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:00:33.0341 3480 viaide - ok 10:00:33.0357 3480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:00:33.0357 3480 volmgr - ok 10:00:33.0372 3480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:00:33.0388 3480 volmgrx - ok 10:00:33.0388 3480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:00:33.0404 3480 volsnap - ok 10:00:33.0419 3480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 10:00:33.0419 3480 vsmraid - ok 10:00:33.0450 3480 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 10:00:33.0482 3480 VSS - ok 10:00:33.0497 3480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 10:00:33.0513 3480 vwifibus - ok 10:00:33.0513 3480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:00:33.0528 3480 vwififlt - ok 10:00:33.0544 3480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 10:00:33.0575 3480 W32Time - ok 10:00:33.0575 3480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 10:00:33.0591 3480 WacomPen - ok 10:00:33.0591 3480 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:00:33.0622 3480 WANARP - ok 10:00:33.0638 3480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:00:33.0653 3480 Wanarpv6 - ok 10:00:33.0669 3480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 10:00:33.0716 3480 WatAdminSvc - ok 10:00:33.0747 3480 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 10:00:33.0794 3480 wbengine - ok 10:00:33.0794 3480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 10:00:33.0809 3480 WbioSrvc - ok 10:00:33.0825 3480 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 10:00:33.0840 3480 wcncsvc - ok 10:00:33.0856 3480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 10:00:33.0856 3480 WcsPlugInService - ok 10:00:33.0872 3480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 10:00:33.0872 3480 Wd - ok 10:00:33.0887 3480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:00:33.0903 3480 Wdf01000 - ok 10:00:33.0903 3480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:00:33.0934 3480 WdiServiceHost - ok 10:00:33.0934 3480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:00:33.0950 3480 WdiSystemHost - ok 10:00:33.0950 3480 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 10:00:33.0965 3480 WebClient - ok 10:00:33.0981 3480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 10:00:33.0996 3480 Wecsvc - ok 10:00:34.0012 3480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 10:00:34.0028 3480 wercplsupport - ok 10:00:34.0043 3480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 10:00:34.0059 3480 WerSvc - ok 10:00:34.0074 3480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:00:34.0090 3480 WfpLwf - ok 10:00:34.0106 3480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:00:34.0106 3480 WIMMount - ok 10:00:34.0106 3480 WinHttpAutoProxySvc - ok 10:00:34.0121 3480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 10:00:34.0152 3480 Winmgmt - ok 10:00:34.0184 3480 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 10:00:34.0262 3480 WinRM - ok 10:00:34.0277 3480 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 10:00:34.0277 3480 WinUsb - ok 10:00:34.0293 3480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 10:00:34.0308 3480 Wlansvc - ok 10:00:34.0324 3480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 10:00:34.0324 3480 WmiAcpi - ok 10:00:34.0340 3480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 10:00:34.0355 3480 wmiApSrv - ok 10:00:34.0355 3480 WMPNetworkSvc - ok 10:00:34.0355 3480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 10:00:34.0371 3480 WPCSvc - ok 10:00:34.0386 3480 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 10:00:34.0402 3480 WPDBusEnum - ok 10:00:34.0418 3480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:00:34.0449 3480 ws2ifsl - ok 10:00:34.0464 3480 WSearch - ok 10:00:34.0496 3480 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 10:00:34.0542 3480 wuauserv - ok 10:00:34.0558 3480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:00:34.0574 3480 WudfPf - ok 10:00:34.0589 3480 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:00:34.0605 3480 WUDFRd - ok 10:00:34.0620 3480 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 10:00:34.0636 3480 wudfsvc - ok 10:00:34.0652 3480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 10:00:34.0667 3480 WwanSvc - ok 10:00:34.0667 3480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 10:00:34.0683 3480 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:00:34.0683 3480 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:00:34.0683 3480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 10:00:34.0745 3480 \Device\Harddisk1\DR1 - ok 10:00:34.0745 3480 Boot (0x1200) (54961eeb71546339d6b36d065b5e0769) \Device\Harddisk0\DR0\Partition0 10:00:34.0745 3480 \Device\Harddisk0\DR0\Partition0 - ok 10:00:34.0745 3480 Boot (0x1200) (b7015f65846113e84d8101b0c562973a) \Device\Harddisk1\DR1\Partition0 10:00:34.0745 3480 \Device\Harddisk1\DR1\Partition0 - ok 10:00:34.0745 3480 ============================================================ 10:00:34.0745 3480 Scan finished 10:00:34.0745 3480 ============================================================ 10:00:34.0761 5256 Detected object count: 1 10:00:34.0761 5256 Actual detected object count: 1 10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:01:12.0360 5256 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 10:01:12.0360 5256 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 10:01:12.0360 5256 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS - deleted 10:01:12.0376 5256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 10:02:16.0176 5764 Deinitialize success Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.12.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zauper :: JEFF-DESKTOP [administrator] 4/12/2012 6:12:09 PM mbam-log-2012-04-12 (18-12-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202449 Time elapsed: 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Windows\System32\comprcfg.dll (Spyware.Banker.KGen) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\System32\comprcfg.dll (Spyware.Banker.KGen) -> Delete on reboot. (end)
  11. Hi Maniac, Thanks for your help! There was one file that was not removed by TDSS -- do we need to do anything there? After the second reboot (by MBAM), all my files were hidden, so I ran the unhide.exe created by bleepingcomputer. On first glance, it seems as though malware is gone, but I have to head to work so I can't do testing to make sure the google redirect is gone as well. Thanks again for all your help -Jeff Here are the log files -- 08:09:23.0698 2868 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 08:09:24.0042 2868 ============================================================ 08:09:24.0042 2868 Current date / time: 2012/04/12 08:09:24.0042 08:09:24.0042 2868 SystemInfo: 08:09:24.0042 2868 08:09:24.0042 2868 OS Version: 6.1.7601 ServicePack: 1.0 08:09:24.0042 2868 Product type: Workstation 08:09:24.0042 2868 ComputerName: JEFF-DESKTOP 08:09:24.0042 2868 UserName: Zauper 08:09:24.0042 2868 Windows directory: C:\Windows 08:09:24.0042 2868 System windows directory: C:\Windows 08:09:24.0042 2868 Running under WOW64 08:09:24.0042 2868 Processor architecture: Intel x64 08:09:24.0042 2868 Number of processors: 4 08:09:24.0042 2868 Page size: 0x1000 08:09:24.0042 2868 Boot type: Normal boot 08:09:24.0042 2868 ============================================================ 08:09:24.0195 2868 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:09:24.0204 2868 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:09:24.0216 2868 \Device\Harddisk0\DR0: 08:09:24.0216 2868 MBR used 08:09:24.0216 2868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800 08:09:24.0216 2868 \Device\Harddisk1\DR1: 08:09:24.0216 2868 MBR used 08:09:24.0216 2868 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 08:09:24.0228 2868 Initialize success 08:09:24.0228 2868 ============================================================ 08:09:56.0047 8028 ============================================================ 08:09:56.0047 8028 Scan started 08:09:56.0047 8028 Mode: Manual; SigCheck; TDLFS; 08:09:56.0047 8028 ============================================================ 08:09:56.0647 8028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys 08:09:56.0691 8028 1394ohci - ok 08:09:56.0706 8028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:09:56.0716 8028 ACPI - ok 08:09:56.0727 8028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:09:56.0749 8028 AcpiPmi - ok 08:09:56.0756 8028 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 08:09:56.0760 8028 AdobeARMservice - ok 08:09:56.0776 8028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 08:09:56.0789 8028 adp94xx - ok 08:09:56.0819 8028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 08:09:56.0828 8028 adpahci - ok 08:09:56.0837 8028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 08:09:56.0844 8028 adpu320 - ok 08:09:56.0852 8028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:09:56.0901 8028 AeLookupSvc - ok 08:09:56.0913 8028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:09:56.0925 8028 AFD - ok 08:09:56.0933 8028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:09:56.0938 8028 agp440 - ok 08:09:56.0945 8028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:09:56.0955 8028 ALG - ok 08:09:56.0962 8028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:09:56.0967 8028 aliide - ok 08:09:56.0975 8028 AMD External Events Utility (582a40970d43628b9f60dcd18500c051) C:\Windows\system32\atiesrxx.exe 08:09:56.0989 8028 AMD External Events Utility - ok 08:09:56.0996 8028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:09:57.0001 8028 amdide - ok 08:09:57.0010 8028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 08:09:57.0018 8028 AmdK8 - ok 08:09:57.0095 8028 amdkmdag (c8a09b711d0f332cf6fc75fbf7f539ba) C:\Windows\system32\DRIVERS\atikmdag.sys 08:09:57.0193 8028 amdkmdag - ok 08:09:57.0204 8028 amdkmdap (285da456fd69a2c99dd641bd3353ec9a) C:\Windows\system32\DRIVERS\atikmpag.sys 08:09:57.0215 8028 amdkmdap - ok 08:09:57.0223 8028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 08:09:57.0231 8028 AmdPPM - ok 08:09:57.0239 8028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:09:57.0245 8028 amdsata - ok 08:09:57.0253 8028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 08:09:57.0263 8028 amdsbs - ok 08:09:57.0270 8028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:09:57.0275 8028 amdxata - ok 08:09:57.0284 8028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:09:57.0336 8028 AppID - ok 08:09:57.0343 8028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:09:57.0365 8028 AppIDSvc - ok 08:09:57.0373 8028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:09:57.0394 8028 Appinfo - ok 08:09:57.0402 8028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 08:09:57.0408 8028 arc - ok 08:09:57.0416 8028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 08:09:57.0421 8028 arcsas - ok 08:09:57.0429 8028 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:09:57.0433 8028 aspnet_state - ok 08:09:57.0441 8028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:09:57.0464 8028 AsyncMac - ok 08:09:57.0471 8028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:09:57.0476 8028 atapi - ok 08:09:57.0497 8028 athr (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys 08:09:57.0522 8028 athr - ok 08:09:57.0536 8028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:09:57.0565 8028 AudioEndpointBuilder - ok 08:09:57.0572 8028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:09:57.0596 8028 AudioSrv - ok 08:09:57.0605 8028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 08:09:57.0623 8028 AxInstSV - ok 08:09:57.0635 8028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 08:09:57.0646 8028 b06bdrv - ok 08:09:57.0657 8028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:09:57.0668 8028 b57nd60a - ok 08:09:57.0677 8028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:09:57.0685 8028 BDESVC - ok 08:09:57.0693 8028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:09:57.0714 8028 Beep - ok 08:09:57.0728 8028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 08:09:57.0758 8028 BITS - ok 08:09:57.0765 8028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:09:57.0772 8028 blbdrive - ok 08:09:57.0780 8028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:09:57.0787 8028 bowser - ok 08:09:57.0794 8028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 08:09:57.0804 8028 BrFiltLo - ok 08:09:57.0827 8028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 08:09:57.0834 8028 BrFiltUp - ok 08:09:57.0843 8028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 08:09:57.0864 8028 Browser - ok 08:09:57.0874 8028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:09:57.0885 8028 Brserid - ok 08:09:57.0892 8028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:09:57.0901 8028 BrSerWdm - ok 08:09:57.0908 8028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:09:57.0916 8028 BrUsbMdm - ok 08:09:57.0924 8028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:09:57.0930 8028 BrUsbSer - ok 08:09:57.0938 8028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 08:09:57.0947 8028 BTHMODEM - ok 08:09:57.0955 8028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:09:57.0977 8028 bthserv - ok 08:09:57.0987 8028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:09:58.0011 8028 cdfs - ok 08:09:58.0021 8028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 08:09:58.0029 8028 cdrom - ok 08:09:58.0037 8028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:09:58.0058 8028 CertPropSvc - ok 08:09:58.0066 8028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 08:09:58.0074 8028 circlass - ok 08:09:58.0083 8028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:09:58.0093 8028 CLFS - ok 08:09:58.0097 8028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:09:58.0102 8028 clr_optimization_v2.0.50727_32 - ok 08:09:58.0105 8028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:09:58.0110 8028 clr_optimization_v2.0.50727_64 - ok 08:09:58.0115 8028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:09:58.0119 8028 clr_optimization_v4.0.30319_32 - ok 08:09:58.0123 8028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:09:58.0128 8028 clr_optimization_v4.0.30319_64 - ok 08:09:58.0136 8028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 08:09:58.0143 8028 CmBatt - ok 08:09:58.0150 8028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:09:58.0154 8028 cmdide - ok 08:09:58.0165 8028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:09:58.0179 8028 CNG - ok 08:09:58.0187 8028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 08:09:58.0192 8028 Compbatt - ok 08:09:58.0199 8028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 08:09:58.0226 8028 CompositeBus - ok 08:09:58.0232 8028 COMSysApp - ok 08:09:58.0240 8028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 08:09:58.0245 8028 crcdisk - ok 08:09:58.0254 8028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 08:09:58.0277 8028 CryptSvc - ok 08:09:58.0285 8028 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys 08:09:58.0290 8028 ctxusbm - ok 08:09:58.0301 8028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:09:58.0328 8028 DcomLaunch - ok 08:09:58.0337 8028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:09:58.0361 8028 defragsvc - ok 08:09:58.0369 8028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:09:58.0389 8028 DfsC - ok 08:09:58.0398 8028 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys 08:09:58.0403 8028 dg_ssudbus - ok 08:09:58.0413 8028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 08:09:58.0437 8028 Dhcp - ok 08:09:58.0445 8028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:09:58.0465 8028 discache - ok 08:09:58.0473 8028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 08:09:58.0478 8028 Disk - ok 08:09:58.0487 8028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 08:09:58.0495 8028 Dnscache - ok 08:09:58.0504 8028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 08:09:58.0527 8028 dot3svc - ok 08:09:58.0535 8028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 08:09:58.0557 8028 DPS - ok 08:09:58.0564 8028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:09:58.0572 8028 drmkaud - ok 08:09:58.0588 8028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:09:58.0608 8028 DXGKrnl - ok 08:09:58.0615 8028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:09:58.0637 8028 EapHost - ok 08:09:58.0671 8028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 08:09:58.0714 8028 ebdrv - ok 08:09:58.0722 8028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 08:09:58.0730 8028 EFS - ok 08:09:58.0738 8028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 08:09:58.0751 8028 ehRecvr - ok 08:09:58.0754 8028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:09:58.0761 8028 ehSched - ok 08:09:58.0773 8028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 08:09:58.0784 8028 elxstor - ok 08:09:58.0792 8028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:09:58.0799 8028 ErrDev - ok 08:09:58.0823 8028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:09:58.0850 8028 EventSystem - ok 08:09:58.0859 8028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:09:58.0882 8028 exfat - ok 08:09:58.0891 8028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:09:58.0915 8028 fastfat - ok 08:09:58.0928 8028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 08:09:58.0943 8028 Fax - ok 08:09:58.0950 8028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 08:09:58.0957 8028 fdc - ok 08:09:58.0964 8028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:09:58.0986 8028 fdPHost - ok 08:09:58.0993 8028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:09:59.0014 8028 FDResPub - ok 08:09:59.0021 8028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:09:59.0026 8028 FileInfo - ok 08:09:59.0034 8028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:09:59.0055 8028 Filetrace - ok 08:09:59.0062 8028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 08:09:59.0068 8028 flpydisk - ok 08:09:59.0078 8028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:09:59.0086 8028 FltMgr - ok 08:09:59.0103 8028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 08:09:59.0122 8028 FontCache - ok 08:09:59.0126 8028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:09:59.0130 8028 FontCache3.0.0.0 - ok 08:09:59.0137 8028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:09:59.0143 8028 FsDepends - ok 08:09:59.0150 8028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 08:09:59.0155 8028 Fs_Rec - ok 08:09:59.0164 8028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:09:59.0173 8028 fvevol - ok 08:09:59.0181 8028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 08:09:59.0187 8028 gagp30kx - ok 08:09:59.0200 8028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 08:09:59.0229 8028 gpsvc - ok 08:09:59.0237 8028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:09:59.0243 8028 hcw85cir - ok 08:09:59.0254 8028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:09:59.0266 8028 HdAudAddService - ok 08:09:59.0275 8028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:09:59.0284 8028 HDAudBus - ok 08:09:59.0292 8028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 08:09:59.0299 8028 HidBatt - ok 08:09:59.0307 8028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 08:09:59.0316 8028 HidBth - ok 08:09:59.0324 8028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 08:09:59.0332 8028 HidIr - ok 08:09:59.0339 8028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 08:09:59.0362 8028 hidserv - ok 08:09:59.0370 8028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 08:09:59.0377 8028 HidUsb - ok 08:09:59.0384 8028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 08:09:59.0406 8028 hkmsvc - ok 08:09:59.0414 8028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 08:09:59.0424 8028 HomeGroupListener - ok 08:09:59.0432 8028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 08:09:59.0441 8028 HomeGroupProvider - ok 08:09:59.0448 8028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:09:59.0454 8028 HpSAMD - ok 08:09:59.0467 8028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:09:59.0496 8028 HTTP - ok 08:09:59.0504 8028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:09:59.0508 8028 hwpolicy - ok 08:09:59.0518 8028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:09:59.0525 8028 i8042prt - ok 08:09:59.0536 8028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:09:59.0547 8028 iaStorV - ok 08:09:59.0557 8028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:09:59.0568 8028 idsvc - ok 08:09:59.0576 8028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 08:09:59.0581 8028 iirsp - ok 08:09:59.0594 8028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 08:09:59.0624 8028 IKEEXT - ok 08:09:59.0632 8028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:09:59.0637 8028 intelide - ok 08:09:59.0644 8028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:09:59.0651 8028 intelppm - ok 08:09:59.0659 8028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:09:59.0682 8028 IPBusEnum - ok 08:09:59.0689 8028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:09:59.0709 8028 IpFilterDriver - ok 08:09:59.0717 8028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:09:59.0724 8028 IPMIDRV - ok 08:09:59.0732 8028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:09:59.0755 8028 IPNAT - ok 08:09:59.0763 8028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:09:59.0772 8028 IRENUM - ok 08:09:59.0780 8028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:09:59.0785 8028 isapnp - ok 08:09:59.0794 8028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:09:59.0819 8028 iScsiPrt - ok 08:09:59.0828 8028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 08:09:59.0833 8028 kbdclass - ok 08:09:59.0841 8028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 08:09:59.0848 8028 kbdhid - ok 08:09:59.0855 8028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:09:59.0861 8028 KeyIso - ok 08:09:59.0868 8028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:09:59.0874 8028 KSecDD - ok 08:09:59.0882 8028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:09:59.0888 8028 KSecPkg - ok 08:09:59.0896 8028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:09:59.0917 8028 ksthunk - ok 08:09:59.0926 8028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:09:59.0951 8028 KtmRm - ok 08:09:59.0960 8028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 08:09:59.0984 8028 LanmanServer - ok 08:09:59.0991 8028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 08:10:00.0013 8028 LanmanWorkstation - ok 08:10:00.0022 8028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:10:00.0044 8028 lltdio - ok 08:10:00.0053 8028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:10:00.0076 8028 lltdsvc - ok 08:10:00.0083 8028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:10:00.0105 8028 lmhosts - ok 08:10:00.0111 8028 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe 08:10:00.0117 8028 LMIGuardianSvc - ok 08:10:00.0120 8028 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\Logmein\x64\RaInfo.sys 08:10:00.0124 8028 LMIInfo - ok 08:10:00.0127 8028 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\Logmein\x64\RaMaint.exe 08:10:00.0131 8028 LMIMaint - ok 08:10:00.0138 8028 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys 08:10:00.0142 8028 lmimirr - ok 08:10:00.0149 8028 LMIRfsClientNP - ok 08:10:00.0157 8028 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys 08:10:00.0161 8028 LMIRfsDriver - ok 08:10:00.0167 8028 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\Logmein\x64\LogMeIn.exe 08:10:00.0174 8028 LogMeIn - ok 08:10:00.0183 8028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 08:10:00.0189 8028 LSI_FC - ok 08:10:00.0197 8028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 08:10:00.0203 8028 LSI_SAS - ok 08:10:00.0210 8028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 08:10:00.0216 8028 LSI_SAS2 - ok 08:10:00.0224 8028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 08:10:00.0231 8028 LSI_SCSI - ok 08:10:00.0239 8028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:10:00.0261 8028 luafv - ok 08:10:00.0268 8028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 08:10:00.0276 8028 Mcx2Svc - ok 08:10:00.0284 8028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 08:10:00.0289 8028 megasas - ok 08:10:00.0299 8028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 08:10:00.0308 8028 MegaSR - ok 08:10:00.0316 8028 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 08:10:00.0320 8028 MEIx64 - ok 08:10:00.0327 8028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:10:00.0351 8028 MMCSS - ok 08:10:00.0358 8028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:10:00.0379 8028 Modem - ok 08:10:00.0387 8028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:10:00.0395 8028 monitor - ok 08:10:00.0402 8028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:10:00.0407 8028 mouclass - ok 08:10:00.0417 8028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:10:00.0423 8028 mouhid - ok 08:10:00.0431 8028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:10:00.0436 8028 mountmgr - ok 08:10:00.0445 8028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:10:00.0452 8028 mpio - ok 08:10:00.0459 8028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:10:00.0481 8028 mpsdrv - ok 08:10:00.0489 8028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:10:00.0499 8028 MRxDAV - ok 08:10:00.0508 8028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:10:00.0516 8028 mrxsmb - ok 08:10:00.0526 8028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:10:00.0535 8028 mrxsmb10 - ok 08:10:00.0543 8028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:10:00.0549 8028 mrxsmb20 - ok 08:10:00.0557 8028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:10:00.0562 8028 msahci - ok 08:10:00.0570 8028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:10:00.0576 8028 msdsm - ok 08:10:00.0584 8028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:10:00.0593 8028 MSDTC - ok 08:10:00.0602 8028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:10:00.0623 8028 Msfs - ok 08:10:00.0631 8028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:10:00.0652 8028 mshidkmdf - ok 08:10:00.0659 8028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:10:00.0663 8028 msisadrv - ok 08:10:00.0671 8028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:10:00.0694 8028 MSiSCSI - ok 08:10:00.0700 8028 msiserver - ok 08:10:00.0708 8028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:10:00.0730 8028 MSKSSRV - ok 08:10:00.0737 8028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:10:00.0757 8028 MSPCLOCK - ok 08:10:00.0764 8028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:10:00.0785 8028 MSPQM - ok 08:10:00.0795 8028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:10:00.0805 8028 MsRPC - ok 08:10:00.0816 8028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 08:10:00.0820 8028 mssmbios - ok 08:10:00.0827 8028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:10:00.0848 8028 MSTEE - ok 08:10:00.0855 8028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 08:10:00.0861 8028 MTConfig - ok 08:10:00.0868 8028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:10:00.0873 8028 Mup - ok 08:10:00.0884 8028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 08:10:00.0910 8028 napagent - ok 08:10:00.0921 8028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:10:00.0934 8028 NativeWifiP - ok 08:10:00.0950 8028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:10:00.0968 8028 NDIS - ok 08:10:00.0977 8028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:10:00.0997 8028 NdisCap - ok 08:10:01.0005 8028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:10:01.0025 8028 NdisTapi - ok 08:10:01.0033 8028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:10:01.0054 8028 Ndisuio - ok 08:10:01.0063 8028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:10:01.0085 8028 NdisWan - ok 08:10:01.0092 8028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:10:01.0120 8028 NDProxy - ok 08:10:01.0130 8028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:10:01.0150 8028 NetBIOS - ok 08:10:01.0160 8028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:10:01.0182 8028 NetBT - ok 08:10:01.0189 8028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:10:01.0195 8028 Netlogon - ok 08:10:01.0205 8028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:10:01.0231 8028 Netman - ok 08:10:01.0236 8028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:10:01.0240 8028 NetMsmqActivator - ok 08:10:01.0243 8028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:10:01.0248 8028 NetPipeActivator - ok 08:10:01.0259 8028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:10:01.0286 8028 netprofm - ok 08:10:01.0290 8028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:10:01.0295 8028 NetTcpActivator - ok 08:10:01.0297 8028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:10:01.0302 8028 NetTcpPortSharing - ok 08:10:01.0311 8028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 08:10:01.0316 8028 nfrd960 - ok 08:10:01.0326 8028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 08:10:01.0350 8028 NlaSvc - ok 08:10:01.0357 8028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:10:01.0378 8028 Npfs - ok 08:10:01.0385 8028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:10:01.0407 8028 nsi - ok 08:10:01.0414 8028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:10:01.0435 8028 nsiproxy - ok 08:10:01.0458 8028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:10:01.0485 8028 Ntfs - ok 08:10:01.0493 8028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:10:01.0513 8028 Null - ok 08:10:01.0522 8028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:10:01.0528 8028 nvraid - ok 08:10:01.0537 8028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:10:01.0544 8028 nvstor - ok 08:10:01.0552 8028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:10:01.0558 8028 nv_agp - ok 08:10:01.0566 8028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:10:01.0573 8028 ohci1394 - ok 08:10:01.0583 8028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:10:01.0593 8028 p2pimsvc - ok 08:10:01.0603 8028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:10:01.0614 8028 p2psvc - ok 08:10:01.0622 8028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 08:10:01.0629 8028 Parport - ok 08:10:01.0636 8028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 08:10:01.0641 8028 partmgr - ok 08:10:01.0650 8028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:10:01.0661 8028 PcaSvc - ok 08:10:01.0670 8028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:10:01.0676 8028 pci - ok 08:10:01.0684 8028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:10:01.0688 8028 pciide - ok 08:10:01.0697 8028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 08:10:01.0704 8028 pcmcia - ok 08:10:01.0711 8028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:10:01.0716 8028 pcw - ok 08:10:01.0729 8028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:10:01.0760 8028 PEAUTH - ok 08:10:01.0768 8028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:10:01.0775 8028 PerfHost - ok 08:10:01.0796 8028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 08:10:01.0861 8028 pla - ok 08:10:01.0871 8028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 08:10:01.0883 8028 PlugPlay - ok 08:10:01.0890 8028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:10:01.0896 8028 PNRPAutoReg - ok 08:10:01.0905 8028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:10:01.0913 8028 PNRPsvc - ok 08:10:01.0924 8028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 08:10:01.0951 8028 PolicyAgent - ok 08:10:01.0959 8028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 08:10:01.0986 8028 Power - ok 08:10:01.0994 8028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:10:02.0018 8028 PptpMiniport - ok 08:10:02.0026 8028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 08:10:02.0033 8028 Processor - ok 08:10:02.0041 8028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 08:10:02.0066 8028 ProfSvc - ok 08:10:02.0073 8028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:10:02.0079 8028 ProtectedStorage - ok 08:10:02.0088 8028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:10:02.0110 8028 Psched - ok 08:10:02.0130 8028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 08:10:02.0157 8028 ql2300 - ok 08:10:02.0166 8028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 08:10:02.0174 8028 ql40xx - ok 08:10:02.0184 8028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:10:02.0196 8028 QWAVE - ok 08:10:02.0204 8028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:10:02.0214 8028 QWAVEdrv - ok 08:10:02.0222 8028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:10:02.0252 8028 RasAcd - ok 08:10:02.0260 8028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:10:02.0283 8028 RasAgileVpn - ok 08:10:02.0291 8028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:10:02.0314 8028 RasAuto - ok 08:10:02.0323 8028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:10:02.0348 8028 Rasl2tp - ok 08:10:02.0359 8028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 08:10:02.0386 8028 RasMan - ok 08:10:02.0395 8028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:10:02.0436 8028 RasPppoe - ok 08:10:02.0444 8028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:10:02.0465 8028 RasSstp - ok 08:10:02.0477 8028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:10:02.0513 8028 rdbss - ok 08:10:02.0521 8028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 08:10:02.0531 8028 rdpbus - ok 08:10:02.0539 8028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:10:02.0565 8028 RDPCDD - ok 08:10:02.0574 8028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:10:02.0607 8028 RDPENCDD - ok 08:10:02.0617 8028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:10:02.0644 8028 RDPREFMP - ok 08:10:02.0654 8028 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 08:10:02.0685 8028 RDPWD - ok 08:10:02.0695 8028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:10:02.0703 8028 rdyboost - ok 08:10:02.0711 8028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:10:02.0741 8028 RemoteAccess - ok 08:10:02.0750 8028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:10:02.0782 8028 RemoteRegistry - ok 08:10:02.0790 8028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:10:02.0813 8028 RpcEptMapper - ok 08:10:02.0820 8028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:10:02.0840 8028 RpcLocator - ok 08:10:02.0851 8028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:10:02.0886 8028 RpcSs - ok 08:10:02.0895 8028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:10:02.0918 8028 rspndr - ok 08:10:02.0929 8028 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:\Windows\system32\DRIVERS\Rtlh64.sys 08:10:02.0939 8028 RTL8169 - ok 08:10:02.0948 8028 RzSynapse (bedafaf4524c00edc068de3adf151f9d) C:\Windows\system32\DRIVERS\RzSynapse.sys 08:10:02.0955 8028 RzSynapse - ok 08:10:02.0961 8028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:10:02.0969 8028 SamSs - ok 08:10:02.0977 8028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:10:02.0984 8028 sbp2port - ok 08:10:02.0995 8028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:10:03.0019 8028 SCardSvr - ok 08:10:03.0026 8028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:10:03.0046 8028 scfilter - ok 08:10:03.0062 8028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 08:10:03.0097 8028 Schedule - ok 08:10:03.0104 8028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:10:03.0126 8028 SCPolicySvc - ok 08:10:03.0134 8028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 08:10:03.0144 8028 SDRSVC - ok 08:10:03.0151 8028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:10:03.0172 8028 secdrv - ok 08:10:03.0180 8028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 08:10:03.0200 8028 seclogon - ok 08:10:03.0207 8028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 08:10:03.0231 8028 SENS - ok 08:10:03.0238 8028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:10:03.0245 8028 SensrSvc - ok 08:10:03.0253 8028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 08:10:03.0260 8028 Serenum - ok 08:10:03.0268 8028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 08:10:03.0275 8028 Serial - ok 08:10:03.0282 8028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 08:10:03.0289 8028 sermouse - ok 08:10:03.0300 8028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 08:10:03.0322 8028 SessionEnv - ok 08:10:03.0329 8028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:10:03.0337 8028 sffdisk - ok 08:10:03.0344 8028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:10:03.0352 8028 sffp_mmc - ok 08:10:03.0359 8028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:10:03.0367 8028 sffp_sd - ok 08:10:03.0374 8028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 08:10:03.0382 8028 sfloppy - ok 08:10:03.0392 8028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:10:03.0430 8028 SharedAccess - ok 08:10:03.0444 8028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 08:10:03.0469 8028 ShellHWDetection - ok 08:10:03.0477 8028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 08:10:03.0482 8028 SiSRaid2 - ok 08:10:03.0489 8028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 08:10:03.0495 8028 SiSRaid4 - ok 08:10:03.0504 8028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:10:03.0526 8028 Smb - ok 08:10:03.0534 8028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:10:03.0542 8028 SNMPTRAP - ok 08:10:03.0551 8028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:10:03.0555 8028 spldr - ok 08:10:03.0567 8028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 08:10:03.0602 8028 Spooler - ok 08:10:03.0641 8028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 08:10:03.0709 8028 sppsvc - ok 08:10:03.0717 8028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:10:03.0744 8028 sppuinotify - ok 08:10:03.0757 8028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:10:03.0771 8028 srv - ok 08:10:03.0782 8028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:10:03.0821 8028 srv2 - ok 08:10:03.0830 8028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:10:03.0837 8028 srvnet - ok 08:10:03.0846 8028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 08:10:03.0872 8028 SSDPSRV - ok 08:10:03.0880 8028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 08:10:03.0902 8028 SstpSvc - ok 08:10:03.0906 8028 Steam Client Service - ok 08:10:03.0915 8028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 08:10:03.0919 8028 stexstor - ok 08:10:03.0933 8028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 08:10:03.0951 8028 stisvc - ok 08:10:03.0959 8028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 08:10:03.0963 8028 swenum - ok 08:10:03.0975 8028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 08:10:04.0003 8028 swprv - ok 08:10:04.0029 8028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 08:10:04.0059 8028 SysMain - ok 08:10:04.0066 8028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 08:10:04.0078 8028 TabletInputService - ok 08:10:04.0089 8028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 08:10:04.0114 8028 TapiSrv - ok 08:10:04.0121 8028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 08:10:04.0145 8028 TBS - ok 08:10:04.0170 8028 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 08:10:04.0201 8028 Tcpip - ok 08:10:04.0225 8028 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 08:10:04.0249 8028 TCPIP6 - ok 08:10:04.0257 8028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:10:04.0281 8028 tcpipreg - ok 08:10:04.0290 8028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:10:04.0298 8028 TDPIPE - ok 08:10:04.0305 8028 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 08:10:04.0326 8028 TDTCP - ok 08:10:04.0334 8028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:10:04.0356 8028 tdx - ok 08:10:04.0379 8028 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 08:10:04.0405 8028 TeamViewer6 - ok 08:10:04.0413 8028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 08:10:04.0421 8028 TermDD - ok 08:10:04.0433 8028 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 08:10:04.0466 8028 TermService - ok 08:10:04.0473 8028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 08:10:04.0484 8028 Themes - ok 08:10:04.0491 8028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:10:04.0512 8028 THREADORDER - ok 08:10:04.0520 8028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 08:10:04.0544 8028 TrkWks - ok 08:10:04.0549 8028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 08:10:04.0589 8028 TrustedInstaller - ok 08:10:04.0598 8028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:10:04.0619 8028 tssecsrv - ok 08:10:04.0627 8028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:10:04.0635 8028 TsUsbFlt - ok 08:10:04.0642 8028 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 08:10:04.0650 8028 TsUsbGD - ok 08:10:04.0660 8028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:10:04.0684 8028 tunnel - ok 08:10:04.0692 8028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 08:10:04.0697 8028 uagp35 - ok 08:10:04.0708 8028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:10:04.0735 8028 udfs - ok 08:10:04.0745 8028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 08:10:04.0753 8028 UI0Detect - ok 08:10:04.0762 8028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:10:04.0768 8028 uliagpkx - ok 08:10:04.0776 8028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 08:10:04.0784 8028 umbus - ok 08:10:04.0791 8028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 08:10:04.0798 8028 UmPass - ok 08:10:04.0830 8028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 08:10:04.0856 8028 upnphost - ok 08:10:04.0866 8028 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 08:10:04.0875 8028 usbaudio - ok 08:10:04.0884 8028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:10:04.0894 8028 usbccgp - ok 08:10:04.0902 8028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:10:04.0911 8028 usbcir - ok 08:10:04.0918 8028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:10:04.0925 8028 usbehci - ok 08:10:04.0935 8028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:10:04.0946 8028 usbhub - ok 08:10:04.0954 8028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 08:10:04.0969 8028 usbohci - ok 08:10:04.0979 8028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 08:10:04.0994 8028 usbprint - ok 08:10:05.0005 8028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:10:05.0013 8028 USBSTOR - ok 08:10:05.0021 8028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:10:05.0027 8028 usbuhci - ok 08:10:05.0034 8028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 08:10:05.0058 8028 UxSms - ok 08:10:05.0065 8028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:10:05.0070 8028 VaultSvc - ok 08:10:05.0078 8028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:10:05.0083 8028 vdrvroot - ok 08:10:05.0095 8028 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 08:10:05.0123 8028 vds - ok 08:10:05.0132 8028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:10:05.0139 8028 vga - ok 08:10:05.0147 8028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:10:05.0169 8028 VgaSave - ok 08:10:05.0179 8028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:10:05.0193 8028 vhdmp - ok 08:10:05.0207 8028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:10:05.0214 8028 viaide - ok 08:10:05.0223 8028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:10:05.0228 8028 volmgr - ok 08:10:05.0238 8028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:10:05.0248 8028 volmgrx - ok 08:10:05.0258 8028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:10:05.0268 8028 volsnap - ok 08:10:05.0278 8028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 08:10:05.0285 8028 vsmraid - ok 08:10:05.0306 8028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 08:10:05.0374 8028 VSS - ok 08:10:05.0383 8028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 08:10:05.0392 8028 vwifibus - ok 08:10:05.0402 8028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 08:10:05.0435 8028 vwififlt - ok 08:10:05.0449 8028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 08:10:05.0476 8028 W32Time - ok 08:10:05.0485 8028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 08:10:05.0519 8028 WacomPen - ok 08:10:05.0527 8028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:10:05.0600 8028 WANARP - ok 08:10:05.0602 8028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:10:05.0659 8028 Wanarpv6 - ok 08:10:05.0678 8028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 08:10:05.0702 8028 WatAdminSvc - ok 08:10:05.0723 8028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 08:10:05.0752 8028 wbengine - ok 08:10:05.0762 8028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 08:10:05.0780 8028 WbioSrvc - ok 08:10:05.0792 8028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 08:10:05.0823 8028 wcncsvc - ok 08:10:05.0832 8028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 08:10:05.0841 8028 WcsPlugInService - ok 08:10:05.0848 8028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 08:10:05.0853 8028 Wd - ok 08:10:05.0867 8028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:10:05.0881 8028 Wdf01000 - ok 08:10:05.0889 8028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:10:05.0928 8028 WdiServiceHost - ok 08:10:05.0931 8028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:10:05.0983 8028 WdiSystemHost - ok 08:10:05.0994 8028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 08:10:06.0014 8028 WebClient - ok 08:10:06.0023 8028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 08:10:06.0064 8028 Wecsvc - ok 08:10:06.0072 8028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 08:10:06.0098 8028 wercplsupport - ok 08:10:06.0105 8028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 08:10:06.0157 8028 WerSvc - ok 08:10:06.0166 8028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:10:06.0192 8028 WfpLwf - ok 08:10:06.0200 8028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:10:06.0205 8028 WIMMount - ok 08:10:06.0208 8028 WinHttpAutoProxySvc - ok 08:10:06.0218 8028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 08:10:06.0243 8028 Winmgmt - ok 08:10:06.0275 8028 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 08:10:06.0430 8028 WinRM - ok 08:10:06.0449 8028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 08:10:06.0459 8028 WinUsb - ok 08:10:06.0479 8028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 08:10:06.0504 8028 Wlansvc - ok 08:10:06.0512 8028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 08:10:06.0521 8028 WmiAcpi - ok 08:10:06.0532 8028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 08:10:06.0541 8028 wmiApSrv - ok 08:10:06.0547 8028 WMPNetworkSvc - ok 08:10:06.0555 8028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 08:10:06.0566 8028 WPCSvc - ok 08:10:06.0575 8028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 08:10:06.0592 8028 WPDBusEnum - ok 08:10:06.0600 8028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:10:06.0627 8028 ws2ifsl - ok 08:10:06.0633 8028 WSearch - ok 08:10:06.0663 8028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 08:10:06.0713 8028 wuauserv - ok 08:10:06.0722 8028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:10:06.0745 8028 WudfPf - ok 08:10:06.0755 8028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:10:06.0780 8028 WUDFRd - ok 08:10:06.0788 8028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 08:10:06.0813 8028 wudfsvc - ok 08:10:06.0822 8028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 08:10:06.0839 8028 WwanSvc - ok 08:10:06.0845 8028 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0 08:10:06.0845 8028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 08:10:06.0845 8028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 08:10:06.0865 8028 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 08:10:06.0865 8028 \Device\Harddisk0\DR0 - detected TDSS File System (1) 08:10:06.0867 8028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 08:10:06.0917 8028 \Device\Harddisk1\DR1 - ok 08:10:06.0918 8028 Boot (0x1200) (54961eeb71546339d6b36d065b5e0769) \Device\Harddisk0\DR0\Partition0 08:10:06.0919 8028 \Device\Harddisk0\DR0\Partition0 - ok 08:10:06.0920 8028 Boot (0x1200) (b7015f65846113e84d8101b0c562973a) \Device\Harddisk1\DR1\Partition0 08:10:06.0921 8028 \Device\Harddisk1\DR1\Partition0 - ok 08:10:06.0921 8028 ============================================================ 08:10:06.0921 8028 Scan finished 08:10:06.0921 8028 ============================================================ 08:10:06.0926 7712 Detected object count: 2 08:10:06.0927 7712 Actual detected object count: 2 08:10:40.0739 7712 \Device\Harddisk0\DR0\# - copied to quarantine 08:10:40.0739 7712 \Device\Harddisk0\DR0 - copied to quarantine 08:10:40.0788 7712 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 08:10:40.0790 7712 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 08:10:40.0792 7712 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 08:10:40.0794 7712 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 08:10:40.0822 7712 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 08:10:40.0826 7712 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 08:10:40.0827 7712 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 08:10:40.0827 7712 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 08:10:40.0828 7712 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 08:10:40.0829 7712 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 08:10:40.0830 7712 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 08:10:40.0831 7712 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 08:10:40.0833 7712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 08:10:40.0833 7712 \Device\Harddisk0\DR0 - ok 08:10:40.0874 7712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 08:10:40.0875 7712 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 08:10:40.0875 7712 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 08:10:48.0044 5884 Deinitialize success Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.12.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zauper :: JEFF-DESKTOP [administrator] 4/12/2012 8:13:27 AM mbam-log-2012-04-12 (08-13-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209151 Time elapsed: 57 second(s) Memory Processes Detected: 2 C:\ProgramData\cpQeUCMUEXwA.exe (Backdoor.Agent.RCGen) -> 2408 -> Delete on reboot. C:\ProgramData\5hGr3Yb34RdAPS.exe (Backdoor.Agent.RCGen) -> 5292 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cpQeUCMUEXwA.exe (Backdoor.Agent.RCGen) -> Data: C:\ProgramData\cpQeUCMUEXwA.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\ProgramData\cpQeUCMUEXwA.exe (Backdoor.Agent.RCGen) -> Delete on reboot. C:\ProgramData\5hGr3Yb34RdAPS.exe (Backdoor.Agent.RCGen) -> Delete on reboot. C:\ProgramData\5RC36vXD.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\ProgramData\5RC36vXD.exe_ (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\hj8ol0.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\0.4149271762178596 (Exploit.Drop.9) -> Quarantined and deleted successfully. (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Zauper at 8:21:42 on 2012-04-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5834 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe C:\Program Files (x86)\Logmein\x64\RaMaint.exe C:\Program Files (x86)\Logmein\x64\LogMeIn.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Logmein\x64\LogMeInSystray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Steam\steam.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\explorer.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [CCProxy] C:\CCProxy\CCProxy.exe uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [utopia Angel] "C:\Utopia\Angel\Angel.exe" uRun: [Google Update] "C:\Users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" dRun: [VerCheck] "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" dRun: [update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\sgpeue.dll",DllRegisterServer dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex StartupFolder: C:\Users\Zauper\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0D9206FB-8156-45E3-AF6E-0D7CFB4016D1} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BC65B2B2-B3CA-4086-9859-163208BF2983} : DhcpNameServer = 192.168.1.1 71.252.0.12 SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun-x64: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Zauper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q= FF - user.js: extensions.funmoods_i.id - a4615e2600000000000054e6fc9aa47a FF - user.js: extensions.funmoods_i.instlDay - 15387 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:34:07 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe [2011-6-8 375176] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\Logmein\x64\rainfo.sys [2011-1-11 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 mcproxy;Pvservice;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-22 2358656] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-04-12 12:12:34 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-04-12 12:10:40 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-11 14:22:57 -------- d-----w- C:\Program Files\CCleaner 2012-04-11 04:11:46 -------- d-----we C:\Windows\system64 2012-04-10 08:32:10 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67AE8DC8-F468-41F6-B3FC-D895D4C38709}\mpengine.dll 2012-04-05 12:48:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-04-05 12:48:05 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-04-04 23:15:30 -------- d-----w- C:\Users\Zauper\AppData\Roaming\Malwarebytes 2012-04-04 23:15:25 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-04 23:15:24 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-04 23:15:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-03 19:41:18 101888 ----a-w- C:\Windows\System32\comprcfg64.dll 2012-03-30 23:41:49 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2012-03-30 23:41:48 -------- d-----w- C:\Program Files (x86)\Steam 2012-03-30 23:41:33 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll 2012-03-30 23:41:33 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll 2012-03-30 23:41:33 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll 2012-03-30 23:41:33 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll 2012-03-30 23:41:32 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll 2012-03-30 23:41:32 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll 2012-03-29 16:05:22 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-29 16:05:22 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-25 11:57:32 -------- d-----w- C:\Users\Zauper\.android 2012-03-25 03:49:48 -------- d-----w- C:\Program Files\SAMSUNG 2012-03-25 03:49:20 -------- d-----w- C:\ProgramData\Samsung 2012-03-20 21:05:07 -------- d-----w- C:\Users\Zauper\AppData\Roaming\OpenOffice.org 2012-03-20 21:04:41 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3 . ==================== Find3M ==================== . 2012-03-25 15:21:14 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2012-03-25 15:21:14 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll 2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-16 04:24:38 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2012-02-07 23:36:07 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2012-02-07 23:36:07 80768 ----a-w- C:\Windows\System32\LMIinit.dll 2012-02-07 23:36:07 34688 ----a-w- C:\Windows\System32\LMIport.dll 2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 8:21:57.14 ===============
  12. Hi, I'm continually scanning my computer, and finding the same trojan and removing it forcing a reboot), and it is there when I reboot back in. It is an svchost issue. My MBAM is up to date. I'm on Windows 7. I've also noticed that some google result searches are being redirected. Here is the delete log from MBAM: Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. DDS.txt Attach.txt Thanks in advance for all your help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.