brenmaha Posted August 5, 2013 ID:711268 Share Posted August 5, 2013 Greetings,Last night my son got some ransomware on his computer. I will try to describe what happens and what I've done in clear detail, but forgive any omissions or unclear info. It seems the virus starts by a fake virus software scan called "Internet Security". There is a green and white shortcut icon called "Internet Security Pro" on the desktop that we think is related to it. It tells me with pop ups in the sys tray that I have been infected with worm.blaster (or blaster.worm, I can't remember). Then the scan will stop, the screen goes white, and a US Courts Ransomware screen comes up and nothing is accessible. The US Courts screen tells us we have to pay $300 (which we know not to do) and that our computer has copyright infringement and pornography on it. I rebooted the computer in safe mode with networking and was able to dl malwarebytes and run a scan. During the first scan, mwb found 21 infections. It quarantined and repaired all of them. I restarted the computer and it booted up with no issues. My son was able to use if for about 30 minutes and it did the same thing. Last night, I reran the mwb scan, finding 9 items. This morning, I repaired all 9 infections. I then went to the dentist for a crown...my husband ran AVG scan and found nothing and then went to restore the computer to 2 weeks before. Unfortunately, there were no restore points and we could not figure out why?!?! So, we went to rerun mwb scan, just to be sure and about a half and hour into it it checked it and mwb had stopped running and "Internet Security" is running. So, where could these pesky little trojans be hidden and how can I rid myself of them? Any thoughts and help will be useful..unfortunately this worm seems difficult and the guidance on the internet seems just as suspect as the "pay $300 and we'll free your computer". Thank so much,Brenda in Ohio Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711271 Share Posted August 5, 2013 What OS is the infected computer using? Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711272 Share Posted August 5, 2013 Great question...Windows Vista. Let me know if you need more detail. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711275 Share Posted August 5, 2013 This should get you going. Please do the following: For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note:Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <--------(If I don't respond within 24 hours, please send me a PM)-DFB Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711276 Share Posted August 5, 2013 These questions may be dumb to ask but here it goes:1) Do I extract/execute the download before saving it to the jump drive or do I execute on the jump drive?2) THe system I am dl it on is a 64bit system, but computer I am using it on is a 32 bit system. I keep getting warnings that the computer I am using is not compatible with the program..I need the 64 bit program. Thanks,Brenda Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711277 Share Posted August 5, 2013 Ok, so I didn't extract it just saved the exe file on jumpdrive. When I go back the black command window it says X:\windows\system32> if I type e:\frst.exe after the prompt above it get his error message 'e:\frst.exe' is not recognized as an internal of external command, operable program or batch file Not sure what to do next. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711291 Share Posted August 5, 2013 If the infected system is 32 bit, download the 32-bit version of FRST, and save it on the flash drive. Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711295 Share Posted August 5, 2013 I thought I did dl 32 bit, but I guess I didn't...so here is my log. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013Ran by SYSTEM on 05-08-2013 15:53:08Running from E:\Windows Vista Home Premium (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Gateway\traybar.exe [638976 2007-09-13] (Chicony)HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2008-08-03] ()HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [290088 2009-01-06] (Apple Inc.)HKLM\...\Run: [sigmatelSysTrayApp] - C:\Windows\sttray.exe [405504 2007-07-27] (IDT, Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)HKLM\...\Run: [hpqSRMon] - [x]HKLM\...\Run: [AVG9_TRAY] - C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [273544 2011-02-21] (RealNetworks, Inc.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2285232 2013-08-01] ()HKU\Brian\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)HKU\Brian\...\Run: [MtdAcqu] - C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [ 2006-03-08] (Creative Technology Ltd)HKU\Brian\...\Run: [msnmsgr] - C:\Program Files\MSN Messenger\msnmsgr.exe [ 2007-01-19] (Microsoft Corporation)HKU\Brian\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-23] (Google Inc.)HKU\Brian\...\Run: [Google Update] - C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [ 2009-12-27] (Google Inc.)HKU\Brian\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)HKU\Brian\...\Run: [softAuto.exe] - C:\Program Files\Creative\Software Update 3\SoftAuto.exe [ 2008-08-12] (Creative Technology Ltd)HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)HKU\Guest\...\Run: [Adobe] - rundll32 "C:\Users\Guest\AppData\Local\Apps\Adobe\godzpbvod.dll",DllRegisterServerW [x] <===== ATTENTIONHKU\Guest\...\Run: [Apple] - C:\Users\Guest\AppData\Local\Temporary Projects\Apple\kkfjnc.dll [ 2013-08-03] () <===== ATTENTIONHKU\Guest\...\Run: [7-Zip Update] - C:\Users\Guest\AppData\Local\7-Zip\ep0lvr1f.dll [ 2013-08-03] (SEIKO EPSON CORPORATION)HKU\Guest\...\Run: [internet Security] - C:\Users\Guest\AppData\Roaming\wmdefender.exe [ 2013-08-05] (TorqueSoft)HKU\Guest\...\Winlogon: [shell] explorer.exe,C:\Users\Guest\AppData\Roaming\skype.dat [ 2011-11-18] (KeyDevelop Software Group) <==== ATTENTION Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2007.lnkShortcutTarget: Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\joticon.exe ()Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()S2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)S2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd)S2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)S2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-01] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== S1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)S1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.)S1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-01] (AVG Technologies)S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-01] (Intel Corporation)S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-01] (Intel® Corporation)S3 USBCM; C:\Windows\System32\DRIVERS\Sacm2K.sys [15429 2004-06-10] ( )S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-05-23] (Chicony Electronics Co., Ltd.)S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-05 15:52 - 2013-08-05 15:52 - 00000000 ____D C:\FRST2013-08-05 10:06 - 2013-08-05 10:06 - 00000680 _____ C:\Users\Brian\Local Settings\Application Data\d3d9caps.dat2013-08-05 10:06 - 2013-08-05 10:06 - 00000680 _____ C:\Users\Brian\AppData\Local\d3d9caps.dat2013-08-05 08:57 - 2013-08-05 08:57 - 00000004 _____ C:\Users\Guest\AppData\Roaming\skype.ini2013-08-05 08:54 - 2013-08-05 08:54 - 00839680 _____ (TorqueSoft) C:\Users\Guest\AppData\Roaming\wmdefender.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00193536 _____ (KeyDevelop Software Group) C:\Users\Guest\spoolsv.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00143360 _____ C:\Users\Guest\java.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00000713 _____ C:\Users\Guest\Desktop\Internet Security Pro.lnk2013-08-05 08:54 - 2013-08-05 08:54 - 00000000 _____ C:\Users\Guest\winlogon.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00000000 _____ C:\Users\Guest\googleupdate.exe2013-08-05 05:43 - 2013-08-05 05:43 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\AVG Secure Search2013-08-05 05:43 - 2013-08-05 05:43 - 00000000 ____D C:\Users\Brian\AppData\Local\AVG Secure Search2013-08-04 16:51 - 2013-08-04 16:51 - 00311296 _____ C:\Users\Guest\teamviewer.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00311296 _____ C:\Users\Guest\flashplayer.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00091648 _____ (IntroDev Software LLC.) C:\Users\Guest\mstsc.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00091648 _____ (IntroDev Software LLC.) C:\Users\Guest\jucheck.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00000000 _____ C:\Users\Guest\icq.exe2013-08-04 15:56 - 2013-08-04 15:56 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes2013-08-04 14:14 - 2013-08-04 14:14 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes2013-08-04 14:13 - 2013-08-04 14:13 - 00000917 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-04 14:13 - 2013-08-04 14:13 - 00000917 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-08-04 14:13 - 2013-08-04 14:13 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-04 14:13 - 2013-08-04 14:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-08-04 14:13 - 2013-04-04 10:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-08-04 14:12 - 2013-08-04 14:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-1.75.0.1300.exe2013-08-04 14:10 - 2013-08-04 14:15 - 00001708 _____ C:\Users\Brian\Desktop\Rkill.txt2013-08-04 14:10 - 2013-08-04 14:10 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Brian\Downloads\rkill.com2013-08-04 13:41 - 2013-08-04 13:41 - 00000181 _____ C:\Windows\System32\avgrep.txt2013-08-04 13:33 - 2013-08-04 13:33 - 00139408 _____ C:\Windows\Minidump\Mini080413-01.dmp2013-08-04 12:56 - 2013-08-04 12:56 - 00311296 _____ C:\Users\Guest\acrobat.exe2013-08-04 12:56 - 2013-08-04 12:56 - 00091648 _____ (IntroDev Software LLC.) C:\Users\Guest\skype.exe2013-08-03 11:13 - 2013-08-04 13:58 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\7-Zip2013-08-03 11:13 - 2013-08-04 13:58 - 00000000 ____D C:\Users\Guest\AppData\Local\7-Zip2013-08-01 13:25 - 2013-08-01 13:25 - 00002084 _____ C:\Users\Public\Desktop\Google Earth.lnk2013-08-01 13:25 - 2013-08-01 13:25 - 00002084 _____ C:\ProgramData\Desktop\Google Earth.lnk2013-07-22 09:07 - 2013-08-05 07:30 - 00000000 ____D C:\Users\Guest\AppData\Roaming\.minecraft2013-07-10 23:10 - 2013-05-28 17:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-07-10 23:10 - 2013-05-28 17:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-07-10 23:10 - 2013-05-28 17:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-07-10 23:10 - 2013-05-28 17:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-07-10 23:10 - 2013-05-28 17:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-07-10 23:10 - 2013-05-28 17:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-07-10 23:10 - 2013-05-28 17:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-07-10 23:10 - 2013-05-28 17:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-07-10 23:10 - 2013-05-28 17:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-07-10 23:10 - 2013-05-28 17:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-07-10 23:10 - 2013-05-28 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-07-10 23:10 - 2013-05-28 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-07-10 23:10 - 2013-05-28 17:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-07-10 23:10 - 2013-05-28 17:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-07-10 23:10 - 2013-05-28 17:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-07-10 23:10 - 2013-05-28 17:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-07-10 11:29 - 2013-06-03 17:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-07-10 11:28 - 2013-05-31 20:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll2013-07-10 11:28 - 2013-05-07 20:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-07-10 11:28 - 2013-04-17 03:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll2013-07-10 11:28 - 2013-04-17 03:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-07-10 11:28 - 2013-04-17 03:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll2013-07-10 11:28 - 2013-04-17 03:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-07-10 11:28 - 2013-04-17 02:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-07-10 11:28 - 2013-04-17 02:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2013-07-10 11:28 - 2013-04-17 02:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-07-10 11:28 - 2013-04-17 02:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-07-10 11:28 - 2013-04-17 02:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll ==================== One Month Modified Files and Folders ======= 2013-08-05 15:52 - 2013-08-05 15:52 - 00000000 ____D C:\FRST2013-08-05 10:08 - 2006-11-02 02:33 - 00709710 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-05 10:06 - 2013-08-05 10:06 - 00000680 _____ C:\Users\Brian\Local Settings\Application Data\d3d9caps.dat2013-08-05 10:06 - 2013-08-05 10:06 - 00000680 _____ C:\Users\Brian\AppData\Local\d3d9caps.dat2013-08-05 08:58 - 2008-06-24 07:55 - 01577067 _____ C:\Windows\WindowsUpdate.log2013-08-05 08:58 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-08-05 08:58 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-08-05 08:57 - 2013-08-05 08:57 - 00000004 _____ C:\Users\Guest\AppData\Roaming\skype.ini2013-08-05 08:54 - 2013-08-05 08:54 - 00839680 _____ (TorqueSoft) C:\Users\Guest\AppData\Roaming\wmdefender.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00193536 _____ (KeyDevelop Software Group) C:\Users\Guest\spoolsv.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00143360 _____ C:\Users\Guest\java.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00000713 _____ C:\Users\Guest\Desktop\Internet Security Pro.lnk2013-08-05 08:54 - 2013-08-05 08:54 - 00000000 _____ C:\Users\Guest\winlogon.exe2013-08-05 08:54 - 2013-08-05 08:54 - 00000000 _____ C:\Users\Guest\googleupdate.exe2013-08-05 08:54 - 2009-02-22 11:28 - 00000000 ____D C:\users\Guest2013-08-05 07:30 - 2013-07-22 09:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\.minecraft2013-08-05 05:44 - 2010-03-13 09:34 - 00000000 ____D C:\Windows\System32\Drivers\Avg2013-08-05 05:43 - 2013-08-05 05:43 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\AVG Secure Search2013-08-05 05:43 - 2013-08-05 05:43 - 00000000 ____D C:\Users\Brian\AppData\Local\AVG Secure Search2013-08-05 05:38 - 2008-01-20 18:47 - 00110298 _____ C:\Windows\PFRO.log2013-08-05 05:38 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Cursors2013-08-04 17:10 - 2010-01-18 17:56 - 00002053 _____ C:\Users\Brian\Desktop\Google Chrome.lnk2013-08-04 16:51 - 2013-08-04 16:51 - 00311296 _____ C:\Users\Guest\teamviewer.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00311296 _____ C:\Users\Guest\flashplayer.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00091648 _____ (IntroDev Software LLC.) C:\Users\Guest\mstsc.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00091648 _____ (IntroDev Software LLC.) C:\Users\Guest\jucheck.exe2013-08-04 16:51 - 2013-08-04 16:51 - 00000000 _____ C:\Users\Guest\icq.exe2013-08-04 15:56 - 2013-08-04 15:56 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes2013-08-04 14:15 - 2013-08-04 14:10 - 00001708 _____ C:\Users\Brian\Desktop\Rkill.txt2013-08-04 14:14 - 2013-08-04 14:14 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes2013-08-04 14:13 - 2013-08-04 14:13 - 00000917 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-04 14:13 - 2013-08-04 14:13 - 00000917 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-08-04 14:13 - 2013-08-04 14:13 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-04 14:13 - 2013-08-04 14:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-08-04 14:13 - 2013-08-04 14:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-1.75.0.1300.exe2013-08-04 14:10 - 2013-08-04 14:10 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Brian\Downloads\rkill.com2013-08-04 13:58 - 2013-08-03 11:13 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\7-Zip2013-08-04 13:58 - 2013-08-03 11:13 - 00000000 ____D C:\Users\Guest\AppData\Local\7-Zip2013-08-04 13:41 - 2013-08-04 13:41 - 00000181 _____ C:\Windows\System32\avgrep.txt2013-08-04 13:33 - 2013-08-04 13:33 - 00139408 _____ C:\Windows\Minidump\Mini080413-01.dmp2013-08-04 13:33 - 2009-01-04 09:20 - 00000000 ____D C:\Windows\Minidump2013-08-04 13:32 - 2009-01-04 09:20 - 171274374 _____ C:\Windows\MEMORY.DMP2013-08-04 12:56 - 2013-08-04 12:56 - 00311296 _____ C:\Users\Guest\acrobat.exe2013-08-04 12:56 - 2013-08-04 12:56 - 00091648 _____ (IntroDev Software LLC.) C:\Users\Guest\skype.exe2013-08-03 11:13 - 2012-03-29 15:38 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\Temporary Projects2013-08-03 11:13 - 2012-03-29 15:38 - 00000000 ____D C:\Users\Guest\AppData\Local\Temporary Projects2013-08-01 17:23 - 2012-08-29 07:08 - 00037664 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys2013-08-01 17:23 - 2011-12-11 07:28 - 00000000 ____D C:\Program Files\AVG Secure Search2013-08-01 13:25 - 2013-08-01 13:25 - 00002084 _____ C:\Users\Public\Desktop\Google Earth.lnk2013-08-01 13:25 - 2013-08-01 13:25 - 00002084 _____ C:\ProgramData\Desktop\Google Earth.lnk2013-08-01 13:24 - 2008-06-24 08:21 - 00000000 ____D C:\Program Files\Google2013-07-24 14:59 - 2012-03-23 11:35 - 00000000 ____D C:\ProgramData\Sonos,_Inc2013-07-10 23:54 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-07-10 23:42 - 2006-11-02 04:47 - 00380520 _____ C:\Windows\System32\FNTCACHE.DAT2013-07-10 23:39 - 2009-03-19 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-07-10 23:37 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer2013-07-10 23:16 - 2008-06-24 08:18 - 00000000 ____D C:\ProgramData\Microsoft Help2013-07-10 23:01 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal Files to move or delete:====================C:\Users\Guest\AppData\Local\Temporary Projects\Apple\kkfjnc.dllC:\Users\Guest\acrobat.exeC:\Users\Guest\flashplayer.exeC:\Users\Guest\googleupdate.exeC:\Users\Guest\icq.exeC:\Users\Guest\java.exeC:\Users\Guest\jucheck.exeC:\Users\Guest\mstsc.exeC:\Users\Guest\skype.exeC:\Users\Guest\spoolsv.exeC:\Users\Guest\teamviewer.exeC:\Users\Guest\winlogon.exeC:\Users\Guest\AppData\Roaming\skype.datC:\Users\Guest\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-05 06:46:02 ==================== Memory info =========================== Percentage of memory in use: 15%Total physical RAM: 2037.81 MBAvailable physical RAM: 1722.3 MBTotal Pagefile: 1969.7 MBAvailable Pagefile: 1825.05 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1972.51 MB ==================== Drives ================================ Drive c: (Partition_1) (Fixed) (Total:138.08 GB) (Free:24.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (CIV4DISC1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFSDrive e: () (Removable) (Total:1.87 GB) (Free:1.37 GB) FATDrive x: (Recovery) (Fixed) (Total:10.97 GB) (Free:5.18 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 64A71FE8)Partition 1: (Not Active) - (Size=11 GB) - (Type=07 NTFS)Partition 2: (Active) - (Size=138 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 2 GB) (Disk ID: A0FFD2B6)Partition 1: (Not Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-08-05 07:34 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711296 Share Posted August 5, 2013 No worries. Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txtHKU\Guest\...\Run: [Adobe] - rundll32 "C:\Users\Guest\AppData\Local\Apps\Adobe\godzpbvod.dll",DllRegisterServerW [x] <===== ATTENTIONHKU\Guest\...\Run: [Apple] - C:\Users\Guest\AppData\Local\Temporary Projects\Apple\kkfjnc.dll [ 2013-08-03] () <===== ATTENTIONHKU\Guest\...\Run: [7-Zip Update] - C:\Users\Guest\AppData\Local\7-Zip\ep0lvr1f.dll [ 2013-08-03] (SEIKO EPSON CORPORATION)HKU\Guest\...\Run: [internet Security] - C:\Users\Guest\AppData\Roaming\wmdefender.exe [ 2013-08-05] (TorqueSoft)HKU\Guest\...\Winlogon: [shell] explorer.exe,C:\Users\Guest\AppData\Roaming\skype.dat [ 2011-11-18] (KeyDevelop Software Group) <==== ATTENTIONC:\Users\Guest\AppData\Local\Temporary Projects\Apple\kkfjnc.dllC:\Users\Guest\acrobat.exeC:\Users\Guest\flashplayer.exeC:\Users\Guest\googleupdate.exeC:\Users\Guest\icq.exeC:\Users\Guest\java.exeC:\Users\Guest\jucheck.exeC:\Users\Guest\mstsc.exeC:\Users\Guest\skype.exeC:\Users\Guest\spoolsv.exeC:\Users\Guest\teamviewer.exeC:\Users\Guest\winlogon.exeC:\Users\Guest\AppData\Roaming\skype.datC:\Users\Guest\AppData\Roaming\skype.iniNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove. Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711300 Share Posted August 5, 2013 Yes...please advise on the next step! Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711301 Share Posted August 5, 2013 Glad to hear you can boot. Please post the fixlog.txt as well when you can. Let's start getting rid of the rest of it. ----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711302 Share Posted August 5, 2013 I did get an error message that the webcam driver failed. I don't know if that means anything or not, but just trying to give you all of the information you need. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711303 Share Posted August 5, 2013 No worries. For now, we'll worry about the malware and come back to troubleshooting applications once we verify you're all clean Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711344 Share Posted August 5, 2013 Rkill 2.5.9 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 08/04/2013 06:10:35 PM in x86 mode. (Safe Mode)Windows Version: Windows Vista Home Premium Service Pack 2Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 ~~~~~~~~~~~~~~~~~~~~~~~Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.04.05Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)Internet Explorer 9.0.8112.16421Brian :: BRIAN-PC [administrator]8/4/2013 6:14:49 PMmbam-log-2013-08-04 (18-14-49).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 458491Time elapsed: 1 hour(s), 32 minute(s), 38 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 7HKCR\CLSID\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.HKCR\TypeLib\{BFC48A4D-75B9-455B-A4C3-9DC3F940B245} (Adware.ClosetMaid) -> Quarantined and deleted successfully.HKCR\Interface\{4040A92C-93F0-49B4-9DD0-93E1887E724A} (Adware.ClosetMaid) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/DOWNLOADED PROGRAM FILES/CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully.HKCR\CMaidCtlApp.MaidCtrl.1 (Adware.ClosetMaid) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\DOWNLOADED PROGRAM FILES\CMAIDCTL.OCX (Adware.ClosetMaid) -> Data: 1 -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 16C:\Windows\Downloaded Program Files\CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\0.013881794413266868 (Trojan.Happili) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\0.28538683790070407 (Trojan.Tracur.ED) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\0.3107826506666882 (Trojan.BHO) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\0.5260914574119574 (Trojan.Happili) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\1799.tmp (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\2733.tmp (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\A4EF.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\JaXs9ZzTlbcxvH.exe.tmp (Trojan.Foury) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\Mwz3vOLG91OfA4.exe.tmp (Trojan.Foury) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\SJjLIuafgH2FIi.exe.tmp (Trojan.Foury) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Local\Temp\W6Vn5On2z3EnMb.exe.tmp (Trojan.Foury) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Roaming\wmdefender.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully.C:\Users\Guest\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Users\Guest\AppData\Roaming\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully.C:\Users\Guest\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.(end) ~~~~~~~~~~~~~~~~~~~~~~ComboFix 13-08-05.03 - Brian 08/05/2013 17:51:54.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.857 [GMT -4:00]Running from: c:\users\Guest\Desktop\ComboFix.exeAV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Search Toolbarc:\program files\Search Toolbar\icon.icoc:\program files\Search Toolbar\SearchToolbar.dllc:\program files\Search Toolbar\SearchToolbarUninstall.exec:\program files\Search Toolbar\SearchToolbarUpdater.exec:\windows\COUPon~1.ocxc:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\joticon.exec:\windows\security\Database\tmp.edbD:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 )))))))))))))))))))))))))))))))..2013-08-05 23:52 . 2013-08-05 23:52 -------- d-----w- C:\FRST2013-08-05 22:03 . 2013-08-05 22:03 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-08-05 22:03 . 2013-08-05 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-05 22:03 . 2013-08-05 22:04 -------- d-----w- c:\users\Brian\AppData\Local\temp2013-08-05 20:17 . 2013-08-05 21:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-05 20:16 . 2013-08-05 20:16 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-08-05 13:43 . 2013-08-05 13:43 -------- d-----w- c:\users\Brian\AppData\Local\AVG Secure Search2013-08-04 23:56 . 2013-08-04 23:56 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes2013-08-04 22:14 . 2013-08-04 22:14 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes2013-08-04 22:13 . 2013-08-04 22:13 -------- d-----w- c:\programdata\Malwarebytes2013-08-04 22:13 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-08-04 22:13 . 2013-08-04 22:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-08-03 19:13 . 2013-08-04 21:58 -------- d-----w- c:\users\Guest\AppData\Local\7-Zip2013-07-22 17:07 . 2013-08-05 15:30 -------- d-----w- c:\users\Guest\AppData\Roaming\.minecraft2013-07-10 19:29 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-02 01:23 . 2012-08-29 15:08 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-05-08 04:37 . 2013-06-12 14:25 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2013-08-02 01:23 3086512 ----a-w- c:\program files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll" [2013-08-02 3086512].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-24 39408]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-02-21 273544]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-08-02 2285232].c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVCLocalServiceAndNoImpersonation REG_MULTI_SZ FontCachehpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2013-08-05 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 19:28].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 20:57].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 20:57].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-381513163-4281982046-3153885582-1000Core1ce917840d007c2.job- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-19 20:57].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-381513163-4281982046-3153885582-1000UA.job- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-19 20:57]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dllFF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3p1zvgeq.default\FF - prefs.js: browser.startup.homepage - google.comFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}FF - Ext: LavaFox V1: info@djzig.com - %profile%\extensions\info@djzig.comFF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.comFF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.comFF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.eduFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\FirefoxFF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.0.0.7.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)HKLM-Run-hpqSRMon - (no file)c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2007.lnk - (no file)SafeBoot-WudfPfSafeBoot-WudfRdAddRemove-FeedStation_is1 - c:\program files\FeedStation\unins000.exeAddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-08-05 18:04Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70, ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:b0,e0,74,b6,4e,26,cd,01.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2013-08-05 18:07:39ComboFix-quarantined-files.txt 2013-08-05 22:07.Pre-Run: 25,718,243,328 bytes freePost-Run: 30,121,627,648 bytes free.- - End Of File - - 979978B2F9C3D201AA250A578CBB04565C616939100B85E558DA92B899A0FC36 Thanks...I am still working on the final one. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711348 Share Posted August 5, 2013 I need the TDSSKiller log as well if possible Link to post Share on other sites More sharing options...
brenmaha Posted August 5, 2013 Author ID:711352 Share Posted August 5, 2013 Results of screen317's Security Check version 0.99.71 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Antivirus up to date! (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 24 Java 6 Update 5 Java 6 Update 7 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.0.1.152 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (3.6.6) Firefox out of Date! Mozilla Thunderbird (2.0.0 Thunderbird out of Date! Google Chrome 17.0.963.79 Google Chrome 28.0.1500.95 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` I cannot find the the TdssKiller log...the only one in the folder is the first one I sent you..if you can direct me to search for it I will, but where I saved the first log didn't have it. Since running the first program, I have not have a recurrence. Before it was happening every 30 minutes. I have been running since about 2-3 oclock with no problems. brenda Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 5, 2013 ID:711372 Share Posted August 5, 2013 The log you posted is from RKill, not TDSSKiller. I did not ask you to run RKill.Please go through my instructions for TDSSKiller one more time. Please note that:A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:). Furthermore, you posted the log for Malwarebytes Anti-Malware. I asked you to run Malwarebytes Anti-Rootkit. I would like you to take your time and go over my instructions entirely once again and run the programs I have asked you to. If you need any help, don't hesitate to ask. Link to post Share on other sites More sharing options...
brenmaha Posted August 6, 2013 Author ID:711424 Share Posted August 6, 2013 Thanks...I had some trouble locating the logs and obviously did not do a good job. I will relocate them and post them tomorrow. I have headache from my crown earlier today!Brenda Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 6, 2013 ID:711428 Share Posted August 6, 2013 No problem, take all the time you need. Link to post Share on other sites More sharing options...
brenmaha Posted August 6, 2013 Author ID:711438 Share Posted August 6, 2013 TDSSKiller's logfileStill looking for itMBAR mbar-log.txt and system-log.txtmbar-logMalwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.orgDatabase version: v2013.08.05.08Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Brian :: BRIAN-PC [administrator]8/5/2013 4:17:40 PMmbar-log-2013-08-05 (16-17-40).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 276142Time elapsed: 1 hour(s), 6 minute(s), 48 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1c:\Users\Guest\AppData\Roaming\wmdefender.exe (Trojan.FakeAV.DFN) -> Delete on reboot.Physical Sectors Detected: 0(No malicious items detected)(end)sys log---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004© Malwarebytes Corporation 2011-2012OS version: 6.0.6002 Windows Vista Service Pack 2 x86Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 1.995000 GHzMemory total: 2136674304, free: 1015644160Downloaded database version: v2013.08.05.08Downloaded database version: v2013.07.29.01Initializing...------------ Kernel report ------------ 08/05/2013 16:17:34------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\acpi.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\intelide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\PxHelp20.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\msrpc.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\ecache.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\drivers\crcdisk.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\tunmp.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\igdkmd32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\Rtlh86.sys\SystemRoot\system32\DRIVERS\NETw4v32.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\msiscsi.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\stwrt.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\AGRSM.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\Windows\system32\drivers\avgtpx86.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\System32\Drivers\avgtdix.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\System32\Drivers\avgmfx86.sys\SystemRoot\System32\Drivers\avgldx86.sys\SystemRoot\system32\drivers\RTSTOR.SYS\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\drivers\mrxdav.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff85f5eac8Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff84e3d028Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff85f5eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff859870a8, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff85f5eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff84e39900, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff84e3d028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 64A71FE8Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 23005017 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 23005080 Numsec = 289571625 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 160041885696 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...Done!Infected: c:\Users\Guest\AppData\Roaming\wmdefender.exe --> [Trojan.FakeAV.DFN]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_23005080_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished ComboFix's report (C:\ComboFix.txt) You have it aboveSecurity Check checkup.txt You have it above Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 6, 2013 ID:711441 Share Posted August 6, 2013 If you can't find the TDSSKiller logfile, just run it again Link to post Share on other sites More sharing options...
brenmaha Posted August 6, 2013 Author ID:711442 Share Posted August 6, 2013 I think I found it...well, I found 2..but this is the latest:16:11:26.0946 4904 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:1916:11:27.0282 4904 ============================================================16:11:27.0282 4904 Current date / time: 2013/08/05 16:11:27.028216:11:27.0282 4904 SystemInfo:16:11:27.0282 4904 16:11:27.0282 4904 OS Version: 6.0.6002 ServicePack: 2.016:11:27.0282 4904 Product type: Workstation16:11:27.0283 4904 ComputerName: BRIAN-PC16:11:27.0283 4904 UserName: Brian16:11:27.0283 4904 Windows directory: C:\Windows16:11:27.0283 4904 System windows directory: C:\Windows16:11:27.0283 4904 Processor architecture: Intel x8616:11:27.0283 4904 Number of processors: 216:11:27.0283 4904 Page size: 0x100016:11:27.0283 4904 Boot type: Normal boot16:11:27.0283 4904 ============================================================16:11:27.0668 4904 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005016:11:27.0669 4904 ============================================================16:11:27.0669 4904 \Device\Harddisk0\DR0:16:11:27.0670 4904 MBR partitions:16:11:27.0670 4904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15F075916:11:27.0670 4904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15F0798, BlocksNum 0x1142832916:11:27.0670 4904 ============================================================16:11:27.0708 4904 C: <-> \Device\Harddisk0\DR0\Partition216:11:27.0744 4904 D: <-> \Device\Harddisk0\DR0\Partition116:11:27.0744 4904 ============================================================16:11:27.0744 4904 Initialize success16:11:27.0744 4904 ============================================================16:11:30.0839 4900 Deinitialize success Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 6, 2013 ID:711443 Share Posted August 6, 2013 That log is truncated. Try the other log Link to post Share on other sites More sharing options...
brenmaha Posted August 6, 2013 Author ID:711444 Share Posted August 6, 2013 In case you need it...here is the other one: 16:09:48.0520 4184 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:1916:09:48.0981 4184 ============================================================16:09:48.0981 4184 Current date / time: 2013/08/05 16:09:48.098116:09:48.0981 4184 SystemInfo:16:09:48.0981 4184 16:09:48.0981 4184 OS Version: 6.0.6002 ServicePack: 2.016:09:48.0981 4184 Product type: Workstation16:09:48.0981 4184 ComputerName: BRIAN-PC16:09:48.0982 4184 UserName: Brian16:09:48.0982 4184 Windows directory: C:\Windows16:09:48.0982 4184 System windows directory: C:\Windows16:09:48.0982 4184 Processor architecture: Intel x8616:09:48.0982 4184 Number of processors: 216:09:48.0982 4184 Page size: 0x100016:09:48.0982 4184 Boot type: Normal boot16:09:48.0982 4184 ============================================================16:09:52.0200 4184 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005016:09:52.0202 4184 ============================================================16:09:52.0202 4184 \Device\Harddisk0\DR0:16:09:52.0202 4184 MBR partitions:16:09:52.0203 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15F075916:09:52.0203 4184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15F0798, BlocksNum 0x1142832916:09:52.0203 4184 ============================================================16:09:52.0240 4184 C: <-> \Device\Harddisk0\DR0\Partition216:09:52.0299 4184 D: <-> \Device\Harddisk0\DR0\Partition116:09:52.0299 4184 ============================================================16:09:52.0299 4184 Initialize success16:09:52.0299 4184 ============================================================16:10:00.0307 4224 ============================================================16:10:00.0307 4224 Scan started16:10:00.0307 4224 Mode: Manual;16:10:00.0307 4224 ============================================================16:10:03.0632 4224 ================ Scan system memory ========================16:10:03.0633 4224 System memory - ok16:10:03.0633 4224 ================ Scan services =============================16:10:04.0057 4224 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys16:10:04.0063 4224 ACPI - ok16:10:04.0237 4224 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys16:10:04.0249 4224 adp94xx - ok16:10:04.0320 4224 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys16:10:04.0329 4224 adpahci - ok16:10:04.0375 4224 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys16:10:04.0379 4224 adpu160m - ok16:10:04.0431 4224 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys16:10:04.0436 4224 adpu320 - ok16:10:04.0493 4224 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll16:10:04.0494 4224 AeLookupSvc - ok16:10:04.0559 4224 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys16:10:04.0569 4224 AFD - ok16:10:04.0616 4224 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe16:10:04.0617 4224 AgereModemAudio - ok16:10:04.0735 4224 [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys16:10:04.0813 4224 AgereSoftModem - ok16:10:04.0856 4224 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys16:10:04.0859 4224 agp440 - ok16:10:04.0892 4224 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys16:10:04.0896 4224 aic78xx - ok16:10:04.0941 4224 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe16:10:04.0946 4224 ALG - ok16:10:04.0979 4224 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys16:10:04.0982 4224 aliide - ok16:10:05.0015 4224 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys16:10:05.0018 4224 amdagp - ok16:10:05.0070 4224 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys16:10:05.0116 4224 amdide - ok16:10:05.0143 4224 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys16:10:05.0146 4224 AmdK7 - ok16:10:05.0166 4224 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys16:10:05.0169 4224 AmdK8 - ok16:10:05.0206 4224 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll16:10:05.0208 4224 Appinfo - ok16:10:05.0472 4224 [ A8AA9D47F971570A5162B862B80F87E8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe16:10:05.0475 4224 Apple Mobile Device - ok16:10:05.0547 4224 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys16:10:05.0550 4224 arc - ok16:10:05.0596 4224 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys16:10:05.0599 4224 arcsas - ok16:10:05.0634 4224 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys16:10:05.0637 4224 AsyncMac - ok16:10:05.0691 4224 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys16:10:05.0692 4224 atapi - ok16:10:05.0804 4224 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll16:10:05.0807 4224 AudioEndpointBuilder - ok16:10:05.0827 4224 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll16:10:05.0830 4224 Audiosrv - ok16:10:06.0084 4224 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe16:10:06.0118 4224 AVG Security Toolbar Service - ok16:10:06.0167 4224 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe16:10:06.0173 4224 avg9wd - ok16:10:06.0240 4224 [ A9F4D19DE72C738759330D10D35C4398 ] AvgLdx86 C:\Windows\system32\Drivers\avgldx86.sys16:10:06.0246 4224 AvgLdx86 - ok16:10:06.0332 4224 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\Windows\system32\Drivers\avgmfx86.sys16:10:06.0334 4224 AvgMfx86 - ok16:10:06.0400 4224 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\Windows\system32\Drivers\avgtdix.sys16:10:06.0406 4224 AvgTdiX - ok16:10:06.0504 4224 [ BB83BDE5C9EB8A1B932D4A8374758EF8 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys16:10:06.0507 4224 avgtp - ok16:10:06.0569 4224 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys16:10:06.0572 4224 Beep - ok16:10:06.0647 4224 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll16:10:06.0654 4224 BFE - ok16:10:06.0706 4224 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll16:10:06.0728 4224 BITS - ok16:10:06.0771 4224 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys16:10:06.0774 4224 blbdrive - ok16:10:06.0864 4224 [ 9EFE4236F8670846B6E7C5B0EFF6E715 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe16:10:06.0868 4224 Bonjour Service - ok16:10:06.0964 4224 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys16:10:06.0966 4224 bowser - ok16:10:07.0018 4224 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys16:10:07.0020 4224 BrFiltLo - ok16:10:07.0048 4224 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys16:10:07.0050 4224 BrFiltUp - ok16:10:07.0127 4224 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll16:10:07.0159 4224 Browser - ok16:10:07.0190 4224 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys16:10:07.0193 4224 Brserid - ok16:10:07.0245 4224 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys16:10:07.0249 4224 BrSerWdm - ok16:10:07.0276 4224 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys16:10:07.0278 4224 BrUsbMdm - ok16:10:07.0318 4224 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys16:10:07.0321 4224 BrUsbSer - ok16:10:07.0343 4224 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys16:10:07.0347 4224 BTHMODEM - ok16:10:07.0392 4224 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys16:10:07.0395 4224 cdfs - ok16:10:07.0432 4224 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys16:10:07.0436 4224 cdrom - ok16:10:07.0477 4224 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll16:10:07.0478 4224 CertPropSvc - ok16:10:07.0503 4224 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys16:10:07.0506 4224 circlass - ok16:10:07.0558 4224 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys16:10:07.0564 4224 CLFS - ok16:10:07.0643 4224 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe16:10:07.0647 4224 clr_optimization_v2.0.50727_32 - ok16:10:07.0756 4224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe16:10:07.0760 4224 clr_optimization_v4.0.30319_32 - ok16:10:07.0794 4224 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys16:10:07.0797 4224 CmBatt - ok16:10:07.0835 4224 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys16:10:07.0837 4224 cmdide - ok16:10:07.0860 4224 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys16:10:07.0861 4224 Compbatt - ok16:10:07.0867 4224 COMSysApp - ok16:10:07.0903 4224 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys16:10:07.0904 4224 crcdisk - ok16:10:07.0958 4224 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe16:10:07.0959 4224 Creative Service for CDROM Access - ok16:10:07.0992 4224 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys16:10:07.0994 4224 Crusoe - ok16:10:08.0061 4224 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll16:10:08.0064 4224 CryptSvc - ok16:10:08.0217 4224 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe16:10:08.0219 4224 CTDevice_Srv - ok16:10:08.0300 4224 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe16:10:08.0304 4224 CTUPnPSv - ok16:10:08.0365 4224 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll16:10:08.0371 4224 DcomLaunch - ok16:10:08.0422 4224 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys16:10:08.0425 4224 DfsC - ok16:10:08.0520 4224 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe16:10:08.0633 4224 DFSR - ok16:10:08.0683 4224 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll16:10:08.0685 4224 Dhcp - ok16:10:08.0717 4224 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys16:10:08.0718 4224 disk - ok16:10:08.0765 4224 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll16:10:08.0767 4224 Dnscache - ok16:10:08.0815 4224 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll16:10:08.0838 4224 dot3svc - ok16:10:08.0917 4224 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys16:10:08.0922 4224 Dot4 - ok16:10:08.0964 4224 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys16:10:08.0967 4224 Dot4Print - ok16:10:09.0013 4224 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys16:10:09.0016 4224 dot4usb - ok16:10:09.0068 4224 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll16:10:09.0072 4224 DPS - ok16:10:09.0113 4224 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys16:10:09.0118 4224 drmkaud - ok16:10:09.0176 4224 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys16:10:09.0198 4224 DXGKrnl - ok16:10:09.0244 4224 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys16:10:09.0248 4224 E1G60 - ok16:10:09.0290 4224 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll16:10:09.0292 4224 EapHost - ok16:10:09.0332 4224 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys16:10:09.0335 4224 Ecache - ok16:10:09.0387 4224 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe16:10:09.0395 4224 ehRecvr - ok16:10:09.0413 4224 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe16:10:09.0418 4224 ehSched - ok16:10:09.0454 4224 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll16:10:09.0455 4224 ehstart - ok16:10:09.0500 4224 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys16:10:09.0508 4224 elxstor - ok16:10:09.0585 4224 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll16:10:09.0600 4224 EMDMgmt - ok16:10:09.0661 4224 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys16:10:09.0664 4224 ErrDev - ok16:10:09.0715 4224 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll16:10:09.0722 4224 EventSystem - ok16:10:09.0777 4224 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys16:10:09.0784 4224 exfat - ok16:10:09.0826 4224 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys16:10:09.0832 4224 fastfat - ok16:10:09.0884 4224 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys16:10:09.0887 4224 fdc - ok16:10:09.0927 4224 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll16:10:09.0931 4224 fdPHost - ok16:10:09.0945 4224 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll16:10:09.0948 4224 FDResPub - ok16:10:09.0963 4224 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys16:10:09.0965 4224 FileInfo - ok16:10:09.0984 4224 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys16:10:09.0987 4224 Filetrace - ok16:10:10.0025 4224 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys16:10:10.0028 4224 flpydisk - ok16:10:10.0106 4224 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys16:10:10.0111 4224 FltMgr - ok16:10:10.0215 4224 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll16:10:10.0249 4224 FontCache - ok16:10:10.0321 4224 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe16:10:10.0325 4224 FontCache3.0.0.0 - ok16:10:10.0366 4224 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys16:10:10.0369 4224 Fs_Rec - ok16:10:10.0417 4224 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys16:10:10.0421 4224 gagp30kx - ok16:10:10.0465 4224 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys16:10:10.0468 4224 GEARAspiWDM - ok16:10:10.0515 4224 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll16:10:10.0539 4224 gpsvc - ok16:10:10.0659 4224 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe16:10:10.0663 4224 gupdate - ok16:10:10.0681 4224 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe16:10:10.0683 4224 gupdatem - ok16:10:10.0776 4224 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe16:10:10.0781 4224 gusvc - ok16:10:10.0830 4224 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys16:10:10.0837 4224 HdAudAddService - ok16:10:10.0894 4224 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys16:10:10.0918 4224 HDAudBus - ok16:10:10.0953 4224 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys16:10:10.0956 4224 HidBth - ok16:10:10.0971 4224 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys16:10:10.0975 4224 HidIr - ok16:10:11.0012 4224 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll16:10:11.0014 4224 hidserv - ok16:10:11.0044 4224 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys16:10:11.0046 4224 HidUsb - ok16:10:11.0074 4224 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll16:10:11.0078 4224 hkmsvc - ok16:10:11.0107 4224 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys16:10:11.0109 4224 HpCISSs - ok16:10:11.0250 4224 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll16:10:11.0254 4224 hpqcxs08 - ok16:10:11.0283 4224 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll16:10:11.0286 4224 hpqddsvc - ok16:10:11.0379 4224 [ 75F122CDCA3C71BD09089F2CA824B796 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL16:10:11.0402 4224 HPSLPSVC - ok16:10:11.0474 4224 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys16:10:11.0481 4224 HTTP - ok16:10:11.0505 4224 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys16:10:11.0507 4224 i2omp - ok16:10:11.0558 4224 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys16:10:11.0561 4224 i8042prt - ok16:10:11.0649 4224 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe16:10:11.0657 4224 IAANTMON - ok16:10:11.0733 4224 [ 8318E04A6455CED1020BCC5039B62CFA ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys16:10:11.0777 4224 ialm - ok16:10:11.0838 4224 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys16:10:11.0840 4224 iaStor - ok16:10:11.0866 4224 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys16:10:11.0876 4224 iaStorV - ok16:10:11.0948 4224 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe16:10:11.0974 4224 idsvc - ok16:10:12.0069 4224 [ 1B954F2BCB244596DA704DC8C7729930 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys16:10:12.0169 4224 igfx - ok16:10:12.0211 4224 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys16:10:12.0213 4224 iirsp - ok16:10:12.0261 4224 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll16:10:12.0270 4224 IKEEXT - ok16:10:12.0309 4224 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys16:10:12.0311 4224 intelide - ok16:10:12.0347 4224 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys16:10:12.0348 4224 intelppm - ok16:10:12.0399 4224 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll16:10:12.0404 4224 IPBusEnum - ok16:10:12.0430 4224 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys16:10:12.0433 4224 IpFilterDriver - ok16:10:12.0493 4224 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll16:10:12.0497 4224 iphlpsvc - ok16:10:12.0506 4224 IpInIp - ok16:10:12.0542 4224 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys16:10:12.0544 4224 IPMIDRV - ok16:10:12.0565 4224 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys16:10:12.0569 4224 IPNAT - ok16:10:12.0610 4224 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe16:10:12.0621 4224 iPod Service - ok16:10:12.0647 4224 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys16:10:12.0649 4224 IRENUM - ok16:10:12.0676 4224 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys16:10:12.0678 4224 isapnp - ok16:10:12.0735 4224 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys16:10:12.0738 4224 iScsiPrt - ok16:10:12.0766 4224 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys16:10:12.0768 4224 iteatapi - ok16:10:12.0783 4224 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys16:10:12.0785 4224 iteraid - ok16:10:12.0811 4224 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys16:10:12.0813 4224 kbdclass - ok16:10:12.0830 4224 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys16:10:12.0832 4224 kbdhid - ok16:10:12.0883 4224 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe16:10:12.0886 4224 KeyIso - ok16:10:12.0939 4224 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys16:10:12.0947 4224 KSecDD - ok16:10:12.0993 4224 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll16:10:13.0000 4224 KtmRm - ok16:10:13.0042 4224 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll16:10:13.0046 4224 LanmanServer - ok16:10:13.0085 4224 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll16:10:13.0090 4224 LanmanWorkstation - ok16:10:13.0143 4224 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys16:10:13.0145 4224 lltdio - ok16:10:13.0192 4224 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll16:10:13.0197 4224 lltdsvc - ok16:10:13.0219 4224 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll16:10:13.0220 4224 lmhosts - ok16:10:13.0248 4224 lmimirr - ok16:10:13.0291 4224 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys16:10:13.0294 4224 LSI_FC - ok16:10:13.0323 4224 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys16:10:13.0327 4224 LSI_SAS - ok16:10:13.0362 4224 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys16:10:13.0365 4224 LSI_SCSI - ok16:10:13.0399 4224 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys16:10:13.0401 4224 luafv - ok16:10:13.0443 4224 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll16:10:13.0447 4224 Mcx2Svc - ok16:10:13.0479 4224 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys16:10:13.0481 4224 megasas - ok16:10:13.0508 4224 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys16:10:13.0517 4224 MegaSR - ok16:10:13.0547 4224 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll16:10:13.0550 4224 MMCSS - ok16:10:13.0570 4224 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys16:10:13.0571 4224 Modem - ok16:10:13.0611 4224 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys16:10:13.0612 4224 monitor - ok16:10:13.0627 4224 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys16:10:13.0629 4224 mouclass - ok16:10:13.0660 4224 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys16:10:13.0662 4224 mouhid - ok16:10:13.0676 4224 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys16:10:13.0678 4224 MountMgr - ok16:10:13.0731 4224 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys16:10:13.0734 4224 mpio - ok16:10:13.0768 4224 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys16:10:13.0770 4224 mpsdrv - ok16:10:13.0808 4224 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll16:10:13.0818 4224 MpsSvc - ok16:10:13.0856 4224 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys16:10:13.0858 4224 Mraid35x - ok16:10:13.0892 4224 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys16:10:13.0895 4224 MRxDAV - ok16:10:13.0935 4224 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys16:10:13.0937 4224 mrxsmb - ok16:10:13.0987 4224 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys16:10:13.0992 4224 mrxsmb10 - ok16:10:14.0012 4224 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys16:10:14.0015 4224 mrxsmb20 - ok16:10:14.0048 4224 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys16:10:14.0049 4224 msahci - ok16:10:14.0134 4224 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys16:10:14.0138 4224 msdsm - ok16:10:14.0161 4224 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe16:10:14.0167 4224 MSDTC - ok16:10:14.0184 4224 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys16:10:14.0188 4224 Msfs - ok16:10:14.0267 4224 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys16:10:14.0268 4224 msisadrv - ok16:10:14.0298 4224 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll16:10:14.0302 4224 MSiSCSI - ok16:10:14.0308 4224 msiserver - ok16:10:14.0351 4224 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys16:10:14.0353 4224 MSKSSRV - ok16:10:14.0380 4224 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys16:10:14.0383 4224 MSPCLOCK - ok16:10:14.0408 4224 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys16:10:14.0410 4224 MSPQM - ok16:10:14.0444 4224 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys16:10:14.0449 4224 MsRPC - ok16:10:14.0471 4224 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys16:10:14.0472 4224 mssmbios - ok16:10:14.0501 4224 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys16:10:14.0503 4224 MSTEE - ok16:10:14.0537 4224 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys16:10:14.0538 4224 Mup - ok16:10:14.0585 4224 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll16:10:14.0592 4224 napagent - ok16:10:14.0633 4224 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys16:10:14.0636 4224 NativeWifiP - ok16:10:14.0675 4224 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys16:10:14.0684 4224 NDIS - ok16:10:14.0705 4224 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys16:10:14.0708 4224 NdisTapi - ok16:10:14.0728 4224 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys16:10:14.0729 4224 Ndisuio - ok16:10:14.0780 4224 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys16:10:14.0801 4224 NdisWan - ok16:10:14.0818 4224 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys16:10:14.0821 4224 NDProxy - ok16:10:14.0882 4224 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll16:10:14.0884 4224 Net Driver HPZ12 - ok16:10:14.0902 4224 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys16:10:14.0908 4224 NetBIOS - ok16:10:14.0979 4224 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys16:10:14.0984 4224 netbt - ok16:10:14.0995 4224 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe16:10:14.0997 4224 Netlogon - ok16:10:15.0038 4224 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll16:10:15.0043 4224 Netman - ok16:10:15.0066 4224 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll16:10:15.0107 4224 netprofm - ok16:10:15.0148 4224 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe16:10:15.0151 4224 NetTcpPortSharing - ok16:10:15.0275 4224 [ 6E9EDC1020B319E7676387B8CDF2398C ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys16:10:15.0367 4224 NETw2v32 - ok16:10:15.0494 4224 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys16:10:15.0571 4224 NETw3v32 - ok16:10:15.0664 4224 [ 38D720E0C8B0ECB9A019980265679798 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys16:10:15.0744 4224 NETw4v32 - ok16:10:15.0775 4224 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys16:10:15.0777 4224 nfrd960 - ok16:10:15.0813 4224 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll16:10:15.0818 4224 NlaSvc - ok16:10:15.0856 4224 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys16:10:15.0859 4224 Npfs - ok16:10:15.0888 4224 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll16:10:15.0891 4224 nsi - ok16:10:15.0917 4224 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys16:10:15.0919 4224 nsiproxy - ok16:10:16.0077 4224 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys16:10:16.0178 4224 Ntfs - ok16:10:16.0275 4224 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys16:10:16.0279 4224 ntrigdigi - ok16:10:16.0306 4224 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys16:10:16.0309 4224 Null - ok16:10:16.0340 4224 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys16:10:16.0345 4224 nvraid - ok16:10:16.0419 4224 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys16:10:16.0422 4224 nvstor - ok16:10:16.0432 4224 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys16:10:16.0436 4224 nv_agp - ok16:10:16.0448 4224 NwlnkFlt - ok16:10:16.0462 4224 NwlnkFwd - ok16:10:16.0779 4224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE16:10:16.0799 4224 odserv - ok16:10:16.0920 4224 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys16:10:16.0924 4224 ohci1394 - ok16:10:17.0012 4224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE16:10:17.0018 4224 ose - ok16:10:17.0295 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll16:10:17.0328 4224 p2pimsvc - ok16:10:17.0346 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll16:10:17.0359 4224 p2psvc - ok16:10:17.0468 4224 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys16:10:17.0470 4224 Parport - ok16:10:17.0569 4224 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys16:10:17.0572 4224 partmgr - ok16:10:17.0716 4224 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys16:10:17.0876 4224 Parvdm - ok16:10:17.0971 4224 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll16:10:17.0976 4224 PcaSvc - ok16:10:18.0043 4224 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys16:10:18.0046 4224 pci - ok16:10:18.0162 4224 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys16:10:18.0164 4224 pciide - ok16:10:18.0270 4224 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys16:10:18.0311 4224 pcmcia - ok16:10:18.0438 4224 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys16:10:18.0483 4224 PEAUTH - ok16:10:18.0822 4224 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll16:10:18.0900 4224 pla - ok16:10:18.0978 4224 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll16:10:18.0984 4224 PlugPlay - ok16:10:19.0049 4224 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll16:10:19.0051 4224 Pml Driver HPZ12 - ok16:10:19.0138 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll16:10:19.0160 4224 PNRPAutoReg - ok16:10:19.0173 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll16:10:19.0181 4224 PNRPsvc - ok16:10:19.0308 4224 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll16:10:19.0315 4224 PolicyAgent - ok16:10:19.0360 4224 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys16:10:19.0363 4224 PptpMiniport - ok16:10:19.0411 4224 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys16:10:19.0431 4224 Processor - ok16:10:19.0478 4224 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll16:10:19.0483 4224 ProfSvc - ok16:10:19.0498 4224 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe16:10:19.0499 4224 ProtectedStorage - ok16:10:19.0539 4224 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys16:10:19.0543 4224 PSched - ok16:10:19.0628 4224 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys16:10:19.0630 4224 PxHelp20 - ok16:10:19.0708 4224 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys16:10:19.0741 4224 ql2300 - ok16:10:19.0775 4224 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys16:10:19.0778 4224 ql40xx - ok16:10:19.0816 4224 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll16:10:19.0822 4224 QWAVE - ok16:10:19.0835 4224 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys16:10:19.0838 4224 QWAVEdrv - ok16:10:19.0869 4224 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys16:10:19.0872 4224 RasAcd - ok16:10:19.0890 4224 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll16:10:19.0895 4224 RasAuto - ok16:10:19.0908 4224 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys16:10:19.0912 4224 Rasl2tp - ok16:10:19.0955 4224 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll16:10:19.0961 4224 RasMan - ok16:10:19.0993 4224 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys16:10:19.0996 4224 RasPppoe - ok16:10:20.0036 4224 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys16:10:20.0039 4224 RasSstp - ok16:10:20.0079 4224 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys16:10:20.0085 4224 rdbss - ok16:10:20.0113 4224 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys16:10:20.0116 4224 RDPCDD - ok16:10:20.0155 4224 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys16:10:20.0160 4224 rdpdr - ok16:10:20.0170 4224 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys16:10:20.0172 4224 RDPENCDD - ok16:10:20.0228 4224 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys16:10:20.0234 4224 RDPWD - ok16:10:20.0297 4224 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll16:10:20.0301 4224 RemoteAccess - ok16:10:20.0327 4224 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll16:10:20.0332 4224 RemoteRegistry - ok16:10:20.0353 4224 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe16:10:20.0357 4224 RpcLocator - ok16:10:20.0393 4224 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll16:10:20.0399 4224 RpcSs - ok16:10:20.0449 4224 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys16:10:20.0450 4224 rspndr - ok16:10:20.0498 4224 [ CB0BD9E10E3E244D312C106DEE1BBB93 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys16:10:20.0502 4224 RTL8169 - ok16:10:20.0563 4224 [ 0D1C1B0DE2819FE1EA25098183130B64 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS16:10:20.0566 4224 RTSTOR - ok16:10:20.0576 4224 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe16:10:20.0578 4224 SamSs - ok16:10:20.0679 4224 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys16:10:20.0682 4224 sbp2port - ok16:10:20.0726 4224 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll16:10:20.0731 4224 SCardSvr - ok16:10:20.0783 4224 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll16:10:20.0806 4224 Schedule - ok16:10:20.0840 4224 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll16:10:20.0841 4224 SCPolicySvc - ok16:10:20.0879 4224 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys16:10:20.0883 4224 sdbus - ok16:10:20.0915 4224 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll16:10:20.0921 4224 SDRSVC - ok16:10:20.0938 4224 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys16:10:20.0939 4224 secdrv - ok16:10:20.0951 4224 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll16:10:20.0954 4224 seclogon - ok16:10:20.0966 4224 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll16:10:20.0970 4224 SENS - ok16:10:21.0000 4224 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys16:10:21.0002 4224 Serenum - ok16:10:21.0032 4224 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys16:10:21.0036 4224 Serial - ok16:10:21.0058 4224 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys16:10:21.0061 4224 sermouse - ok16:10:21.0127 4224 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll16:10:21.0131 4224 SessionEnv - ok16:10:21.0162 4224 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys16:10:21.0170 4224 sffdisk - ok16:10:21.0215 4224 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys16:10:21.0223 4224 sffp_mmc - ok16:10:21.0243 4224 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys16:10:21.0245 4224 sffp_sd - ok16:10:21.0279 4224 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys16:10:21.0281 4224 sfloppy - ok16:10:21.0314 4224 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll16:10:21.0320 4224 SharedAccess - ok16:10:21.0369 4224 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll16:10:21.0375 4224 ShellHWDetection - ok16:10:21.0404 4224 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys16:10:21.0407 4224 sisagp - ok16:10:21.0436 4224 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys16:10:21.0439 4224 SiSRaid2 - ok16:10:21.0467 4224 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys16:10:21.0493 4224 SiSRaid4 - ok16:10:21.0604 4224 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe16:10:21.0702 4224 slsvc - ok16:10:21.0739 4224 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll16:10:21.0743 4224 SLUINotify - ok16:10:21.0779 4224 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys16:10:21.0782 4224 Smb - ok16:10:21.0826 4224 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe16:10:21.0829 4224 SNMPTRAP - ok16:10:21.0859 4224 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys16:10:21.0861 4224 spldr - ok16:10:21.0900 4224 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe16:10:21.0903 4224 Spooler - ok16:10:21.0946 4224 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys16:10:21.0951 4224 srv - ok16:10:21.0994 4224 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys16:10:21.0998 4224 srv2 - ok16:10:22.0060 4224 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys16:10:22.0062 4224 srvnet - ok16:10:22.0098 4224 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll16:10:22.0101 4224 SSDPSRV - ok16:10:22.0140 4224 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll16:10:22.0144 4224 SstpSvc - ok16:10:22.0194 4224 [ 9B33AA7F98D54747B486FE33D4903278 ] STHDA C:\Windows\system32\drivers\stwrt.sys16:10:22.0202 4224 STHDA - ok16:10:22.0283 4224 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys16:10:22.0285 4224 StillCam - ok16:10:22.0344 4224 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll16:10:22.0354 4224 stisvc - ok16:10:22.0395 4224 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys16:10:22.0397 4224 swenum - ok16:10:22.0449 4224 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll16:10:22.0454 4224 swprv - ok16:10:22.0486 4224 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys16:10:22.0488 4224 Symc8xx - ok16:10:22.0515 4224 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys16:10:22.0517 4224 Sym_hi - ok16:10:22.0546 4224 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys16:10:22.0548 4224 Sym_u3 - ok16:10:22.0603 4224 [ 1F452F22DF0C00DD2529867E1EA0DC25 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys16:10:22.0608 4224 SynTP - ok16:10:22.0675 4224 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll16:10:22.0689 4224 SysMain - ok16:10:22.0719 4224 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll16:10:22.0723 4224 TabletInputService - ok16:10:22.0750 4224 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll16:10:22.0756 4224 TapiSrv - ok16:10:22.0830 4224 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll16:10:22.0835 4224 TBS - ok16:10:22.0898 4224 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys16:10:22.0931 4224 Tcpip - ok16:10:22.0980 4224 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys16:10:22.0992 4224 Tcpip6 - ok16:10:23.0037 4224 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys16:10:23.0039 4224 tcpipreg - ok16:10:23.0083 4224 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys16:10:23.0094 4224 TDPIPE - ok16:10:23.0118 4224 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys16:10:23.0122 4224 TDTCP - ok16:10:23.0161 4224 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys16:10:23.0166 4224 tdx - ok16:10:23.0175 4224 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys16:10:23.0184 4224 TermDD - ok16:10:23.0223 4224 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll16:10:23.0246 4224 TermService - ok16:10:23.0284 4224 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll16:10:23.0291 4224 Themes - ok16:10:23.0331 4224 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll16:10:23.0335 4224 THREADORDER - ok16:10:23.0369 4224 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll16:10:23.0375 4224 TrkWks - ok16:10:23.0438 4224 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe16:10:23.0440 4224 TrustedInstaller - ok16:10:23.0495 4224 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys16:10:23.0499 4224 tssecsrv - ok16:10:23.0539 4224 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys16:10:23.0543 4224 tunmp - ok16:10:23.0618 4224 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys16:10:23.0622 4224 tunnel - ok16:10:23.0667 4224 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys16:10:23.0671 4224 uagp35 - ok16:10:23.0708 4224 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys16:10:23.0718 4224 udfs - ok16:10:23.0775 4224 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe16:10:23.0779 4224 UI0Detect - ok16:10:23.0818 4224 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys16:10:23.0822 4224 uliagpkx - ok16:10:23.0853 4224 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys16:10:23.0861 4224 uliahci - ok16:10:23.0886 4224 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys16:10:23.0891 4224 UlSata - ok16:10:23.0921 4224 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys16:10:23.0927 4224 ulsata2 - ok16:10:23.0977 4224 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys16:10:23.0981 4224 umbus - ok16:10:24.0019 4224 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll16:10:24.0037 4224 upnphost - ok16:10:24.0137 4224 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys16:10:24.0142 4224 usbccgp - ok16:10:24.0195 4224 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys16:10:24.0204 4224 usbcir - ok16:10:24.0277 4224 [ D21CDE1C635BCC5053463579EEE453CF ] USBCM C:\Windows\system32\DRIVERS\Sacm2K.sys16:10:24.0281 4224 USBCM - ok16:10:24.0325 4224 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys16:10:24.0328 4224 usbehci - ok16:10:24.0340 4224 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys16:10:24.0346 4224 usbhub - ok16:10:24.0376 4224 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys16:10:24.0379 4224 usbohci - ok16:10:24.0421 4224 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys16:10:24.0423 4224 usbprint - ok16:10:24.0468 4224 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys16:10:24.0470 4224 usbscan - ok16:10:24.0491 4224 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS16:10:24.0494 4224 USBSTOR - ok16:10:24.0506 4224 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys16:10:24.0508 4224 usbuhci - ok16:10:24.0553 4224 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys16:10:24.0557 4224 usbvideo - ok16:10:24.0635 4224 [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc C:\Program Files\MSN Messenger\usnsvc.exe16:10:24.0639 4224 usnjsvc - ok16:10:24.0679 4224 [ 7B8424BBAAFBC127C8F55AD6007D6D6B ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS16:10:24.0682 4224 UVCFTR - ok16:10:24.0704 4224 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll16:10:24.0708 4224 UxSms - ok16:10:24.0749 4224 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe16:10:24.0755 4224 vds - ok16:10:24.0820 4224 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys16:10:24.0823 4224 vga - ok16:10:24.0838 4224 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys16:10:24.0841 4224 VgaSave - ok16:10:24.0867 4224 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys16:10:24.0870 4224 viaagp - ok16:10:24.0895 4224 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys16:10:24.0897 4224 ViaC7 - ok16:10:24.0916 4224 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys16:10:24.0918 4224 viaide - ok16:10:24.0947 4224 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys16:10:24.0949 4224 volmgr - ok16:10:24.0996 4224 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys16:10:25.0002 4224 volmgrx - ok16:10:25.0022 4224 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys16:10:25.0027 4224 volsnap - ok16:10:25.0084 4224 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys16:10:25.0116 4224 vsmraid - ok16:10:25.0187 4224 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe16:10:25.0208 4224 VSS - ok16:10:25.0363 4224 [ 8754BA5FCC85325C229ADCB72087706E ] vToolbarUpdater15.4.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe16:10:25.0408 4224 vToolbarUpdater15.4.0 - ok16:10:25.0448 4224 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll16:10:25.0454 4224 W32Time - ok16:10:25.0497 4224 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys16:10:25.0500 4224 WacomPen - ok16:10:25.0534 4224 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys16:10:25.0538 4224 Wanarp - ok16:10:25.0543 4224 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys16:10:25.0544 4224 Wanarpv6 - ok16:10:25.0579 4224 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll16:10:25.0595 4224 wcncsvc - ok16:10:25.0645 4224 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll16:10:25.0648 4224 WcsPlugInService - ok16:10:25.0675 4224 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys16:10:25.0678 4224 Wd - ok16:10:25.0729 4224 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys16:10:25.0750 4224 Wdf01000 - ok16:10:25.0773 4224 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll16:10:25.0778 4224 WdiServiceHost - ok16:10:25.0783 4224 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll16:10:25.0787 4224 WdiSystemHost - ok16:10:25.0838 4224 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll16:10:25.0844 4224 WebClient - ok16:10:25.0882 4224 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll16:10:25.0887 4224 Wecsvc - ok16:10:25.0901 4224 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll16:10:25.0905 4224 wercplsupport - ok16:10:25.0954 4224 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll16:10:25.0960 4224 WerSvc - ok16:10:26.0017 4224 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll16:10:26.0020 4224 WinDefend - ok16:10:26.0028 4224 WinHttpAutoProxySvc - ok16:10:26.0130 4224 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll16:10:26.0133 4224 Winmgmt - ok16:10:26.0204 4224 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll16:10:26.0276 4224 WinRM - ok16:10:26.0356 4224 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll16:10:26.0372 4224 Wlansvc - ok16:10:26.0446 4224 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys16:10:26.0453 4224 WmiAcpi - ok16:10:26.0525 4224 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe16:10:26.0528 4224 wmiApSrv - ok16:10:26.0606 4224 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe16:10:26.0640 4224 WMPNetworkSvc - ok16:10:26.0688 4224 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll16:10:26.0696 4224 WPCSvc - ok16:10:26.0747 4224 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll16:10:26.0753 4224 WPDBusEnum - ok16:10:26.0815 4224 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys16:10:26.0819 4224 WpdUsb - ok16:10:27.0006 4224 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe16:10:27.0028 4224 WPFFontCache_v0400 - ok16:10:27.0051 4224 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys16:10:27.0054 4224 ws2ifsl - ok16:10:27.0088 4224 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll16:10:27.0092 4224 wscsvc - ok16:10:27.0172 4224 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys16:10:27.0174 4224 WSDPrintDevice - ok16:10:27.0179 4224 WSearch - ok16:10:27.0282 4224 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll16:10:27.0337 4224 wuauserv - ok16:10:27.0417 4224 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys16:10:27.0420 4224 WudfPf - ok16:10:27.0452 4224 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys16:10:27.0466 4224 WUDFRd - ok16:10:27.0517 4224 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll16:10:27.0520 4224 wudfsvc - ok16:10:27.0562 4224 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys16:10:27.0567 4224 yukonwlh - ok16:10:27.0597 4224 ================ Scan global ===============================16:10:27.0630 4224 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll16:10:27.0692 4224 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll16:10:27.0723 4224 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll16:10:27.0752 4224 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe16:10:27.0759 4224 [Global] - ok16:10:27.0759 4224 ================ Scan MBR ==================================16:10:27.0777 4224 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR016:10:28.0233 4224 \Device\Harddisk0\DR0 - ok16:10:28.0233 4224 ================ Scan VBR ==================================16:10:28.0237 4224 [ C524666EEC5C057EBEC025169EA4D722 ] \Device\Harddisk0\DR0\Partition116:10:28.0239 4224 \Device\Harddisk0\DR0\Partition1 - ok16:10:28.0244 4224 [ E5C26A8D030F64DA355FD55A017A83AF ] \Device\Harddisk0\DR0\Partition216:10:28.0246 4224 \Device\Harddisk0\DR0\Partition2 - ok16:10:28.0247 4224 ============================================================16:10:28.0247 4224 Scan finished16:10:28.0247 4224 ============================================================16:10:28.0262 4216 Detected object count: 016:10:28.0263 4216 Actual detected object count: 016:10:43.0009 4176 Deinitialize success Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 6, 2013 ID:711472 Share Posted August 6, 2013 We're making progress. ----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.----------Step 3----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main MirrorSave it to your desktop.Double click on the OTL icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the Run Scan button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 5----------------Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
Recommended Posts