Jump to content

Lots of "IP-Block Process: svchost.exe"


gpeacock
 Share

Recommended Posts

Hello gpeacock and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next post, please include:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

TDDSKiller log:

17:39:07.0146 8776 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

17:39:07.0448 8776 ============================================================

17:39:07.0448 8776 Current date / time: 2012/02/22 17:39:07.0448

17:39:07.0448 8776 SystemInfo:

17:39:07.0448 8776

17:39:07.0448 8776 OS Version: 6.1.7601 ServicePack: 1.0

17:39:07.0448 8776 Product type: Workstation

17:39:07.0449 8776 ComputerName: PEACOCKFAMILY

17:39:07.0449 8776 UserName: Geoff

17:39:07.0449 8776 Windows directory: C:\Windows

17:39:07.0449 8776 System windows directory: C:\Windows

17:39:07.0449 8776 Running under WOW64

17:39:07.0449 8776 Processor architecture: Intel x64

17:39:07.0449 8776 Number of processors: 8

17:39:07.0449 8776 Page size: 0x1000

17:39:07.0449 8776 Boot type: Normal boot

17:39:07.0449 8776 ============================================================

17:39:07.0781 8776 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:39:07.0795 8776 \Device\Harddisk0\DR0:

17:39:07.0795 8776 MBR used

17:39:07.0795 8776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:39:07.0795 8776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E88800

17:39:07.0795 8776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72EBB000, BlocksNum 0x184B000

17:39:07.0863 8776 Initialize success

17:39:07.0863 8776 ============================================================

17:39:56.0439 7408 ============================================================

17:39:56.0439 7408 Scan started

17:39:56.0439 7408 Mode: Manual; SigCheck; TDLFS;

17:39:56.0439 7408 ============================================================

17:39:56.0821 7408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:39:56.0976 7408 1394ohci - ok

17:39:57.0073 7408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:39:57.0098 7408 ACPI - ok

17:39:57.0154 7408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:39:57.0224 7408 AcpiPmi - ok

17:39:57.0299 7408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:39:57.0332 7408 adp94xx - ok

17:39:57.0374 7408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:39:57.0392 7408 adpahci - ok

17:39:57.0461 7408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:39:57.0472 7408 adpu320 - ok

17:39:57.0556 7408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:39:57.0616 7408 AFD - ok

17:39:57.0681 7408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:39:57.0700 7408 agp440 - ok

17:39:57.0765 7408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:39:57.0783 7408 aliide - ok

17:39:57.0836 7408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:39:57.0854 7408 amdide - ok

17:39:57.0889 7408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:39:57.0959 7408 AmdK8 - ok

17:39:58.0019 7408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:39:58.0065 7408 AmdPPM - ok

17:39:58.0135 7408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:39:58.0154 7408 amdsata - ok

17:39:58.0176 7408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:39:58.0194 7408 amdsbs - ok

17:39:58.0230 7408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:39:58.0240 7408 amdxata - ok

17:39:58.0300 7408 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

17:40:13.0377 7408 androidusb - ok

17:40:13.0529 7408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:40:13.0668 7408 AppID - ok

17:40:13.0725 7408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:40:13.0745 7408 arc - ok

17:40:13.0764 7408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:40:13.0774 7408 arcsas - ok

17:40:13.0804 7408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:40:13.0940 7408 AsyncMac - ok

17:40:14.0017 7408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:40:14.0034 7408 atapi - ok

17:40:14.0080 7408 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys

17:40:14.0148 7408 athr - ok

17:40:14.0200 7408 AtiHdmiService (04a5815df7e8b037df674d3ccacc0c31) C:\Windows\system32\drivers\AtiHdmi.sys

17:40:14.0251 7408 AtiHdmiService - ok

17:40:14.0379 7408 atikmdag (29623db7e23b65f0c50ca19d7e0dfd03) C:\Windows\system32\DRIVERS\atikmdag.sys

17:40:14.0522 7408 atikmdag - ok

17:40:14.0616 7408 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

17:40:14.0660 7408 avgntflt - ok

17:40:14.0689 7408 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

17:40:14.0725 7408 avipbb - ok

17:40:14.0820 7408 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

17:40:14.0830 7408 avkmgr - ok

17:40:14.0871 7408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:40:14.0928 7408 b06bdrv - ok

17:40:14.0978 7408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:40:15.0022 7408 b57nd60a - ok

17:40:15.0053 7408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:40:15.0111 7408 Beep - ok

17:40:15.0185 7408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:40:15.0230 7408 blbdrive - ok

17:40:15.0272 7408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:40:15.0334 7408 bowser - ok

17:40:15.0399 7408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:40:15.0475 7408 BrFiltLo - ok

17:40:15.0493 7408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:40:15.0511 7408 BrFiltUp - ok

17:40:15.0574 7408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:40:15.0631 7408 Brserid - ok

17:40:15.0649 7408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:40:15.0684 7408 BrSerWdm - ok

17:40:15.0745 7408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:40:15.0783 7408 BrUsbMdm - ok

17:40:15.0828 7408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:40:15.0856 7408 BrUsbSer - ok

17:40:15.0874 7408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:40:15.0910 7408 BTHMODEM - ok

17:40:15.0974 7408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:40:16.0050 7408 cdfs - ok

17:40:16.0100 7408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

17:40:16.0139 7408 cdrom - ok

17:40:16.0212 7408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:40:16.0249 7408 circlass - ok

17:40:16.0278 7408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:40:16.0308 7408 CLFS - ok

17:40:16.0393 7408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:40:16.0429 7408 CmBatt - ok

17:40:16.0458 7408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:40:16.0476 7408 cmdide - ok

17:40:16.0526 7408 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:40:16.0569 7408 CNG - ok

17:40:16.0632 7408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:40:16.0650 7408 Compbatt - ok

17:40:16.0684 7408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:40:16.0716 7408 CompositeBus - ok

17:40:16.0796 7408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:40:16.0814 7408 crcdisk - ok

17:40:16.0869 7408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:40:16.0942 7408 DfsC - ok

17:40:17.0019 7408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:40:17.0076 7408 discache - ok

17:40:17.0124 7408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:40:17.0142 7408 Disk - ok

17:40:17.0222 7408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:40:17.0259 7408 drmkaud - ok

17:40:17.0306 7408 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys

17:40:17.0347 7408 dsNcAdpt - ok

17:40:17.0436 7408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:40:17.0458 7408 DXGKrnl - ok

17:40:17.0575 7408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:40:17.0631 7408 ebdrv - ok

17:40:17.0712 7408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:40:17.0740 7408 elxstor - ok

17:40:17.0781 7408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:40:17.0833 7408 ErrDev - ok

17:40:17.0904 7408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:40:17.0956 7408 exfat - ok

17:40:17.0975 7408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:40:18.0002 7408 fastfat - ok

17:40:18.0029 7408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:40:18.0069 7408 fdc - ok

17:40:18.0129 7408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:40:18.0147 7408 FileInfo - ok

17:40:18.0169 7408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:40:18.0231 7408 Filetrace - ok

17:40:18.0282 7408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:40:18.0304 7408 flpydisk - ok

17:40:18.0357 7408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:40:18.0383 7408 FltMgr - ok

17:40:18.0452 7408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:40:18.0471 7408 FsDepends - ok

17:40:18.0496 7408 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:40:18.0515 7408 Fs_Rec - ok

17:40:18.0560 7408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:40:18.0588 7408 fvevol - ok

17:40:18.0643 7408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:40:18.0662 7408 gagp30kx - ok

17:40:18.0787 7408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:40:18.0862 7408 hcw85cir - ok

17:40:18.0909 7408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:40:19.0003 7408 HDAudBus - ok

17:40:19.0064 7408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:40:19.0171 7408 HidBatt - ok

17:40:19.0198 7408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:40:19.0275 7408 HidBth - ok

17:40:19.0339 7408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:40:19.0367 7408 HidIr - ok

17:40:19.0423 7408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:40:19.0469 7408 HidUsb - ok

17:40:19.0541 7408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:40:19.0561 7408 HpSAMD - ok

17:40:19.0610 7408 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys

17:40:19.0646 7408 HTCAND64 - ok

17:40:19.0726 7408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:40:19.0783 7408 HTTP - ok

17:40:19.0823 7408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:40:19.0833 7408 hwpolicy - ok

17:40:19.0910 7408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:40:19.0933 7408 i8042prt - ok

17:40:19.0966 7408 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

17:40:19.0987 7408 iaStor - ok

17:40:20.0044 7408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:40:20.0073 7408 iaStorV - ok

17:40:20.0131 7408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:40:20.0150 7408 iirsp - ok

17:40:20.0216 7408 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys

17:40:20.0264 7408 IntcAzAudAddService - ok

17:40:20.0351 7408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:40:20.0369 7408 intelide - ok

17:40:20.0392 7408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:40:20.0416 7408 intelppm - ok

17:40:20.0490 7408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:40:20.0555 7408 IpFilterDriver - ok

17:40:20.0604 7408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:40:20.0640 7408 IPMIDRV - ok

17:40:20.0705 7408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:40:20.0757 7408 IPNAT - ok

17:40:20.0785 7408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:40:20.0830 7408 IRENUM - ok

17:40:20.0896 7408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:40:20.0915 7408 isapnp - ok

17:40:20.0963 7408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:40:20.0987 7408 iScsiPrt - ok

17:40:21.0006 7408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

17:40:21.0023 7408 kbdclass - ok

17:40:21.0070 7408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

17:40:21.0119 7408 kbdhid - ok

17:40:21.0206 7408 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:40:21.0225 7408 KSecDD - ok

17:40:21.0245 7408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:40:21.0265 7408 KSecPkg - ok

17:40:21.0288 7408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:40:21.0344 7408 ksthunk - ok

17:40:21.0430 7408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:40:21.0493 7408 lltdio - ok

17:40:21.0535 7408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:40:21.0546 7408 LSI_FC - ok

17:40:21.0588 7408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:40:21.0608 7408 LSI_SAS - ok

17:40:21.0626 7408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:40:21.0638 7408 LSI_SAS2 - ok

17:40:21.0647 7408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:40:21.0660 7408 LSI_SCSI - ok

17:40:21.0682 7408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:40:21.0730 7408 luafv - ok

17:40:21.0777 7408 lvpopf64 (a014e25d95f7091000b60ff8a1c2e988) C:\Windows\system32\DRIVERS\lvpopf64.sys

17:40:21.0802 7408 lvpopf64 - ok

17:40:21.0875 7408 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

17:40:21.0889 7408 LVPr2M64 - ok

17:40:21.0916 7408 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys

17:40:21.0935 7408 LVRS64 - ok

17:40:22.0070 7408 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys

17:40:22.0169 7408 LVUVC64 - ok

17:40:22.0253 7408 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

17:40:22.0266 7408 MBAMProtector - ok

17:40:22.0292 7408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:40:22.0311 7408 megasas - ok

17:40:22.0345 7408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:40:22.0371 7408 MegaSR - ok

17:40:22.0438 7408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:40:22.0491 7408 Modem - ok

17:40:22.0569 7408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:40:22.0604 7408 monitor - ok

17:40:22.0702 7408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

17:40:22.0718 7408 mouclass - ok

17:40:22.0758 7408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:40:22.0794 7408 mouhid - ok

17:40:22.0870 7408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:40:22.0890 7408 mountmgr - ok

17:40:22.0924 7408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:40:22.0945 7408 mpio - ok

17:40:22.0966 7408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:40:23.0030 7408 mpsdrv - ok

17:40:23.0071 7408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:40:23.0155 7408 MRxDAV - ok

17:40:23.0227 7408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:40:23.0265 7408 mrxsmb - ok

17:40:23.0305 7408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:40:23.0362 7408 mrxsmb10 - ok

17:40:23.0435 7408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:40:23.0458 7408 mrxsmb20 - ok

17:40:23.0493 7408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:40:23.0508 7408 msahci - ok

17:40:23.0550 7408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:40:23.0568 7408 msdsm - ok

17:40:23.0673 7408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:40:23.0722 7408 Msfs - ok

17:40:23.0741 7408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:40:23.0786 7408 mshidkmdf - ok

17:40:23.0850 7408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:40:23.0866 7408 msisadrv - ok

17:40:23.0904 7408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:40:23.0955 7408 MSKSSRV - ok

17:40:23.0998 7408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:40:24.0023 7408 MSPCLOCK - ok

17:40:24.0032 7408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:40:24.0082 7408 MSPQM - ok

17:40:24.0113 7408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:40:24.0126 7408 MsRPC - ok

17:40:24.0166 7408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:40:24.0184 7408 mssmbios - ok

17:40:24.0234 7408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:40:24.0312 7408 MSTEE - ok

17:40:24.0334 7408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:40:24.0355 7408 MTConfig - ok

17:40:24.0384 7408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:40:24.0395 7408 Mup - ok

17:40:24.0464 7408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:40:24.0498 7408 NativeWifiP - ok

17:40:24.0569 7408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:40:24.0606 7408 NDIS - ok

17:40:24.0658 7408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:40:24.0721 7408 NdisCap - ok

17:40:24.0756 7408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:40:24.0801 7408 NdisTapi - ok

17:40:24.0839 7408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:40:24.0879 7408 Ndisuio - ok

17:40:24.0950 7408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:40:25.0008 7408 NdisWan - ok

17:40:25.0064 7408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:40:25.0128 7408 NDProxy - ok

17:40:25.0200 7408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:40:25.0258 7408 NetBIOS - ok

17:40:25.0307 7408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:40:25.0365 7408 NetBT - ok

17:40:25.0451 7408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:40:25.0461 7408 nfrd960 - ok

17:40:25.0491 7408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:40:25.0535 7408 Npfs - ok

17:40:25.0556 7408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:40:25.0611 7408 nsiproxy - ok

17:40:25.0670 7408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:40:25.0711 7408 Ntfs - ok

17:40:25.0760 7408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:40:25.0819 7408 Null - ok

17:40:25.0863 7408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:40:25.0883 7408 nvraid - ok

17:40:25.0903 7408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:40:25.0925 7408 nvstor - ok

17:40:25.0997 7408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:40:26.0016 7408 nv_agp - ok

17:40:26.0062 7408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:40:26.0107 7408 ohci1394 - ok

17:40:26.0207 7408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:40:26.0230 7408 Parport - ok

17:40:26.0264 7408 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:40:26.0283 7408 partmgr - ok

17:40:26.0327 7408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:40:26.0349 7408 pci - ok

17:40:26.0366 7408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:40:26.0381 7408 pciide - ok

17:40:26.0438 7408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:40:26.0460 7408 pcmcia - ok

17:40:26.0487 7408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:40:26.0496 7408 pcw - ok

17:40:26.0520 7408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:40:26.0585 7408 PEAUTH - ok

17:40:26.0749 7408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:40:26.0806 7408 PptpMiniport - ok

17:40:26.0843 7408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:40:26.0865 7408 Processor - ok

17:40:26.0950 7408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:40:27.0013 7408 Psched - ok

17:40:27.0081 7408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:40:27.0120 7408 ql2300 - ok

17:40:27.0171 7408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:40:27.0201 7408 ql40xx - ok

17:40:27.0227 7408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:40:27.0273 7408 QWAVEdrv - ok

17:40:27.0300 7408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:40:27.0339 7408 RasAcd - ok

17:40:27.0390 7408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:40:27.0439 7408 RasAgileVpn - ok

17:40:27.0475 7408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:40:27.0507 7408 Rasl2tp - ok

17:40:27.0601 7408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:40:27.0671 7408 RasPppoe - ok

17:40:27.0690 7408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:40:27.0738 7408 RasSstp - ok

17:40:27.0773 7408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:40:27.0826 7408 rdbss - ok

17:40:27.0883 7408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:40:27.0913 7408 rdpbus - ok

17:40:27.0942 7408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:40:28.0003 7408 RDPCDD - ok

17:40:28.0023 7408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:40:28.0058 7408 RDPENCDD - ok

17:40:28.0104 7408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:40:28.0139 7408 RDPREFMP - ok

17:40:28.0170 7408 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

17:40:28.0206 7408 RDPWD - ok

17:40:28.0266 7408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:40:28.0290 7408 rdyboost - ok

17:40:28.0382 7408 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys

17:40:28.0398 7408 RemoteControl-USBLAN - ok

17:40:28.0445 7408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:40:28.0515 7408 rspndr - ok

17:40:28.0585 7408 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:40:28.0622 7408 RTL8167 - ok

17:40:28.0664 7408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:40:28.0685 7408 sbp2port - ok

17:40:28.0723 7408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:40:28.0784 7408 scfilter - ok

17:40:28.0838 7408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:40:28.0886 7408 secdrv - ok

17:40:28.0949 7408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:40:28.0977 7408 Serenum - ok

17:40:28.0994 7408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:40:29.0013 7408 Serial - ok

17:40:29.0082 7408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:40:29.0114 7408 sermouse - ok

17:40:29.0155 7408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:40:29.0192 7408 sffdisk - ok

17:40:29.0210 7408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:40:29.0236 7408 sffp_mmc - ok

17:40:29.0284 7408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:40:29.0317 7408 sffp_sd - ok

17:40:29.0350 7408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:40:29.0372 7408 sfloppy - ok

17:40:29.0453 7408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:40:29.0472 7408 SiSRaid2 - ok

17:40:29.0488 7408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:40:29.0507 7408 SiSRaid4 - ok

17:40:29.0539 7408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:40:29.0596 7408 Smb - ok

17:40:29.0656 7408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:40:29.0668 7408 spldr - ok

17:40:29.0724 7408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:40:29.0769 7408 srv - ok

17:40:29.0793 7408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:40:29.0813 7408 srv2 - ok

17:40:29.0856 7408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:40:29.0880 7408 srvnet - ok

17:40:29.0929 7408 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys

17:40:29.0940 7408 ssadbus - ok

17:40:29.0962 7408 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys

17:40:29.0971 7408 ssadmdfl - ok

17:40:30.0012 7408 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys

17:40:30.0028 7408 ssadmdm - ok

17:40:30.0067 7408 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys

17:40:30.0090 7408 sscdbus - ok

17:40:30.0138 7408 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys

17:40:30.0151 7408 sscdmdfl - ok

17:40:30.0206 7408 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys

17:40:30.0223 7408 sscdmdm - ok

17:40:30.0261 7408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:40:30.0280 7408 stexstor - ok

17:40:30.0334 7408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:40:30.0353 7408 swenum - ok

17:40:30.0422 7408 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys

17:40:30.0462 7408 tap0901 - ok

17:40:30.0513 7408 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys

17:40:30.0548 7408 tapoas - ok

17:40:30.0644 7408 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:40:30.0695 7408 Tcpip - ok

17:40:30.0742 7408 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:40:30.0786 7408 TCPIP6 - ok

17:40:30.0823 7408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:40:30.0861 7408 tcpipreg - ok

17:40:30.0909 7408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:40:30.0957 7408 TDPIPE - ok

17:40:30.0974 7408 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:40:31.0006 7408 TDTCP - ok

17:40:31.0059 7408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:40:31.0099 7408 tdx - ok

17:40:31.0154 7408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:40:31.0173 7408 TermDD - ok

17:40:31.0238 7408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:40:31.0298 7408 tssecsrv - ok

17:40:31.0386 7408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:40:31.0422 7408 TsUsbFlt - ok

17:40:31.0469 7408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:40:31.0517 7408 tunnel - ok

17:40:31.0575 7408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:40:31.0594 7408 uagp35 - ok

17:40:31.0627 7408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:40:31.0680 7408 udfs - ok

17:40:31.0756 7408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:40:31.0776 7408 uliagpkx - ok

17:40:31.0818 7408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

17:40:31.0846 7408 umbus - ok

17:40:31.0880 7408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:40:31.0910 7408 UmPass - ok

17:40:31.0994 7408 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

17:40:32.0028 7408 usbaudio - ok

17:40:32.0076 7408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

17:40:32.0104 7408 usbccgp - ok

17:40:32.0185 7408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:40:32.0218 7408 usbcir - ok

17:40:32.0258 7408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

17:40:32.0277 7408 usbehci - ok

17:40:32.0329 7408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:40:32.0377 7408 usbhub - ok

17:40:32.0416 7408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:40:32.0449 7408 usbohci - ok

17:40:32.0505 7408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:40:32.0533 7408 usbprint - ok

17:40:32.0605 7408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:40:32.0650 7408 USBSTOR - ok

17:40:32.0706 7408 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:40:32.0735 7408 usbuhci - ok

17:40:32.0790 7408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:40:32.0800 7408 vdrvroot - ok

17:40:32.0817 7408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:40:32.0833 7408 vga - ok

17:40:32.0877 7408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:40:32.0928 7408 VgaSave - ok

17:40:32.0957 7408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:40:32.0967 7408 vhdmp - ok

17:40:33.0011 7408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:40:33.0020 7408 viaide - ok

17:40:33.0072 7408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:40:33.0091 7408 volmgr - ok

17:40:33.0126 7408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:40:33.0153 7408 volmgrx - ok

17:40:33.0200 7408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:40:33.0222 7408 volsnap - ok

17:40:33.0285 7408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:40:33.0307 7408 vsmraid - ok

17:40:33.0337 7408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:40:33.0369 7408 vwifibus - ok

17:40:33.0392 7408 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:40:33.0428 7408 vwififlt - ok

17:40:33.0504 7408 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:40:33.0530 7408 vwifimp - ok

17:40:33.0558 7408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:40:33.0589 7408 WacomPen - ok

17:40:33.0671 7408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:40:33.0735 7408 WANARP - ok

17:40:33.0740 7408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:40:33.0776 7408 Wanarpv6 - ok

17:40:33.0823 7408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:40:33.0832 7408 Wd - ok

17:40:33.0895 7408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:40:33.0927 7408 Wdf01000 - ok

17:40:33.0963 7408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:40:33.0992 7408 WfpLwf - ok

17:40:34.0013 7408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:40:34.0021 7408 WIMMount - ok

17:40:34.0102 7408 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:40:34.0134 7408 WinUsb - ok

17:40:34.0169 7408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:40:34.0183 7408 WmiAcpi - ok

17:40:34.0221 7408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:40:34.0259 7408 ws2ifsl - ok

17:40:34.0342 7408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:40:34.0392 7408 WudfPf - ok

17:40:34.0418 7408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:40:34.0491 7408 WUDFRd - ok

17:40:34.0587 7408 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

17:40:34.0604 7408 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok

17:40:34.0647 7408 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0

17:40:34.0682 7408 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

17:40:34.0682 7408 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

17:40:34.0722 7408 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:40:34.0722 7408 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:40:34.0755 7408 Boot (0x1200) (d29af3237767cb6e7a39bb3e0ce11701) \Device\Harddisk0\DR0\Partition0

17:40:34.0756 7408 \Device\Harddisk0\DR0\Partition0 - ok

17:40:34.0769 7408 Boot (0x1200) (18408597443c205edc32cc1a03935178) \Device\Harddisk0\DR0\Partition1

17:40:34.0770 7408 \Device\Harddisk0\DR0\Partition1 - ok

17:40:34.0802 7408 Boot (0x1200) (12b51eb1767aad29c446c68689ca2e08) \Device\Harddisk0\DR0\Partition2

17:40:34.0803 7408 \Device\Harddisk0\DR0\Partition2 - ok

17:40:34.0804 7408 ============================================================

17:40:34.0804 7408 Scan finished

17:40:34.0804 7408 ============================================================

17:40:34.0818 7916 Detected object count: 2

17:40:34.0818 7916 Actual detected object count: 2

19:33:37.0645 7916 \Device\Harddisk0\DR0\# - copied to quarantine

19:33:37.0646 7916 \Device\Harddisk0\DR0 - copied to quarantine

19:33:37.0713 7916 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

19:33:37.0719 7916 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

19:33:37.0735 7916 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

19:33:37.0748 7916 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

19:33:37.0751 7916 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

19:33:37.0754 7916 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

19:33:37.0759 7916 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

19:33:37.0765 7916 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

19:33:37.0771 7916 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

19:33:37.0775 7916 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

19:33:37.0808 7916 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

19:33:37.0810 7916 \Device\Harddisk0\DR0 - ok

19:33:54.0671 7916 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

19:33:54.0672 7916 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

19:33:54.0672 7916 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

19:34:21.0614 7896 Deinitialize success

Link to post
Share on other sites

combofix log:

ComboFix 12-02-22.01 - Geoff 02/22/2012 22:20:57.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5422 [GMT -6:00]

Running from: c:\users\Peacock Family\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))

.

.

2012-02-23 01:33 . 2012-02-23 01:33 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-23 00:20 . 2012-02-23 00:20 -------- d-----w- c:\users\Peacock Family\AppData\Local\Microsoft Help

2012-02-21 10:13 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDA17C9-8FF0-4DDA-AA23-4B8D2C188544}\mpengine.dll

2012-02-18 07:01 . 2012-02-18 07:01 -------- d-----w- c:\users\Geoff\AppData\Roaming\Apple Computer

2012-02-18 06:54 . 2012-02-18 06:54 -------- d-----w- c:\users\Peacock Family\AppData\Roaming\Malwarebytes

2012-02-17 14:17 . 2012-02-17 14:20 -------- d-----w- c:\programdata\Recovery

2012-02-16 23:31 . 2012-02-16 23:31 -------- d-----w- c:\users\Geoff\AppData\Roaming\Malwarebytes

2012-02-16 23:30 . 2012-02-16 23:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-16 23:30 . 2012-02-16 23:30 -------- d-----w- c:\programdata\Malwarebytes

2012-02-16 23:30 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-08 23:41 . 2012-02-08 23:41 -------- d-----w- c:\program files (x86)\Axis Communications

2012-01-30 23:55 . 2012-01-30 23:55 -------- d-----w- c:\users\Peacock Family\AppData\Roaming\Apple Computer

2012-01-30 23:10 . 2012-01-30 23:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\2441.tmp

2012-01-30 23:10 . 2012-01-30 23:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\2440.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-15 08:17 . 2011-12-08 04:27 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-01-29 11:10 . 2009-11-26 16:42 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-24 23:35 . 2011-05-17 02:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-22 03:35 . 2011-12-22 03:35 53248 ----a-r- c:\users\Geoff\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-12-05 00:05 . 2011-12-05 00:05 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]

"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-12-13 22459984]

"X-Lite 4"="c:\program files (x86)\CounterPath\X-Lite 4\X-Lite4.exe" [2010-08-11 2863616]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"chromium"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-02-21 1216496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Peacock Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2010-1-5 73728]

Dropbox.lnk - c:\users\Geoff\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]

OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-3-23 33280]

PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-10-14 1153824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AviraUpgradeService;Avira Upgrade Service;c:\windows\TEMP\AVSETUP_4edc157a\avupgsvc.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 135664]

R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]

R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-03-23 24064]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 135664]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/21 10:13];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 03:45 146928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-08 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-05-09 1658704]

S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2009-11-08 1784760]

S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 68668026

*Deregistered* - 68668026

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4166560185-365710319-2131961624-1001Core.job

- c:\users\Peacock Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 02:49]

.

2012-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4166560185-365710319-2131961624-1001UA.job

- c:\users\Peacock Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 02:49]

.

2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 01:12]

.

2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 01:12]

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166560185-365710319-2131961624-1001Core.job

- c:\users\Peacock Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 13:28]

.

2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166560185-365710319-2131961624-1001UA.job

- c:\users\Peacock Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 13:28]

.

2012-02-23 c:\windows\Tasks\HPCeeScheduleForGeoff.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]

.

2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Peacock Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Peacock Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Peacock Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Peacock Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{B06B293F-21F4-4DCD-B345-337049B4AE61}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} - hxxp://10.3.65.75/activex/decoder/h264_dec.cab

DPF: {73888E2B-FF04-416C-8847-984D7FC4507F} - hxxp://192.168.1.137/RtspVaPgDecNew2.cab

DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} - hxxp://192.168.1.122/AxViewer/AxMediaControl.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://10.3.65.75/activex/AMC.cab

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-22 22:28:38

ComboFix-quarantined-files.txt 2012-02-23 04:28

.

Pre-Run: 814,444,953,600 bytes free

Post-Run: 833,115,086,848 bytes free

.

- - End Of File - - 67DA6DE1CDF38604F532E2A7D6DD9970

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.