Jump to content

Recommended Posts

Hello, Malwarebytes displays the following message when we try to open it. "Malwarebytes Anti-Malware has stopped working."

We are using Vista 64.

We are using Kaspersky Internet Security 2012.

We have run ComboFix with no results.

We have uninstalled Malwarebytes several times.

We are using version 1.60.0.1800 free.

Malwarebytes will update on re-install but not open.

It appears whatever has happened has also deleted all restore points.

Kaspersky does not start at start up. It does start manually.

Thank you for your time on this.

Here is my Hijackthis.log

Logfile of HijackThis v1.99.1

Scan saved at 6:25:59 PM, on 1/4/2012

Platform: Unknown Windows (WinNT 6.00.1906 SP2)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Streets & Trips 2010\StreetsOlkShim.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe

C:\Users\User\Downloads\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"

O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

O4 - HKLM\..\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)

O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc (file missing)

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT (file missing)

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: lxdu_device - Unknown owner - (no file)

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: SQL Server (XACTWARE) (MSSQL$XACTWARE) - Unknown owner - c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sXACTWARE (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: Intel® Sample Collector (SampleCollector) - Unknown owner - C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - (no file)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

hijackthis.log

Link to post
Share on other sites

  • Replies 95
  • Created
  • Last Reply

Top Posters In This Topic

Hello Yourshadow,

NOTE: HijackThis v1.99.1 is sorely outdated. De-install it from your system.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Please print out, read and follow the directions here, skipping any steps you are unable to complete.

Skip over the MBAM run steps. Get and do the DDS steps.

Next:

Create a new folder on your C drive, name it ARK ===> C:\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe & select Run as Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Please reply with the DDS logs in a reply here, with a copy also of Gmer.log

Link to post
Share on other sites

Thank you again for your assistance. Attached are the DDS.txt and Attach.txt files. The GMER program did not find anything, and did not generate a log. Please let me know what you think.

Moderator edit to place DDS log inline.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20

Run by User at 19:53:58 on 2012-01-04

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1779 [GMT -8:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\RtkAudioService.exe

C:\Windows\explorer.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\PSIService.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\Microsoft Streets & Trips 2010\StreetsOlkShim.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\splwow64.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"

mRun: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

mRun: [indexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [OneCareUI] "C:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exe"

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{12EB9E6D-307D-4B9E-A01D-693A74392C1D} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3AE47831-50C4-43BA-85E3-B03AF6C6AE1D} : DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{7803E9EC-A980-482A-A5F6-125B7D92FB24} : DhcpNameServer = 209.183.50.151 209.183.50.151

TCP: Interfaces\{92F0CCD1-432E-44BB-A607-07445C2F5D2A} : DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{C63D887A-FDB0-409F-ABAB-2F46D9821D49} : DhcpNameServer = 209.183.50.151 209.183.50.151

TCP: Interfaces\{FB3D1D0E-8006-4FA9-8875-DD13C9FAADED} : DhcpNameServer = 209.183.50.151 209.183.48.10

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

BHO-X64: link filter bho - No File

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [smartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"

mRun-x64: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"

mRun-x64: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

mRun-x64: [indexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [OneCareUI] "C:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66}

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wxq0x6sj.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru\components\ff4\abhelperxpcom4.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru\components\ff5\abhelperxpcom5.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru\components\ff6\abhelperxpcom6.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru\components\ff7\abhelperxpcom7.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru\components\ff4\kavlinkfilter4.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru\components\ff5\kavlinkfilter5.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru\components\ff6\kavlinkfilter6.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru\components\ff7\kavlinkfilter7.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru\components\ff4\ffvkplugin4.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru\components\ff5\ffvkplugin5.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru\components\ff6\ffvkplugin6.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru\components\ff7\ffvkplugin7.dll

FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru\components\ffvkplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Anti-Banner: KavAntiBanner@kaspersky.ru_bak2 - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru_bak2 - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2

FF - Ext: Avery Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-6-16 286736]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-27 517632]

R2 MSSQL$XACTWARE;SQL Server (XACTWARE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 regi;regi;C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-8-12 139808]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2010-3-19 104960]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-8-12 407392]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-6-20 415744]

R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]

R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]

R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 136176]

S2 lxdu_device;lxdu_device; [x]

S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2007-12-21 113176]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2007-12-21 125464]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 136176]

S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-1 167424]

S3 Ser2ph;Microsoft USB GPS driver;C:\Windows\system32\DRIVERS\ser2ph64.sys --> C:\Windows\system32\DRIVERS\ser2ph64.sys [?]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-8-29 103712]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-8-29 353568]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-8-29 62752]

S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);C:\Windows\system32\DRIVERS\swnc8u56.sys --> C:\Windows\system32\DRIVERS\swnc8u56.sys [?]

S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);C:\Windows\system32\DRIVERS\swumx56.sys --> C:\Windows\system32\DRIVERS\swumx56.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-8-29 337184]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-8-29 107808]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-3-9 1164656]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-12 89920]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-01-05 03:38:56 -------- d-----w- C:\ARK

2012-01-05 03:35:39 -------- dc-h--w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-01-05 03:35:39 -------- d-----w- C:\Program Files (x86)\Uniblue

2012-01-05 02:10:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-05 01:39:48 -------- d-sh--w- C:\$RECYCLE.BIN

2012-01-05 01:29:06 -------- d-----w- C:\Users\User\AppData\Local\temp

2012-01-05 01:04:16 -------- d-----w- C:\ComboFix

2012-01-04 19:00:22 -------- d-----w- C:\Users\User\AppData\Local\{F3A782E0-2A46-4A4D-BF19-E233EB16005C}

2012-01-04 18:59:57 -------- d-----w- C:\Users\User\AppData\Local\{A0979A56-5141-4D99-ABA2-A1C5C5E07B11}

2012-01-04 07:56:53 98816 ----a-w- C:\Windows\sed.exe

2012-01-04 07:56:53 518144 ----a-w- C:\Windows\SWREG.exe

2012-01-04 07:56:53 256000 ----a-w- C:\Windows\PEV.exe

2012-01-04 07:56:53 208896 ----a-w- C:\Windows\MBR.exe

2012-01-04 07:19:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-04 06:57:36 -------- d-----w- C:\Users\User\AppData\Local\{C5054ED7-A0E1-4119-A2A7-B8969D7AC942}

2012-01-04 06:57:12 -------- d-----w- C:\Users\User\AppData\Local\{6D873529-9642-4CB0-8046-63FD0DDDF6FA}

2012-01-03 18:04:48 -------- d-----w- C:\Users\User\AppData\Local\{FECEFADD-8B04-4712-A36C-99A82DB7FC72}

2012-01-03 18:04:14 -------- d-----w- C:\Users\User\AppData\Local\{196099F0-785E-4623-A522-304D05F965A9}

2012-01-03 06:03:44 -------- d-----w- C:\Users\User\AppData\Local\{009FB723-E4C0-4CC2-BA2E-8850EDEDAE39}

2012-01-03 06:03:04 -------- d-----w- C:\Users\User\AppData\Local\{AB29374A-ADCF-463A-B6DD-E3EA58F58BD8}

2012-01-02 18:02:39 -------- d-----w- C:\Users\User\AppData\Local\{B8818926-CB24-4936-B3C8-CF35800847AF}

2012-01-02 18:02:16 -------- d-----w- C:\Users\User\AppData\Local\{5CDBC0C7-C1B5-403B-9D13-0B63B7735E04}

2012-01-01 06:31:10 -------- d-----w- C:\Users\User\AppData\Local\{6C66ED7C-61CD-4524-8B15-80A998FEB328}

2011-12-31 18:30:32 -------- d-----w- C:\Users\User\AppData\Local\{612D54E3-5C80-470B-B009-802FE13945E1}

2011-12-31 18:29:54 -------- d-----w- C:\Users\User\AppData\Local\{6AAF1F09-18D1-485E-A478-17C39C211A0F}

2011-12-31 06:29:24 -------- d-----w- C:\Users\User\AppData\Local\{7F6B1F20-C03F-43B7-A009-D585492E3601}

2011-12-30 17:35:12 -------- d-----w- C:\Users\User\AppData\Local\{C0081AEC-E54C-41B6-9147-2305D6DD93C8}

2011-12-30 17:34:46 -------- d-----w- C:\Users\User\AppData\Local\{650B18E7-DD1E-4BA5-BF0B-2B9EA003D473}

2011-12-30 03:35:41 -------- d-----w- C:\Users\User\AppData\Local\{D184F3D0-1D2A-41B7-91B9-3626B709056B}

2011-12-29 15:35:04 -------- d-----w- C:\Users\User\AppData\Local\{1A9FFCE3-9AC7-4FBB-A38E-5DF3577C2B36}

2011-12-29 15:34:30 -------- d-----w- C:\Users\User\AppData\Local\{9C413899-1213-47C3-B18D-3C124BBCE7EA}

2011-12-29 03:33:36 -------- d-----w- C:\Users\User\AppData\Local\{2B54FF48-6505-4884-9B16-F7ED8110440B}

2011-12-29 03:33:20 -------- d-----w- C:\Users\User\AppData\Local\{2427E9E8-019C-4F72-9A6B-003B59810F65}

2011-12-28 15:33:07 -------- d-----w- C:\Users\User\AppData\Local\{C412D2CF-88CB-44FB-A3B9-D275CC262241}

2011-12-28 15:32:34 -------- d-----w- C:\Users\User\AppData\Local\{36A8FEE0-F803-48FC-9640-17782341C6D5}

2011-12-28 03:32:04 -------- d-----w- C:\Users\User\AppData\Local\{E4822571-23CB-4C7B-88DA-51202720F083}

2011-12-28 03:31:39 -------- d-----w- C:\Users\User\AppData\Local\{B5701A8D-28AD-4157-8BCD-4CB0AAABEDFD}

2011-12-27 15:31:25 -------- d-----w- C:\Users\User\AppData\Local\{50ACCD6E-2133-4EB7-AC27-09932F43749B}

2011-12-27 15:31:04 -------- d-----w- C:\Users\User\AppData\Local\{2651479A-5343-458C-A931-3C7AFF282B96}

2011-12-26 18:34:27 -------- d-----w- C:\Users\User\AppData\Local\{9D51719C-CAA0-41BD-8993-07B66E0B3A2B}

2011-12-26 18:33:52 -------- d-----w- C:\Users\User\AppData\Local\{73A00609-021D-4C45-9512-316A049BADB4}

2011-12-26 06:33:22 -------- d-----w- C:\Users\User\AppData\Local\{19CA5EA8-3251-4364-8200-FF3F5EA6DBCF}

2011-12-26 06:32:42 -------- d-----w- C:\Users\User\AppData\Local\{FFB78953-8A79-4367-92E4-07218241C1E5}

2011-12-25 18:32:27 -------- d-----w- C:\Users\User\AppData\Local\{F19457C0-45F3-4B79-8279-2D8A3A0F89AA}

2011-12-25 18:31:49 -------- d-----w- C:\Users\User\AppData\Local\{19642FE0-F765-4D1C-9723-8A0B09640FA8}

2011-12-24 18:02:12 -------- d-----w- C:\Users\User\AppData\Local\{8C40BA5C-CFFB-43A5-BAF6-41B815F9EF4E}

2011-12-24 18:01:43 -------- d-----w- C:\Users\User\AppData\Local\{16B3CE5B-9A2E-4150-ABEA-DBDC347DFA42}

2011-12-24 03:49:02 -------- d-----w- C:\Users\User\AppData\Local\{A9D41EB8-1224-4411-ABAB-288DA3A2C191}

2011-12-24 03:48:40 -------- d-----w- C:\Users\User\AppData\Local\{E561653F-E764-4EAD-B575-5377C9AEB06B}

2011-12-23 15:48:27 -------- d-----w- C:\Users\User\AppData\Local\{B1CD3DAF-5298-4835-ACAD-EE3CA5EFE4B5}

2011-12-23 15:48:06 -------- d-----w- C:\Users\User\AppData\Local\{76D568B6-F645-4ADF-8BF7-878B95AE0BBB}

2011-12-23 03:47:39 -------- d-----w- C:\Users\User\AppData\Local\{269B6CEA-8A14-49B1-B378-3DDA8C392059}

2011-12-23 03:47:17 -------- d-----w- C:\Users\User\AppData\Local\{97A1FAB5-CA67-4E12-9295-A474B03C8040}

2011-12-22 15:47:05 -------- d-----w- C:\Users\User\AppData\Local\{A45CD7D5-06D4-4C77-9BE3-E7E977AB4305}

2011-12-22 15:46:43 -------- d-----w- C:\Users\User\AppData\Local\{EE69D820-2B75-4531-B32E-D8E44FE43988}

2011-12-22 03:46:17 -------- d-----w- C:\Users\User\AppData\Local\{E27E521B-6C07-4D1C-9745-78E931DCA37C}

2011-12-22 03:45:55 -------- d-----w- C:\Users\User\AppData\Local\{72108C90-E44F-4D92-81E3-29951BB534A2}

2011-12-21 15:45:40 -------- d-----w- C:\Users\User\AppData\Local\{25724373-A5F7-4A2F-9818-CE14218BF4D0}

2011-12-21 15:45:18 -------- d-----w- C:\Users\User\AppData\Local\{1A7F5C10-D8A2-4099-AD9F-75B70863BC9B}

2011-12-21 15:36:20 -------- d-----w- C:\Users\User\AppData\Local\{496940FB-A787-4C9A-BD56-3494FA16FDEB}

2011-12-21 15:36:07 -------- d-----w- C:\Users\User\AppData\Local\{40705AF8-A089-4DAF-92F0-B1132ABA46C7}

2011-12-21 03:35:28 -------- d-----w- C:\Users\User\AppData\Local\{DDEA5B50-62C7-4502-83C3-825B5918FFCA}

2011-12-21 03:35:03 -------- d-----w- C:\Users\User\AppData\Local\{4754E746-F62F-48C6-AB89-641EBDD1A0C5}

2011-12-20 15:34:49 -------- d-----w- C:\Users\User\AppData\Local\{FA0CB9AD-54C0-4D9F-8C3A-FBF15764DC3C}

2011-12-20 15:34:25 -------- d-----w- C:\Users\User\AppData\Local\{AB197190-4C58-4AAC-84D3-E4B40EB7C5A5}

2011-12-19 20:33:55 -------- d-----w- C:\Users\User\AppData\Local\{10DAA8CB-93F4-48D3-807B-560DEF67EF62}

2011-12-19 20:33:33 -------- d-----w- C:\Users\User\AppData\Local\{5C531E14-0B41-43CE-8585-24D13F4AF5B1}

2011-12-19 08:33:05 -------- d-----w- C:\Users\User\AppData\Local\{8ADB22D2-B032-49A0-9A17-B261CF773F00}

2011-12-19 08:32:43 -------- d-----w- C:\Users\User\AppData\Local\{C76FD353-7415-4400-9C7B-1C777BBD2009}

2011-12-18 20:32:27 -------- d-----w- C:\Users\User\AppData\Local\{7684CCF4-3609-4882-9E41-B34D1246ED6B}

2011-12-18 20:32:06 -------- d-----w- C:\Users\User\AppData\Local\{307CFDB7-78F9-41DB-9B72-45971D0AC402}

2011-12-18 08:31:52 -------- d-----w- C:\Users\User\AppData\Local\{C2E4F1BE-1C37-4C90-89A7-95FD4DDAB7AD}

2011-12-18 08:31:31 -------- d-----w- C:\Users\User\AppData\Local\{C2F9D7B2-CAEE-481C-8E71-90730C23D7EA}

2011-12-17 20:31:14 -------- d-----w- C:\Users\User\AppData\Local\{2ABCB04B-B1DC-4BBF-BF74-6F5AE2F3ADF8}

2011-12-17 20:30:33 -------- d-----w- C:\Users\User\AppData\Local\{C38D8E05-85A7-41E5-967E-936754BD3C95}

2011-12-17 04:04:34 -------- d-----w- C:\Users\User\AppData\Local\{4BB3627A-02A5-42F6-AC43-E35BD3D02526}

2011-12-17 04:04:12 -------- d-----w- C:\Users\User\AppData\Local\{41506FF6-F0FD-4259-8EAD-55EF3C52F191}

2011-12-16 16:03:54 -------- d-----w- C:\Users\User\AppData\Local\{2A5B5FA3-21E1-4928-B204-5BAEE310A0C2}

2011-12-16 16:03:26 -------- d-----w- C:\Users\User\AppData\Local\{11B59483-1D75-410E-AECB-855E5B9401C0}

2011-12-15 16:02:10 -------- d-----w- C:\Users\User\AppData\Local\{5C07C712-A5D3-4A8E-B141-0E71A668843A}

2011-12-15 16:01:48 -------- d-----w- C:\Users\User\AppData\Local\{B6070591-4659-424A-8777-61E999FAA452}

2011-12-15 04:01:21 -------- d-----w- C:\Users\User\AppData\Local\{D403D06D-EC8A-4AFA-B10D-6270010F94E1}

2011-12-15 04:00:58 -------- d-----w- C:\Users\User\AppData\Local\{A120D8CB-8EE5-4F55-9CB5-E69FAD81F75E}

2011-12-14 17:18:59 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 17:18:59 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 17:18:58 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 17:18:58 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 17:18:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2011-12-14 17:18:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2011-12-14 16:00:31 -------- d-----w- C:\Users\User\AppData\Local\{9D03EDFC-36FA-41D3-AAD1-2AEDC6E00D84}

2011-12-14 16:00:16 85504 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 16:00:09 -------- d-----w- C:\Users\User\AppData\Local\{18F23B23-9A6B-4DF1-B8ED-E85C35B0BF4C}

2011-12-14 16:00:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 16:00:04 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-14 15:59:56 559616 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-14 15:59:56 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-14 15:59:56 2764800 ----a-w- C:\Windows\System32\win32k.sys

2011-12-14 15:59:55 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-12-14 15:59:55 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-12-14 03:59:37 -------- d-----w- C:\Users\User\AppData\Local\{8B590E63-A8E4-4996-BC19-6AAD31AB39C5}

2011-12-14 03:59:15 -------- d-----w- C:\Users\User\AppData\Local\{DADCA6D3-E6D3-4C61-8F5F-24CD83C1C8EB}

2011-12-13 15:59:02 -------- d-----w- C:\Users\User\AppData\Local\{5984B8E5-2E25-4DB6-9193-2777C1C5E1FE}

2011-12-13 15:58:40 -------- d-----w- C:\Users\User\AppData\Local\{A93109D7-C43A-4E81-B6C0-EEAD96573F5A}

2011-12-13 03:57:55 -------- d-----w- C:\Users\User\AppData\Local\{756F7308-8972-4B8A-9CCB-725D2C8AC2D6}

2011-12-13 03:57:32 -------- d-----w- C:\Users\User\AppData\Local\{54A94BF7-697B-4C50-8560-E2AFDBA9763B}

2011-12-12 15:57:17 -------- d-----w- C:\Users\User\AppData\Local\{F93C687E-C13A-4625-A977-A15E3F4D0C05}

2011-12-12 15:56:55 -------- d-----w- C:\Users\User\AppData\Local\{3EA2575E-6BAB-46B6-B8FD-8CF3775BAC8F}

2011-12-11 20:01:35 -------- d-----w- C:\Users\User\AppData\Local\{DF094964-56D2-4BA3-AC05-A4A8D04FC1DD}

2011-12-11 20:01:21 -------- d-----w- C:\Users\User\AppData\Local\{E5FEA576-37BD-4340-A221-9B1FD0246C0F}

2011-12-10 21:09:19 -------- d-----w- C:\Users\User\AppData\Local\{A90F1AA8-06C2-46DC-8697-39A9186DDEAE}

2011-12-10 21:08:33 -------- d-----w- C:\Users\User\AppData\Local\{98DE2F3C-419B-4C56-881D-A6C137654D74}

2011-12-10 02:06:13 -------- d-----w- C:\Users\User\AppData\Local\{AA0AB82A-E50C-4ECF-9B14-7297B8DEAA33}

2011-12-10 02:05:40 -------- d-----w- C:\Users\User\AppData\Local\{F21D610D-DDDF-4552-B9C9-4BA8E1F517BD}

2011-12-09 14:05:17 -------- d-----w- C:\Users\User\AppData\Local\{E5B10303-FE1B-429F-BF33-ABF15638F15C}

2011-12-09 14:05:02 -------- d-----w- C:\Users\User\AppData\Local\{02425374-EEB2-4E96-9DAF-AB00980FF9D1}

2011-12-08 15:55:32 -------- d-----w- C:\Users\User\AppData\Local\{FA67593F-8F4C-4902-B576-51E2E020DFF1}

2011-12-08 15:54:59 -------- d-----w- C:\Users\User\AppData\Local\{779225E2-4A4E-4754-B530-099A0A2CCC8F}

2011-12-08 03:54:33 -------- d-----w- C:\Users\User\AppData\Local\{B5019F51-0E45-4C35-9CBB-FBCEDAD1044F}

2011-12-08 03:53:59 -------- d-----w- C:\Users\User\AppData\Local\{B7A96ABA-CE23-4CB3-9E03-FC3B69EAD44C}

2011-12-07 15:53:36 -------- d-----w- C:\Users\User\AppData\Local\{6F7B273F-36D6-4CD0-9C2C-39AA1D36988F}

2011-12-07 15:53:01 -------- d-----w- C:\Users\User\AppData\Local\{6AD7EAEF-F6E1-4C64-8313-736C5F59BDED}

2011-12-07 03:52:31 -------- d-----w- C:\Users\User\AppData\Local\{F7A235FF-E4EE-4AD0-8A01-70C1DF3B236E}

2011-12-06 15:51:35 -------- d-----w- C:\Users\User\AppData\Local\{4DACBE29-7006-425E-9263-781AEDCC5D59}

2011-12-06 15:51:02 -------- d-----w- C:\Users\User\AppData\Local\{3B53D31E-2C80-4870-B60E-ED5F36BCDA69}

.

==================== Find3M ====================

.

2011-11-11 12:06:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 19:54:53.88 ===============

Attach.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Your system shows signs of a serious infection. Thus the infection led to such that it cannot (now) run MBAM. The bugger (infection) is prevent such.

We can likely cure that if you follow my directions carefully.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member Yourshadow only. If you are a casual viewer, do NOT try this on your system!

If you are not Youshadow and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

Never run Combofix on your own without expert guided help. You could render your system into an un-usable state if you do.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, do that right then. Press Reboot Now.
    The report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt
    ". Please copy and paste the contents of that file here.

Reply with copies of the aswMBR log and the TDSSKiller log.

Do not do any websurfing or online games, or anything online until we have all this cured. I'll advise when.

We have a lot more after this.

Edited by Maurice Naggar
Link to post
Share on other sites

Thanks again Maurice:

I followed the instructions and attached are the results. The TDSKiller did not find anything on the "C" drive. I await your further instruction, thanks again.

Moderator edit to place logs In-line

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-05 16:06:28

-----------------------------

16:06:28.790 OS Version: Windows x64 6.0.6002 Service Pack 2

16:06:28.790 Number of processors: 2 586 0xF0D

16:06:28.790 ComputerName: RICKS-LAPTOP UserName: User

16:06:30.491 Initialize success

16:07:11.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:07:11.494 Disk 0 Vendor: FUJITSU_ 0041 Size: 238475MB BusType: 3

16:07:11.510 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000078

16:07:11.510 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0

16:07:11.510 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000079

16:07:11.510 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0

16:07:11.557 Disk 0 MBR read successfully

16:07:11.557 Disk 0 MBR scan

16:07:11.557 Disk 0 Windows VISTA default MBR code

16:07:11.604 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10348 MB offset 2048

16:07:11.604 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228125 MB offset 21194752

16:07:11.619 Service scanning

16:07:12.914 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5

16:07:12.930 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5

16:07:13.429 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5

16:07:13.429 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5

16:07:14.162 Modules scanning

16:07:14.162 Disk 0 trace - called modules:

16:07:14.209 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll

16:07:14.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071c0790]

16:07:14.209 3 CLASSPNP.SYS[fffffa6001bacc33] -> nt!IofCallDriver -> [0xfffffa8004bb7e40]

16:07:14.224 5 acpi.sys[fffffa60008c3fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bf5050]

16:07:14.224 Scan finished successfully

16:08:05.626 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\aswMBR\MBR.dat"

16:08:05.626 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR\aswMBR.txt"

TDSSKiller log

16:09:17.0690 6588 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

16:09:17.0721 6588 ============================================================

16:09:17.0721 6588 Current date / time: 2012/01/05 16:09:17.0721

16:09:17.0721 6588 SystemInfo:

16:09:17.0721 6588

16:09:17.0721 6588 OS Version: 6.0.6002 ServicePack: 2.0

16:09:17.0721 6588 Product type: Workstation

16:09:17.0721 6588 ComputerName: RICKS-LAPTOP

16:09:17.0721 6588 UserName: User

16:09:17.0721 6588 Windows directory: C:\Windows

16:09:17.0721 6588 System windows directory: C:\Windows

16:09:17.0721 6588 Running under WOW64

16:09:17.0721 6588 Processor architecture: Intel x64

16:09:17.0721 6588 Number of processors: 2

16:09:17.0721 6588 Page size: 0x1000

16:09:17.0721 6588 Boot type: Normal boot

16:09:17.0721 6588 ============================================================

16:09:18.0361 6588 Initialize success

16:09:20.0513 7764 ============================================================

16:09:20.0513 7764 Scan started

16:09:20.0513 7764 Mode: Manual;

16:09:20.0513 7764 ============================================================

16:09:21.0184 7764 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys

16:09:21.0184 7764 61883 - ok

16:09:21.0278 7764 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

16:09:21.0293 7764 ACPI - ok

16:09:21.0434 7764 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

16:09:21.0434 7764 adp94xx - ok

16:09:21.0605 7764 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

16:09:21.0637 7764 adpahci - ok

16:09:21.0699 7764 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

16:09:21.0715 7764 adpu160m - ok

16:09:21.0761 7764 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

16:09:21.0761 7764 adpu320 - ok

16:09:21.0980 7764 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

16:09:21.0995 7764 AFD - ok

16:09:22.0120 7764 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

16:09:22.0120 7764 agp440 - ok

16:09:22.0245 7764 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

16:09:22.0261 7764 aic78xx - ok

16:09:22.0385 7764 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

16:09:22.0385 7764 aliide - ok

16:09:22.0526 7764 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

16:09:22.0541 7764 amdide - ok

16:09:22.0651 7764 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

16:09:22.0651 7764 AmdK8 - ok

16:09:22.0760 7764 ApfiltrService (22fecb5b3de1eb8b1b2761338922f681) C:\Windows\system32\DRIVERS\Apfiltr.sys

16:09:22.0760 7764 ApfiltrService - ok

16:09:22.0916 7764 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

16:09:22.0916 7764 arc - ok

16:09:23.0056 7764 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

16:09:23.0072 7764 arcsas - ok

16:09:23.0181 7764 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

16:09:23.0181 7764 ArcSoftKsUFilter - ok

16:09:23.0290 7764 ASPI32 - ok

16:09:23.0337 7764 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

16:09:23.0337 7764 AsyncMac - ok

16:09:23.0477 7764 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

16:09:23.0477 7764 atapi - ok

16:09:23.0789 7764 atikmdag (f3631ca5f0309ee4f941ea1e37e5ca60) C:\Windows\system32\DRIVERS\atikmdag.sys

16:09:23.0930 7764 atikmdag - ok

16:09:24.0055 7764 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys

16:09:24.0055 7764 Avc - ok

16:09:24.0179 7764 Beep - ok

16:09:24.0304 7764 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

16:09:24.0320 7764 blbdrive - ok

16:09:24.0429 7764 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

16:09:24.0429 7764 bowser - ok

16:09:24.0569 7764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

16:09:24.0569 7764 BrFiltLo - ok

16:09:24.0679 7764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

16:09:24.0679 7764 BrFiltUp - ok

16:09:24.0819 7764 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\DRIVERS\BrSerId.sys

16:09:24.0819 7764 Brserid - ok

16:09:24.0959 7764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

16:09:24.0959 7764 BrSerWdm - ok

16:09:25.0115 7764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

16:09:25.0131 7764 BrUsbMdm - ok

16:09:25.0240 7764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys

16:09:25.0256 7764 BrUsbSer - ok

16:09:25.0349 7764 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys

16:09:25.0349 7764 BthEnum - ok

16:09:25.0474 7764 BTHMODEM (72f70a38bb15252eb7c4da7ba3bd4ed1) C:\Windows\system32\DRIVERS\bthmodem.sys

16:09:25.0474 7764 BTHMODEM - ok

16:09:25.0599 7764 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys

16:09:25.0599 7764 BthPan - ok

16:09:25.0739 7764 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys

16:09:25.0786 7764 BTHPORT - ok

16:09:25.0911 7764 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys

16:09:25.0911 7764 BTHUSB - ok

16:09:26.0036 7764 btwaudio (243661bc849eb1a7ad141680ae62886a) C:\Windows\system32\drivers\btwaudio.sys

16:09:26.0036 7764 btwaudio - ok

16:09:26.0161 7764 btwavdt (89c6567ebd92bbd2961c634604d6670f) C:\Windows\system32\drivers\btwavdt.sys

16:09:26.0161 7764 btwavdt - ok

16:09:26.0285 7764 btwl2cap (09baf40735007bde7dd95830afcefd26) C:\Windows\system32\DRIVERS\btwl2cap.sys

16:09:26.0285 7764 btwl2cap - ok

16:09:26.0410 7764 btwrchid (2bbf56e2114fabf63c3d00828fc3c86c) C:\Windows\system32\DRIVERS\btwrchid.sys

16:09:26.0410 7764 btwrchid - ok

16:09:26.0457 7764 catchme - ok

16:09:26.0613 7764 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

16:09:26.0629 7764 CAXHWAZL - ok

16:09:26.0722 7764 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

16:09:26.0722 7764 cdfs - ok

16:09:26.0847 7764 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

16:09:26.0847 7764 cdrom - ok

16:09:26.0956 7764 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

16:09:26.0956 7764 circlass - ok

16:09:27.0159 7764 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

16:09:27.0190 7764 CLFS - ok

16:09:27.0331 7764 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

16:09:27.0331 7764 CmBatt - ok

16:09:27.0549 7764 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

16:09:27.0549 7764 cmdide - ok

16:09:27.0814 7764 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

16:09:27.0814 7764 Compbatt - ok

16:09:27.0970 7764 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

16:09:27.0970 7764 crcdisk - ok

16:09:28.0220 7764 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

16:09:28.0235 7764 CVirtA - ok

16:09:28.0329 7764 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys

16:09:28.0329 7764 CVPNDRVA - ok

16:09:28.0423 7764 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

16:09:28.0438 7764 DfsC - ok

16:09:28.0563 7764 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

16:09:28.0563 7764 disk - ok

16:09:28.0641 7764 DMICall - ok

16:09:28.0735 7764 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

16:09:28.0735 7764 DNE - ok

16:09:28.0859 7764 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

16:09:28.0891 7764 drmkaud - ok

16:09:29.0015 7764 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

16:09:29.0047 7764 DXGKrnl - ok

16:09:29.0125 7764 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

16:09:29.0125 7764 E1G60 - ok

16:09:29.0218 7764 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

16:09:29.0218 7764 Ecache - ok

16:09:29.0312 7764 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

16:09:29.0327 7764 elxstor - ok

16:09:29.0437 7764 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

16:09:29.0437 7764 ErrDev - ok

16:09:29.0546 7764 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

16:09:29.0561 7764 exfat - ok

16:09:29.0639 7764 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

16:09:29.0655 7764 fastfat - ok

16:09:29.0749 7764 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

16:09:29.0749 7764 fdc - ok

16:09:29.0795 7764 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

16:09:29.0811 7764 FileInfo - ok

16:09:29.0858 7764 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

16:09:29.0858 7764 Filetrace - ok

16:09:29.0951 7764 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

16:09:29.0951 7764 flpydisk - ok

16:09:30.0061 7764 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

16:09:30.0076 7764 FltMgr - ok

16:09:30.0201 7764 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

16:09:30.0201 7764 Fs_Rec - ok

16:09:30.0279 7764 FTDIBUS (82d4bd620f7e27ea268ea0e2f701a7ae) C:\Windows\system32\drivers\ftdibus.sys

16:09:30.0295 7764 FTDIBUS - ok

16:09:30.0388 7764 FTSER2K (1fa21ff2d7b50b528d8b73db34ad06bc) C:\Windows\system32\drivers\ftser2k.sys

16:09:30.0404 7764 FTSER2K - ok

16:09:30.0451 7764 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

16:09:30.0451 7764 gagp30kx - ok

16:09:30.0575 7764 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:09:30.0575 7764 GEARAspiWDM - ok

16:09:30.0685 7764 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys

16:09:30.0685 7764 grmnusb - ok

16:09:30.0794 7764 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

16:09:30.0794 7764 HdAudAddService - ok

16:09:30.0887 7764 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:09:30.0903 7764 HDAudBus - ok

16:09:31.0012 7764 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

16:09:31.0012 7764 HidBth - ok

16:09:31.0059 7764 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

16:09:31.0075 7764 HidIr - ok

16:09:31.0168 7764 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

16:09:31.0168 7764 HidUsb - ok

16:09:31.0231 7764 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

16:09:31.0246 7764 HpCISSs - ok

16:09:31.0340 7764 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

16:09:31.0340 7764 HSFHWAZL - ok

16:09:31.0449 7764 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys

16:09:31.0496 7764 HSF_DPV - ok

16:09:31.0636 7764 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

16:09:31.0652 7764 HTTP - ok

16:09:31.0714 7764 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

16:09:31.0745 7764 i2omp - ok

16:09:31.0823 7764 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

16:09:31.0823 7764 i8042prt - ok

16:09:31.0886 7764 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys

16:09:31.0886 7764 iaStor - ok

16:09:32.0011 7764 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

16:09:32.0057 7764 iaStorV - ok

16:09:32.0479 7764 igfx (51d1fc6b0d4c3855a75d167da9d87bba) C:\Windows\system32\DRIVERS\igdkmd64.sys

16:09:32.0681 7764 igfx - ok

16:09:32.0775 7764 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

16:09:32.0775 7764 iirsp - ok

16:09:32.0915 7764 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys

16:09:32.0962 7764 IntcAzAudAddService - ok

16:09:33.0071 7764 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys

16:09:33.0087 7764 IntcHdmiAddService - ok

16:09:33.0118 7764 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

16:09:33.0134 7764 intelide - ok

16:09:33.0259 7764 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

16:09:33.0290 7764 intelppm - ok

16:09:33.0337 7764 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:09:33.0337 7764 IpFilterDriver - ok

16:09:33.0415 7764 IpInIp - ok

16:09:33.0461 7764 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

16:09:33.0493 7764 IPMIDRV - ok

16:09:33.0555 7764 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

16:09:33.0571 7764 IPNAT - ok

16:09:33.0711 7764 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

16:09:33.0711 7764 IRENUM - ok

16:09:33.0789 7764 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

16:09:33.0789 7764 isapnp - ok

16:09:33.0851 7764 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

16:09:33.0867 7764 iScsiPrt - ok

16:09:33.0961 7764 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

16:09:33.0961 7764 iteatapi - ok

16:09:34.0007 7764 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

16:09:34.0007 7764 iteraid - ok

16:09:34.0117 7764 KAPFA - ok

16:09:34.0163 7764 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

16:09:34.0163 7764 kbdclass - ok

16:09:34.0226 7764 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

16:09:34.0257 7764 kbdhid - ok

16:09:34.0366 7764 kl1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys

16:09:34.0397 7764 kl1 - ok

16:09:34.0491 7764 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys

16:09:34.0491 7764 kl2 - ok

16:09:34.0616 7764 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys

16:09:34.0631 7764 KLIF - ok

16:09:34.0725 7764 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys

16:09:34.0725 7764 KLIM6 - ok

16:09:34.0850 7764 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys

16:09:34.0850 7764 klmouflt - ok

16:09:34.0943 7764 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

16:09:34.0959 7764 KSecDD - ok

16:09:35.0084 7764 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

16:09:35.0084 7764 ksthunk - ok

16:09:35.0131 7764 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

16:09:35.0131 7764 lltdio - ok

16:09:35.0177 7764 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

16:09:35.0177 7764 LSI_FC - ok

16:09:35.0271 7764 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

16:09:35.0271 7764 LSI_SAS - ok

16:09:35.0333 7764 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

16:09:35.0333 7764 LSI_SCSI - ok

16:09:35.0458 7764 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

16:09:35.0458 7764 luafv - ok

16:09:35.0567 7764 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

16:09:35.0567 7764 mdmxsdk - ok

16:09:35.0692 7764 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

16:09:35.0692 7764 megasas - ok

16:09:35.0770 7764 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

16:09:35.0786 7764 MegaSR - ok

16:09:35.0879 7764 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

16:09:35.0879 7764 Modem - ok

16:09:35.0911 7764 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

16:09:35.0911 7764 monitor - ok

16:09:36.0004 7764 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

16:09:36.0004 7764 mouclass - ok

16:09:36.0067 7764 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

16:09:36.0082 7764 mouhid - ok

16:09:36.0160 7764 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

16:09:36.0160 7764 MountMgr - ok

16:09:36.0285 7764 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

16:09:36.0285 7764 mpio - ok

16:09:36.0332 7764 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

16:09:36.0347 7764 mpsdrv - ok

16:09:36.0410 7764 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

16:09:36.0410 7764 Mraid35x - ok

16:09:36.0503 7764 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

16:09:36.0519 7764 MREMP50 - ok

16:09:36.0581 7764 MREMP50a64 - ok

16:09:36.0597 7764 MREMPR5 - ok

16:09:36.0597 7764 MRENDIS5 - ok

16:09:36.0675 7764 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

16:09:36.0675 7764 MRESP50 - ok

16:09:36.0706 7764 MRESP50a64 - ok

16:09:36.0862 7764 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

16:09:36.0862 7764 MRxDAV - ok

16:09:36.0940 7764 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:09:36.0940 7764 mrxsmb - ok

16:09:37.0049 7764 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:09:37.0081 7764 mrxsmb10 - ok

16:09:37.0221 7764 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:09:37.0221 7764 mrxsmb20 - ok

16:09:37.0315 7764 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

16:09:37.0315 7764 msahci - ok

16:09:37.0439 7764 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

16:09:37.0455 7764 msdsm - ok

16:09:37.0595 7764 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys

16:09:37.0595 7764 MSDV - ok

16:09:37.0673 7764 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

16:09:37.0673 7764 Msfs - ok

16:09:37.0783 7764 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

16:09:37.0798 7764 msisadrv - ok

16:09:37.0845 7764 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

16:09:37.0861 7764 MSKSSRV - ok

16:09:37.0923 7764 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

16:09:37.0923 7764 MSPCLOCK - ok

16:09:38.0017 7764 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

16:09:38.0017 7764 MSPQM - ok

16:09:38.0095 7764 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

16:09:38.0095 7764 MsRPC - ok

16:09:38.0173 7764 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

16:09:38.0173 7764 mssmbios - ok

16:09:38.0313 7764 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

16:09:38.0313 7764 MSTEE - ok

16:09:38.0375 7764 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

16:09:38.0391 7764 Mup - ok

16:09:38.0485 7764 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

16:09:38.0485 7764 NativeWifiP - ok

16:09:38.0625 7764 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

16:09:38.0656 7764 NDIS - ok

16:09:38.0703 7764 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

16:09:38.0703 7764 NdisTapi - ok

16:09:38.0734 7764 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

16:09:38.0734 7764 Ndisuio - ok

16:09:38.0859 7764 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

16:09:38.0859 7764 NdisWan - ok

16:09:38.0921 7764 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

16:09:38.0937 7764 NDProxy - ok

16:09:38.0999 7764 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys

16:09:38.0999 7764 Netaapl - ok

16:09:39.0077 7764 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

16:09:39.0077 7764 NetBIOS - ok

16:09:39.0187 7764 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

16:09:39.0187 7764 netbt - ok

16:09:39.0483 7764 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys

16:09:39.0592 7764 NETw5v64 - ok

16:09:39.0701 7764 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

16:09:39.0717 7764 nfrd960 - ok

16:09:39.0764 7764 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

16:09:39.0764 7764 Npfs - ok

16:09:39.0779 7764 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

16:09:39.0779 7764 nsiproxy - ok

16:09:39.0889 7764 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

16:09:39.0935 7764 Ntfs - ok

16:09:40.0045 7764 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

16:09:40.0045 7764 Null - ok

16:09:40.0091 7764 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

16:09:40.0091 7764 nvraid - ok

16:09:40.0169 7764 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

16:09:40.0169 7764 nvstor - ok

16:09:40.0294 7764 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

16:09:40.0310 7764 nv_agp - ok

16:09:40.0341 7764 NwlnkFlt - ok

16:09:40.0403 7764 NwlnkFwd - ok

16:09:40.0528 7764 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

16:09:40.0528 7764 ohci1394 - ok

16:09:40.0653 7764 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

16:09:40.0653 7764 Parport - ok

16:09:40.0762 7764 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

16:09:40.0762 7764 partmgr - ok

16:09:40.0871 7764 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

16:09:40.0871 7764 pci - ok

16:09:40.0918 7764 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

16:09:40.0934 7764 pciide - ok

16:09:40.0996 7764 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

16:09:40.0996 7764 pcmcia - ok

16:09:41.0059 7764 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

16:09:41.0059 7764 pcouffin - ok

16:09:41.0121 7764 PCTINDIS5X64 (d0b8d8bee62da6dda0019bc266838f48) C:\Windows\system32\PCTINDIS5X64.SYS

16:09:41.0137 7764 PCTINDIS5X64 - ok

16:09:41.0230 7764 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

16:09:41.0246 7764 PEAUTH - ok

16:09:41.0449 7764 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

16:09:41.0480 7764 PptpMiniport - ok

16:09:41.0573 7764 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

16:09:41.0573 7764 Processor - ok

16:09:41.0745 7764 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

16:09:41.0761 7764 PSched - ok

16:09:41.0885 7764 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys

16:09:41.0885 7764 PxHlpa64 - ok

16:09:42.0041 7764 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

16:09:42.0088 7764 ql2300 - ok

16:09:42.0229 7764 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

16:09:42.0229 7764 ql40xx - ok

16:09:42.0369 7764 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

16:09:42.0369 7764 QWAVEdrv - ok

16:09:42.0494 7764 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

16:09:42.0494 7764 RasAcd - ok

16:09:42.0634 7764 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:09:42.0650 7764 Rasl2tp - ok

16:09:42.0759 7764 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

16:09:42.0759 7764 RasPppoe - ok

16:09:42.0899 7764 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

16:09:42.0899 7764 RasSstp - ok

16:09:43.0040 7764 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

16:09:43.0055 7764 rdbss - ok

16:09:43.0165 7764 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:09:43.0165 7764 RDPCDD - ok

16:09:43.0352 7764 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

16:09:43.0445 7764 rdpdr - ok

16:09:43.0570 7764 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

16:09:43.0570 7764 RDPENCDD - ok

16:09:43.0726 7764 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

16:09:43.0742 7764 RDPWD - ok

16:09:43.0820 7764 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

16:09:43.0820 7764 regi - ok

16:09:43.0913 7764 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys

16:09:43.0929 7764 RFCOMM - ok

16:09:43.0976 7764 rimsptsk (d345ae15fa0ad4bd8d647c5509714858) C:\Windows\system32\DRIVERS\rimssn64.sys

16:09:43.0976 7764 rimsptsk - ok

16:09:44.0054 7764 risdptsk (c45cd294458fed92e9cc1c68768e9356) C:\Windows\system32\DRIVERS\risdsn64.sys

16:09:44.0054 7764 risdptsk - ok

16:09:44.0163 7764 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

16:09:44.0163 7764 rspndr - ok

16:09:44.0319 7764 RTHDMIAzAudService (bff15b0d6b0567c88306b66dac264c41) C:\Windows\system32\drivers\RtHDMIVX.sys

16:09:44.0319 7764 RTHDMIAzAudService - ok

16:09:44.0381 7764 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

16:09:44.0381 7764 sbp2port - ok

16:09:44.0491 7764 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys

16:09:44.0506 7764 SCDEmu - ok

16:09:44.0600 7764 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

16:09:44.0600 7764 sdbus - ok

16:09:44.0740 7764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:09:44.0740 7764 secdrv - ok

16:09:44.0849 7764 Ser2ph (de3135e7ed559fc1c1b92aa7ba52ccdb) C:\Windows\system32\DRIVERS\ser2ph64.sys

16:09:44.0865 7764 Ser2ph - ok

16:09:44.0959 7764 Ser2pl (749502a6c51116a6229cf7536181907f) C:\Windows\system32\DRIVERS\ser2pl64.sys

16:09:44.0974 7764 Ser2pl - ok

16:09:45.0083 7764 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys

16:09:45.0083 7764 Serenum - ok

16:09:45.0146 7764 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

16:09:45.0146 7764 Serial - ok

16:09:45.0193 7764 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

16:09:45.0193 7764 sermouse - ok

16:09:45.0317 7764 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys

16:09:45.0317 7764 SFEP - ok

16:09:45.0442 7764 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

16:09:45.0442 7764 sffdisk - ok

16:09:45.0551 7764 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

16:09:45.0551 7764 sffp_mmc - ok

16:09:45.0614 7764 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

16:09:45.0645 7764 sffp_sd - ok

16:09:45.0707 7764 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys

16:09:45.0723 7764 sfloppy - ok

16:09:45.0895 7764 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

16:09:45.0895 7764 SiSRaid2 - ok

16:09:45.0973 7764 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

16:09:45.0973 7764 SiSRaid4 - ok

16:09:46.0066 7764 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

16:09:46.0066 7764 Smb - ok

16:09:46.0238 7764 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

16:09:46.0253 7764 spldr - ok

16:09:46.0378 7764 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

16:09:46.0394 7764 srv - ok

16:09:46.0503 7764 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

16:09:46.0503 7764 srv2 - ok

16:09:46.0643 7764 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

16:09:46.0643 7764 srvnet - ok

16:09:46.0753 7764 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

16:09:46.0753 7764 StillCam - ok

16:09:46.0846 7764 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

16:09:46.0846 7764 swenum - ok

16:09:46.0909 7764 swmsflt (1c4ebd3e6cce53586d58473524d54e50) C:\Windows\System32\drivers\swmsflt.sys

16:09:46.0909 7764 swmsflt - ok

16:09:47.0049 7764 SWNC8U56 (c2ad3936249199c9d8187dcdea17ac25) C:\Windows\system32\DRIVERS\swnc8u56.sys

16:09:47.0049 7764 SWNC8U56 - ok

16:09:47.0174 7764 SWUMX56 (cc97ec73094cf0f47cd89aafba6d26f1) C:\Windows\system32\DRIVERS\swumx56.sys

16:09:47.0174 7764 SWUMX56 - ok

16:09:47.0252 7764 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

16:09:47.0252 7764 Symc8xx - ok

16:09:47.0361 7764 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

16:09:47.0361 7764 Sym_hi - ok

16:09:47.0423 7764 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

16:09:47.0455 7764 Sym_u3 - ok

16:09:47.0626 7764 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys

16:09:47.0657 7764 Tcpip - ok

16:09:47.0798 7764 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys

16:09:47.0813 7764 Tcpip6 - ok

16:09:47.0891 7764 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

16:09:47.0891 7764 tcpipreg - ok

16:09:47.0969 7764 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

16:09:47.0969 7764 TDPIPE - ok

16:09:48.0094 7764 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

16:09:48.0094 7764 TDTCP - ok

16:09:48.0172 7764 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

16:09:48.0172 7764 tdx - ok

16:09:48.0266 7764 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

16:09:48.0266 7764 TermDD - ok

16:09:48.0437 7764 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:09:48.0453 7764 tssecsrv - ok

16:09:48.0515 7764 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

16:09:48.0515 7764 tunmp - ok

16:09:48.0578 7764 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

16:09:48.0578 7764 tunnel - ok

16:09:48.0718 7764 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

16:09:48.0718 7764 uagp35 - ok

16:09:48.0827 7764 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

16:09:48.0827 7764 udfs - ok

16:09:48.0921 7764 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

16:09:48.0921 7764 uliagpkx - ok

16:09:49.0015 7764 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

16:09:49.0030 7764 uliahci - ok

16:09:49.0108 7764 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

16:09:49.0108 7764 UlSata - ok

16:09:49.0233 7764 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

16:09:49.0233 7764 ulsata2 - ok

16:09:49.0358 7764 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

16:09:49.0373 7764 umbus - ok

16:09:49.0498 7764 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

16:09:49.0498 7764 USBAAPL64 - ok

16:09:49.0592 7764 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

16:09:49.0592 7764 usbaudio - ok

16:09:49.0732 7764 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

16:09:49.0732 7764 usbccgp - ok

16:09:49.0795 7764 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

16:09:49.0795 7764 usbcir - ok

16:09:49.0857 7764 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

16:09:49.0873 7764 usbehci - ok

16:09:49.0982 7764 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

16:09:49.0982 7764 usbhub - ok

16:09:50.0107 7764 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

16:09:50.0107 7764 usbohci - ok

16:09:50.0185 7764 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

16:09:50.0185 7764 usbprint - ok

16:09:50.0294 7764 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

16:09:50.0309 7764 usbscan - ok

16:09:50.0434 7764 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:09:50.0434 7764 USBSTOR - ok

16:09:50.0543 7764 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

16:09:50.0543 7764 usbuhci - ok

16:09:50.0637 7764 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

16:09:50.0653 7764 usbvideo - ok

16:09:50.0746 7764 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys

16:09:50.0746 7764 usb_rndisx - ok

16:09:50.0887 7764 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

16:09:50.0902 7764 vga - ok

16:09:50.0996 7764 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

16:09:50.0996 7764 VgaSave - ok

16:09:51.0058 7764 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

16:09:51.0058 7764 viaide - ok

16:09:51.0121 7764 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

16:09:51.0136 7764 volmgr - ok

16:09:51.0230 7764 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

16:09:51.0230 7764 volmgrx - ok

16:09:51.0355 7764 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

16:09:51.0355 7764 volsnap - ok

16:09:51.0479 7764 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

16:09:51.0479 7764 vsmraid - ok

16:09:51.0589 7764 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

16:09:51.0604 7764 WacomPen - ok

16:09:51.0698 7764 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

16:09:51.0698 7764 Wanarp - ok

16:09:51.0713 7764 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

16:09:51.0713 7764 Wanarpv6 - ok

16:09:51.0807 7764 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

16:09:51.0807 7764 Wd - ok

16:09:51.0854 7764 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

16:09:51.0854 7764 WDC_SAM - ok

16:09:52.0010 7764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:09:52.0025 7764 Wdf01000 - ok

16:09:52.0181 7764 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

16:09:52.0197 7764 WimFltr - ok

16:09:52.0259 7764 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

16:09:52.0306 7764 winachsf - ok

16:09:52.0493 7764 WINUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS

16:09:52.0493 7764 WINUSB - ok

16:09:52.0618 7764 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

16:09:52.0618 7764 WmiAcpi - ok

16:09:52.0712 7764 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

16:09:52.0712 7764 WpdUsb - ok

16:09:52.0821 7764 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

16:09:52.0821 7764 ws2ifsl - ok

16:09:52.0899 7764 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:09:52.0899 7764 WUDFRd - ok

16:09:52.0961 7764 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys

16:09:52.0961 7764 XAudio - ok

16:09:53.0055 7764 yukonx64 (3c5b0410faba5b1014eefeee77e1296a) C:\Windows\system32\DRIVERS\yk60x64.sys

16:09:53.0086 7764 yukonx64 - ok

16:09:53.0211 7764 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:09:53.0258 7764 \Device\Harddisk0\DR0 - ok

16:09:53.0258 7764 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk3\DR3

16:09:53.0273 7764 \Device\Harddisk3\DR3 - ok

16:09:53.0273 7764 Boot (0x1200) (a5450fd2b286625b2b8b9864fd0c79bf) \Device\Harddisk0\DR0\Partition0

16:09:53.0273 7764 \Device\Harddisk0\DR0\Partition0 - ok

16:09:53.0273 7764 Boot (0x1200) (d019a672622cd6aada749ea16dd6e9b0) \Device\Harddisk3\DR3\Partition0

16:09:53.0289 7764 \Device\Harddisk3\DR3\Partition0 - ok

16:09:53.0289 7764 ============================================================

16:09:53.0289 7764 Scan finished

16:09:53.0289 7764 ============================================================

16:09:53.0305 2412 Detected object count: 0

16:09:53.0305 2412 Actual detected object count: 0

Link to post
Share on other sites

@Yourshadow

The Kaspersky drivers (some of them anyhow) have been "locked" by what appears to be a serious bootkit infection. :o

That's why KIS is not active with Windows startup.

The same infection is at same purpose interfering with MBAM.

Please have patience while I study your logs and plan a correction course

Be advised to NOT do any websurfing of any kind, and NO online transactions. :excl:

Noticed that this is a laptop. So to minimize odds of a hibernation while we actually run any tools (later), keep this laptop connected to your typical power source (not strictly on battery).

Again, no web surfing. Just only go to this website and the sites I guide you to.

Tell me how may hard drives ( HDD ) are on this system, or if you have a multi-boot setup.

Link to post
Share on other sites

No I would not do any email via Outlook nor any web-based one either. Put & enforce a quarantine on this system.

Only visit this site, period. and the websites I guide you to.

Please make plans to build a CD/DVD that we will need to boot from at a later time.

Download the >> Gparted Live CD ISO << and burn it to CD or DVD as an ISO image.

and let me know after you have finished. Stay tuned for later instructions.

Hopefully you have another (clean) pc to do this work.

Meantime, do not do websurfing on the infected machine.

P.S. Would you also get these 2 files uploaded / Attached into your next reply

C:\Users\User\Desktop\aswMBR\MBR.dat

C:\Users\User\Desktop\aswMBR\aswMBR.txt

If your Windows version does not have an ISO burning capability,

you need to use something like Nero /Roxio or other iso-capable-burning software, and do an image burn. If you do a regular copy-burn the CD won't work. If you don't have ISO-burning capabilty, you can obtain a free .iso burner such as ISORecorder or ImageBurn (ImgBurn):

http://isorecorder.alexfeinman.com/isorecorder.htm

ImgBurn is another free utility. You only need one for our purpose.

Imgburn is at http://www.imgburn.com/

Link to post
Share on other sites

I have PowerISO. Do I open the ISO with PowerISO then simply use the burn button to burn an image? The files are listed in the in the PowerISO when I open the GPARTED ISO. I Simply chose burn and the individual files are on the Disc. How do I know if it's bootable?

I got this message when trying to upload the aswMBR.dat file "Error You aren't permitted to upload this kind of file."

aswMBR.txt

Link to post
Share on other sites

One only wished it was just a virus. What is onboard here is a bootkit and involves quite a bit of work IF we attempt to "cure it".

The bootkit has severely compromised your system, and it is quite possible some of your personal info has been harvested.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

Though I have to manually start KIS is it affective right now?

Why didn't Malwarebytes and KIS stop or quarantine the BootKit?

I have Carbonite which is a off-site storage facility, would that be affected?

I have work in Word and Excel I need to keep, are they infected?

What files will I be able to take off the computer without infection when reintroduced to a fresh system?

Link to post
Share on other sites

I wanted to make sure you're aware of the likely financial info harvesting. Follow-up on it.

We can try some steps to see if we can salvage this sys.

Create a new folder on your system named C:\ARK

Download Listparts64 and SAVE to that folder.

Run the tool by RIGHT-Click on the EXE and select Run As Administrator to start.

Select Scan and post the log (Result.txt) it makes. For my review.

Link to post
Share on other sites

Though I have to manually start KIS is it affective right now?

Why didn't Malwarebytes and KIS stop or quarantine the BootKit?

I have Carbonite which is a off-site storage facility, would that be affected?

I have work in Word and Excel I need to keep, are they infected?

What files will I be able to take off the computer without infection when reintroduced to a fresh system?

a) Don't overlook my prior request.

b) I am being super conservative.

c) The bootkit is such that once onboard it will put a pc-boot sequence such that it loads first before Windows does. Thus it is active way way before either KIS or MBAM are started, much less Windows. AND will be present at each pc startup.

Your Carbonite storage should be ok. Same for your documents.

d) See this article http://secure-computer-solutions.com/blog/2011/11/a_new_tdl4_with_a_stealthy_new.html

d) Let me know (again) if you want to proceed with an attempt to fix.

Link to post
Share on other sites

Close any open documents if any and save your work if any.

Make sure all "external" HDD drives are not connected.

Do a Windows shutdown.

Place the Gparted CD in the drive.

You must Change the boot order in the BIOS to boot to the CD first, or just hit the Function key that displays on your screen at system restart to Change the Boot Order.

Restart the pc to boot up from CD

After you successfully boot up to the GParted Desktop, I do not want you to edit anything, I just want you to describe to me each partition as it is listed: Partition , Size, Label (ie Reserved), and especially tell me which partition has "Boot" next to it. Also tell me if you see unallocated space.

Boot back into Windows and post your results please.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.