Jump to content

Incomplete Cleaning after Malware Infection


Recommended Posts

I had some kind of malware a week or two ago that was redirecting me from google and giving me unrequested pop-ups

and I followed some generic advice on a forum and rid myself of the visible infection, but malwarebytes is still

blocking intrusion attempts. I have run a DDS scan and the logs are attached. Thanks for your help.

--Joshua

DDS.txt

Attach.txt

Link to post
Share on other sites

I have posted the plaintext of the logs for easier utility

Thanks,

--Joshua

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Glazed at 8:59:25 on 2011-11-15

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1638 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\mIRC\mirc.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\notepad.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\msiexec.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [cbfhjlWLYk.exe] C:\ProgramData\cbfhjlWLYk.exe

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -update activex

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [cbfhjlWLYk.exe] C:\ProgramData\cbfhjlWLYk.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Glazed\AppData\Roaming\Mozilla\Firefox\Profiles\4v3a983l.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58626

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Glazed\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-5 366152]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-7-9 341312]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]

R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-7-9 65856]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-1 2214504]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-11-15 04:27:01 -------- d-----w- C:\Program Files (x86)\Coupons

2011-11-14 21:17:17 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\offreg.dll

2011-11-14 21:17:11 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\mpengine.dll

2011-11-10 19:17:40 -------- d-----w- C:\Users\Glazed\AppData\Local\ElevatedDiagnostics

2011-11-10 18:09:26 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-11-10 17:16:07 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-10 17:02:57 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-10 01:20:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-10 01:20:41 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-10 01:20:32 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-11-10 01:20:29 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-09 17:28:06 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 17:28:06 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 17:27:39 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 17:27:12 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-06 05:37:00 388096 ----a-r- C:\Users\Glazed\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-06 05:37:00 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-06 04:24:27 -------- d-----w- C:\Users\Glazed\AppData\Roaming\Malwarebytes

2011-11-06 04:24:22 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-06 04:24:19 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-06 04:24:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-02 03:14:08 98816 ----a-w- C:\Users\Glazed\AppData\Roaming\Microsoft\E243\A932.tmp

2011-11-02 03:13:58 -------- d-----w- C:\Users\Glazed\AppData\Roaming\C8C50

2011-11-02 03:13:39 -------- d-----w- C:\Users\Glazed\AppData\Roaming\3C0C8

2011-11-01 18:44:53 -------- d-----w- C:\ubuntu

2011-11-01 17:15:38 -------- d-----w- C:\Users\Glazed\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}

2011-11-01 16:34:58 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys

2011-11-01 16:34:58 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys

2011-11-01 16:34:57 -------- d-----w- C:\Program Files (x86)\MagicDisc

2011-10-30 20:32:11 -------- d-----w- C:\Users\Glazed\AppData\Local\{B510F8EC-2065-4211-924E-34A394145326}

2011-10-30 20:31:52 -------- d-----w- C:\Users\Glazed\AppData\Local\{3AC2582A-4498-4B82-86CD-BBDD1DF6083D}

2011-10-30 20:31:52 -------- d-----w- C:\Users\Glazed\AppData\Local\{21A3C7F9-F87F-44E1-A2BD-930DF10BB65E}

2011-10-26 06:05:21 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-26 06:05:21 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-10-26 03:07:07 -------- d-----w- C:\Windows\AutoKMS

2011-10-26 03:06:39 151552 ----a-w- C:\Windows\KMSEmulator.exe

2011-10-17 05:16:40 -------- d-----w- C:\Users\Glazed\AppData\Roaming\MathematicaPlayer

2011-10-17 05:16:40 -------- d-----w- C:\Users\Glazed\AppData\Local\MathematicaPlayer

2011-10-17 05:16:40 -------- d-----w- C:\ProgramData\MathematicaPlayer

2011-10-17 05:15:18 -------- d-----w- C:\ProgramData\Mathematica

2011-10-17 05:15:18 -------- d-----w- C:\Program Files\Common Files\Wolfram Research

2011-10-17 05:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wolfram Research

2011-10-17 05:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft

2011-10-17 05:14:43 93712 ----a-w- C:\Windows\SysWow64\mltcp32.mlp

2011-10-17 05:14:43 88080 ----a-w- C:\Windows\SysWow64\mlshm32.mlp

2011-10-17 05:14:43 79376 ----a-w- C:\Windows\SysWow64\mlmap32.mlp

2011-10-17 05:14:43 369680 ----a-w- C:\Windows\SysWow64\ml32i3.dll

2011-10-17 05:14:43 336400 ----a-w- C:\Windows\SysWow64\mltcpip32.mlp

2011-10-17 05:14:43 260112 ----a-w- C:\Windows\SysWow64\ml32i2.dll

2011-10-17 05:14:43 253968 ----a-w- C:\Windows\SysWow64\ml32i1.dll

2011-10-17 05:14:43 167952 ----a-w- C:\Windows\SysWow64\mlmodule32.dll

2011-10-17 05:14:19 -------- d-----w- C:\Program Files (x86)\Wolfram Research

2011-10-17 01:10:50 24270208 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-17 00:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

.

==================== Find3M ====================

.

2011-11-10 17:15:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 04:05:25 25728 ----a-w- C:\Windows\System32\drivers\en-US\androidusb.sys

2011-10-03 04:05:25 25728 ----a-w- C:\Windows\System32\drivers\androidusb.sys

2011-10-03 04:05:25 1419232 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01005.dll

2011-10-03 04:05:25 1419232 ----a-w- C:\Windows\System32\drivers\en-US\WdfCoInstaller01005.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

.

============= FINISH: 8:59:47.20 ===============

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume4

Install Date: 7/1/2011 7:45:17 PM

System Uptime: 11/14/2011 6:29:57 PM (14 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 785GTM-E45 (MS-7549)

Processor: AMD Phenom 9650 Quad-Core Processor | CPU 1 | 1196/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 596 GiB total, 23.742 GiB free.

D: is FIXED (NTFS) - 0 GiB total, 0.031 GiB free.

E: is FIXED (NTFS) - 932 GiB total, 57.303 GiB free.

F: is CDROM ()

H: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75491462&REV_02\4&206601F1&0&0028

Manufacturer: Realtek

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75491462&REV_02\4&206601F1&0&0028

Service: RTL8167

.

==== System Restore Points ===================

.

RP83: 11/11/2011 3:00:12 AM - Windows Update

RP84: 11/14/2011 3:16:54 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

Ask Toolbar

Audacity 1.3.13 (Unicode)

calibre

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CommView for WiFi

Coupon Printer for Windows

D3DX10

Extreme Picture Finder 3.13.5

Google Chrome

HiJackThis

Java Auto Updater

Java 6 Update 26

Kindle Auto eBook Converter 0.4.50

LAME v3.98.3 for Audacity

Left 4 Dead 2

MagicDisc 2.7.106

Malwarebytes' Anti-Malware version 1.51.2.1300

MediaFireDownloader

Mesh Runtime

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 8.0 (x86 en-GB)

Mp3tag v2.49

MSVCRT

Netflix in Windows Media Center

OpenOffice.org 3.3

PrimoPDF -- brought to you by Nitro PDF Software

Quake Live Mozilla Plugin

QuickTime

QuickTime Alternative 1.81

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Splashtop Streamer

Steam

swMSM

Ubuntu

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

VLC

VLC media player 1.1.5

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Wolfram CDF Player (M-WIN-D 8.0.3 2427703)

.

==== Event Viewer Messages From Past Week ========

.

11/8/2011 3:06:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

11/8/2011 3:06:33 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/14/2011 1:08:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1796.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

11/14/2011 1:08:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1796.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

11/13/2011 8:50:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

11/13/2011 8:50:58 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2011 7:58:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4.

11/11/2011 11:43:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.

11/10/2011 12:15:58 PM, Error: Service Control Manager [7034] - The NLS Service service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 11:01:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1554.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/10/2011 11:01:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1554.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/10/2011 10:49:20 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Joshua! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Before proceeding to clean, I have a question concerning your old antivirus program. Some time ago, have you installed Kaspersky product on your system? Because of this line of the log file:

2011-11-10 18:09:26 -------- d-----w- C:\ProgramData\Kaspersky Lab

The existence of the folder leads me to this thought. It is important because existing files of Kaspersky on your system can cause conflict with your current antivirus program - Microsoft Security Essentials.

Link to post
Share on other sites

That what I need to know. Thanks!

Step 1

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->-Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 2

Now it's time to clean the cache of Java, because of malware. Malware found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.

Click Start => Control Panel.

Double-click the Java icon in the control panel. The Java Control Panel appears.

plugin_cache1.jpg

Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

plugin_cache2.jpg

Click Delete Files. The Delete Temporary Files dialog box appears.

plugin_cache3.jpg

Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Step 3

Please follow the instructions here to run the ComboFix:

bleepingcomputer.com/combofix/how-to-use-combofix#use

When you are ready please post the log.txt

In your next reply, please post the following log files:

  • ComboFix log
  • a new fresh DDS log only

Link to post
Share on other sites

ComboFix 11-11-15.01 - Glazed 11/15/2011 13:16:57.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2686 [GMT -6:00]

Running from: c:\users\Glazed\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Glazed\AppData\Roaming\mIRC\logs\status.log

.

.

((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))

.

.

2011-11-15 04:27 . 2011-11-15 04:27 -------- d-----w- c:\program files (x86)\Coupons

2011-11-14 21:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\mpengine.dll

2011-11-10 19:17 . 2011-11-10 19:17 -------- d-----w- c:\users\Glazed\AppData\Local\ElevatedDiagnostics

2011-11-10 18:09 . 2011-11-10 18:09 -------- d-----w- c:\programdata\Kaspersky Lab

2011-11-10 17:16 . 2011-11-10 17:15 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 17:15 . 2011-11-10 17:15 -------- d-----w- c:\program files\Java

2011-11-10 01:23 . 2011-11-10 01:23 -------- d-----w- c:\users\Mcx1-GLAZED-PC

2011-11-10 01:20 . 2011-11-10 01:20 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-10 01:20 . 2011-11-10 01:20 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-10 01:20 . 2011-11-10 01:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-11-10 01:20 . 2011-11-10 01:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-09 17:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 17:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 17:27 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 17:27 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 09:02 . 2011-11-08 09:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-11-06 05:37 . 2011-11-06 05:37 388096 ----a-r- c:\users\Glazed\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-06 05:37 . 2011-11-06 05:37 -------- d-----w- c:\program files (x86)\Trend Micro

2011-11-06 04:24 . 2011-11-06 04:24 -------- d-----w- c:\users\Glazed\AppData\Roaming\Malwarebytes

2011-11-06 04:24 . 2011-11-06 04:24 -------- d-----w- c:\programdata\Malwarebytes

2011-11-06 04:24 . 2011-11-06 04:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-06 04:24 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-06 04:19 . 2011-11-06 04:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-11-02 03:14 . 2011-11-02 03:14 98816 ----a-w- c:\users\Glazed\AppData\Roaming\Microsoft\E243\A932.tmp

2011-11-02 03:13 . 2011-11-02 21:51 -------- d-----w- c:\users\Glazed\AppData\Roaming\C8C50

2011-11-02 03:13 . 2011-11-02 21:51 -------- d-----w- c:\users\Glazed\AppData\Roaming\3C0C8

2011-11-01 18:44 . 2011-11-01 18:44 -------- d-----w- C:\ubuntu

2011-11-01 17:15 . 2011-11-01 17:15 -------- d-----w- c:\users\Glazed\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}

2011-11-01 16:34 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys

2011-11-01 16:34 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2011-11-01 16:34 . 2011-11-01 16:35 -------- d-----w- c:\program files (x86)\MagicDisc

2011-10-26 06:05 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-10-26 06:05 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-10-26 03:07 . 2011-10-27 03:07 -------- d-----w- c:\windows\AutoKMS

2011-10-26 03:06 . 2011-11-15 19:32 151552 ----a-w- c:\windows\KMSEmulator.exe

2011-10-17 05:16 . 2011-10-17 05:16 -------- d-----w- c:\users\Glazed\AppData\Roaming\MathematicaPlayer

2011-10-17 05:16 . 2011-10-17 05:16 -------- d-----w- c:\users\Glazed\AppData\Local\MathematicaPlayer

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\programdata\Mathematica

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\program files\Common Files\Wolfram Research

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft

2011-10-17 05:14 . 2011-07-10 23:23 336400 ----a-w- c:\windows\SysWow64\mltcpip32.mlp

2011-10-17 05:14 . 2011-07-10 23:23 93712 ----a-w- c:\windows\SysWow64\mltcp32.mlp

2011-10-17 05:14 . 2011-07-10 23:23 88080 ----a-w- c:\windows\SysWow64\mlshm32.mlp

2011-10-17 05:14 . 2011-07-10 23:22 167952 ----a-w- c:\windows\SysWow64\mlmodule32.dll

2011-10-17 05:14 . 2011-07-10 23:22 79376 ----a-w- c:\windows\SysWow64\mlmap32.mlp

2011-10-17 05:14 . 2011-07-10 23:22 369680 ----a-w- c:\windows\SysWow64\ml32i3.dll

2011-10-17 05:14 . 2011-07-10 23:22 260112 ----a-w- c:\windows\SysWow64\ml32i2.dll

2011-10-17 05:14 . 2011-07-10 23:22 253968 ----a-w- c:\windows\SysWow64\ml32i1.dll

2011-10-17 05:14 . 2011-10-17 05:14 -------- d-----w- c:\program files (x86)\Wolfram Research

2011-10-17 01:10 . 2011-10-17 01:10 24270208 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-17 00:55 . 2011-10-17 00:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 17:15 . 2011-07-24 06:29 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 04:16 . 2011-07-28 06:01 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-03 04:05 . 2011-10-03 04:07 25728 ----a-w- c:\windows\system32\drivers\en-US\androidusb.sys

2011-10-03 04:05 . 2011-10-03 04:07 1419232 ----a-w- c:\windows\system32\drivers\en-US\WdfCoInstaller01005.dll

2011-10-03 04:05 . 2011-10-03 04:07 25728 ----a-w- c:\windows\system32\drivers\androidusb.sys

2011-10-03 04:05 . 2011-10-03 04:07 1419232 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2011-10-01 03:25 . 2011-10-12 20:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:42 . 2011-10-12 20:06 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-29 18:31 . 2011-08-29 18:31 119808 ----a-r- c:\users\Glazed\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2011-08-27 05:37 . 2011-10-12 20:06 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 05:37 . 2011-10-12 20:06 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-10-12 20:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:26 . 2011-10-12 20:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-20 05:37 . 2011-10-12 20:06 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:31 . 2011-10-12 20:06 981504 ----a-w- c:\windows\SysWow64\wininet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-11 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-07-09 341312]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]

S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-07-09 65856]

S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-25 520040]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2011-10-26 03:07]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1231918713-2338952197-2114777223-1001Core.job

- c:\users\Glazed\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 04:07]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1231918713-2338952197-2114777223-1001UA.job

- c:\users\Glazed\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 04:07]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Glazed\AppData\Roaming\Mozilla\Firefox\Profiles\4v3a983l.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58626

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-cbfhjlWLYk.exe - c:\programdata\cbfhjlWLYk.exe

Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

.

**************************************************************************

.

Completion time: 2011-11-15 13:37:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-15 19:37

.

Pre-Run: 25,613,418,496 bytes free

Post-Run: 25,572,917,248 bytes free

.

- - End Of File - - 246E16E43AE5DB1FAB7581EE849B0C51

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Glazed at 13:39:30 on 2011-11-15

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2301 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Glazed\AppData\Roaming\Mozilla\Firefox\Profiles\4v3a983l.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58626

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Glazed\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-5 366152]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-7-9 341312]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]

R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-7-9 65856]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-1 2214504]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-11-15 19:32:59 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-15 19:32:19 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\offreg.dll

2011-11-15 19:14:48 98816 ----a-w- C:\Windows\sed.exe

2011-11-15 19:14:48 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-15 19:14:48 256000 ----a-w- C:\Windows\PEV.exe

2011-11-15 19:14:48 208896 ----a-w- C:\Windows\MBR.exe

2011-11-15 04:27:01 -------- d-----w- C:\Program Files (x86)\Coupons

2011-11-14 21:17:11 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\mpengine.dll

2011-11-10 19:17:40 -------- d-----w- C:\Users\Glazed\AppData\Local\ElevatedDiagnostics

2011-11-10 18:09:26 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-11-10 17:16:07 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-10 01:20:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-10 01:20:41 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-10 01:20:32 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-11-10 01:20:29 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-09 17:28:06 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 17:28:06 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 17:27:39 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 17:27:12 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-06 05:37:00 388096 ----a-r- C:\Users\Glazed\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-06 05:37:00 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-06 04:24:27 -------- d-----w- C:\Users\Glazed\AppData\Roaming\Malwarebytes

2011-11-06 04:24:22 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-06 04:24:19 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-06 04:24:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-02 03:14:08 98816 ----a-w- C:\Users\Glazed\AppData\Roaming\Microsoft\E243\A932.tmp

2011-11-02 03:13:58 -------- d-----w- C:\Users\Glazed\AppData\Roaming\C8C50

2011-11-02 03:13:39 -------- d-----w- C:\Users\Glazed\AppData\Roaming\3C0C8

2011-11-01 18:44:53 -------- d-----w- C:\ubuntu

2011-11-01 17:15:38 -------- d-----w- C:\Users\Glazed\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}

2011-11-01 16:34:58 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys

2011-11-01 16:34:58 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys

2011-11-01 16:34:57 -------- d-----w- C:\Program Files (x86)\MagicDisc

2011-10-30 20:32:11 -------- d-----w- C:\Users\Glazed\AppData\Local\{B510F8EC-2065-4211-924E-34A394145326}

2011-10-30 20:31:52 -------- d-----w- C:\Users\Glazed\AppData\Local\{3AC2582A-4498-4B82-86CD-BBDD1DF6083D}

2011-10-30 20:31:52 -------- d-----w- C:\Users\Glazed\AppData\Local\{21A3C7F9-F87F-44E1-A2BD-930DF10BB65E}

2011-10-26 06:05:21 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-26 06:05:21 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-10-26 03:07:07 -------- d-----w- C:\Windows\AutoKMS

2011-10-26 03:06:39 151552 ----a-w- C:\Windows\KMSEmulator.exe

2011-10-17 05:16:40 -------- d-----w- C:\Users\Glazed\AppData\Roaming\MathematicaPlayer

2011-10-17 05:16:40 -------- d-----w- C:\Users\Glazed\AppData\Local\MathematicaPlayer

2011-10-17 05:16:40 -------- d-----w- C:\ProgramData\MathematicaPlayer

2011-10-17 05:15:18 -------- d-----w- C:\ProgramData\Mathematica

2011-10-17 05:15:18 -------- d-----w- C:\Program Files\Common Files\Wolfram Research

2011-10-17 05:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wolfram Research

2011-10-17 05:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft

2011-10-17 05:14:43 93712 ----a-w- C:\Windows\SysWow64\mltcp32.mlp

2011-10-17 05:14:43 88080 ----a-w- C:\Windows\SysWow64\mlshm32.mlp

2011-10-17 05:14:43 79376 ----a-w- C:\Windows\SysWow64\mlmap32.mlp

2011-10-17 05:14:43 369680 ----a-w- C:\Windows\SysWow64\ml32i3.dll

2011-10-17 05:14:43 336400 ----a-w- C:\Windows\SysWow64\mltcpip32.mlp

2011-10-17 05:14:43 260112 ----a-w- C:\Windows\SysWow64\ml32i2.dll

2011-10-17 05:14:43 253968 ----a-w- C:\Windows\SysWow64\ml32i1.dll

2011-10-17 05:14:43 167952 ----a-w- C:\Windows\SysWow64\mlmodule32.dll

2011-10-17 05:14:19 -------- d-----w- C:\Program Files (x86)\Wolfram Research

2011-10-17 01:10:50 24270208 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-17 00:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

.

==================== Find3M ====================

.

2011-11-10 17:15:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 04:05:25 25728 ----a-w- C:\Windows\System32\drivers\en-US\androidusb.sys

2011-10-03 04:05:25 25728 ----a-w- C:\Windows\System32\drivers\androidusb.sys

2011-10-03 04:05:25 1419232 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01005.dll

2011-10-03 04:05:25 1419232 ----a-w- C:\Windows\System32\drivers\en-US\WdfCoInstaller01005.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

.

============= FINISH: 13:39:51.15 ===============

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

File::
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job

Folder::
c:\users\Glazed\AppData\Roaming\C8C50
c:\users\Glazed\AppData\Roaming\3C0C8
c:\windows\AutoKMS

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

ComboFix 11-11-15.01 - Glazed 11/15/2011 14:00:29.4.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2614 [GMT -6:00]

Running from: c:\users\Glazed\Desktop\ComboFix.exe

Command switches used :: c:\users\Glazed\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\KMSEmulator.exe"

"c:\windows\Tasks\AutoKMS.job"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Glazed\AppData\Roaming\3C0C8

c:\users\Glazed\AppData\Roaming\3C0C8\8C50.C0C

c:\users\Glazed\AppData\Roaming\C8C50

c:\windows\AutoKMS

c:\windows\AutoKMS\AutoKMS.exe

c:\windows\AutoKMS\AutoKMS.ini

c:\windows\AutoKMS\AutoKMS.log

c:\windows\KMSEmulator.exe

c:\windows\Tasks\AutoKMS.job

.

.

((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))

.

.

2011-11-15 20:12 . 2011-11-15 20:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\offreg.dll

2011-11-15 20:11 . 2011-11-15 20:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-11-15 20:11 . 2011-11-15 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-15 04:27 . 2011-11-15 04:27 -------- d-----w- c:\program files (x86)\Coupons

2011-11-14 21:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\mpengine.dll

2011-11-10 19:17 . 2011-11-10 19:17 -------- d-----w- c:\users\Glazed\AppData\Local\ElevatedDiagnostics

2011-11-10 18:09 . 2011-11-10 18:09 -------- d-----w- c:\programdata\Kaspersky Lab

2011-11-10 17:16 . 2011-11-10 17:15 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 17:15 . 2011-11-10 17:15 -------- d-----w- c:\program files\Java

2011-11-10 01:23 . 2011-11-10 01:23 -------- d-----w- c:\users\Mcx1-GLAZED-PC

2011-11-10 01:20 . 2011-11-10 01:20 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-10 01:20 . 2011-11-10 01:20 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-10 01:20 . 2011-11-10 01:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-11-10 01:20 . 2011-11-10 01:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-09 17:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 17:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 17:27 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 17:27 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 09:02 . 2011-11-08 09:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-11-06 05:37 . 2011-11-06 05:37 388096 ----a-r- c:\users\Glazed\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-06 05:37 . 2011-11-06 05:37 -------- d-----w- c:\program files (x86)\Trend Micro

2011-11-06 04:24 . 2011-11-06 04:24 -------- d-----w- c:\users\Glazed\AppData\Roaming\Malwarebytes

2011-11-06 04:24 . 2011-11-06 04:24 -------- d-----w- c:\programdata\Malwarebytes

2011-11-06 04:24 . 2011-11-06 04:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-06 04:24 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-06 04:19 . 2011-11-06 04:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-11-02 03:14 . 2011-11-02 03:14 98816 ----a-w- c:\users\Glazed\AppData\Roaming\Microsoft\E243\A932.tmp

2011-11-01 18:44 . 2011-11-01 18:44 -------- d-----w- C:\ubuntu

2011-11-01 17:15 . 2011-11-01 17:15 -------- d-----w- c:\users\Glazed\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}

2011-11-01 16:34 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys

2011-11-01 16:34 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2011-11-01 16:34 . 2011-11-01 16:35 -------- d-----w- c:\program files (x86)\MagicDisc

2011-10-26 06:05 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-10-26 06:05 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-10-17 05:16 . 2011-10-17 05:16 -------- d-----w- c:\users\Glazed\AppData\Roaming\MathematicaPlayer

2011-10-17 05:16 . 2011-10-17 05:16 -------- d-----w- c:\users\Glazed\AppData\Local\MathematicaPlayer

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\programdata\Mathematica

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\program files\Common Files\Wolfram Research

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research

2011-10-17 05:15 . 2011-10-17 05:15 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft

2011-10-17 05:14 . 2011-07-10 23:23 336400 ----a-w- c:\windows\SysWow64\mltcpip32.mlp

2011-10-17 05:14 . 2011-07-10 23:23 93712 ----a-w- c:\windows\SysWow64\mltcp32.mlp

2011-10-17 05:14 . 2011-07-10 23:23 88080 ----a-w- c:\windows\SysWow64\mlshm32.mlp

2011-10-17 05:14 . 2011-07-10 23:22 167952 ----a-w- c:\windows\SysWow64\mlmodule32.dll

2011-10-17 05:14 . 2011-07-10 23:22 79376 ----a-w- c:\windows\SysWow64\mlmap32.mlp

2011-10-17 05:14 . 2011-07-10 23:22 369680 ----a-w- c:\windows\SysWow64\ml32i3.dll

2011-10-17 05:14 . 2011-07-10 23:22 260112 ----a-w- c:\windows\SysWow64\ml32i2.dll

2011-10-17 05:14 . 2011-07-10 23:22 253968 ----a-w- c:\windows\SysWow64\ml32i1.dll

2011-10-17 05:14 . 2011-10-17 05:14 -------- d-----w- c:\program files (x86)\Wolfram Research

2011-10-17 01:10 . 2011-10-17 01:10 24270208 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-17 00:55 . 2011-10-17 00:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 17:15 . 2011-07-24 06:29 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 04:16 . 2011-07-28 06:01 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-03 04:05 . 2011-10-03 04:07 25728 ----a-w- c:\windows\system32\drivers\en-US\androidusb.sys

2011-10-03 04:05 . 2011-10-03 04:07 1419232 ----a-w- c:\windows\system32\drivers\en-US\WdfCoInstaller01005.dll

2011-10-03 04:05 . 2011-10-03 04:07 25728 ----a-w- c:\windows\system32\drivers\androidusb.sys

2011-10-03 04:05 . 2011-10-03 04:07 1419232 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2011-10-01 03:25 . 2011-10-12 20:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:42 . 2011-10-12 20:06 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-29 18:31 . 2011-08-29 18:31 119808 ----a-r- c:\users\Glazed\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2011-08-27 05:37 . 2011-10-12 20:06 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 05:37 . 2011-10-12 20:06 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-10-12 20:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:26 . 2011-10-12 20:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-20 05:37 . 2011-10-12 20:06 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:31 . 2011-10-12 20:06 981504 ----a-w- c:\windows\SysWow64\wininet.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-15_19.32.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2011-11-15 20:14 30216 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-11-15 20:14 31620 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-02 00:54 . 2011-11-15 19:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-02 00:54 . 2011-11-15 19:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-02 00:54 . 2011-11-15 19:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-02 00:54 . 2011-11-15 19:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-07-02 00:54 . 2011-11-15 19:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-02 00:54 . 2011-11-15 19:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-07-02 00:54 . 2011-11-15 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-02 00:54 . 2011-11-15 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-02 00:54 . 2011-11-15 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-07-02 00:54 . 2011-11-15 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-02 00:54 . 2011-11-15 20:14 7254 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1231918713-2338952197-2114777223-1001_UserData.bin

+ 2011-11-15 20:12 . 2011-11-15 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-15 19:32 . 2011-11-15 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-15 20:12 . 2011-11-15 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-15 19:32 . 2011-11-15 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2011-11-15 19:13 626040 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 19:37 626040 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-15 19:37 107316 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-11-15 19:13 107316 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-11-15 19:31 450176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-11-15 20:11 450176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-02 12:28 . 2011-11-15 20:11 48766888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1231918713-2338952197-2114777223-1001-8192.dat

- 2011-07-02 12:28 . 2011-11-15 19:31 48766888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1231918713-2338952197-2114777223-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-11 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-07-09 341312]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]

S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-07-09 65856]

S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-25 520040]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1231918713-2338952197-2114777223-1001Core.job

- c:\users\Glazed\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 04:07]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1231918713-2338952197-2114777223-1001UA.job

- c:\users\Glazed\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 04:07]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Glazed\AppData\Roaming\Mozilla\Firefox\Profiles\4v3a983l.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58626

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

.

**************************************************************************

.

Completion time: 2011-11-15 14:17:40 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-15 20:17

ComboFix2.txt 2011-11-15 19:37

.

Pre-Run: 25,330,655,232 bytes free

Post-Run: 25,275,043,840 bytes free

.

- - End Of File - - E1D473230E224152163B6602CBC80FA6

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Glazed at 14:20:33 on 2011-11-15

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2691 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{BAC7859A-25CE-4B08-A365-880A2D6AB232} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Glazed\AppData\Roaming\Mozilla\Firefox\Profiles\4v3a983l.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58626

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Glazed\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-7-9 341312]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]

R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-7-9 65856]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-5 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-1 2214504]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-11-15 20:19:23 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-15 20:12:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\offreg.dll

2011-11-15 19:14:48 98816 ----a-w- C:\Windows\sed.exe

2011-11-15 19:14:48 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-15 19:14:48 256000 ----a-w- C:\Windows\PEV.exe

2011-11-15 19:14:48 208896 ----a-w- C:\Windows\MBR.exe

2011-11-15 04:27:01 -------- d-----w- C:\Program Files (x86)\Coupons

2011-11-14 21:17:11 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530B903E-E835-4B75-A54B-FCBF14A70D8C}\mpengine.dll

2011-11-10 19:17:40 -------- d-----w- C:\Users\Glazed\AppData\Local\ElevatedDiagnostics

2011-11-10 18:09:26 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-11-10 17:16:07 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-11-10 01:20:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-10 01:20:41 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-10 01:20:32 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-11-10 01:20:29 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-09 17:28:06 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 17:28:06 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 17:27:39 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 17:27:12 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-06 05:37:00 388096 ----a-r- C:\Users\Glazed\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-06 05:37:00 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-06 04:24:27 -------- d-----w- C:\Users\Glazed\AppData\Roaming\Malwarebytes

2011-11-06 04:24:22 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-06 04:24:19 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-06 04:24:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-02 03:14:08 98816 ----a-w- C:\Users\Glazed\AppData\Roaming\Microsoft\E243\A932.tmp

2011-11-01 18:44:53 -------- d-----w- C:\ubuntu

2011-11-01 17:15:38 -------- d-----w- C:\Users\Glazed\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}

2011-11-01 16:34:58 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys

2011-11-01 16:34:58 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys

2011-11-01 16:34:57 -------- d-----w- C:\Program Files (x86)\MagicDisc

2011-10-30 20:32:11 -------- d-----w- C:\Users\Glazed\AppData\Local\{B510F8EC-2065-4211-924E-34A394145326}

2011-10-30 20:31:52 -------- d-----w- C:\Users\Glazed\AppData\Local\{3AC2582A-4498-4B82-86CD-BBDD1DF6083D}

2011-10-30 20:31:52 -------- d-----w- C:\Users\Glazed\AppData\Local\{21A3C7F9-F87F-44E1-A2BD-930DF10BB65E}

2011-10-26 06:05:21 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-26 06:05:21 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-10-17 05:16:40 -------- d-----w- C:\Users\Glazed\AppData\Roaming\MathematicaPlayer

2011-10-17 05:16:40 -------- d-----w- C:\Users\Glazed\AppData\Local\MathematicaPlayer

2011-10-17 05:16:40 -------- d-----w- C:\ProgramData\MathematicaPlayer

2011-10-17 05:15:18 -------- d-----w- C:\ProgramData\Mathematica

2011-10-17 05:15:18 -------- d-----w- C:\Program Files\Common Files\Wolfram Research

2011-10-17 05:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wolfram Research

2011-10-17 05:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft

2011-10-17 05:14:43 93712 ----a-w- C:\Windows\SysWow64\mltcp32.mlp

2011-10-17 05:14:43 88080 ----a-w- C:\Windows\SysWow64\mlshm32.mlp

2011-10-17 05:14:43 79376 ----a-w- C:\Windows\SysWow64\mlmap32.mlp

2011-10-17 05:14:43 369680 ----a-w- C:\Windows\SysWow64\ml32i3.dll

2011-10-17 05:14:43 336400 ----a-w- C:\Windows\SysWow64\mltcpip32.mlp

2011-10-17 05:14:43 260112 ----a-w- C:\Windows\SysWow64\ml32i2.dll

2011-10-17 05:14:43 253968 ----a-w- C:\Windows\SysWow64\ml32i1.dll

2011-10-17 05:14:43 167952 ----a-w- C:\Windows\SysWow64\mlmodule32.dll

2011-10-17 05:14:19 -------- d-----w- C:\Program Files (x86)\Wolfram Research

2011-10-17 01:10:50 24270208 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-17 00:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

.

==================== Find3M ====================

.

2011-11-10 17:15:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 04:05:25 25728 ----a-w- C:\Windows\System32\drivers\en-US\androidusb.sys

2011-10-03 04:05:25 25728 ----a-w- C:\Windows\System32\drivers\androidusb.sys

2011-10-03 04:05:25 1419232 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01005.dll

2011-10-03 04:05:25 1419232 ----a-w- C:\Windows\System32\drivers\en-US\WdfCoInstaller01005.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

.

============= FINISH: 14:22:30.22 ===============

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

14:37:44.0937 3548 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

14:37:45.0380 3548 ============================================================

14:37:45.0380 3548 Current date / time: 2011/11/15 14:37:45.0380

14:37:45.0380 3548 SystemInfo:

14:37:45.0380 3548

14:37:45.0381 3548 OS Version: 6.1.7601 ServicePack: 1.0

14:37:45.0381 3548 Product type: Workstation

14:37:45.0381 3548 ComputerName: GLAZED-PC

14:37:45.0381 3548 UserName: Glazed

14:37:45.0381 3548 Windows directory: C:\Windows

14:37:45.0381 3548 System windows directory: C:\Windows

14:37:45.0381 3548 Running under WOW64

14:37:45.0381 3548 Processor architecture: Intel x64

14:37:45.0381 3548 Number of processors: 4

14:37:45.0381 3548 Page size: 0x1000

14:37:45.0381 3548 Boot type: Normal boot

14:37:45.0381 3548 ============================================================

14:37:46.0427 3548 Initialize success

14:38:06.0431 4992 ============================================================

14:38:06.0431 4992 Scan started

14:38:06.0431 4992 Mode: Manual; SigCheck; TDLFS;

14:38:06.0431 4992 ============================================================

14:38:06.0955 4992 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:38:07.0112 4992 1394ohci - ok

14:38:07.0182 4992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:38:07.0208 4992 ACPI - ok

14:38:07.0217 4992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:38:07.0291 4992 AcpiPmi - ok

14:38:07.0343 4992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:38:07.0370 4992 adp94xx - ok

14:38:07.0410 4992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:38:07.0434 4992 adpahci - ok

14:38:07.0457 4992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:38:07.0477 4992 adpu320 - ok

14:38:07.0561 4992 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

14:38:07.0629 4992 AFD - ok

14:38:07.0651 4992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:38:07.0667 4992 agp440 - ok

14:38:07.0701 4992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:38:07.0712 4992 aliide - ok

14:38:07.0726 4992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:38:07.0736 4992 amdide - ok

14:38:07.0776 4992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:38:07.0813 4992 AmdK8 - ok

14:38:07.0838 4992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:38:07.0867 4992 AmdPPM - ok

14:38:07.0934 4992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:38:07.0952 4992 amdsata - ok

14:38:08.0000 4992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:38:08.0020 4992 amdsbs - ok

14:38:08.0048 4992 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:38:08.0056 4992 amdxata - ok

14:38:08.0085 4992 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:38:08.0248 4992 AppID - ok

14:38:08.0296 4992 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:38:08.0315 4992 arc - ok

14:38:08.0339 4992 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:38:08.0351 4992 arcsas - ok

14:38:08.0381 4992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:38:08.0548 4992 AsyncMac - ok

14:38:08.0563 4992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:38:08.0578 4992 atapi - ok

14:38:08.0632 4992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:38:08.0691 4992 b06bdrv - ok

14:38:08.0728 4992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:38:08.0768 4992 b57nd60a - ok

14:38:08.0855 4992 BCMH43XX (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys

14:38:08.0907 4992 BCMH43XX - ok

14:38:08.0954 4992 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:38:09.0021 4992 Beep - ok

14:38:09.0070 4992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:38:09.0096 4992 blbdrive - ok

14:38:09.0142 4992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:38:09.0190 4992 bowser - ok

14:38:09.0198 4992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:38:09.0269 4992 BrFiltLo - ok

14:38:09.0294 4992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:38:09.0316 4992 BrFiltUp - ok

14:38:09.0346 4992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:38:09.0400 4992 Brserid - ok

14:38:09.0410 4992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:38:09.0445 4992 BrSerWdm - ok

14:38:09.0454 4992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:38:09.0483 4992 BrUsbMdm - ok

14:38:09.0492 4992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:38:09.0508 4992 BrUsbSer - ok

14:38:09.0517 4992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

14:38:09.0542 4992 BTHMODEM - ok

14:38:09.0583 4992 catchme - ok

14:38:09.0612 4992 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:38:09.0672 4992 cdfs - ok

14:38:09.0703 4992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:38:09.0748 4992 cdrom - ok

14:38:09.0785 4992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:38:09.0816 4992 circlass - ok

14:38:09.0867 4992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:38:09.0882 4992 CLFS - ok

14:38:09.0929 4992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

14:38:09.0957 4992 CmBatt - ok

14:38:09.0979 4992 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:38:09.0993 4992 cmdide - ok

14:38:10.0020 4992 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

14:38:10.0040 4992 CNG - ok

14:38:10.0058 4992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

14:38:10.0066 4992 Compbatt - ok

14:38:10.0104 4992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:38:10.0143 4992 CompositeBus - ok

14:38:10.0165 4992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:38:10.0177 4992 crcdisk - ok

14:38:10.0253 4992 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

14:38:10.0325 4992 CSC - ok

14:38:10.0366 4992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:38:10.0429 4992 DfsC - ok

14:38:10.0463 4992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:38:10.0521 4992 discache - ok

14:38:10.0578 4992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:38:10.0590 4992 Disk - ok

14:38:10.0637 4992 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

14:38:10.0693 4992 dmvsc - ok

14:38:10.0763 4992 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:38:10.0804 4992 drmkaud - ok

14:38:10.0846 4992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:38:10.0876 4992 DXGKrnl - ok

14:38:10.0969 4992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

14:38:11.0032 4992 ebdrv - ok

14:38:11.0080 4992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

14:38:11.0095 4992 elxstor - ok

14:38:11.0124 4992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:38:11.0158 4992 ErrDev - ok

14:38:11.0200 4992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:38:11.0284 4992 exfat - ok

14:38:11.0314 4992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:38:11.0407 4992 fastfat - ok

14:38:11.0433 4992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:38:11.0476 4992 fdc - ok

14:38:11.0505 4992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:38:11.0517 4992 FileInfo - ok

14:38:11.0536 4992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:38:11.0609 4992 Filetrace - ok

14:38:11.0635 4992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:38:11.0650 4992 flpydisk - ok

14:38:11.0675 4992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:38:11.0693 4992 FltMgr - ok

14:38:11.0717 4992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:38:11.0733 4992 FsDepends - ok

14:38:11.0748 4992 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

14:38:11.0756 4992 Fs_Rec - ok

14:38:11.0773 4992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:38:11.0790 4992 fvevol - ok

14:38:11.0811 4992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

14:38:11.0821 4992 gagp30kx - ok

14:38:11.0834 4992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:38:11.0872 4992 hcw85cir - ok

14:38:11.0955 4992 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:38:12.0000 4992 HdAudAddService - ok

14:38:12.0039 4992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:38:12.0076 4992 HDAudBus - ok

14:38:12.0085 4992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

14:38:12.0103 4992 HidBatt - ok

14:38:12.0127 4992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

14:38:12.0233 4992 HidBth - ok

14:38:12.0258 4992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

14:38:12.0293 4992 HidIr - ok

14:38:12.0326 4992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:38:12.0339 4992 HidUsb - ok

14:38:12.0368 4992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:38:12.0382 4992 HpSAMD - ok

14:38:12.0427 4992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:38:12.0492 4992 HTTP - ok

14:38:12.0517 4992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:38:12.0524 4992 hwpolicy - ok

14:38:12.0558 4992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

14:38:12.0574 4992 i8042prt - ok

14:38:12.0626 4992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:38:12.0641 4992 iaStorV - ok

14:38:12.0668 4992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

14:38:12.0676 4992 iirsp - ok

14:38:12.0699 4992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:38:12.0708 4992 intelide - ok

14:38:12.0733 4992 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

14:38:12.0756 4992 intelppm - ok

14:38:12.0782 4992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:38:12.0816 4992 IpFilterDriver - ok

14:38:12.0827 4992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:38:12.0852 4992 IPMIDRV - ok

14:38:12.0861 4992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:38:12.0908 4992 IPNAT - ok

14:38:12.0944 4992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:38:13.0002 4992 IRENUM - ok

14:38:13.0021 4992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:38:13.0033 4992 isapnp - ok

14:38:13.0088 4992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:38:13.0111 4992 iScsiPrt - ok

14:38:13.0196 4992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:38:13.0213 4992 kbdclass - ok

14:38:13.0325 4992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:38:13.0362 4992 kbdhid - ok

14:38:13.0400 4992 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

14:38:13.0410 4992 KSecDD - ok

14:38:13.0456 4992 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

14:38:13.0474 4992 KSecPkg - ok

14:38:13.0490 4992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:38:13.0555 4992 ksthunk - ok

14:38:13.0611 4992 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:38:13.0669 4992 lltdio - ok

14:38:13.0717 4992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

14:38:13.0735 4992 LSI_FC - ok

14:38:13.0754 4992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

14:38:13.0767 4992 LSI_SAS - ok

14:38:13.0791 4992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

14:38:13.0800 4992 LSI_SAS2 - ok

14:38:13.0825 4992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

14:38:13.0837 4992 LSI_SCSI - ok

14:38:13.0874 4992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:38:13.0940 4992 luafv - ok

14:38:13.0989 4992 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

14:38:14.0001 4992 MBAMProtector - ok

14:38:14.0069 4992 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

14:38:14.0092 4992 mcdbus - ok

14:38:14.0113 4992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

14:38:14.0121 4992 megasas - ok

14:38:14.0152 4992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

14:38:14.0163 4992 MegaSR - ok

14:38:14.0203 4992 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:38:14.0253 4992 Modem - ok

14:38:14.0300 4992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:38:14.0338 4992 monitor - ok

14:38:14.0370 4992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:38:14.0383 4992 mouclass - ok

14:38:14.0415 4992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:38:14.0453 4992 mouhid - ok

14:38:14.0480 4992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:38:14.0489 4992 mountmgr - ok

14:38:14.0558 4992 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

14:38:14.0579 4992 MpFilter - ok

14:38:14.0608 4992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:38:14.0619 4992 mpio - ok

14:38:14.0670 4992 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

14:38:14.0680 4992 MpNWMon - ok

14:38:14.0695 4992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:38:14.0756 4992 mpsdrv - ok

14:38:14.0791 4992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:38:14.0836 4992 MRxDAV - ok

14:38:14.0893 4992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:38:14.0948 4992 mrxsmb - ok

14:38:15.0010 4992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:38:15.0034 4992 mrxsmb10 - ok

14:38:15.0090 4992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:38:15.0110 4992 mrxsmb20 - ok

14:38:15.0131 4992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:38:15.0166 4992 msahci - ok

14:38:15.0196 4992 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:38:15.0207 4992 msdsm - ok

14:38:15.0255 4992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:38:15.0300 4992 Msfs - ok

14:38:15.0345 4992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:38:15.0541 4992 mshidkmdf - ok

14:38:15.0657 4992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:38:15.0665 4992 msisadrv - ok

14:38:15.0709 4992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:38:15.0783 4992 MSKSSRV - ok

14:38:15.0828 4992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:38:15.0881 4992 MSPCLOCK - ok

14:38:15.0905 4992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:38:15.0973 4992 MSPQM - ok

14:38:16.0103 4992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:38:16.0128 4992 MsRPC - ok

14:38:16.0232 4992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:38:16.0242 4992 mssmbios - ok

14:38:16.0260 4992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:38:16.0317 4992 MSTEE - ok

14:38:16.0389 4992 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys

14:38:16.0401 4992 msvad_simple - ok

14:38:16.0427 4992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

14:38:16.0461 4992 MTConfig - ok

14:38:16.0487 4992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:38:16.0496 4992 Mup - ok

14:38:16.0582 4992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:38:16.0620 4992 NativeWifiP - ok

14:38:16.0720 4992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:38:16.0749 4992 NDIS - ok

14:38:16.0775 4992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:38:16.0818 4992 NdisCap - ok

14:38:16.0845 4992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:38:16.0912 4992 NdisTapi - ok

14:38:17.0052 4992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:38:17.0187 4992 Ndisuio - ok

14:38:17.0250 4992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:38:17.0318 4992 NdisWan - ok

14:38:17.0346 4992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:38:17.0383 4992 NDProxy - ok

14:38:17.0397 4992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:38:17.0456 4992 NetBIOS - ok

14:38:17.0483 4992 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:38:17.0536 4992 NetBT - ok

14:38:17.0572 4992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

14:38:17.0585 4992 nfrd960 - ok

14:38:17.0661 4992 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:38:17.0675 4992 NisDrv - ok

14:38:17.0724 4992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:38:17.0792 4992 Npfs - ok

14:38:17.0823 4992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:38:17.0859 4992 nsiproxy - ok

14:38:17.0940 4992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:38:17.0980 4992 Ntfs - ok

14:38:17.0996 4992 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:38:18.0052 4992 Null - ok

14:38:18.0366 4992 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:38:18.0579 4992 nvlddmkm - ok

14:38:18.0646 4992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:38:18.0664 4992 nvraid - ok

14:38:18.0740 4992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:38:18.0760 4992 nvstor - ok

14:38:18.0797 4992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:38:18.0807 4992 nv_agp - ok

14:38:18.0816 4992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:38:18.0830 4992 ohci1394 - ok

14:38:18.0896 4992 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

14:38:18.0916 4992 Parport - ok

14:38:18.0954 4992 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

14:38:18.0964 4992 partmgr - ok

14:38:19.0053 4992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:38:19.0072 4992 pci - ok

14:38:19.0097 4992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:38:19.0111 4992 pciide - ok

14:38:19.0144 4992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

14:38:19.0154 4992 pcmcia - ok

14:38:19.0182 4992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:38:19.0193 4992 pcw - ok

14:38:19.0216 4992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:38:19.0286 4992 PEAUTH - ok

14:38:19.0373 4992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:38:19.0421 4992 PptpMiniport - ok

14:38:19.0441 4992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

14:38:19.0474 4992 Processor - ok

14:38:19.0515 4992 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:38:19.0571 4992 Psched - ok

14:38:19.0616 4992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

14:38:19.0649 4992 ql2300 - ok

14:38:19.0679 4992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

14:38:19.0696 4992 ql40xx - ok

14:38:19.0724 4992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:38:19.0753 4992 QWAVEdrv - ok

14:38:19.0773 4992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:38:19.0830 4992 RasAcd - ok

14:38:19.0895 4992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:38:19.0940 4992 RasAgileVpn - ok

14:38:19.0961 4992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:38:20.0013 4992 Rasl2tp - ok

14:38:20.0037 4992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:38:20.0121 4992 RasPppoe - ok

14:38:20.0155 4992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:38:20.0207 4992 RasSstp - ok

14:38:20.0229 4992 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:38:20.0284 4992 rdbss - ok

14:38:20.0311 4992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:38:20.0346 4992 rdpbus - ok

14:38:20.0372 4992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:38:20.0430 4992 RDPCDD - ok

14:38:20.0485 4992 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

14:38:20.0540 4992 RDPDR - ok

14:38:20.0568 4992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:38:20.0643 4992 RDPENCDD - ok

14:38:20.0670 4992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:38:20.0710 4992 RDPREFMP - ok

14:38:20.0767 4992 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

14:38:20.0817 4992 RdpVideoMiniport - ok

14:38:20.0845 4992 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

14:38:20.0895 4992 RDPWD - ok

14:38:20.0922 4992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:38:20.0937 4992 rdyboost - ok

14:38:20.0979 4992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:38:21.0034 4992 rspndr - ok

14:38:21.0103 4992 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:38:21.0125 4992 RTL8167 - ok

14:38:21.0180 4992 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

14:38:21.0205 4992 s3cap - ok

14:38:21.0233 4992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:38:21.0246 4992 sbp2port - ok

14:38:21.0276 4992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:38:21.0328 4992 scfilter - ok

14:38:21.0361 4992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:38:21.0410 4992 secdrv - ok

14:38:21.0444 4992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:38:21.0478 4992 Serenum - ok

14:38:21.0502 4992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:38:21.0530 4992 Serial - ok

14:38:21.0555 4992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

14:38:21.0593 4992 sermouse - ok

14:38:21.0620 4992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:38:21.0636 4992 sffdisk - ok

14:38:21.0646 4992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:38:21.0677 4992 sffp_mmc - ok

14:38:21.0686 4992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:38:21.0710 4992 sffp_sd - ok

14:38:21.0719 4992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

14:38:21.0735 4992 sfloppy - ok

14:38:21.0775 4992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

14:38:21.0785 4992 SiSRaid2 - ok

14:38:21.0810 4992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

14:38:21.0823 4992 SiSRaid4 - ok

14:38:21.0862 4992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:38:21.0945 4992 Smb - ok

14:38:22.0005 4992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:38:22.0020 4992 spldr - ok

14:38:22.0089 4992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:38:22.0123 4992 srv - ok

14:38:22.0139 4992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:38:22.0175 4992 srv2 - ok

14:38:22.0229 4992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:38:22.0281 4992 srvnet - ok

14:38:22.0471 4992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

14:38:22.0487 4992 stexstor - ok

14:38:22.0558 4992 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

14:38:22.0574 4992 storflt - ok

14:38:22.0612 4992 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

14:38:22.0628 4992 storvsc - ok

14:38:22.0651 4992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:38:22.0659 4992 swenum - ok

14:38:22.0710 4992 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys

14:38:22.0720 4992 Synth3dVsc - ok

14:38:22.0821 4992 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

14:38:22.0864 4992 Tcpip - ok

14:38:22.0904 4992 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

14:38:22.0941 4992 TCPIP6 - ok

14:38:22.0964 4992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:38:23.0033 4992 tcpipreg - ok

14:38:23.0060 4992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:38:23.0125 4992 TDPIPE - ok

14:38:23.0136 4992 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

14:38:23.0204 4992 TDTCP - ok

14:38:23.0259 4992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:38:23.0312 4992 tdx - ok

14:38:23.0327 4992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

14:38:23.0337 4992 TermDD - ok

14:38:23.0346 4992 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys

14:38:23.0380 4992 terminpt - ok

14:38:23.0420 4992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:38:23.0485 4992 tssecsrv - ok

14:38:23.0508 4992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:38:23.0536 4992 TsUsbFlt - ok

14:38:23.0563 4992 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

14:38:23.0584 4992 TsUsbGD - ok

14:38:23.0612 4992 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys

14:38:23.0632 4992 tsusbhub - ok

14:38:23.0653 4992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:38:23.0708 4992 tunnel - ok

14:38:23.0737 4992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

14:38:23.0755 4992 uagp35 - ok

14:38:23.0788 4992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:38:23.0836 4992 udfs - ok

14:38:23.0856 4992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:38:23.0865 4992 uliagpkx - ok

14:38:23.0893 4992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

14:38:23.0922 4992 umbus - ok

14:38:23.0952 4992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:38:23.0985 4992 UmPass - ok

14:38:24.0062 4992 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

14:38:24.0107 4992 usbaudio - ok

14:38:24.0155 4992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:38:24.0184 4992 usbccgp - ok

14:38:24.0224 4992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:38:24.0256 4992 usbcir - ok

14:38:24.0306 4992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

14:38:24.0333 4992 usbehci - ok

14:38:24.0372 4992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:38:24.0403 4992 usbhub - ok

14:38:24.0432 4992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

14:38:24.0458 4992 usbohci - ok

14:38:24.0482 4992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

14:38:24.0498 4992 usbprint - ok

14:38:24.0551 4992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:38:24.0604 4992 USBSTOR - ok

14:38:24.0632 4992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:38:24.0665 4992 usbuhci - ok

14:38:24.0743 4992 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

14:38:24.0770 4992 usbvideo - ok

14:38:24.0806 4992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:38:24.0814 4992 vdrvroot - ok

14:38:24.0841 4992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:38:24.0860 4992 vga - ok

14:38:24.0884 4992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:38:24.0931 4992 VgaSave - ok

14:38:24.0939 4992 VGPU - ok

14:38:24.0954 4992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:38:24.0965 4992 vhdmp - ok

14:38:24.0987 4992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:38:24.0995 4992 viaide - ok

14:38:25.0045 4992 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

14:38:25.0062 4992 vmbus - ok

14:38:25.0086 4992 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

14:38:25.0099 4992 VMBusHID - ok

14:38:25.0122 4992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:38:25.0141 4992 volmgr - ok

14:38:25.0192 4992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:38:25.0216 4992 volmgrx - ok

14:38:25.0234 4992 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:38:25.0247 4992 volsnap - ok

14:38:25.0274 4992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

14:38:25.0285 4992 vsmraid - ok

14:38:25.0307 4992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:38:25.0336 4992 vwifibus - ok

14:38:25.0359 4992 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:38:25.0395 4992 vwififlt - ok

14:38:25.0425 4992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

14:38:25.0447 4992 WacomPen - ok

14:38:25.0484 4992 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:25.0539 4992 WANARP - ok

14:38:25.0544 4992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:25.0578 4992 Wanarpv6 - ok

14:38:25.0613 4992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

14:38:25.0622 4992 Wd - ok

14:38:25.0652 4992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:38:25.0671 4992 Wdf01000 - ok

14:38:25.0722 4992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:38:25.0764 4992 WfpLwf - ok

14:38:25.0793 4992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:38:25.0805 4992 WIMMount - ok

14:38:25.0906 4992 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

14:38:25.0938 4992 WinUsb - ok

14:38:26.0002 4992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:38:26.0023 4992 WmiAcpi - ok

14:38:26.0054 4992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:38:26.0095 4992 ws2ifsl - ok

14:38:26.0139 4992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:38:26.0196 4992 WudfPf - ok

14:38:26.0240 4992 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:38:26.0320 4992 WUDFRd - ok

14:38:26.0356 4992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

14:38:26.0422 4992 \Device\Harddisk2\DR2 - ok

14:38:26.0437 4992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

14:38:26.0517 4992 \Device\Harddisk1\DR1 - ok

14:38:26.0534 4992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:38:26.0623 4992 \Device\Harddisk0\DR0 - ok

14:38:26.0629 4992 Boot (0x1200) (3db8d27cb78a2834c6dd36879410d0b6) \Device\Harddisk2\DR2\Partition0

14:38:26.0630 4992 \Device\Harddisk2\DR2\Partition0 - ok

14:38:26.0638 4992 Boot (0x1200) (19226d3e7bfd4e79d46f6526c7ae88a5) \Device\Harddisk1\DR1\Partition0

14:38:26.0639 4992 \Device\Harddisk1\DR1\Partition0 - ok

14:38:26.0668 4992 Boot (0x1200) (0dc44ebfd2028abeb77fb8461b43528c) \Device\Harddisk1\DR1\Partition1

14:38:26.0670 4992 \Device\Harddisk1\DR1\Partition1 - ok

14:38:26.0673 4992 Boot (0x1200) (80fb11556707978a280652342220182a) \Device\Harddisk0\DR0\Partition0

14:38:26.0674 4992 \Device\Harddisk0\DR0\Partition0 - ok

14:38:26.0675 4992 ============================================================

14:38:26.0675 4992 Scan finished

14:38:26.0675 4992 ============================================================

14:38:26.0689 2624 Detected object count: 0

14:38:26.0689 2624 Actual detected object count: 0

14:38:37.0793 0928 ============================================================

14:38:37.0793 0928 Scan started

14:38:37.0793 0928 Mode: Manual; SigCheck; TDLFS;

14:38:37.0793 0928 ============================================================

14:38:38.0530 0928 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:38:38.0564 0928 1394ohci - ok

14:38:38.0606 0928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:38:38.0629 0928 ACPI - ok

14:38:38.0637 0928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:38:38.0650 0928 AcpiPmi - ok

14:38:38.0682 0928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:38:38.0697 0928 adp94xx - ok

14:38:38.0716 0928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:38:38.0728 0928 adpahci - ok

14:38:38.0747 0928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:38:38.0757 0928 adpu320 - ok

14:38:38.0825 0928 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

14:38:38.0840 0928 AFD - ok

14:38:38.0866 0928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:38:38.0875 0928 agp440 - ok

14:38:38.0900 0928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:38:38.0907 0928 aliide - ok

14:38:38.0925 0928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:38:38.0934 0928 amdide - ok

14:38:38.0958 0928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:38:38.0974 0928 AmdK8 - ok

14:38:38.0995 0928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:38:39.0014 0928 AmdPPM - ok

14:38:39.0058 0928 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:38:39.0070 0928 amdsata - ok

14:38:39.0090 0928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:38:39.0100 0928 amdsbs - ok

14:38:39.0122 0928 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:38:39.0133 0928 amdxata - ok

14:38:39.0159 0928 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:38:39.0210 0928 AppID - ok

14:38:39.0245 0928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:38:39.0254 0928 arc - ok

14:38:39.0271 0928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:38:39.0280 0928 arcsas - ok

14:38:39.0305 0928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:38:39.0342 0928 AsyncMac - ok

14:38:39.0362 0928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:38:39.0369 0928 atapi - ok

14:38:39.0417 0928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:38:39.0440 0928 b06bdrv - ok

14:38:39.0469 0928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:38:39.0485 0928 b57nd60a - ok

14:38:39.0547 0928 BCMH43XX (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys

14:38:39.0575 0928 BCMH43XX - ok

14:38:39.0603 0928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:38:39.0661 0928 Beep - ok

14:38:39.0678 0928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:38:39.0689 0928 blbdrive - ok

14:38:39.0742 0928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:38:39.0760 0928 bowser - ok

14:38:39.0769 0928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:38:39.0784 0928 BrFiltLo - ok

14:38:39.0809 0928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:38:39.0832 0928 BrFiltUp - ok

14:38:39.0870 0928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:38:39.0891 0928 Brserid - ok

14:38:39.0899 0928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:38:39.0916 0928 BrSerWdm - ok

14:38:39.0924 0928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:38:39.0937 0928 BrUsbMdm - ok

14:38:39.0945 0928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:38:39.0957 0928 BrUsbSer - ok

14:38:39.0966 0928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

14:38:39.0987 0928 BTHMODEM - ok

14:38:39.0996 0928 catchme - ok

14:38:40.0028 0928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:38:40.0085 0928 cdfs - ok

14:38:40.0101 0928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:38:40.0113 0928 cdrom - ok

14:38:40.0124 0928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:38:40.0138 0928 circlass - ok

14:38:40.0191 0928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:38:40.0216 0928 CLFS - ok

14:38:40.0253 0928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

14:38:40.0269 0928 CmBatt - ok

14:38:40.0294 0928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:38:40.0308 0928 cmdide - ok

14:38:40.0336 0928 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

14:38:40.0364 0928 CNG - ok

14:38:40.0382 0928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

14:38:40.0390 0928 Compbatt - ok

14:38:40.0411 0928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:38:40.0424 0928 CompositeBus - ok

14:38:40.0456 0928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:38:40.0464 0928 crcdisk - ok

14:38:40.0543 0928 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

14:38:40.0572 0928 CSC - ok

14:38:40.0606 0928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:38:40.0646 0928 DfsC - ok

14:38:40.0661 0928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:38:40.0703 0928 discache - ok

14:38:40.0717 0928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:38:40.0726 0928 Disk - ok

14:38:40.0777 0928 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

14:38:40.0795 0928 dmvsc - ok

14:38:40.0861 0928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:38:40.0885 0928 drmkaud - ok

14:38:40.0920 0928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:38:40.0951 0928 DXGKrnl - ok

14:38:41.0043 0928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

14:38:41.0102 0928 ebdrv - ok

14:38:41.0136 0928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

14:38:41.0151 0928 elxstor - ok

14:38:41.0172 0928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:38:41.0184 0928 ErrDev - ok

14:38:41.0231 0928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:38:41.0274 0928 exfat - ok

14:38:41.0296 0928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:38:41.0335 0928 fastfat - ok

14:38:41.0356 0928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:38:41.0368 0928 fdc - ok

14:38:41.0395 0928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:38:41.0403 0928 FileInfo - ok

14:38:41.0417 0928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:38:41.0455 0928 Filetrace - ok

14:38:41.0467 0928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:38:41.0480 0928 flpydisk - ok

14:38:41.0497 0928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:38:41.0509 0928 FltMgr - ok

14:38:41.0532 0928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:38:41.0540 0928 FsDepends - ok

14:38:41.0550 0928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

14:38:41.0561 0928 Fs_Rec - ok

14:38:41.0596 0928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:38:41.0609 0928 fvevol - ok

14:38:41.0634 0928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

14:38:41.0643 0928 gagp30kx - ok

14:38:41.0656 0928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:38:41.0673 0928 hcw85cir - ok

14:38:41.0737 0928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:38:41.0768 0928 HdAudAddService - ok

14:38:41.0787 0928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:38:41.0803 0928 HDAudBus - ok

14:38:41.0811 0928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

14:38:41.0822 0928 HidBatt - ok

14:38:41.0850 0928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

14:38:41.0864 0928 HidBth - ok

14:38:41.0872 0928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

14:38:41.0887 0928 HidIr - ok

14:38:41.0916 0928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:38:41.0926 0928 HidUsb - ok

14:38:41.0958 0928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:38:41.0975 0928 HpSAMD - ok

14:38:42.0006 0928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:38:42.0060 0928 HTTP - ok

14:38:42.0073 0928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:38:42.0081 0928 hwpolicy - ok

14:38:42.0106 0928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

14:38:42.0117 0928 i8042prt - ok

14:38:42.0167 0928 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:38:42.0194 0928 iaStorV - ok

14:38:42.0225 0928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

14:38:42.0241 0928 iirsp - ok

14:38:42.0264 0928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:38:42.0280 0928 intelide - ok

14:38:42.0307 0928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

14:38:42.0322 0928 intelppm - ok

14:38:42.0334 0928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:38:42.0377 0928 IpFilterDriver - ok

14:38:42.0391 0928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:38:42.0410 0928 IPMIDRV - ok

14:38:42.0418 0928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:38:42.0455 0928 IPNAT - ok

14:38:42.0475 0928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:38:42.0491 0928 IRENUM - ok

14:38:42.0511 0928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:38:42.0519 0928 isapnp - ok

14:38:42.0577 0928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:38:42.0588 0928 iScsiPrt - ok

14:38:42.0611 0928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:38:42.0619 0928 kbdclass - ok

14:38:42.0631 0928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:38:42.0642 0928 kbdhid - ok

14:38:42.0664 0928 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

14:38:42.0673 0928 KSecDD - ok

14:38:42.0687 0928 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

14:38:42.0696 0928 KSecPkg - ok

14:38:42.0713 0928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:38:42.0750 0928 ksthunk - ok

14:38:42.0776 0928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:38:42.0817 0928 lltdio - ok

14:38:42.0856 0928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

14:38:42.0866 0928 LSI_FC - ok

14:38:42.0885 0928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

14:38:42.0895 0928 LSI_SAS - ok

14:38:42.0914 0928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

14:38:42.0923 0928 LSI_SAS2 - ok

14:38:42.0973 0928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

14:38:42.0990 0928 LSI_SCSI - ok

14:38:43.0014 0928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:38:43.0057 0928 luafv - ok

14:38:43.0112 0928 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

14:38:43.0129 0928 MBAMProtector - ok

14:38:43.0185 0928 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

14:38:43.0209 0928 mcdbus - ok

14:38:43.0223 0928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

14:38:43.0237 0928 megasas - ok

14:38:43.0267 0928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

14:38:43.0278 0928 MegaSR - ok

14:38:43.0301 0928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:38:43.0352 0928 Modem - ok

14:38:43.0382 0928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:38:43.0397 0928 monitor - ok

14:38:43.0426 0928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:38:43.0438 0928 mouclass - ok

14:38:43.0454 0928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:38:43.0468 0928 mouhid - ok

14:38:43.0487 0928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:38:43.0504 0928 mountmgr - ok

14:38:43.0565 0928 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

14:38:43.0585 0928 MpFilter - ok

14:38:43.0615 0928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:38:43.0634 0928 mpio - ok

14:38:43.0685 0928 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

14:38:43.0700 0928 MpNWMon - ok

14:38:43.0719 0928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:38:43.0762 0928 mpsdrv - ok

14:38:43.0789 0928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:38:43.0807 0928 MRxDAV - ok

14:38:43.0858 0928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:38:43.0878 0928 mrxsmb - ok

14:38:43.0899 0928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:38:43.0912 0928 mrxsmb10 - ok

14:38:43.0963 0928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:38:43.0974 0928 mrxsmb20 - ok

14:38:43.0996 0928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:38:44.0004 0928 msahci - ok

14:38:44.0028 0928 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:38:44.0038 0928 msdsm - ok

14:38:44.0070 0928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:38:44.0115 0928 Msfs - ok

14:38:44.0127 0928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:38:44.0172 0928 mshidkmdf - ok

14:38:44.0231 0928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:38:44.0245 0928 msisadrv - ok

14:38:44.0274 0928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:38:44.0310 0928 MSKSSRV - ok

14:38:44.0334 0928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:38:44.0370 0928 MSPCLOCK - ok

14:38:44.0395 0928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:38:44.0432 0928 MSPQM - ok

14:38:44.0475 0928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:38:44.0498 0928 MsRPC - ok

14:38:44.0522 0928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:38:44.0535 0928 mssmbios - ok

14:38:44.0558 0928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:38:44.0596 0928 MSTEE - ok

14:38:44.0646 0928 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys

14:38:44.0657 0928 msvad_simple - ok

14:38:44.0684 0928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

14:38:44.0703 0928 MTConfig - ok

14:38:44.0726 0928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:38:44.0742 0928 Mup - ok

14:38:44.0763 0928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:38:44.0781 0928 NativeWifiP - ok

14:38:44.0815 0928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:38:44.0837 0928 NDIS - ok

14:38:44.0857 0928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:38:44.0894 0928 NdisCap - ok

14:38:44.0919 0928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:38:44.0955 0928 NdisTapi - ok

14:38:44.0967 0928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:38:45.0002 0928 Ndisuio - ok

14:38:45.0022 0928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:38:45.0059 0928 NdisWan - ok

14:38:45.0077 0928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:38:45.0125 0928 NDProxy - ok

14:38:45.0153 0928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:38:45.0189 0928 NetBIOS - ok

14:38:45.0249 0928 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:38:45.0303 0928 NetBT - ok

14:38:45.0338 0928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

14:38:45.0347 0928 nfrd960 - ok

14:38:45.0393 0928 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:38:45.0401 0928 NisDrv - ok

14:38:45.0432 0928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:38:45.0468 0928 Npfs - ok

14:38:45.0490 0928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:38:45.0535 0928 nsiproxy - ok

14:38:45.0623 0928 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:38:45.0685 0928 Ntfs - ok

14:38:45.0704 0928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:38:45.0756 0928 Null - ok

14:38:46.0025 0928 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:38:46.0245 0928 nvlddmkm - ok

14:38:46.0303 0928 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:38:46.0313 0928 nvraid - ok

14:38:46.0364 0928 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:38:46.0374 0928 nvstor - ok

14:38:46.0405 0928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:38:46.0419 0928 nv_agp - ok

14:38:46.0428 0928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:38:46.0439 0928 ohci1394 - ok

14:38:46.0487 0928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

14:38:46.0498 0928 Parport - ok

14:38:46.0520 0928 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

14:38:46.0529 0928 partmgr - ok

14:38:46.0551 0928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:38:46.0562 0928 pci - ok

14:38:46.0571 0928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:38:46.0579 0928 pciide - ok

14:38:46.0609 0928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

14:38:46.0620 0928 pcmcia - ok

14:38:46.0648 0928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:38:46.0657 0928 pcw - ok

14:38:46.0683 0928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:38:46.0727 0928 PEAUTH - ok

14:38:46.0772 0928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:38:46.0825 0928 PptpMiniport - ok

14:38:46.0849 0928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

14:38:46.0860 0928 Processor - ok

14:38:46.0905 0928 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:38:46.0956 0928 Psched - ok

14:38:47.0013 0928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

14:38:47.0056 0928 ql2300 - ok

14:38:47.0078 0928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

14:38:47.0087 0928 ql40xx - ok

14:38:47.0115 0928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:38:47.0137 0928 QWAVEdrv - ok

14:38:47.0146 0928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:38:47.0185 0928 RasAcd - ok

14:38:47.0235 0928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:38:47.0284 0928 RasAgileVpn - ok

14:38:47.0303 0928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:38:47.0339 0928 Rasl2tp - ok

14:38:47.0353 0928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:38:47.0390 0928 RasPppoe - ok

14:38:47.0400 0928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:38:47.0444 0928 RasSstp - ok

14:38:47.0462 0928 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:38:47.0511 0928 rdbss - ok

14:38:47.0527 0928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:38:47.0542 0928 rdpbus - ok

14:38:47.0555 0928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:38:47.0597 0928 RDPCDD - ok

14:38:47.0651 0928 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

14:38:47.0672 0928 RDPDR - ok

14:38:47.0710 0928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:38:47.0765 0928 RDPENCDD - ok

14:38:47.0903 0928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:38:47.0956 0928 RDPREFMP - ok

14:38:48.0008 0928 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

14:38:48.0022 0928 RdpVideoMiniport - ok

14:38:48.0053 0928 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

14:38:48.0116 0928 RDPWD - ok

14:38:48.0147 0928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:38:48.0158 0928 rdyboost - ok

14:38:48.0195 0928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:38:48.0235 0928 rspndr - ok

14:38:48.0295 0928 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:38:48.0318 0928 RTL8167 - ok

14:38:48.0372 0928 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

14:38:48.0389 0928 s3cap - ok

14:38:48.0416 0928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:38:48.0434 0928 sbp2port - ok

14:38:48.0459 0928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:38:48.0493 0928 scfilter - ok

14:38:48.0509 0928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:38:48.0548 0928 secdrv - ok

14:38:48.0569 0928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:38:48.0583 0928 Serenum - ok

14:38:48.0601 0928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:38:48.0613 0928 Serial - ok

14:38:48.0638 0928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

14:38:48.0649 0928 sermouse - ok

14:38:48.0667 0928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:38:48.0681 0928 sffdisk - ok

14:38:48.0689 0928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:38:48.0711 0928 sffp_mmc - ok

14:38:48.0719 0928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:38:48.0733 0928 sffp_sd - ok

14:38:48.0741 0928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

14:38:48.0754 0928 sfloppy - ok

14:38:48.0783 0928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

14:38:48.0792 0928 SiSRaid2 - ok

14:38:48.0818 0928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

14:38:48.0829 0928 SiSRaid4 - ok

14:38:48.0853 0928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:38:48.0886 0928 Smb - ok

14:38:48.0930 0928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:38:48.0938 0928 spldr - ok

14:38:49.0005 0928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:38:49.0033 0928 srv - ok

14:38:49.0048 0928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:38:49.0064 0928 srv2 - ok

14:38:49.0120 0928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:38:49.0142 0928 srvnet - ok

14:38:49.0179 0928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

14:38:49.0187 0928 stexstor - ok

14:38:49.0207 0928 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

14:38:49.0215 0928 storflt - ok

14:38:49.0236 0928 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

14:38:49.0244 0928 storvsc - ok

14:38:49.0267 0928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:38:49.0274 0928 swenum - ok

14:38:49.0326 0928 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys

14:38:49.0337 0928 Synth3dVsc - ok

14:38:49.0428 0928 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

14:38:49.0465 0928 Tcpip - ok

14:38:49.0503 0928 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

14:38:49.0544 0928 TCPIP6 - ok

14:38:49.0563 0928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:38:49.0598 0928 tcpipreg - ok

14:38:49.0627 0928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:38:49.0676 0928 TDPIPE - ok

14:38:49.0684 0928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

14:38:49.0722 0928 TDTCP - ok

14:38:49.0750 0928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:38:49.0798 0928 tdx - ok

14:38:49.0810 0928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

14:38:49.0819 0928 TermDD - ok

14:38:49.0827 0928 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys

14:38:49.0837 0928 terminpt - ok

14:38:49.0870 0928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:38:49.0909 0928 tssecsrv - ok

14:38:49.0918 0928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:38:49.0935 0928 TsUsbFlt - ok

14:38:49.0987 0928 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

14:38:50.0005 0928 TsUsbGD - ok

14:38:50.0029 0928 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys

14:38:50.0048 0928 tsusbhub - ok

14:38:50.0061 0928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:38:50.0098 0928 tunnel - ok

14:38:50.0106 0928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

14:38:50.0115 0928 uagp35 - ok

14:38:50.0146 0928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:38:50.0187 0928 udfs - ok

14:38:50.0207 0928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:38:50.0216 0928 uliagpkx - ok

14:38:50.0243 0928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

14:38:50.0254 0928 umbus - ok

14:38:50.0262 0928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:38:50.0279 0928 UmPass - ok

14:38:50.0337 0928 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

14:38:50.0360 0928 usbaudio - ok

14:38:50.0413 0928 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:38:50.0423 0928 usbccgp - ok

14:38:50.0448 0928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:38:50.0462 0928 usbcir - ok

14:38:50.0514 0928 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

14:38:50.0532 0928 usbehci - ok

14:38:50.0555 0928 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:38:50.0570 0928 usbhub - ok

14:38:50.0581 0928 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

14:38:50.0591 0928 usbohci - ok

14:38:50.0615 0928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

14:38:50.0633 0928 usbprint - ok

14:38:50.0709 0928 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:38:50.0720 0928 USBSTOR - ok

14:38:50.0740 0928 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:38:50.0751 0928 usbuhci - ok

14:38:50.0808 0928 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

14:38:50.0826 0928 usbvideo - ok

14:38:50.0847 0928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:38:50.0855 0928 vdrvroot - ok

14:38:50.0882 0928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:38:50.0896 0928 vga - ok

14:38:50.0917 0928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:38:50.0953 0928 VgaSave - ok

14:38:50.0961 0928 VGPU - ok

14:38:50.0973 0928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:38:50.0992 0928 vhdmp - ok

14:38:51.0012 0928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:38:51.0020 0928 viaide - ok

14:38:51.0069 0928 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

14:38:51.0080 0928 vmbus - ok

14:38:51.0102 0928 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

14:38:51.0112 0928 VMBusHID - ok

14:38:51.0138 0928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:38:51.0147 0928 volmgr - ok

14:38:51.0165 0928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:38:51.0178 0928 volmgrx - ok

14:38:51.0192 0928 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:38:51.0208 0928 volsnap - ok

14:38:51.0232 0928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

14:38:51.0243 0928 vsmraid - ok

14:38:51.0265 0928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:38:51.0279 0928 vwifibus - ok

14:38:51.0292 0928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:38:51.0322 0928 vwififlt - ok

14:38:51.0350 0928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

14:38:51.0369 0928 WacomPen - ok

14:38:51.0393 0928 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:51.0431 0928 WANARP - ok

14:38:51.0435 0928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:51.0471 0928 Wanarpv6 - ok

14:38:51.0505 0928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

14:38:51.0513 0928 Wd - ok

14:38:51.0546 0928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:38:51.0570 0928 Wdf01000 - ok

14:38:51.0605 0928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:38:51.0640 0928 WfpLwf - ok

14:38:51.0667 0928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:38:51.0676 0928 WIMMount - ok

14:38:51.0747 0928 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

14:38:51.0769 0928 WinUsb - ok

14:38:51.0802 0928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:38:51.0815 0928 WmiAcpi - ok

14:38:51.0845 0928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:38:51.0883 0928 ws2ifsl - ok

14:38:51.0913 0928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:38:51.0948 0928 WudfPf - ok

14:38:51.0964 0928 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:38:52.0001 0928 WUDFRd - ok

14:38:52.0024 0928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

14:38:52.0052 0928 \Device\Harddisk2\DR2 - ok

14:38:52.0061 0928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

14:38:52.0142 0928 \Device\Harddisk1\DR1 - ok

14:38:52.0157 0928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:38:52.0246 0928 \Device\Harddisk0\DR0 - ok

14:38:52.0252 0928 Boot (0x1200) (3db8d27cb78a2834c6dd36879410d0b6) \Device\Harddisk2\DR2\Partition0

14:38:52.0253 0928 \Device\Harddisk2\DR2\Partition0 - ok

14:38:52.0261 0928 Boot (0x1200) (19226d3e7bfd4e79d46f6526c7ae88a5) \Device\Harddisk1\DR1\Partition0

14:38:52.0263 0928 \Device\Harddisk1\DR1\Partition0 - ok

14:38:52.0293 0928 Boot (0x1200) (0dc44ebfd2028abeb77fb8461b43528c) \Device\Harddisk1\DR1\Partition1

14:38:52.0294 0928 \Device\Harddisk1\DR1\Partition1 - ok

14:38:52.0300 0928 Boot (0x1200) (80fb11556707978a280652342220182a) \Device\Harddisk0\DR0\Partition0

14:38:52.0301 0928 \Device\Harddisk0\DR0\Partition0 - ok

14:38:52.0303 0928 ============================================================

14:38:52.0303 0928 Scan finished

14:38:52.0303 0928 ============================================================

14:38:52.0355 4504 Detected object count: 0

14:38:52.0355 4504 Actual detected object count: 0

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next:

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

ESET found a couple things and cleaned them, but the log didn't end up where you said it would be, so I don't have it to post.

Thanks,

--Joshua

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8169

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

11/15/2011 2:54:03 PM

mbam-log-2011-11-15 (14-54-03).txt

Scan type: Quick scan

Objects scanned: 197792

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.