Jump to content

Malware persists through removal/reboot


Recommended Posts

Hi, I'm continually scanning my computer, and finding the same trojan and removing it forcing a reboot), and it is there when I reboot back in. It is an svchost issue. My MBAM is up to date.

I'm on Windows 7. I've also noticed that some google result searches are being redirected.

Here is the delete log from MBAM:

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

DDS.txt

Attach.txt

Thanks in advance for all your help.

Link to post
Share on other sites

Hello zauper and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Hi Maniac,

Thanks for your help! There was one file that was not removed by TDSS -- do we need to do anything there?

After the second reboot (by MBAM), all my files were hidden, so I ran the unhide.exe created by bleepingcomputer.

On first glance, it seems as though malware is gone, but I have to head to work so I can't do testing to make sure the google redirect is gone as well.

Thanks again for all your help

-Jeff

Here are the log files --

08:09:23.0698 2868 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

08:09:24.0042 2868 ============================================================

08:09:24.0042 2868 Current date / time: 2012/04/12 08:09:24.0042

08:09:24.0042 2868 SystemInfo:

08:09:24.0042 2868

08:09:24.0042 2868 OS Version: 6.1.7601 ServicePack: 1.0

08:09:24.0042 2868 Product type: Workstation

08:09:24.0042 2868 ComputerName: JEFF-DESKTOP

08:09:24.0042 2868 UserName: Zauper

08:09:24.0042 2868 Windows directory: C:\Windows

08:09:24.0042 2868 System windows directory: C:\Windows

08:09:24.0042 2868 Running under WOW64

08:09:24.0042 2868 Processor architecture: Intel x64

08:09:24.0042 2868 Number of processors: 4

08:09:24.0042 2868 Page size: 0x1000

08:09:24.0042 2868 Boot type: Normal boot

08:09:24.0042 2868 ============================================================

08:09:24.0195 2868 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:09:24.0204 2868 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:09:24.0216 2868 \Device\Harddisk0\DR0:

08:09:24.0216 2868 MBR used

08:09:24.0216 2868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800

08:09:24.0216 2868 \Device\Harddisk1\DR1:

08:09:24.0216 2868 MBR used

08:09:24.0216 2868 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

08:09:24.0228 2868 Initialize success

08:09:24.0228 2868 ============================================================

08:09:56.0047 8028 ============================================================

08:09:56.0047 8028 Scan started

08:09:56.0047 8028 Mode: Manual; SigCheck; TDLFS;

08:09:56.0047 8028 ============================================================

08:09:56.0647 8028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

08:09:56.0691 8028 1394ohci - ok

08:09:56.0706 8028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:09:56.0716 8028 ACPI - ok

08:09:56.0727 8028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:09:56.0749 8028 AcpiPmi - ok

08:09:56.0756 8028 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

08:09:56.0760 8028 AdobeARMservice - ok

08:09:56.0776 8028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

08:09:56.0789 8028 adp94xx - ok

08:09:56.0819 8028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

08:09:56.0828 8028 adpahci - ok

08:09:56.0837 8028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

08:09:56.0844 8028 adpu320 - ok

08:09:56.0852 8028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:09:56.0901 8028 AeLookupSvc - ok

08:09:56.0913 8028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:09:56.0925 8028 AFD - ok

08:09:56.0933 8028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:09:56.0938 8028 agp440 - ok

08:09:56.0945 8028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:09:56.0955 8028 ALG - ok

08:09:56.0962 8028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:09:56.0967 8028 aliide - ok

08:09:56.0975 8028 AMD External Events Utility (582a40970d43628b9f60dcd18500c051) C:\Windows\system32\atiesrxx.exe

08:09:56.0989 8028 AMD External Events Utility - ok

08:09:56.0996 8028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:09:57.0001 8028 amdide - ok

08:09:57.0010 8028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

08:09:57.0018 8028 AmdK8 - ok

08:09:57.0095 8028 amdkmdag (c8a09b711d0f332cf6fc75fbf7f539ba) C:\Windows\system32\DRIVERS\atikmdag.sys

08:09:57.0193 8028 amdkmdag - ok

08:09:57.0204 8028 amdkmdap (285da456fd69a2c99dd641bd3353ec9a) C:\Windows\system32\DRIVERS\atikmpag.sys

08:09:57.0215 8028 amdkmdap - ok

08:09:57.0223 8028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

08:09:57.0231 8028 AmdPPM - ok

08:09:57.0239 8028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:09:57.0245 8028 amdsata - ok

08:09:57.0253 8028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

08:09:57.0263 8028 amdsbs - ok

08:09:57.0270 8028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:09:57.0275 8028 amdxata - ok

08:09:57.0284 8028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:09:57.0336 8028 AppID - ok

08:09:57.0343 8028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:09:57.0365 8028 AppIDSvc - ok

08:09:57.0373 8028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:09:57.0394 8028 Appinfo - ok

08:09:57.0402 8028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

08:09:57.0408 8028 arc - ok

08:09:57.0416 8028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

08:09:57.0421 8028 arcsas - ok

08:09:57.0429 8028 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

08:09:57.0433 8028 aspnet_state - ok

08:09:57.0441 8028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:09:57.0464 8028 AsyncMac - ok

08:09:57.0471 8028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:09:57.0476 8028 atapi - ok

08:09:57.0497 8028 athr (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys

08:09:57.0522 8028 athr - ok

08:09:57.0536 8028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:09:57.0565 8028 AudioEndpointBuilder - ok

08:09:57.0572 8028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:09:57.0596 8028 AudioSrv - ok

08:09:57.0605 8028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:09:57.0623 8028 AxInstSV - ok

08:09:57.0635 8028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

08:09:57.0646 8028 b06bdrv - ok

08:09:57.0657 8028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:09:57.0668 8028 b57nd60a - ok

08:09:57.0677 8028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:09:57.0685 8028 BDESVC - ok

08:09:57.0693 8028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:09:57.0714 8028 Beep - ok

08:09:57.0728 8028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

08:09:57.0758 8028 BITS - ok

08:09:57.0765 8028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:09:57.0772 8028 blbdrive - ok

08:09:57.0780 8028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:09:57.0787 8028 bowser - ok

08:09:57.0794 8028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

08:09:57.0804 8028 BrFiltLo - ok

08:09:57.0827 8028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

08:09:57.0834 8028 BrFiltUp - ok

08:09:57.0843 8028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:09:57.0864 8028 Browser - ok

08:09:57.0874 8028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:09:57.0885 8028 Brserid - ok

08:09:57.0892 8028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:09:57.0901 8028 BrSerWdm - ok

08:09:57.0908 8028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:09:57.0916 8028 BrUsbMdm - ok

08:09:57.0924 8028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:09:57.0930 8028 BrUsbSer - ok

08:09:57.0938 8028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

08:09:57.0947 8028 BTHMODEM - ok

08:09:57.0955 8028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:09:57.0977 8028 bthserv - ok

08:09:57.0987 8028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:09:58.0011 8028 cdfs - ok

08:09:58.0021 8028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

08:09:58.0029 8028 cdrom - ok

08:09:58.0037 8028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:09:58.0058 8028 CertPropSvc - ok

08:09:58.0066 8028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

08:09:58.0074 8028 circlass - ok

08:09:58.0083 8028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:09:58.0093 8028 CLFS - ok

08:09:58.0097 8028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:09:58.0102 8028 clr_optimization_v2.0.50727_32 - ok

08:09:58.0105 8028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:09:58.0110 8028 clr_optimization_v2.0.50727_64 - ok

08:09:58.0115 8028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:09:58.0119 8028 clr_optimization_v4.0.30319_32 - ok

08:09:58.0123 8028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:09:58.0128 8028 clr_optimization_v4.0.30319_64 - ok

08:09:58.0136 8028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

08:09:58.0143 8028 CmBatt - ok

08:09:58.0150 8028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:09:58.0154 8028 cmdide - ok

08:09:58.0165 8028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

08:09:58.0179 8028 CNG - ok

08:09:58.0187 8028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

08:09:58.0192 8028 Compbatt - ok

08:09:58.0199 8028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

08:09:58.0226 8028 CompositeBus - ok

08:09:58.0232 8028 COMSysApp - ok

08:09:58.0240 8028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

08:09:58.0245 8028 crcdisk - ok

08:09:58.0254 8028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

08:09:58.0277 8028 CryptSvc - ok

08:09:58.0285 8028 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

08:09:58.0290 8028 ctxusbm - ok

08:09:58.0301 8028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:09:58.0328 8028 DcomLaunch - ok

08:09:58.0337 8028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:09:58.0361 8028 defragsvc - ok

08:09:58.0369 8028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:09:58.0389 8028 DfsC - ok

08:09:58.0398 8028 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys

08:09:58.0403 8028 dg_ssudbus - ok

08:09:58.0413 8028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:09:58.0437 8028 Dhcp - ok

08:09:58.0445 8028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:09:58.0465 8028 discache - ok

08:09:58.0473 8028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

08:09:58.0478 8028 Disk - ok

08:09:58.0487 8028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:09:58.0495 8028 Dnscache - ok

08:09:58.0504 8028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:09:58.0527 8028 dot3svc - ok

08:09:58.0535 8028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:09:58.0557 8028 DPS - ok

08:09:58.0564 8028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:09:58.0572 8028 drmkaud - ok

08:09:58.0588 8028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:09:58.0608 8028 DXGKrnl - ok

08:09:58.0615 8028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:09:58.0637 8028 EapHost - ok

08:09:58.0671 8028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

08:09:58.0714 8028 ebdrv - ok

08:09:58.0722 8028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:09:58.0730 8028 EFS - ok

08:09:58.0738 8028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:09:58.0751 8028 ehRecvr - ok

08:09:58.0754 8028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:09:58.0761 8028 ehSched - ok

08:09:58.0773 8028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

08:09:58.0784 8028 elxstor - ok

08:09:58.0792 8028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:09:58.0799 8028 ErrDev - ok

08:09:58.0823 8028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:09:58.0850 8028 EventSystem - ok

08:09:58.0859 8028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:09:58.0882 8028 exfat - ok

08:09:58.0891 8028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:09:58.0915 8028 fastfat - ok

08:09:58.0928 8028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:09:58.0943 8028 Fax - ok

08:09:58.0950 8028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:09:58.0957 8028 fdc - ok

08:09:58.0964 8028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:09:58.0986 8028 fdPHost - ok

08:09:58.0993 8028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:09:59.0014 8028 FDResPub - ok

08:09:59.0021 8028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:09:59.0026 8028 FileInfo - ok

08:09:59.0034 8028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:09:59.0055 8028 Filetrace - ok

08:09:59.0062 8028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

08:09:59.0068 8028 flpydisk - ok

08:09:59.0078 8028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:09:59.0086 8028 FltMgr - ok

08:09:59.0103 8028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:09:59.0122 8028 FontCache - ok

08:09:59.0126 8028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:09:59.0130 8028 FontCache3.0.0.0 - ok

08:09:59.0137 8028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:09:59.0143 8028 FsDepends - ok

08:09:59.0150 8028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

08:09:59.0155 8028 Fs_Rec - ok

08:09:59.0164 8028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:09:59.0173 8028 fvevol - ok

08:09:59.0181 8028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

08:09:59.0187 8028 gagp30kx - ok

08:09:59.0200 8028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:09:59.0229 8028 gpsvc - ok

08:09:59.0237 8028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:09:59.0243 8028 hcw85cir - ok

08:09:59.0254 8028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:09:59.0266 8028 HdAudAddService - ok

08:09:59.0275 8028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:09:59.0284 8028 HDAudBus - ok

08:09:59.0292 8028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

08:09:59.0299 8028 HidBatt - ok

08:09:59.0307 8028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

08:09:59.0316 8028 HidBth - ok

08:09:59.0324 8028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

08:09:59.0332 8028 HidIr - ok

08:09:59.0339 8028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

08:09:59.0362 8028 hidserv - ok

08:09:59.0370 8028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

08:09:59.0377 8028 HidUsb - ok

08:09:59.0384 8028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:09:59.0406 8028 hkmsvc - ok

08:09:59.0414 8028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:09:59.0424 8028 HomeGroupListener - ok

08:09:59.0432 8028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:09:59.0441 8028 HomeGroupProvider - ok

08:09:59.0448 8028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:09:59.0454 8028 HpSAMD - ok

08:09:59.0467 8028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:09:59.0496 8028 HTTP - ok

08:09:59.0504 8028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:09:59.0508 8028 hwpolicy - ok

08:09:59.0518 8028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:09:59.0525 8028 i8042prt - ok

08:09:59.0536 8028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:09:59.0547 8028 iaStorV - ok

08:09:59.0557 8028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:09:59.0568 8028 idsvc - ok

08:09:59.0576 8028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

08:09:59.0581 8028 iirsp - ok

08:09:59.0594 8028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:09:59.0624 8028 IKEEXT - ok

08:09:59.0632 8028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:09:59.0637 8028 intelide - ok

08:09:59.0644 8028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:09:59.0651 8028 intelppm - ok

08:09:59.0659 8028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:09:59.0682 8028 IPBusEnum - ok

08:09:59.0689 8028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:09:59.0709 8028 IpFilterDriver - ok

08:09:59.0717 8028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:09:59.0724 8028 IPMIDRV - ok

08:09:59.0732 8028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:09:59.0755 8028 IPNAT - ok

08:09:59.0763 8028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:09:59.0772 8028 IRENUM - ok

08:09:59.0780 8028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:09:59.0785 8028 isapnp - ok

08:09:59.0794 8028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:09:59.0819 8028 iScsiPrt - ok

08:09:59.0828 8028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

08:09:59.0833 8028 kbdclass - ok

08:09:59.0841 8028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

08:09:59.0848 8028 kbdhid - ok

08:09:59.0855 8028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:09:59.0861 8028 KeyIso - ok

08:09:59.0868 8028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

08:09:59.0874 8028 KSecDD - ok

08:09:59.0882 8028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

08:09:59.0888 8028 KSecPkg - ok

08:09:59.0896 8028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:09:59.0917 8028 ksthunk - ok

08:09:59.0926 8028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:09:59.0951 8028 KtmRm - ok

08:09:59.0960 8028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

08:09:59.0984 8028 LanmanServer - ok

08:09:59.0991 8028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:10:00.0013 8028 LanmanWorkstation - ok

08:10:00.0022 8028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:10:00.0044 8028 lltdio - ok

08:10:00.0053 8028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:10:00.0076 8028 lltdsvc - ok

08:10:00.0083 8028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:10:00.0105 8028 lmhosts - ok

08:10:00.0111 8028 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe

08:10:00.0117 8028 LMIGuardianSvc - ok

08:10:00.0120 8028 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\Logmein\x64\RaInfo.sys

08:10:00.0124 8028 LMIInfo - ok

08:10:00.0127 8028 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\Logmein\x64\RaMaint.exe

08:10:00.0131 8028 LMIMaint - ok

08:10:00.0138 8028 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

08:10:00.0142 8028 lmimirr - ok

08:10:00.0149 8028 LMIRfsClientNP - ok

08:10:00.0157 8028 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

08:10:00.0161 8028 LMIRfsDriver - ok

08:10:00.0167 8028 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\Logmein\x64\LogMeIn.exe

08:10:00.0174 8028 LogMeIn - ok

08:10:00.0183 8028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

08:10:00.0189 8028 LSI_FC - ok

08:10:00.0197 8028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

08:10:00.0203 8028 LSI_SAS - ok

08:10:00.0210 8028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

08:10:00.0216 8028 LSI_SAS2 - ok

08:10:00.0224 8028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

08:10:00.0231 8028 LSI_SCSI - ok

08:10:00.0239 8028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:10:00.0261 8028 luafv - ok

08:10:00.0268 8028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:10:00.0276 8028 Mcx2Svc - ok

08:10:00.0284 8028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

08:10:00.0289 8028 megasas - ok

08:10:00.0299 8028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

08:10:00.0308 8028 MegaSR - ok

08:10:00.0316 8028 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

08:10:00.0320 8028 MEIx64 - ok

08:10:00.0327 8028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:10:00.0351 8028 MMCSS - ok

08:10:00.0358 8028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:10:00.0379 8028 Modem - ok

08:10:00.0387 8028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:10:00.0395 8028 monitor - ok

08:10:00.0402 8028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

08:10:00.0407 8028 mouclass - ok

08:10:00.0417 8028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:10:00.0423 8028 mouhid - ok

08:10:00.0431 8028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:10:00.0436 8028 mountmgr - ok

08:10:00.0445 8028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:10:00.0452 8028 mpio - ok

08:10:00.0459 8028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:10:00.0481 8028 mpsdrv - ok

08:10:00.0489 8028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:10:00.0499 8028 MRxDAV - ok

08:10:00.0508 8028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:10:00.0516 8028 mrxsmb - ok

08:10:00.0526 8028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:10:00.0535 8028 mrxsmb10 - ok

08:10:00.0543 8028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:10:00.0549 8028 mrxsmb20 - ok

08:10:00.0557 8028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:10:00.0562 8028 msahci - ok

08:10:00.0570 8028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:10:00.0576 8028 msdsm - ok

08:10:00.0584 8028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:10:00.0593 8028 MSDTC - ok

08:10:00.0602 8028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:10:00.0623 8028 Msfs - ok

08:10:00.0631 8028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:10:00.0652 8028 mshidkmdf - ok

08:10:00.0659 8028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:10:00.0663 8028 msisadrv - ok

08:10:00.0671 8028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:10:00.0694 8028 MSiSCSI - ok

08:10:00.0700 8028 msiserver - ok

08:10:00.0708 8028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:10:00.0730 8028 MSKSSRV - ok

08:10:00.0737 8028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:10:00.0757 8028 MSPCLOCK - ok

08:10:00.0764 8028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:10:00.0785 8028 MSPQM - ok

08:10:00.0795 8028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:10:00.0805 8028 MsRPC - ok

08:10:00.0816 8028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

08:10:00.0820 8028 mssmbios - ok

08:10:00.0827 8028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:10:00.0848 8028 MSTEE - ok

08:10:00.0855 8028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

08:10:00.0861 8028 MTConfig - ok

08:10:00.0868 8028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:10:00.0873 8028 Mup - ok

08:10:00.0884 8028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:10:00.0910 8028 napagent - ok

08:10:00.0921 8028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:10:00.0934 8028 NativeWifiP - ok

08:10:00.0950 8028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:10:00.0968 8028 NDIS - ok

08:10:00.0977 8028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:10:00.0997 8028 NdisCap - ok

08:10:01.0005 8028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:10:01.0025 8028 NdisTapi - ok

08:10:01.0033 8028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:10:01.0054 8028 Ndisuio - ok

08:10:01.0063 8028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:10:01.0085 8028 NdisWan - ok

08:10:01.0092 8028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:10:01.0120 8028 NDProxy - ok

08:10:01.0130 8028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:10:01.0150 8028 NetBIOS - ok

08:10:01.0160 8028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:10:01.0182 8028 NetBT - ok

08:10:01.0189 8028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:10:01.0195 8028 Netlogon - ok

08:10:01.0205 8028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:10:01.0231 8028 Netman - ok

08:10:01.0236 8028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:10:01.0240 8028 NetMsmqActivator - ok

08:10:01.0243 8028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:10:01.0248 8028 NetPipeActivator - ok

08:10:01.0259 8028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:10:01.0286 8028 netprofm - ok

08:10:01.0290 8028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:10:01.0295 8028 NetTcpActivator - ok

08:10:01.0297 8028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:10:01.0302 8028 NetTcpPortSharing - ok

08:10:01.0311 8028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

08:10:01.0316 8028 nfrd960 - ok

08:10:01.0326 8028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:10:01.0350 8028 NlaSvc - ok

08:10:01.0357 8028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:10:01.0378 8028 Npfs - ok

08:10:01.0385 8028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:10:01.0407 8028 nsi - ok

08:10:01.0414 8028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:10:01.0435 8028 nsiproxy - ok

08:10:01.0458 8028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:10:01.0485 8028 Ntfs - ok

08:10:01.0493 8028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:10:01.0513 8028 Null - ok

08:10:01.0522 8028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:10:01.0528 8028 nvraid - ok

08:10:01.0537 8028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:10:01.0544 8028 nvstor - ok

08:10:01.0552 8028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:10:01.0558 8028 nv_agp - ok

08:10:01.0566 8028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:10:01.0573 8028 ohci1394 - ok

08:10:01.0583 8028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:10:01.0593 8028 p2pimsvc - ok

08:10:01.0603 8028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:10:01.0614 8028 p2psvc - ok

08:10:01.0622 8028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

08:10:01.0629 8028 Parport - ok

08:10:01.0636 8028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

08:10:01.0641 8028 partmgr - ok

08:10:01.0650 8028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:10:01.0661 8028 PcaSvc - ok

08:10:01.0670 8028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:10:01.0676 8028 pci - ok

08:10:01.0684 8028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:10:01.0688 8028 pciide - ok

08:10:01.0697 8028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

08:10:01.0704 8028 pcmcia - ok

08:10:01.0711 8028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:10:01.0716 8028 pcw - ok

08:10:01.0729 8028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:10:01.0760 8028 PEAUTH - ok

08:10:01.0768 8028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:10:01.0775 8028 PerfHost - ok

08:10:01.0796 8028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:10:01.0861 8028 pla - ok

08:10:01.0871 8028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:10:01.0883 8028 PlugPlay - ok

08:10:01.0890 8028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:10:01.0896 8028 PNRPAutoReg - ok

08:10:01.0905 8028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:10:01.0913 8028 PNRPsvc - ok

08:10:01.0924 8028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:10:01.0951 8028 PolicyAgent - ok

08:10:01.0959 8028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:10:01.0986 8028 Power - ok

08:10:01.0994 8028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:10:02.0018 8028 PptpMiniport - ok

08:10:02.0026 8028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

08:10:02.0033 8028 Processor - ok

08:10:02.0041 8028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

08:10:02.0066 8028 ProfSvc - ok

08:10:02.0073 8028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:10:02.0079 8028 ProtectedStorage - ok

08:10:02.0088 8028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:10:02.0110 8028 Psched - ok

08:10:02.0130 8028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

08:10:02.0157 8028 ql2300 - ok

08:10:02.0166 8028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

08:10:02.0174 8028 ql40xx - ok

08:10:02.0184 8028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:10:02.0196 8028 QWAVE - ok

08:10:02.0204 8028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:10:02.0214 8028 QWAVEdrv - ok

08:10:02.0222 8028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:10:02.0252 8028 RasAcd - ok

08:10:02.0260 8028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:10:02.0283 8028 RasAgileVpn - ok

08:10:02.0291 8028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:10:02.0314 8028 RasAuto - ok

08:10:02.0323 8028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:10:02.0348 8028 Rasl2tp - ok

08:10:02.0359 8028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:10:02.0386 8028 RasMan - ok

08:10:02.0395 8028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:10:02.0436 8028 RasPppoe - ok

08:10:02.0444 8028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:10:02.0465 8028 RasSstp - ok

08:10:02.0477 8028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:10:02.0513 8028 rdbss - ok

08:10:02.0521 8028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

08:10:02.0531 8028 rdpbus - ok

08:10:02.0539 8028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:10:02.0565 8028 RDPCDD - ok

08:10:02.0574 8028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:10:02.0607 8028 RDPENCDD - ok

08:10:02.0617 8028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:10:02.0644 8028 RDPREFMP - ok

08:10:02.0654 8028 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

08:10:02.0685 8028 RDPWD - ok

08:10:02.0695 8028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:10:02.0703 8028 rdyboost - ok

08:10:02.0711 8028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:10:02.0741 8028 RemoteAccess - ok

08:10:02.0750 8028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:10:02.0782 8028 RemoteRegistry - ok

08:10:02.0790 8028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:10:02.0813 8028 RpcEptMapper - ok

08:10:02.0820 8028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:10:02.0840 8028 RpcLocator - ok

08:10:02.0851 8028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:10:02.0886 8028 RpcSs - ok

08:10:02.0895 8028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:10:02.0918 8028 rspndr - ok

08:10:02.0929 8028 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:\Windows\system32\DRIVERS\Rtlh64.sys

08:10:02.0939 8028 RTL8169 - ok

08:10:02.0948 8028 RzSynapse (bedafaf4524c00edc068de3adf151f9d) C:\Windows\system32\DRIVERS\RzSynapse.sys

08:10:02.0955 8028 RzSynapse - ok

08:10:02.0961 8028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:10:02.0969 8028 SamSs - ok

08:10:02.0977 8028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:10:02.0984 8028 sbp2port - ok

08:10:02.0995 8028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:10:03.0019 8028 SCardSvr - ok

08:10:03.0026 8028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:10:03.0046 8028 scfilter - ok

08:10:03.0062 8028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:10:03.0097 8028 Schedule - ok

08:10:03.0104 8028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:10:03.0126 8028 SCPolicySvc - ok

08:10:03.0134 8028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:10:03.0144 8028 SDRSVC - ok

08:10:03.0151 8028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:10:03.0172 8028 secdrv - ok

08:10:03.0180 8028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:10:03.0200 8028 seclogon - ok

08:10:03.0207 8028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

08:10:03.0231 8028 SENS - ok

08:10:03.0238 8028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:10:03.0245 8028 SensrSvc - ok

08:10:03.0253 8028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:10:03.0260 8028 Serenum - ok

08:10:03.0268 8028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:10:03.0275 8028 Serial - ok

08:10:03.0282 8028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

08:10:03.0289 8028 sermouse - ok

08:10:03.0300 8028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:10:03.0322 8028 SessionEnv - ok

08:10:03.0329 8028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:10:03.0337 8028 sffdisk - ok

08:10:03.0344 8028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:10:03.0352 8028 sffp_mmc - ok

08:10:03.0359 8028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:10:03.0367 8028 sffp_sd - ok

08:10:03.0374 8028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

08:10:03.0382 8028 sfloppy - ok

08:10:03.0392 8028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:10:03.0430 8028 SharedAccess - ok

08:10:03.0444 8028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:10:03.0469 8028 ShellHWDetection - ok

08:10:03.0477 8028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

08:10:03.0482 8028 SiSRaid2 - ok

08:10:03.0489 8028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

08:10:03.0495 8028 SiSRaid4 - ok

08:10:03.0504 8028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:10:03.0526 8028 Smb - ok

08:10:03.0534 8028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:10:03.0542 8028 SNMPTRAP - ok

08:10:03.0551 8028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:10:03.0555 8028 spldr - ok

08:10:03.0567 8028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:10:03.0602 8028 Spooler - ok

08:10:03.0641 8028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:10:03.0709 8028 sppsvc - ok

08:10:03.0717 8028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:10:03.0744 8028 sppuinotify - ok

08:10:03.0757 8028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:10:03.0771 8028 srv - ok

08:10:03.0782 8028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:10:03.0821 8028 srv2 - ok

08:10:03.0830 8028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:10:03.0837 8028 srvnet - ok

08:10:03.0846 8028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:10:03.0872 8028 SSDPSRV - ok

08:10:03.0880 8028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:10:03.0902 8028 SstpSvc - ok

08:10:03.0906 8028 Steam Client Service - ok

08:10:03.0915 8028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

08:10:03.0919 8028 stexstor - ok

08:10:03.0933 8028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:10:03.0951 8028 stisvc - ok

08:10:03.0959 8028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

08:10:03.0963 8028 swenum - ok

08:10:03.0975 8028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:10:04.0003 8028 swprv - ok

08:10:04.0029 8028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:10:04.0059 8028 SysMain - ok

08:10:04.0066 8028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:10:04.0078 8028 TabletInputService - ok

08:10:04.0089 8028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:10:04.0114 8028 TapiSrv - ok

08:10:04.0121 8028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:10:04.0145 8028 TBS - ok

08:10:04.0170 8028 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

08:10:04.0201 8028 Tcpip - ok

08:10:04.0225 8028 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

08:10:04.0249 8028 TCPIP6 - ok

08:10:04.0257 8028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:10:04.0281 8028 tcpipreg - ok

08:10:04.0290 8028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:10:04.0298 8028 TDPIPE - ok

08:10:04.0305 8028 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

08:10:04.0326 8028 TDTCP - ok

08:10:04.0334 8028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:10:04.0356 8028 tdx - ok

08:10:04.0379 8028 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

08:10:04.0405 8028 TeamViewer6 - ok

08:10:04.0413 8028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

08:10:04.0421 8028 TermDD - ok

08:10:04.0433 8028 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:10:04.0466 8028 TermService - ok

08:10:04.0473 8028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:10:04.0484 8028 Themes - ok

08:10:04.0491 8028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:10:04.0512 8028 THREADORDER - ok

08:10:04.0520 8028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:10:04.0544 8028 TrkWks - ok

08:10:04.0549 8028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:10:04.0589 8028 TrustedInstaller - ok

08:10:04.0598 8028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:10:04.0619 8028 tssecsrv - ok

08:10:04.0627 8028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:10:04.0635 8028 TsUsbFlt - ok

08:10:04.0642 8028 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

08:10:04.0650 8028 TsUsbGD - ok

08:10:04.0660 8028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:10:04.0684 8028 tunnel - ok

08:10:04.0692 8028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

08:10:04.0697 8028 uagp35 - ok

08:10:04.0708 8028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:10:04.0735 8028 udfs - ok

08:10:04.0745 8028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:10:04.0753 8028 UI0Detect - ok

08:10:04.0762 8028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:10:04.0768 8028 uliagpkx - ok

08:10:04.0776 8028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

08:10:04.0784 8028 umbus - ok

08:10:04.0791 8028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

08:10:04.0798 8028 UmPass - ok

08:10:04.0830 8028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:10:04.0856 8028 upnphost - ok

08:10:04.0866 8028 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

08:10:04.0875 8028 usbaudio - ok

08:10:04.0884 8028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:10:04.0894 8028 usbccgp - ok

08:10:04.0902 8028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:10:04.0911 8028 usbcir - ok

08:10:04.0918 8028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:10:04.0925 8028 usbehci - ok

08:10:04.0935 8028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:10:04.0946 8028 usbhub - ok

08:10:04.0954 8028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

08:10:04.0969 8028 usbohci - ok

08:10:04.0979 8028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

08:10:04.0994 8028 usbprint - ok

08:10:05.0005 8028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:10:05.0013 8028 USBSTOR - ok

08:10:05.0021 8028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:10:05.0027 8028 usbuhci - ok

08:10:05.0034 8028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:10:05.0058 8028 UxSms - ok

08:10:05.0065 8028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:10:05.0070 8028 VaultSvc - ok

08:10:05.0078 8028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:10:05.0083 8028 vdrvroot - ok

08:10:05.0095 8028 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:10:05.0123 8028 vds - ok

08:10:05.0132 8028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:10:05.0139 8028 vga - ok

08:10:05.0147 8028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:10:05.0169 8028 VgaSave - ok

08:10:05.0179 8028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:10:05.0193 8028 vhdmp - ok

08:10:05.0207 8028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:10:05.0214 8028 viaide - ok

08:10:05.0223 8028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:10:05.0228 8028 volmgr - ok

08:10:05.0238 8028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:10:05.0248 8028 volmgrx - ok

08:10:05.0258 8028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:10:05.0268 8028 volsnap - ok

08:10:05.0278 8028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

08:10:05.0285 8028 vsmraid - ok

08:10:05.0306 8028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:10:05.0374 8028 VSS - ok

08:10:05.0383 8028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

08:10:05.0392 8028 vwifibus - ok

08:10:05.0402 8028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

08:10:05.0435 8028 vwififlt - ok

08:10:05.0449 8028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:10:05.0476 8028 W32Time - ok

08:10:05.0485 8028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

08:10:05.0519 8028 WacomPen - ok

08:10:05.0527 8028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:10:05.0600 8028 WANARP - ok

08:10:05.0602 8028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:10:05.0659 8028 Wanarpv6 - ok

08:10:05.0678 8028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

08:10:05.0702 8028 WatAdminSvc - ok

08:10:05.0723 8028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:10:05.0752 8028 wbengine - ok

08:10:05.0762 8028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:10:05.0780 8028 WbioSrvc - ok

08:10:05.0792 8028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:10:05.0823 8028 wcncsvc - ok

08:10:05.0832 8028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:10:05.0841 8028 WcsPlugInService - ok

08:10:05.0848 8028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

08:10:05.0853 8028 Wd - ok

08:10:05.0867 8028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:10:05.0881 8028 Wdf01000 - ok

08:10:05.0889 8028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:10:05.0928 8028 WdiServiceHost - ok

08:10:05.0931 8028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:10:05.0983 8028 WdiSystemHost - ok

08:10:05.0994 8028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:10:06.0014 8028 WebClient - ok

08:10:06.0023 8028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:10:06.0064 8028 Wecsvc - ok

08:10:06.0072 8028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:10:06.0098 8028 wercplsupport - ok

08:10:06.0105 8028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:10:06.0157 8028 WerSvc - ok

08:10:06.0166 8028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:10:06.0192 8028 WfpLwf - ok

08:10:06.0200 8028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:10:06.0205 8028 WIMMount - ok

08:10:06.0208 8028 WinHttpAutoProxySvc - ok

08:10:06.0218 8028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:10:06.0243 8028 Winmgmt - ok

08:10:06.0275 8028 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:10:06.0430 8028 WinRM - ok

08:10:06.0449 8028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

08:10:06.0459 8028 WinUsb - ok

08:10:06.0479 8028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:10:06.0504 8028 Wlansvc - ok

08:10:06.0512 8028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

08:10:06.0521 8028 WmiAcpi - ok

08:10:06.0532 8028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:10:06.0541 8028 wmiApSrv - ok

08:10:06.0547 8028 WMPNetworkSvc - ok

08:10:06.0555 8028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:10:06.0566 8028 WPCSvc - ok

08:10:06.0575 8028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:10:06.0592 8028 WPDBusEnum - ok

08:10:06.0600 8028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:10:06.0627 8028 ws2ifsl - ok

08:10:06.0633 8028 WSearch - ok

08:10:06.0663 8028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

08:10:06.0713 8028 wuauserv - ok

08:10:06.0722 8028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:10:06.0745 8028 WudfPf - ok

08:10:06.0755 8028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:10:06.0780 8028 WUDFRd - ok

08:10:06.0788 8028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:10:06.0813 8028 wudfsvc - ok

08:10:06.0822 8028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:10:06.0839 8028 WwanSvc - ok

08:10:06.0845 8028 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

08:10:06.0845 8028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

08:10:06.0845 8028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

08:10:06.0865 8028 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:10:06.0865 8028 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:10:06.0867 8028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

08:10:06.0917 8028 \Device\Harddisk1\DR1 - ok

08:10:06.0918 8028 Boot (0x1200) (54961eeb71546339d6b36d065b5e0769) \Device\Harddisk0\DR0\Partition0

08:10:06.0919 8028 \Device\Harddisk0\DR0\Partition0 - ok

08:10:06.0920 8028 Boot (0x1200) (b7015f65846113e84d8101b0c562973a) \Device\Harddisk1\DR1\Partition0

08:10:06.0921 8028 \Device\Harddisk1\DR1\Partition0 - ok

08:10:06.0921 8028 ============================================================

08:10:06.0921 8028 Scan finished

08:10:06.0921 8028 ============================================================

08:10:06.0926 7712 Detected object count: 2

08:10:06.0927 7712 Actual detected object count: 2

08:10:40.0739 7712 \Device\Harddisk0\DR0\# - copied to quarantine

08:10:40.0739 7712 \Device\Harddisk0\DR0 - copied to quarantine

08:10:40.0788 7712 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

08:10:40.0790 7712 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

08:10:40.0792 7712 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

08:10:40.0794 7712 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

08:10:40.0822 7712 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

08:10:40.0826 7712 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

08:10:40.0827 7712 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

08:10:40.0827 7712 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

08:10:40.0828 7712 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

08:10:40.0829 7712 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

08:10:40.0830 7712 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

08:10:40.0831 7712 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

08:10:40.0833 7712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

08:10:40.0833 7712 \Device\Harddisk0\DR0 - ok

08:10:40.0874 7712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

08:10:40.0875 7712 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:10:40.0875 7712 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:10:48.0044 5884 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.12.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Zauper :: JEFF-DESKTOP [administrator]

4/12/2012 8:13:27 AM

mbam-log-2012-04-12 (08-13-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209151

Time elapsed: 57 second(s)

Memory Processes Detected: 2

C:\ProgramData\cpQeUCMUEXwA.exe (Backdoor.Agent.RCGen) -> 2408 -> Delete on reboot.

C:\ProgramData\5hGr3Yb34RdAPS.exe (Backdoor.Agent.RCGen) -> 5292 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cpQeUCMUEXwA.exe (Backdoor.Agent.RCGen) -> Data: C:\ProgramData\cpQeUCMUEXwA.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\ProgramData\cpQeUCMUEXwA.exe (Backdoor.Agent.RCGen) -> Delete on reboot.

C:\ProgramData\5hGr3Yb34RdAPS.exe (Backdoor.Agent.RCGen) -> Delete on reboot.

C:\ProgramData\5RC36vXD.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\ProgramData\5RC36vXD.exe_ (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Windows\Temp\hj8ol0.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.4149271762178596 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Zauper at 8:21:42 on 2012-04-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5834 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\Logmein\x64\RaMaint.exe

C:\Program Files (x86)\Logmein\x64\LogMeIn.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Logmein\x64\LogMeInSystray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [CCProxy] C:\CCProxy\CCProxy.exe

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [utopia Angel] "C:\Utopia\Angel\Angel.exe"

uRun: [Google Update] "C:\Users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [VerCheck] "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe"

dRun: [update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\sgpeue.dll",DllRegisterServer

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex

StartupFolder: C:\Users\Zauper\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0D9206FB-8156-45E3-AF6E-0D7CFB4016D1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BC65B2B2-B3CA-4086-9859-163208BF2983} : DhcpNameServer = 192.168.1.1 71.252.0.12

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Zauper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=

FF - user.js: extensions.funmoods_i.id - a4615e2600000000000054e6fc9aa47a

FF - user.js: extensions.funmoods_i.instlDay - 15387

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:34:07

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe [2011-6-8 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\Logmein\x64\rainfo.sys [2011-1-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 mcproxy;Pvservice;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-22 2358656]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-12 12:12:34 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-04-12 12:10:40 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-11 14:22:57 -------- d-----w- C:\Program Files\CCleaner

2012-04-11 04:11:46 -------- d-----we C:\Windows\system64

2012-04-10 08:32:10 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67AE8DC8-F468-41F6-B3FC-D895D4C38709}\mpengine.dll

2012-04-05 12:48:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-05 12:48:05 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-04 23:15:30 -------- d-----w- C:\Users\Zauper\AppData\Roaming\Malwarebytes

2012-04-04 23:15:25 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-04 23:15:24 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-04 23:15:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-03 19:41:18 101888 ----a-w- C:\Windows\System32\comprcfg64.dll

2012-03-30 23:41:49 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-03-30 23:41:48 -------- d-----w- C:\Program Files (x86)\Steam

2012-03-30 23:41:33 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll

2012-03-30 23:41:33 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll

2012-03-30 23:41:33 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll

2012-03-30 23:41:33 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll

2012-03-30 23:41:32 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll

2012-03-30 23:41:32 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2012-03-29 16:05:22 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-29 16:05:22 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-25 11:57:32 -------- d-----w- C:\Users\Zauper\.android

2012-03-25 03:49:48 -------- d-----w- C:\Program Files\SAMSUNG

2012-03-25 03:49:20 -------- d-----w- C:\ProgramData\Samsung

2012-03-20 21:05:07 -------- d-----w- C:\Users\Zauper\AppData\Roaming\OpenOffice.org

2012-03-20 21:04:41 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

.

==================== Find3M ====================

.

2012-03-25 15:21:14 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2012-03-25 15:21:14 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll

2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-16 04:24:38 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-02-07 23:36:07 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-02-07 23:36:07 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2012-02-07 23:36:07 34688 ----a-w- C:\Windows\System32\LMIport.dll

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 8:21:57.14 ===============

Link to post
Share on other sites

Very good job! :)

Step 1

Please re-run TDSSKiller and use Delete option for this entrie:

08:10:40.0875 7712 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi Maniac,

I've done what you asked, and when I booted back up, my desktop was all hidden again (but unhide.exe once again brought it back).

However, I did not get a C:/ combofix.txt file after it finished running. Should I run it again to get a log?

Beyond that, I ran MBAM after I rebooted after combofix, and it encountered more spyware.

TDSKiller log:

10:00:13.0706 6012 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

10:00:14.0065 6012 ============================================================

10:00:14.0065 6012 Current date / time: 2012/04/12 10:00:14.0065

10:00:14.0065 6012 SystemInfo:

10:00:14.0065 6012

10:00:14.0065 6012 OS Version: 6.1.7601 ServicePack: 1.0

10:00:14.0065 6012 Product type: Workstation

10:00:14.0065 6012 ComputerName: JEFF-DESKTOP

10:00:14.0065 6012 UserName: Zauper

10:00:14.0065 6012 Windows directory: C:\Windows

10:00:14.0065 6012 System windows directory: C:\Windows

10:00:14.0065 6012 Running under WOW64

10:00:14.0065 6012 Processor architecture: Intel x64

10:00:14.0065 6012 Number of processors: 4

10:00:14.0065 6012 Page size: 0x1000

10:00:14.0065 6012 Boot type: Normal boot

10:00:14.0065 6012 ============================================================

10:00:14.0346 6012 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:00:14.0362 6012 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:00:14.0377 6012 \Device\Harddisk0\DR0:

10:00:14.0377 6012 MBR used

10:00:14.0377 6012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800

10:00:14.0377 6012 \Device\Harddisk1\DR1:

10:00:14.0377 6012 MBR used

10:00:14.0377 6012 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

10:00:14.0393 6012 Initialize success

10:00:14.0393 6012 ============================================================

10:00:23.0295 3480 ============================================================

10:00:23.0295 3480 Scan started

10:00:23.0295 3480 Mode: Manual; SigCheck; TDLFS;

10:00:23.0295 3480 ============================================================

10:00:23.0420 3480 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

10:00:23.0466 3480 1394ohci - ok

10:00:23.0482 3480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:00:23.0498 3480 ACPI - ok

10:00:23.0498 3480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:00:23.0529 3480 AcpiPmi - ok

10:00:23.0529 3480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:00:23.0544 3480 AdobeARMservice - ok

10:00:23.0560 3480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:00:23.0576 3480 adp94xx - ok

10:00:23.0591 3480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:00:23.0607 3480 adpahci - ok

10:00:23.0622 3480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:00:23.0638 3480 adpu320 - ok

10:00:23.0638 3480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:00:23.0700 3480 AeLookupSvc - ok

10:00:23.0716 3480 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:00:23.0732 3480 AFD - ok

10:00:23.0747 3480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:00:23.0747 3480 agp440 - ok

10:00:23.0763 3480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:00:23.0778 3480 ALG - ok

10:00:23.0778 3480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:00:23.0794 3480 aliide - ok

10:00:23.0794 3480 AMD External Events Utility (582a40970d43628b9f60dcd18500c051) C:\Windows\system32\atiesrxx.exe

10:00:23.0841 3480 AMD External Events Utility - ok

10:00:23.0841 3480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:00:23.0856 3480 amdide - ok

10:00:23.0856 3480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:00:23.0872 3480 AmdK8 - ok

10:00:23.0981 3480 amdkmdag (c8a09b711d0f332cf6fc75fbf7f539ba) C:\Windows\system32\DRIVERS\atikmdag.sys

10:00:24.0122 3480 amdkmdag - ok

10:00:24.0122 3480 amdkmdap (285da456fd69a2c99dd641bd3353ec9a) C:\Windows\system32\DRIVERS\atikmpag.sys

10:00:24.0137 3480 amdkmdap - ok

10:00:24.0137 3480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:00:24.0153 3480 AmdPPM - ok

10:00:24.0153 3480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:00:24.0168 3480 amdsata - ok

10:00:24.0168 3480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:00:24.0184 3480 amdsbs - ok

10:00:24.0184 3480 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:00:24.0184 3480 amdxata - ok

10:00:24.0200 3480 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:00:24.0278 3480 AppID - ok

10:00:24.0293 3480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:00:24.0309 3480 AppIDSvc - ok

10:00:24.0324 3480 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:00:24.0340 3480 Appinfo - ok

10:00:24.0356 3480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:00:24.0356 3480 arc - ok

10:00:24.0356 3480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:00:24.0371 3480 arcsas - ok

10:00:24.0371 3480 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:00:24.0387 3480 aspnet_state - ok

10:00:24.0387 3480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:00:24.0418 3480 AsyncMac - ok

10:00:24.0434 3480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:00:24.0434 3480 atapi - ok

10:00:24.0465 3480 athr (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys

10:00:24.0496 3480 athr - ok

10:00:24.0512 3480 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:00:24.0558 3480 AudioEndpointBuilder - ok

10:00:24.0574 3480 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:00:24.0590 3480 AudioSrv - ok

10:00:24.0605 3480 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:00:24.0621 3480 AxInstSV - ok

10:00:24.0636 3480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

10:00:24.0652 3480 b06bdrv - ok

10:00:24.0652 3480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:00:24.0668 3480 b57nd60a - ok

10:00:24.0683 3480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:00:24.0683 3480 BDESVC - ok

10:00:24.0699 3480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:00:24.0714 3480 Beep - ok

10:00:24.0730 3480 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:00:24.0761 3480 BITS - ok

10:00:24.0761 3480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:00:24.0777 3480 blbdrive - ok

10:00:24.0777 3480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:00:24.0792 3480 bowser - ok

10:00:24.0808 3480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

10:00:24.0839 3480 BrFiltLo - ok

10:00:24.0855 3480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

10:00:24.0870 3480 BrFiltUp - ok

10:00:24.0870 3480 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:00:24.0917 3480 Browser - ok

10:00:24.0933 3480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:00:24.0948 3480 Brserid - ok

10:00:24.0948 3480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:00:24.0964 3480 BrSerWdm - ok

10:00:24.0964 3480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:00:24.0980 3480 BrUsbMdm - ok

10:00:24.0980 3480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:00:24.0995 3480 BrUsbSer - ok

10:00:25.0011 3480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

10:00:25.0011 3480 BTHMODEM - ok

10:00:25.0026 3480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:00:25.0042 3480 bthserv - ok

10:00:25.0058 3480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:00:25.0073 3480 cdfs - ok

10:00:25.0089 3480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:00:25.0089 3480 cdrom - ok

10:00:25.0104 3480 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:00:25.0120 3480 CertPropSvc - ok

10:00:25.0136 3480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

10:00:25.0136 3480 circlass - ok

10:00:25.0151 3480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:00:25.0151 3480 CLFS - ok

10:00:25.0167 3480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:00:25.0167 3480 clr_optimization_v2.0.50727_32 - ok

10:00:25.0167 3480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:00:25.0182 3480 clr_optimization_v2.0.50727_64 - ok

10:00:25.0182 3480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:00:25.0182 3480 clr_optimization_v4.0.30319_32 - ok

10:00:25.0198 3480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:00:25.0198 3480 clr_optimization_v4.0.30319_64 - ok

10:00:25.0214 3480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

10:00:25.0214 3480 CmBatt - ok

10:00:25.0214 3480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:00:25.0229 3480 cmdide - ok

10:00:25.0245 3480 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:00:25.0245 3480 CNG - ok

10:00:25.0260 3480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

10:00:25.0260 3480 Compbatt - ok

10:00:25.0276 3480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

10:00:25.0276 3480 CompositeBus - ok

10:00:25.0292 3480 COMSysApp - ok

10:00:25.0292 3480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

10:00:25.0307 3480 crcdisk - ok

10:00:25.0307 3480 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

10:00:25.0338 3480 CryptSvc - ok

10:00:25.0338 3480 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

10:00:25.0354 3480 ctxusbm - ok

10:00:25.0354 3480 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:00:25.0416 3480 DcomLaunch - ok

10:00:25.0416 3480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:00:25.0448 3480 defragsvc - ok

10:00:25.0463 3480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:00:25.0479 3480 DfsC - ok

10:00:25.0494 3480 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys

10:00:25.0494 3480 dg_ssudbus - ok

10:00:25.0510 3480 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:00:25.0541 3480 Dhcp - ok

10:00:25.0557 3480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:00:25.0572 3480 discache - ok

10:00:25.0588 3480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

10:00:25.0588 3480 Disk - ok

10:00:25.0588 3480 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:00:25.0604 3480 Dnscache - ok

10:00:25.0619 3480 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:00:25.0635 3480 dot3svc - ok

10:00:25.0635 3480 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:00:25.0666 3480 DPS - ok

10:00:25.0666 3480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:00:25.0682 3480 drmkaud - ok

10:00:25.0697 3480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:00:25.0713 3480 DXGKrnl - ok

10:00:25.0713 3480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:00:25.0744 3480 EapHost - ok

10:00:25.0775 3480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

10:00:25.0822 3480 ebdrv - ok

10:00:25.0822 3480 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:00:25.0838 3480 EFS - ok

10:00:25.0838 3480 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:00:25.0853 3480 ehRecvr - ok

10:00:25.0853 3480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:00:25.0869 3480 ehSched - ok

10:00:25.0884 3480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

10:00:25.0900 3480 elxstor - ok

10:00:25.0916 3480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:00:25.0916 3480 ErrDev - ok

10:00:25.0931 3480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:00:25.0962 3480 EventSystem - ok

10:00:25.0962 3480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:00:25.0994 3480 exfat - ok

10:00:25.0994 3480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:00:26.0025 3480 fastfat - ok

10:00:26.0040 3480 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:00:26.0056 3480 Fax - ok

10:00:26.0056 3480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:00:26.0072 3480 fdc - ok

10:00:26.0072 3480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:00:26.0118 3480 fdPHost - ok

10:00:26.0118 3480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:00:26.0150 3480 FDResPub - ok

10:00:26.0150 3480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:00:26.0150 3480 FileInfo - ok

10:00:26.0165 3480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:00:26.0181 3480 Filetrace - ok

10:00:26.0196 3480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

10:00:26.0196 3480 flpydisk - ok

10:00:26.0212 3480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:00:26.0212 3480 FltMgr - ok

10:00:26.0228 3480 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:00:26.0274 3480 FontCache - ok

10:00:26.0274 3480 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:00:26.0274 3480 FontCache3.0.0.0 - ok

10:00:26.0290 3480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:00:26.0306 3480 FsDepends - ok

10:00:26.0306 3480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:00:26.0321 3480 Fs_Rec - ok

10:00:26.0321 3480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:00:26.0337 3480 fvevol - ok

10:00:26.0352 3480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

10:00:26.0352 3480 gagp30kx - ok

10:00:26.0368 3480 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:00:26.0399 3480 gpsvc - ok

10:00:26.0415 3480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:00:26.0430 3480 hcw85cir - ok

10:00:26.0430 3480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:00:26.0446 3480 HdAudAddService - ok

10:00:26.0462 3480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:00:26.0477 3480 HDAudBus - ok

10:00:26.0493 3480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

10:00:26.0493 3480 HidBatt - ok

10:00:26.0508 3480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

10:00:26.0508 3480 HidBth - ok

10:00:26.0524 3480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

10:00:26.0540 3480 HidIr - ok

10:00:26.0540 3480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

10:00:26.0571 3480 hidserv - ok

10:00:26.0571 3480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:00:26.0586 3480 HidUsb - ok

10:00:26.0586 3480 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:00:26.0633 3480 hkmsvc - ok

10:00:26.0649 3480 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:00:26.0649 3480 HomeGroupListener - ok

10:00:26.0664 3480 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:00:26.0680 3480 HomeGroupProvider - ok

10:00:26.0680 3480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:00:26.0696 3480 HpSAMD - ok

10:00:26.0711 3480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:00:26.0742 3480 HTTP - ok

10:00:26.0758 3480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:00:26.0758 3480 hwpolicy - ok

10:00:26.0774 3480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:00:26.0774 3480 i8042prt - ok

10:00:26.0789 3480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:00:26.0805 3480 iaStorV - ok

10:00:26.0836 3480 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:00:26.0867 3480 idsvc - ok

10:00:26.0867 3480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

10:00:26.0883 3480 iirsp - ok

10:00:26.0898 3480 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:00:26.0945 3480 IKEEXT - ok

10:00:26.0961 3480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:00:26.0961 3480 intelide - ok

10:00:26.0961 3480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:00:26.0976 3480 intelppm - ok

10:00:26.0976 3480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:00:27.0008 3480 IPBusEnum - ok

10:00:27.0023 3480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:00:27.0039 3480 IpFilterDriver - ok

10:00:27.0054 3480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:00:27.0054 3480 IPMIDRV - ok

10:00:27.0070 3480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:00:27.0101 3480 IPNAT - ok

10:00:27.0117 3480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:00:27.0117 3480 IRENUM - ok

10:00:27.0132 3480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:00:27.0132 3480 isapnp - ok

10:00:27.0148 3480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:00:27.0148 3480 iScsiPrt - ok

10:00:27.0164 3480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:00:27.0164 3480 kbdclass - ok

10:00:27.0179 3480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

10:00:27.0179 3480 kbdhid - ok

10:00:27.0195 3480 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:00:27.0195 3480 KeyIso - ok

10:00:27.0210 3480 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:00:27.0210 3480 KSecDD - ok

10:00:27.0226 3480 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:00:27.0242 3480 KSecPkg - ok

10:00:27.0242 3480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:00:27.0273 3480 ksthunk - ok

10:00:27.0273 3480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:00:27.0304 3480 KtmRm - ok

10:00:27.0320 3480 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

10:00:27.0335 3480 LanmanServer - ok

10:00:27.0351 3480 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:00:27.0366 3480 LanmanWorkstation - ok

10:00:27.0382 3480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:00:27.0398 3480 lltdio - ok

10:00:27.0413 3480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:00:27.0429 3480 lltdsvc - ok

10:00:27.0444 3480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:00:27.0460 3480 lmhosts - ok

10:00:27.0460 3480 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\Logmein\x64\LMIGuardianSvc.exe

10:00:27.0476 3480 LMIGuardianSvc - ok

10:00:27.0476 3480 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\Logmein\x64\RaInfo.sys

10:00:27.0476 3480 LMIInfo - ok

10:00:27.0491 3480 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\Logmein\x64\RaMaint.exe

10:00:27.0491 3480 LMIMaint - ok

10:00:27.0491 3480 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

10:00:27.0507 3480 lmimirr - ok

10:00:27.0507 3480 LMIRfsClientNP - ok

10:00:27.0522 3480 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

10:00:27.0522 3480 LMIRfsDriver - ok

10:00:27.0522 3480 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\Logmein\x64\LogMeIn.exe

10:00:27.0538 3480 LogMeIn - ok

10:00:27.0538 3480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

10:00:27.0554 3480 LSI_FC - ok

10:00:27.0554 3480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

10:00:27.0569 3480 LSI_SAS - ok

10:00:27.0569 3480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

10:00:27.0585 3480 LSI_SAS2 - ok

10:00:27.0585 3480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

10:00:27.0585 3480 LSI_SCSI - ok

10:00:27.0600 3480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:00:27.0616 3480 luafv - ok

10:00:27.0632 3480 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:00:27.0632 3480 Mcx2Svc - ok

10:00:27.0647 3480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

10:00:27.0647 3480 megasas - ok

10:00:27.0663 3480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

10:00:27.0663 3480 MegaSR - ok

10:00:27.0678 3480 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

10:00:27.0678 3480 MEIx64 - ok

10:00:27.0694 3480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:00:27.0710 3480 MMCSS - ok

10:00:27.0725 3480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:00:27.0741 3480 Modem - ok

10:00:27.0741 3480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:00:27.0756 3480 monitor - ok

10:00:27.0756 3480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:00:27.0772 3480 mouclass - ok

10:00:27.0772 3480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:00:27.0788 3480 mouhid - ok

10:00:27.0788 3480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:00:27.0803 3480 mountmgr - ok

10:00:27.0834 3480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:00:27.0850 3480 mpio - ok

10:00:27.0850 3480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:00:27.0881 3480 mpsdrv - ok

10:00:27.0897 3480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:00:27.0912 3480 MRxDAV - ok

10:00:27.0928 3480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:00:27.0928 3480 mrxsmb - ok

10:00:27.0944 3480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:00:27.0959 3480 mrxsmb10 - ok

10:00:27.0959 3480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:00:27.0975 3480 mrxsmb20 - ok

10:00:27.0990 3480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:00:28.0006 3480 msahci - ok

10:00:28.0006 3480 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:00:28.0022 3480 msdsm - ok

10:00:28.0037 3480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:00:28.0053 3480 MSDTC - ok

10:00:28.0068 3480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:00:28.0100 3480 Msfs - ok

10:00:28.0100 3480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:00:28.0131 3480 mshidkmdf - ok

10:00:28.0131 3480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:00:28.0131 3480 msisadrv - ok

10:00:28.0146 3480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:00:28.0162 3480 MSiSCSI - ok

10:00:28.0178 3480 msiserver - ok

10:00:28.0178 3480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:00:28.0209 3480 MSKSSRV - ok

10:00:28.0209 3480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:00:28.0240 3480 MSPCLOCK - ok

10:00:28.0240 3480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:00:28.0271 3480 MSPQM - ok

10:00:28.0271 3480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:00:28.0287 3480 MsRPC - ok

10:00:28.0302 3480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

10:00:28.0302 3480 mssmbios - ok

10:00:28.0302 3480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:00:28.0334 3480 MSTEE - ok

10:00:28.0334 3480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

10:00:28.0349 3480 MTConfig - ok

10:00:28.0349 3480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:00:28.0365 3480 Mup - ok

10:00:28.0365 3480 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:00:28.0396 3480 napagent - ok

10:00:28.0412 3480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:00:28.0427 3480 NativeWifiP - ok

10:00:28.0443 3480 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:00:28.0458 3480 NDIS - ok

10:00:28.0458 3480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:00:28.0490 3480 NdisCap - ok

10:00:28.0490 3480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:00:28.0505 3480 NdisTapi - ok

10:00:28.0521 3480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:00:28.0536 3480 Ndisuio - ok

10:00:28.0552 3480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:00:28.0583 3480 NdisWan - ok

10:00:28.0583 3480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:00:28.0630 3480 NDProxy - ok

10:00:28.0646 3480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:00:28.0661 3480 NetBIOS - ok

10:00:28.0677 3480 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:00:28.0692 3480 NetBT - ok

10:00:28.0708 3480 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:00:28.0708 3480 Netlogon - ok

10:00:28.0724 3480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:00:28.0739 3480 Netman - ok

10:00:28.0755 3480 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:00:28.0755 3480 NetMsmqActivator - ok

10:00:28.0755 3480 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:00:28.0755 3480 NetPipeActivator - ok

10:00:28.0770 3480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:00:28.0802 3480 netprofm - ok

10:00:28.0817 3480 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:00:28.0833 3480 NetTcpActivator - ok

10:00:28.0833 3480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:00:28.0833 3480 NetTcpPortSharing - ok

10:00:28.0848 3480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

10:00:28.0848 3480 nfrd960 - ok

10:00:28.0864 3480 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:00:28.0895 3480 NlaSvc - ok

10:00:28.0895 3480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:00:28.0942 3480 Npfs - ok

10:00:28.0942 3480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:00:28.0973 3480 nsi - ok

10:00:28.0973 3480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:00:28.0989 3480 nsiproxy - ok

10:00:29.0020 3480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:00:29.0051 3480 Ntfs - ok

10:00:29.0051 3480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:00:29.0082 3480 Null - ok

10:00:29.0082 3480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:00:29.0098 3480 nvraid - ok

10:00:29.0098 3480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:00:29.0114 3480 nvstor - ok

10:00:29.0114 3480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:00:29.0129 3480 nv_agp - ok

10:00:29.0129 3480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:00:29.0145 3480 ohci1394 - ok

10:00:29.0145 3480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:00:29.0160 3480 p2pimsvc - ok

10:00:29.0176 3480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:00:29.0192 3480 p2psvc - ok

10:00:29.0207 3480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

10:00:29.0223 3480 Parport - ok

10:00:29.0223 3480 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:00:29.0238 3480 partmgr - ok

10:00:29.0254 3480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:00:29.0270 3480 PcaSvc - ok

10:00:29.0285 3480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:00:29.0301 3480 pci - ok

10:00:29.0301 3480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:00:29.0316 3480 pciide - ok

10:00:29.0332 3480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

10:00:29.0348 3480 pcmcia - ok

10:00:29.0348 3480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:00:29.0363 3480 pcw - ok

10:00:29.0379 3480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:00:29.0426 3480 PEAUTH - ok

10:00:29.0426 3480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:00:29.0441 3480 PerfHost - ok

10:00:29.0457 3480 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:00:29.0535 3480 pla - ok

10:00:29.0550 3480 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:00:29.0566 3480 PlugPlay - ok

10:00:29.0582 3480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:00:29.0597 3480 PNRPAutoReg - ok

10:00:29.0597 3480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:00:29.0628 3480 PNRPsvc - ok

10:00:29.0628 3480 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:00:29.0691 3480 PolicyAgent - ok

10:00:29.0706 3480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:00:29.0753 3480 Power - ok

10:00:29.0753 3480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:00:29.0784 3480 PptpMiniport - ok

10:00:29.0831 3480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

10:00:29.0831 3480 Processor - ok

10:00:29.0847 3480 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

10:00:29.0878 3480 ProfSvc - ok

10:00:29.0878 3480 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:00:29.0894 3480 ProtectedStorage - ok

10:00:29.0894 3480 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:00:29.0940 3480 Psched - ok

10:00:29.0956 3480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

10:00:30.0003 3480 ql2300 - ok

10:00:30.0003 3480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

10:00:30.0018 3480 ql40xx - ok

10:00:30.0034 3480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:00:30.0050 3480 QWAVE - ok

10:00:30.0065 3480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:00:30.0081 3480 QWAVEdrv - ok

10:00:30.0081 3480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:00:30.0112 3480 RasAcd - ok

10:00:30.0128 3480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:00:30.0143 3480 RasAgileVpn - ok

10:00:30.0159 3480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:00:30.0174 3480 RasAuto - ok

10:00:30.0190 3480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:00:30.0206 3480 Rasl2tp - ok

10:00:30.0221 3480 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:00:30.0252 3480 RasMan - ok

10:00:30.0252 3480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:00:30.0284 3480 RasPppoe - ok

10:00:30.0299 3480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:00:30.0315 3480 RasSstp - ok

10:00:30.0330 3480 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:00:30.0346 3480 rdbss - ok

10:00:30.0362 3480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

10:00:30.0362 3480 rdpbus - ok

10:00:30.0377 3480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:00:30.0393 3480 RDPCDD - ok

10:00:30.0408 3480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:00:30.0424 3480 RDPENCDD - ok

10:00:30.0440 3480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:00:30.0455 3480 RDPREFMP - ok

10:00:30.0455 3480 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:00:30.0486 3480 RDPWD - ok

10:00:30.0486 3480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:00:30.0502 3480 rdyboost - ok

10:00:30.0502 3480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:00:30.0533 3480 RemoteAccess - ok

10:00:30.0533 3480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:00:30.0564 3480 RemoteRegistry - ok

10:00:30.0564 3480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:00:30.0596 3480 RpcEptMapper - ok

10:00:30.0596 3480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:00:30.0596 3480 RpcLocator - ok

10:00:30.0611 3480 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:00:30.0658 3480 RpcSs - ok

10:00:30.0658 3480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:00:30.0689 3480 rspndr - ok

10:00:30.0705 3480 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:\Windows\system32\DRIVERS\Rtlh64.sys

10:00:30.0705 3480 RTL8169 - ok

10:00:30.0720 3480 RzSynapse (bedafaf4524c00edc068de3adf151f9d) C:\Windows\system32\DRIVERS\RzSynapse.sys

10:00:30.0720 3480 RzSynapse - ok

10:00:30.0736 3480 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:00:30.0736 3480 SamSs - ok

10:00:30.0752 3480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:00:30.0752 3480 sbp2port - ok

10:00:30.0767 3480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:00:30.0783 3480 SCardSvr - ok

10:00:30.0830 3480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:00:30.0861 3480 scfilter - ok

10:00:30.0876 3480 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:00:30.0908 3480 Schedule - ok

10:00:30.0923 3480 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:00:30.0939 3480 SCPolicySvc - ok

10:00:30.0954 3480 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:00:30.0954 3480 SDRSVC - ok

10:00:30.0970 3480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:00:30.0986 3480 secdrv - ok

10:00:30.0986 3480 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:00:31.0017 3480 seclogon - ok

10:00:31.0017 3480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

10:00:31.0032 3480 SENS - ok

10:00:31.0048 3480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:00:31.0048 3480 SensrSvc - ok

10:00:31.0064 3480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:00:31.0064 3480 Serenum - ok

10:00:31.0079 3480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:00:31.0079 3480 Serial - ok

10:00:31.0095 3480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

10:00:31.0095 3480 sermouse - ok

10:00:31.0110 3480 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:00:31.0157 3480 SessionEnv - ok

10:00:31.0173 3480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:00:31.0188 3480 sffdisk - ok

10:00:31.0188 3480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:00:31.0204 3480 sffp_mmc - ok

10:00:31.0204 3480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:00:31.0220 3480 sffp_sd - ok

10:00:31.0220 3480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

10:00:31.0235 3480 sfloppy - ok

10:00:31.0235 3480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:00:31.0266 3480 SharedAccess - ok

10:00:31.0282 3480 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:00:31.0298 3480 ShellHWDetection - ok

10:00:31.0313 3480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

10:00:31.0313 3480 SiSRaid2 - ok

10:00:31.0329 3480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

10:00:31.0329 3480 SiSRaid4 - ok

10:00:31.0344 3480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:00:31.0376 3480 Smb - ok

10:00:31.0407 3480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:00:31.0407 3480 SNMPTRAP - ok

10:00:31.0422 3480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:00:31.0422 3480 spldr - ok

10:00:31.0438 3480 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:00:31.0469 3480 Spooler - ok

10:00:31.0532 3480 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:00:31.0641 3480 sppsvc - ok

10:00:31.0641 3480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:00:31.0672 3480 sppuinotify - ok

10:00:31.0688 3480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:00:31.0703 3480 srv - ok

10:00:31.0719 3480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:00:31.0719 3480 srv2 - ok

10:00:31.0734 3480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:00:31.0750 3480 srvnet - ok

10:00:31.0766 3480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:00:31.0812 3480 SSDPSRV - ok

10:00:31.0844 3480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:00:31.0890 3480 SstpSvc - ok

10:00:31.0890 3480 Steam Client Service - ok

10:00:31.0906 3480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

10:00:31.0906 3480 stexstor - ok

10:00:31.0922 3480 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:00:31.0953 3480 stisvc - ok

10:00:31.0968 3480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

10:00:31.0968 3480 swenum - ok

10:00:31.0984 3480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:00:32.0015 3480 swprv - ok

10:00:32.0031 3480 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:00:32.0062 3480 SysMain - ok

10:00:32.0078 3480 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:00:32.0078 3480 TabletInputService - ok

10:00:32.0093 3480 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:00:32.0124 3480 TapiSrv - ok

10:00:32.0124 3480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:00:32.0156 3480 TBS - ok

10:00:32.0187 3480 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:00:32.0218 3480 Tcpip - ok

10:00:32.0249 3480 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:00:32.0280 3480 TCPIP6 - ok

10:00:32.0296 3480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:00:32.0312 3480 tcpipreg - ok

10:00:32.0327 3480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:00:32.0327 3480 TDPIPE - ok

10:00:32.0343 3480 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:00:32.0358 3480 TDTCP - ok

10:00:32.0374 3480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:00:32.0390 3480 tdx - ok

10:00:32.0405 3480 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

10:00:32.0436 3480 TeamViewer6 - ok

10:00:32.0452 3480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

10:00:32.0452 3480 TermDD - ok

10:00:32.0468 3480 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:00:32.0514 3480 TermService - ok

10:00:32.0514 3480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:00:32.0530 3480 Themes - ok

10:00:32.0530 3480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:00:32.0577 3480 THREADORDER - ok

10:00:32.0577 3480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:00:32.0608 3480 TrkWks - ok

10:00:32.0608 3480 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:00:32.0624 3480 TrustedInstaller - ok

10:00:32.0639 3480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:00:32.0655 3480 tssecsrv - ok

10:00:32.0670 3480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:00:32.0670 3480 TsUsbFlt - ok

10:00:32.0686 3480 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

10:00:32.0686 3480 TsUsbGD - ok

10:00:32.0702 3480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:00:32.0733 3480 tunnel - ok

10:00:32.0748 3480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

10:00:32.0748 3480 uagp35 - ok

10:00:32.0764 3480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:00:32.0780 3480 udfs - ok

10:00:32.0795 3480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:00:32.0795 3480 UI0Detect - ok

10:00:32.0826 3480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:00:32.0842 3480 uliagpkx - ok

10:00:32.0842 3480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:00:32.0858 3480 umbus - ok

10:00:32.0873 3480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

10:00:32.0889 3480 UmPass - ok

10:00:32.0904 3480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:00:32.0936 3480 upnphost - ok

10:00:32.0951 3480 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

10:00:32.0951 3480 usbaudio - ok

10:00:32.0967 3480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:00:32.0967 3480 usbccgp - ok

10:00:32.0982 3480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:00:32.0998 3480 usbcir - ok

10:00:32.0998 3480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:00:33.0014 3480 usbehci - ok

10:00:33.0014 3480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:00:33.0029 3480 usbhub - ok

10:00:33.0045 3480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:00:33.0060 3480 usbohci - ok

10:00:33.0060 3480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

10:00:33.0076 3480 usbprint - ok

10:00:33.0076 3480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:00:33.0092 3480 USBSTOR - ok

10:00:33.0107 3480 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:00:33.0107 3480 usbuhci - ok

10:00:33.0123 3480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:00:33.0138 3480 UxSms - ok

10:00:33.0154 3480 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:00:33.0154 3480 VaultSvc - ok

10:00:33.0170 3480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:00:33.0170 3480 vdrvroot - ok

10:00:33.0185 3480 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:00:33.0232 3480 vds - ok

10:00:33.0248 3480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:00:33.0263 3480 vga - ok

10:00:33.0263 3480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:00:33.0310 3480 VgaSave - ok

10:00:33.0326 3480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:00:33.0326 3480 vhdmp - ok

10:00:33.0341 3480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:00:33.0341 3480 viaide - ok

10:00:33.0357 3480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:00:33.0357 3480 volmgr - ok

10:00:33.0372 3480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:00:33.0388 3480 volmgrx - ok

10:00:33.0388 3480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:00:33.0404 3480 volsnap - ok

10:00:33.0419 3480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

10:00:33.0419 3480 vsmraid - ok

10:00:33.0450 3480 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:00:33.0482 3480 VSS - ok

10:00:33.0497 3480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:00:33.0513 3480 vwifibus - ok

10:00:33.0513 3480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:00:33.0528 3480 vwififlt - ok

10:00:33.0544 3480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:00:33.0575 3480 W32Time - ok

10:00:33.0575 3480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

10:00:33.0591 3480 WacomPen - ok

10:00:33.0591 3480 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:00:33.0622 3480 WANARP - ok

10:00:33.0638 3480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:00:33.0653 3480 Wanarpv6 - ok

10:00:33.0669 3480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:00:33.0716 3480 WatAdminSvc - ok

10:00:33.0747 3480 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:00:33.0794 3480 wbengine - ok

10:00:33.0794 3480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:00:33.0809 3480 WbioSrvc - ok

10:00:33.0825 3480 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:00:33.0840 3480 wcncsvc - ok

10:00:33.0856 3480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:00:33.0856 3480 WcsPlugInService - ok

10:00:33.0872 3480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

10:00:33.0872 3480 Wd - ok

10:00:33.0887 3480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:00:33.0903 3480 Wdf01000 - ok

10:00:33.0903 3480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:00:33.0934 3480 WdiServiceHost - ok

10:00:33.0934 3480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:00:33.0950 3480 WdiSystemHost - ok

10:00:33.0950 3480 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:00:33.0965 3480 WebClient - ok

10:00:33.0981 3480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:00:33.0996 3480 Wecsvc - ok

10:00:34.0012 3480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:00:34.0028 3480 wercplsupport - ok

10:00:34.0043 3480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:00:34.0059 3480 WerSvc - ok

10:00:34.0074 3480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:00:34.0090 3480 WfpLwf - ok

10:00:34.0106 3480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:00:34.0106 3480 WIMMount - ok

10:00:34.0106 3480 WinHttpAutoProxySvc - ok

10:00:34.0121 3480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:00:34.0152 3480 Winmgmt - ok

10:00:34.0184 3480 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:00:34.0262 3480 WinRM - ok

10:00:34.0277 3480 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:00:34.0277 3480 WinUsb - ok

10:00:34.0293 3480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:00:34.0308 3480 Wlansvc - ok

10:00:34.0324 3480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

10:00:34.0324 3480 WmiAcpi - ok

10:00:34.0340 3480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:00:34.0355 3480 wmiApSrv - ok

10:00:34.0355 3480 WMPNetworkSvc - ok

10:00:34.0355 3480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:00:34.0371 3480 WPCSvc - ok

10:00:34.0386 3480 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:00:34.0402 3480 WPDBusEnum - ok

10:00:34.0418 3480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:00:34.0449 3480 ws2ifsl - ok

10:00:34.0464 3480 WSearch - ok

10:00:34.0496 3480 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

10:00:34.0542 3480 wuauserv - ok

10:00:34.0558 3480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:00:34.0574 3480 WudfPf - ok

10:00:34.0589 3480 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:00:34.0605 3480 WUDFRd - ok

10:00:34.0620 3480 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:00:34.0636 3480 wudfsvc - ok

10:00:34.0652 3480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:00:34.0667 3480 WwanSvc - ok

10:00:34.0667 3480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:00:34.0683 3480 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:00:34.0683 3480 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:00:34.0683 3480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

10:00:34.0745 3480 \Device\Harddisk1\DR1 - ok

10:00:34.0745 3480 Boot (0x1200) (54961eeb71546339d6b36d065b5e0769) \Device\Harddisk0\DR0\Partition0

10:00:34.0745 3480 \Device\Harddisk0\DR0\Partition0 - ok

10:00:34.0745 3480 Boot (0x1200) (b7015f65846113e84d8101b0c562973a) \Device\Harddisk1\DR1\Partition0

10:00:34.0745 3480 \Device\Harddisk1\DR1\Partition0 - ok

10:00:34.0745 3480 ============================================================

10:00:34.0745 3480 Scan finished

10:00:34.0745 3480 ============================================================

10:00:34.0761 5256 Detected object count: 1

10:00:34.0761 5256 Actual detected object count: 1

10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:01:12.0345 5256 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:01:12.0360 5256 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:01:12.0360 5256 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:01:12.0360 5256 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:01:12.0376 5256 \Device\Harddisk0\DR0\TDLFS - deleted

10:01:12.0376 5256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

10:02:16.0176 5764 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.12.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Zauper :: JEFF-DESKTOP [administrator]

4/12/2012 6:12:09 PM

mbam-log-2012-04-12 (18-12-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202449

Time elapsed: 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Windows\System32\comprcfg.dll (Spyware.Banker.KGen) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\System32\comprcfg.dll (Spyware.Banker.KGen) -> Delete on reboot.

(end)

Link to post
Share on other sites

Scratch that, that was my own stupidity. Apparently I had not yet rebooted after combo fix ended and just thought I had because I had told it to via logmein.

Now I'm getting errors any time I try to do anything, telling me that the registry key is marked for deletion. I'll probably have to restore from earlier today if I can't get this working.

Link to post
Share on other sites

Reboot fixed that. Here's the combofix log:

ComboFix 12-04-12.01 - Zauper 04/12/2012 10:04:24.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6616 [GMT -4:00]

Running from: c:\users\Zauper\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\utopia\Angel\Angel.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\isRS-000.tmp

c:\windows\svchost.exe

c:\windows\System64

c:\windows\SysWow64\config\systemprofile\Appdata\local\svcxdcl32.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-12 12:10 . 2012-04-12 14:01 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-11 14:22 . 2012-04-12 13:26 -------- d-----w- c:\program files\CCleaner

2012-04-10 08:32 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67AE8DC8-F468-41F6-B3FC-D895D4C38709}\mpengine.dll

2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\Malwarebytes

2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\programdata\Malwarebytes

2012-04-04 23:15 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-04 23:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 19:41 . 2012-04-03 19:53 87552 ------w- c:\windows\SysWow64\comprcfg.dll

2012-04-03 19:41 . 2012-04-03 19:53 101888 ----a-w- c:\windows\system32\comprcfg64.dll

2012-04-03 07:03 . 2012-04-03 07:03 -------- d-----w- c:\windows\Sun

2012-03-30 23:41 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-03-30 23:41 . 2012-04-12 22:11 -------- d-----w- c:\program files (x86)\Steam

2012-03-30 23:41 . 2008-10-15 10:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2012-03-29 16:05 . 2012-03-29 16:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-29 16:05 . 2012-03-29 16:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-25 11:57 . 2012-04-12 13:26 -------- d-----w- c:\users\Zauper\.android

2012-03-25 03:49 . 2012-04-12 13:23 -------- d-----w- c:\program files\SAMSUNG

2012-03-25 03:49 . 2012-03-25 03:49 -------- d-----w- c:\programdata\Samsung

2012-03-20 21:05 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\OpenOffice.org

2012-03-20 21:04 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-25 15:21 . 2011-11-08 13:33 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-03-25 15:21 . 2011-11-08 13:33 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll

2012-02-23 13:18 . 2010-11-21 03:27 279656 ----a-w- c:\windows\system32\MpSigStub.exe

2012-02-16 04:24 . 2012-02-16 04:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-02-07 23:36 . 2011-06-27 11:33 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-07 23:36 . 2011-06-27 11:33 34688 ----a-w- c:\windows\system32\LMIport.dll

2012-02-07 23:36 . 2011-06-27 11:33 80768 ----a-w- c:\windows\system32\LMIinit.dll

2012-01-14 04:06 . 2012-02-15 23:03 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"CCProxy"="c:\ccproxy\CCProxy.exe" [2011-03-28 1165312]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-25 3077528]

"Utopia Angel"="c:\utopia\Angel\Angel.exe" [bU]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-30 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Razer StarcraftII Driver"="c:\program files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 98304]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"VerCheck"="c:\windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" [2012-04-11 46592]

.

c:\users\Zauper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\Logmein\x64\LMIGuardianSvc.exe [2012-02-07 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\Logmein\x64\RaInfo.sys [2011-01-11 15928]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000Core.job

- c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000UA.job

- c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\Logmein\x64\LogMeInSystray.exe" [2011-01-11 57928]

"combofix"="c:\combofix\CF1970.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=

FF - user.js: extensions.funmoods_i.id - a4615e2600000000000054e6fc9aa47a

FF - user.js: extensions.funmoods_i.instlDay - 15387

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:34

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-Run-Svc2dll - c:\windows\system32\config\systemprofile\AppData\Local\svcxdcl32.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-12 18:18:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-12 22:18

ComboFix2.txt 2012-04-12 13:17

.

Pre-Run: 7,814,381,568 bytes free

Post-Run: 7,277,109,248 bytes free

.

- - End Of File - - 32E0EC28FF8668A69E87EE28C3A6CC6E

Link to post
Share on other sites

Please don't run anything (Malwarebytes' Anti-Malware too) without my instructions. Follow my instructions strictly.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=108505

KillAll::

Collect::
c:\windows\SysWow64\comprcfg.dll
c:\windows\system32\comprcfg64.dll

FireFox::
FF - ProfilePath - c:\users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - a4615e2600000000000054e6fc9aa47a
FF - user.js: extensions.funmoods_i.instlDay - 15387
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:34
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi,

I did follow your instructions -- copied the text into notepad, saved it on my desktop, closed out of all programs, and dragged the CFScript.txt onto combofix.

When I pasted the text into notepad, it lost all formatting, so it didn't have any of the character returns/etc. Is that what you expected to have happen? I'll try again in either case after I hear from you.

Link to post
Share on other sites

When I copy/paste into notepad, it looks like this:

http://forums.malwarebytes.org/index.php?showtopic=108505KillAll::Collect::c:\windows\SysWow64\comprcfg.dllc:\windows\system32\comprcfg64.dllFireFox::FF - ProfilePath - c:\users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\FF - prefs.js: network.proxy.type - 0FF - user.js: extensions.funmoods_i.newTab - falseFF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=FF - user.js: extensions.funmoods_i.id - a4615e2600000000000054e6fc9aa47aFF - user.js: extensions.funmoods_i.instlDay - 15387FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:34FF - user.js: extensions.funmoods_i.prtnrId - funmoodsFF - user.js: extensions.funmoods_i.prdct - funmoodsFF - user.js: extensions.funmoods_i.aflt - axlFF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods_i.tlbrId - baseFF - user.js: extensions.funmoods_i.instlRef -FF - user.js: extensions.funmoods_i.dfltLng -FF - user.js: extensions.funmoods_i.excTlbr - falseJavaClearCache::

Does this make a difference? If so, I can copy each line individually.

Link to post
Share on other sites

Hi Maniac,

Here is the log file:

ComboFix 12-04-12.01 - Zauper 04/15/2012 9:51.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6507 [GMT -4:00]

Running from: c:\users\Zauper\Desktop\ComboFix.exe

Command switches used :: c:\users\Zauper\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\comprcfg64.dll

c:\windows\SysWow64\comprcfg.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))

.

.

2012-04-15 13:53 . 2012-04-15 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-15 09:22 . 2012-04-15 09:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0BABB98-F643-4458-ADD0-61B85F8AC193}\offreg.dll

2012-04-13 09:22 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0BABB98-F643-4458-ADD0-61B85F8AC193}\mpengine.dll

2012-04-12 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-12 12:10 . 2012-04-12 14:01 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-11 14:22 . 2012-04-12 13:26 -------- d-----w- c:\program files\CCleaner

2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-05 12:48 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\Malwarebytes

2012-04-04 23:15 . 2012-04-12 13:23 -------- d-----w- c:\programdata\Malwarebytes

2012-04-04 23:15 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-04 23:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 07:03 . 2012-04-03 07:03 -------- d-----w- c:\windows\Sun

2012-03-30 23:41 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-03-30 23:41 . 2012-04-15 13:47 -------- d-----w- c:\program files (x86)\Steam

2012-03-30 23:41 . 2008-10-15 10:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-03-30 23:41 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2012-03-29 16:05 . 2012-03-29 16:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-29 16:05 . 2012-03-29 16:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-25 11:57 . 2012-04-12 13:26 -------- d-----w- c:\users\Zauper\.android

2012-03-25 03:49 . 2012-04-12 13:23 -------- d-----w- c:\program files\SAMSUNG

2012-03-25 03:49 . 2012-03-25 03:49 -------- d-----w- c:\programdata\Samsung

2012-03-20 21:05 . 2012-04-12 13:23 -------- d-----w- c:\users\Zauper\AppData\Roaming\OpenOffice.org

2012-03-20 21:04 . 2012-04-12 13:26 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-25 15:21 . 2011-11-08 13:33 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-03-25 15:21 . 2011-11-08 13:33 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll

2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 01:29 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 01:29 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 01:29 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 01:29 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-16 04:24 . 2012-02-16 04:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-02-10 06:36 . 2012-03-14 01:29 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 01:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 23:36 . 2011-06-27 11:33 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-07 23:36 . 2011-06-27 11:33 34688 ----a-w- c:\windows\system32\LMIport.dll

2012-02-07 23:36 . 2011-06-27 11:33 80768 ----a-w- c:\windows\system32\LMIinit.dll

2012-02-03 04:34 . 2012-03-14 01:30 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-14 01:29 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 01:29 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 01:29 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-04-14_18.14.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-04-14 18:19 33342 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-15 13:48 33192 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-24 22:11 . 2012-04-15 13:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-24 22:11 . 2012-04-14 11:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-24 22:11 . 2012-04-14 11:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-24 22:11 . 2012-04-15 13:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-15 13:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-14 11:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-04-15 11:23 93792 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-07-24 22:26 . 2012-04-15 13:48 5452 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050225780-2745342631-42872574-1000_UserData.bin

+ 2012-04-15 13:53 . 2012-04-15 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-15 13:53 . 2012-04-15 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-14 18:13 . 2012-04-14 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-04-12 22:35 672450 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-15 13:52 672450 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-15 13:52 125182 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-04-12 22:35 125182 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:12 . 2012-04-14 18:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2012-04-12 22:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2012-04-15 13:53 280144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-14 18:13 280144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-09-05 20:51 . 2012-04-15 13:53 15999688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4050225780-2745342631-42872574-1000-8192.dat

- 2011-09-05 20:51 . 2012-04-14 18:13 15999688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4050225780-2745342631-42872574-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"CCProxy"="c:\ccproxy\CCProxy.exe" [2011-03-28 1165312]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-25 3077528]

"Utopia Angel"="c:\utopia\Angel\Angel.exe" [bU]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-30 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Razer StarcraftII Driver"="c:\program files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 98304]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"VerCheck"="c:\windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" [2012-04-11 46592]

.

c:\users\Zauper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\Logmein\x64\LMIGuardianSvc.exe [2012-02-07 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\Logmein\x64\RaInfo.sys [2011-01-11 15928]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000Core.job

- c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26]

.

2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050225780-2745342631-42872574-1000UA.job

- c:\users\Zauper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 03:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\Logmein\x64\LogMeInSystray.exe" [2011-01-11 57928]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Zauper\AppData\Roaming\Mozilla\Firefox\Profiles\1rnqz32u.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-15 09:55:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-15 13:55

ComboFix2.txt 2012-04-14 18:15

ComboFix3.txt 2012-04-12 22:18

ComboFix4.txt 2012-04-12 13:17

.

Pre-Run: 7,776,079,872 bytes free

Post-Run: 7,742,906,368 bytes free

.

- - End Of File - - 31AD71408F6F8E1A402B1D1A27C0667B

Upload was successful

Link to post
Share on other sites

Good! :)

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Hi Maniac,

Here are the logs:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.17.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Zauper :: JEFF-DESKTOP [administrator]

4/16/2012 11:16:14 PM

mbam-log-2012-04-16 (23-16-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207760

Time elapsed: 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Oddly, this appears to be the only logfile generated. It found 33 threats. The location you specified did not exist. This log is located at:

C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

It looks like I hit the disinfect button a few times by accident. Sorry, should I run it again and select delete?

Status: Disinfected (events: 5)

4/17/2012 1:58:45 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.lx C:\Documents and Settings\Zauper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\3a8d4910-60a4ea43 High

4/17/2012 1:58:45 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.lx C:\Documents and Settings\Zauper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\3a8d4910-60a4ea43/Inc.class High

4/17/2012 2:07:45 PM Disinfected Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\[4]-Submit_2012-04-15_09.50.51.zip High

4/17/2012 2:07:45 PM Disinfected Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\[4]-Submit_2012-04-15_09.50.51.zip/SysNative/comprcfg64.dll High

4/17/2012 2:07:45 PM Disinfected Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\[4]-Submit_2012-04-15_09.50.51.zip/SysWow64/comprcfg.dll High

Status: Deleted (events: 8)

4/17/2012 2:07:49 PM Deleted Trojan program Backdoor.Win32.Papras.fgi C:\Qoobox\Quarantine\C\Windows\System32\comprcfg64.dll.vir High

4/17/2012 2:13:29 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\12.04.2012_08.09.24\mbr0000\mbr0000\tsk0000.dta High

4/17/2012 2:13:29 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\12.04.2012_08.09.24\mbr0000\mbr0000\tsk0001.dta High

4/17/2012 2:13:29 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\12.04.2012_08.09.24\mbr0000\mbr0000\tsk0001.dta//mbr High

4/17/2012 2:13:28 PM Deleted Trojan program Backdoor.Win64.ZAccess.bh C:\TDSSKiller_Quarantine\12.04.2012_09.11.34\zaea0000\svc0000\tsk0000.dta High

4/17/2012 2:22:54 PM Deleted Trojan program HEUR:Backdoor.Win64.Generic C:\Windows\System32\consrv.dll High

4/17/2012 2:26:02 PM Deleted Trojan program HEUR:Trojan.Script.Iframer C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\greatpethealth_com[1].htm High

4/17/2012 2:26:34 PM Deleted Trojan program HEUR:Trojan.Script.Iframer C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\greatpethealth_com[1].htm High

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.