Jump to content

Recommended Posts

I get the same 184 infected files no matter how many times or ways I try to run malwarebytes.

I hope I am doing this correctly, I have never posted here before!

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by tdrosdak at 17:24:47 on 2011-11-15

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1562 [GMT -5:00]

.

AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Kaseya\Agent\KasAVSrv.exe

C:\Program Files\Kaseya\Agent\AgentMon.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TightVNC\tvnserver.exe

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\TightVNC\tvnserver.exe

C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe

C:\Windows\System32\WTClient.exe

C:\Program Files\Kaseya\Agent\KaUsrTsk.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\ManicTime\ManicTime.exe

C:\Program Files\CompanionLink\CompanionLink.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exe

C:\Users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [ManicTime] c:\program files\manictime\ManicTime.exe /minimized /name:

uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"

mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload

mRun: [WTClient] WTClient.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KASHTHRNTW24532506725118] "c:\program files\kaseya\agent\KaUsrTsk.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\tdrosdak\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tdrosdak\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2

TCP: Interfaces\{E5AFBC9E-9822-4344-B598-2F71600FF3F1} : DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: spba - c:\program files\common files\spba\homefus2.dll

AppInit_DLLs: c:\windows\system32\avgrsstx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\tdrosdak\appdata\roaming\mozilla\firefox\profiles\uxigwg36.default\

FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\tdrosdak\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-6-14 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-6-14 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-6-14 29712]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-6-14 243152]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-29 176128]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-6-14 308136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-29 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-4-29 110752]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2010-11-29 210896]

R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2011-6-14 221184]

R2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2011-6-14 835584]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-9 366152]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]

R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-29 2656280]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-4-29 238760]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2011-6-14 17920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-9 22216]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-29 41088]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-12 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-11-15 22:16:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-15 22:16:03 65536 ---hatw- c:\users\tdrosdak\~archive.pst.tmp

2011-10-25 14:31:13 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}

2011-10-25 14:31:09 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}

2011-10-20 01:53:16 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-10-20 01:52:42 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-20 01:52:42 233472 ----a-w- c:\windows\system32\oleacc.dll

.

==================== Find3M ====================

.

2011-11-15 22:15:26 1682 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-15 20:41:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec

2011-05-12 13:27:45 12526792 ----a-w- c:\program files\common files\lpuninstall.exe

.

============= FINISH: 17:25:33.47 ===============

Attach.txt

Link to post
Share on other sites

Hello TerryD! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.

Click Start => Control Panel.

Double-click the Java icon in the control panel. The Java Control Panel appears.

plugin_cache1.jpg

Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

plugin_cache2.jpg

Click Delete Files. The Delete Temporary Files dialog box appears.

plugin_cache3.jpg

Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Step 2

I need to know what Malwarebytes' Anti-Malware found on your system, so:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log only

Link to post
Share on other sites

Maniac,

Thanks so much for your help and clear directions. Let me know if I do this correctly...

mbam log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8175

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/16/2011 9:47:44 AM

mbam-log-2011-11-16 (09-47-44).txt

Scan type: Quick scan

Objects scanned: 243571

Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 184

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\winapp\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windupdt\control\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\windowsupdate\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\admin\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\exch-serv\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\public\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\qbdataserviceuser18\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdrosdak\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdservice\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\win\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\programdata\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\admin\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\programdata\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\admin\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\winupdater\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\program files\install\winupdate.exe (Trojan.Agent.I) -> Delete on reboot.

c:\programdata\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\users\admin\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.

c:\windows\cache\winupdate.exe (Email.Worm) -> Delete on reboot.

c:\windows\k\winupdate.exe (Backdoor.IRCBot) -> Delete on reboot.

c:\windows\system32\windupdt\winupdate.exe (Trojan.Dropper) -> Delete on reboot.

c:\programdata\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\users\admin\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\users\admin\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\exch-serv\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\public\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdrosdak\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\admin\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\exch-serv\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\public\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdrosdak\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\program files\windows updates\winupdate.exe (Backdoor.Bifrose) -> Delete on reboot.

c:\windows\system32\command\winupdate.exe (Backdoor.SpyNet) -> Delete on reboot.

c:\windows\system32\system32\winupdate.exe (Backdoor.SpyNet) -> Delete on reboot.

c:\windows\system32\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\windows\system32\winupdate\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\ocxlist\winupdate.exe (Trojan.Banker) -> Delete on reboot.

c:\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\programdata\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\users\admin\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\system32\hosts\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\programdata\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\admin\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\n\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\recache\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\system32\install\winupdate.exe (Trojan.Backdoor) -> Delete on reboot.

c:\windows\windowsupdate\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\programdata\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\admin\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\1634\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\winupdate\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\admin\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\exch-serv\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\public\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdrosdak\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\programdata\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\admin\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\update\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\update\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\windupdte\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\aggiornamenti\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\censoredyou\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\winupt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\sys64\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\system32\win\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\programdata\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\admin\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\install\winupdate.exe (Backdoor.Agent) -> Delete on reboot.

c:\windows\system32\winndupdat\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.

c:\windows\system32\rrt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\programdata\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.

c:\programdata\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\admin\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\exch-serv\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\qbdataserviceuser18\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdrosdak\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\tdservice\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\config\systemprofile\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\driver\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\configuration\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\windows\system32\xwindupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.

c:\users\admin\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\exch-serv\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\public\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\qbdataserviceuser18\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdrosdak\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\users\tdservice\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\localservice\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\serviceprofiles\networkservice\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

c:\windows\system32\config\systemprofile\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.

DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by tdrosdak at 10:03:45 on 2011-11-16

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1603 [GMT -5:00]

.

AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Kaseya\Agent\KasAVSrv.exe

C:\Program Files\Kaseya\Agent\AgentMon.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TightVNC\tvnserver.exe

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\TightVNC\tvnserver.exe

C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe

C:\Windows\System32\WTClient.exe

C:\Program Files\Kaseya\Agent\KaUsrTsk.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\ManicTime\ManicTime.exe

C:\Program Files\CompanionLink\CompanionLink.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exe

C:\Users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Windows\system32\wbem\wmiprvse.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [ManicTime] c:\program files\manictime\ManicTime.exe /minimized /name:

uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"

mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload

mRun: [WTClient] WTClient.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KASHTHRNTW24532506725118] "c:\program files\kaseya\agent\KaUsrTsk.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\tdrosdak\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tdrosdak\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2

TCP: Interfaces\{E5AFBC9E-9822-4344-B598-2F71600FF3F1} : DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: spba - c:\program files\common files\spba\homefus2.dll

AppInit_DLLs: c:\windows\system32\avgrsstx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\tdrosdak\appdata\roaming\mozilla\firefox\profiles\uxigwg36.default\

FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\tdrosdak\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-6-14 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-6-14 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-6-14 29712]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-6-14 243152]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-29 176128]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-6-14 308136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-29 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-4-29 110752]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2010-11-29 210896]

R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2011-6-14 221184]

R2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2011-6-14 835584]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-9 366152]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]

R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-29 2656280]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-4-29 238760]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2011-6-14 17920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-9 22216]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-29 41088]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-12 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-11-16 15:02:06 65536 ---hatw- c:\users\tdrosdak\~archive.pst.tmp

2011-11-15 22:55:02 -------- d-----w- c:\program files\ESET

2011-10-25 14:31:13 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}

2011-10-25 14:31:09 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}

2011-10-20 01:53:16 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-10-20 01:52:42 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-20 01:52:42 233472 ----a-w- c:\windows\system32\oleacc.dll

.

==================== Find3M ====================

.

2011-11-16 14:59:16 1682 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-15 20:41:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec

2011-05-12 13:27:45 12526792 ----a-w- c:\program files\common files\lpuninstall.exe

.

============= FINISH: 10:10:53.86 ===============

Link to post
Share on other sites

Here is the log file:

ComboFix 11-11-16.01 - tdrosdak 11/16/2011 16:01:12.2.4 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1809 [GMT -5:00]

Running from: c:\users\tdrosdak\Desktop\ComboFix.exe

AV: AVG Internet Security Network Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security Network Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\tdservice\AppData\Local\temp

2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp

2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\exch-serv\AppData\Local\temp

2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\admin\AppData\Local\temp

2011-11-15 22:55 . 2011-11-15 22:55 -------- d-----w- c:\program files\ESET

2011-10-25 14:31 . 2011-10-25 14:31 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}

2011-10-25 14:31 . 2011-10-25 14:31 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}

2011-10-20 01:53 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-10-20 01:52 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-20 01:52 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-16 20:57 . 2011-05-11 20:51 1682 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-16 13:35 . 2011-05-12 02:40 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-11-15 20:41 . 2011-05-27 16:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 13:22 . 2010-11-30 10:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll

2011-09-13 08:52 . 2011-06-14 15:24 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2011-08-31 22:00 . 2011-06-09 18:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-12 13:27 . 2011-05-12 13:27 12526792 ----a-w- c:\program files\Common Files\lpuninstall.exe

2011-11-09 21:01 . 2011-05-11 20:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2011-10-03 2456992]

"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2011-07-26 585040]

"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2011-08-11 26451456]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2010-10-04 2697832]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-17 98304]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]

"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-12-21 28672]

"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-12-21 337224]

"WTClient"="WTClient.exe" [2009-10-30 32768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"KASHTHRNTW24532506725118"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2011-01-26 380928]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-5-12 12526792]

.

c:\users\exch-serv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-5-12 12526792]

.

c:\users\tdrosdak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-12 113664]

Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-12-21 91136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]

2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KATHRNTW24532506725118]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-12-21 81920]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]

R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2011-06-14 52872]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2011-06-14 216400]

S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-06-14 243152]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 176128]

S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2011-06-14 308136]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 110752]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]

S2 KaseyaAVService;Kaseya Security Service;c:\program files\Kaseya\Agent\KasAVSrv.exe [2011-06-24 221184]

S2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [2011-04-11 835584]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 1577376]

S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448]

S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-27 7566848]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-27 238592]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-10-28 238760]

S3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [2010-11-18 17920]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]

S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2

FF - ProfilePath - c:\users\tdrosdak\AppData\Roaming\Mozilla\Firefox\Profiles\uxigwg36.default\

FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(616)

c:\windows\System32\TdmNetworkProvider.dll

.

- - - - - - - > 'Explorer.exe'(5424)

c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

c:\program files\DisplayFusion\Hooks\AppHookx86_F4071ADA-0905-4280-8A67-1EBE97946CC3.dll

.

Completion time: 2011-11-16 16:08:41

ComboFix-quarantined-files.txt 2011-11-16 21:08

ComboFix2.txt 2011-09-02 15:18

.

Pre-Run: 415,147,454,464 bytes free

Post-Run: 415,155,265,536 bytes free

.

- - End Of File - - 1E1148BA47C14ABCF800B953B3EE8AE8

Thanks!

Follow the instructions here to download and run ComboFix tool:

bleepingcomputer.com/combofix/how-to-use-combofix#use

Please post the log file when you are ready.

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Here is the result from TDSSKiller:

16:48:55.0001 9596 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50

16:48:55.0300 9596 ============================================================

16:48:55.0300 9596 Current date / time: 2011/11/16 16:48:55.0299

16:48:55.0300 9596 SystemInfo:

16:48:55.0300 9596

16:48:55.0300 9596 OS Version: 6.1.7600 ServicePack: 0.0

16:48:55.0300 9596 Product type: Workstation

16:48:55.0300 9596 ComputerName: OFFMGR3

16:48:55.0300 9596 UserName: tdrosdak

16:48:55.0300 9596 Windows directory: C:\Windows

16:48:55.0300 9596 System windows directory: C:\Windows

16:48:55.0300 9596 Processor architecture: Intel x86

16:48:55.0300 9596 Number of processors: 4

16:48:55.0300 9596 Page size: 0x1000

16:48:55.0300 9596 Boot type: Normal boot

16:48:55.0300 9596 ============================================================

16:48:55.0619 9596 Initialize success

16:49:26.0935 5548 ============================================================

16:49:26.0935 5548 Scan started

16:49:26.0935 5548 Mode: Manual; SigCheck; TDLFS;

16:49:26.0935 5548 ============================================================

16:49:27.0338 5548 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys

16:49:27.0426 5548 1394ohci - ok

16:49:27.0511 5548 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

16:49:27.0527 5548 ACPI - ok

16:49:27.0563 5548 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

16:49:27.0590 5548 AcpiPmi - ok

16:49:27.0692 5548 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

16:49:27.0704 5548 adp94xx - ok

16:49:27.0727 5548 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

16:49:27.0735 5548 adpahci - ok

16:49:27.0748 5548 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

16:49:27.0755 5548 adpu320 - ok

16:49:27.0788 5548 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

16:49:27.0805 5548 AFD - ok

16:49:27.0820 5548 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

16:49:27.0826 5548 agp440 - ok

16:49:27.0853 5548 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

16:49:27.0859 5548 aic78xx - ok

16:49:27.0887 5548 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

16:49:27.0892 5548 aliide - ok

16:49:27.0914 5548 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

16:49:27.0920 5548 amdagp - ok

16:49:27.0941 5548 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

16:49:27.0946 5548 amdide - ok

16:49:27.0966 5548 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

16:49:27.0979 5548 AmdK8 - ok

16:49:28.0117 5548 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys

16:49:28.0180 5548 amdkmdag - ok

16:49:28.0211 5548 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys

16:49:28.0225 5548 amdkmdap - ok

16:49:28.0258 5548 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

16:49:28.0281 5548 AmdPPM - ok

16:49:28.0316 5548 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

16:49:28.0327 5548 amdsata - ok

16:49:28.0367 5548 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

16:49:28.0379 5548 amdsbs - ok

16:49:28.0392 5548 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

16:49:28.0397 5548 amdxata - ok

16:49:28.0426 5548 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

16:49:28.0446 5548 AppID - ok

16:49:28.0480 5548 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

16:49:28.0487 5548 arc - ok

16:49:28.0498 5548 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

16:49:28.0505 5548 arcsas - ok

16:49:28.0529 5548 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

16:49:28.0567 5548 AsyncMac - ok

16:49:28.0607 5548 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

16:49:28.0617 5548 atapi - ok

16:49:28.0679 5548 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys

16:49:28.0706 5548 AvgLdx86 - ok

16:49:29.0202 5548 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\system32\Drivers\avgmfx86.sys

16:49:29.0210 5548 AvgMfx86 - ok

16:49:29.0234 5548 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys

16:49:29.0243 5548 AvgRkx86 - ok

16:49:29.0261 5548 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys

16:49:29.0267 5548 AvgTdiX - ok

16:49:29.0302 5548 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

16:49:29.0333 5548 b06bdrv - ok

16:49:29.0364 5548 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

16:49:29.0391 5548 b57nd60x - ok

16:49:29.0422 5548 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

16:49:29.0464 5548 Beep - ok

16:49:29.0507 5548 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

16:49:29.0525 5548 blbdrive - ok

16:49:29.0566 5548 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

16:49:29.0592 5548 bowser - ok

16:49:29.0614 5548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:49:29.0641 5548 BrFiltLo - ok

16:49:29.0663 5548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:49:29.0688 5548 BrFiltUp - ok

16:49:29.0723 5548 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

16:49:29.0748 5548 Brserid - ok

16:49:29.0776 5548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

16:49:29.0789 5548 BrSerWdm - ok

16:49:29.0801 5548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:49:29.0825 5548 BrUsbMdm - ok

16:49:29.0831 5548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

16:49:29.0846 5548 BrUsbSer - ok

16:49:29.0863 5548 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

16:49:29.0879 5548 BTHMODEM - ok

16:49:29.0973 5548 catchme - ok

16:49:30.0047 5548 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

16:49:30.0091 5548 cdfs - ok

16:49:30.0120 5548 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

16:49:30.0143 5548 cdrom - ok

16:49:30.0178 5548 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

16:49:30.0189 5548 circlass - ok

16:49:30.0217 5548 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

16:49:30.0226 5548 CLFS - ok

16:49:30.0253 5548 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

16:49:30.0259 5548 CmBatt - ok

16:49:30.0266 5548 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

16:49:30.0271 5548 cmdide - ok

16:49:30.0290 5548 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

16:49:30.0312 5548 CNG - ok

16:49:30.0318 5548 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

16:49:30.0323 5548 Compbatt - ok

16:49:30.0347 5548 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:49:30.0365 5548 CompositeBus - ok

16:49:30.0383 5548 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

16:49:30.0388 5548 crcdisk - ok

16:49:30.0422 5548 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

16:49:30.0442 5548 CSC - ok

16:49:30.0486 5548 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

16:49:30.0510 5548 DfsC - ok

16:49:30.0538 5548 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

16:49:30.0575 5548 discache - ok

16:49:30.0609 5548 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

16:49:30.0619 5548 Disk - ok

16:49:30.0679 5548 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

16:49:30.0702 5548 Dot4 - ok

16:49:30.0723 5548 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:49:30.0739 5548 Dot4Print - ok

16:49:30.0752 5548 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

16:49:30.0760 5548 dot4usb - ok

16:49:30.0782 5548 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

16:49:30.0801 5548 drmkaud - ok

16:49:30.0829 5548 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

16:49:30.0841 5548 DXGKrnl - ok

16:49:30.0867 5548 e1cexpress (94ad8bae670e55bf646796b56bac53a4) C:\Windows\system32\DRIVERS\e1c6232.sys

16:49:30.0873 5548 e1cexpress - ok

16:49:30.0958 5548 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

16:49:30.0995 5548 ebdrv - ok

16:49:31.0015 5548 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

16:49:31.0025 5548 elxstor - ok

16:49:31.0036 5548 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

16:49:31.0053 5548 ErrDev - ok

16:49:31.0075 5548 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

16:49:31.0091 5548 exfat - ok

16:49:31.0108 5548 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

16:49:31.0125 5548 fastfat - ok

16:49:31.0149 5548 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

16:49:31.0166 5548 fdc - ok

16:49:31.0186 5548 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

16:49:31.0192 5548 FileInfo - ok

16:49:31.0207 5548 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

16:49:31.0223 5548 Filetrace - ok

16:49:31.0231 5548 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

16:49:31.0249 5548 flpydisk - ok

16:49:31.0262 5548 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

16:49:31.0268 5548 FltMgr - ok

16:49:31.0288 5548 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

16:49:31.0294 5548 FsDepends - ok

16:49:31.0320 5548 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

16:49:31.0326 5548 Fs_Rec - ok

16:49:31.0353 5548 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

16:49:31.0369 5548 fvevol - ok

16:49:31.0386 5548 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:49:31.0391 5548 gagp30kx - ok

16:49:31.0415 5548 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:49:31.0423 5548 GEARAspiWDM - ok

16:49:31.0440 5548 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

16:49:31.0452 5548 hcw85cir - ok

16:49:31.0476 5548 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:49:31.0492 5548 HDAudBus - ok

16:49:31.0508 5548 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

16:49:31.0521 5548 HidBatt - ok

16:49:31.0533 5548 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

16:49:31.0548 5548 HidBth - ok

16:49:31.0569 5548 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

16:49:31.0589 5548 HidIr - ok

16:49:31.0620 5548 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

16:49:31.0644 5548 HidUsb - ok

16:49:31.0683 5548 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

16:49:31.0693 5548 HpSAMD - ok

16:49:31.0715 5548 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

16:49:31.0735 5548 HTTP - ok

16:49:31.0745 5548 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

16:49:31.0750 5548 hwpolicy - ok

16:49:31.0774 5548 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

16:49:31.0792 5548 i8042prt - ok

16:49:31.0821 5548 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys

16:49:31.0829 5548 iaStor - ok

16:49:31.0869 5548 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

16:49:31.0885 5548 iaStorV - ok

16:49:31.0913 5548 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

16:49:31.0918 5548 iirsp - ok

16:49:31.0984 5548 IntcAzAudAddService (55da507ff4762d38427c19dbfdf56763) C:\Windows\system32\drivers\RTDVHDA.sys

16:49:32.0016 5548 IntcAzAudAddService - ok

16:49:32.0037 5548 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

16:49:32.0041 5548 intelide - ok

16:49:32.0069 5548 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

16:49:32.0078 5548 intelppm - ok

16:49:32.0098 5548 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:49:32.0122 5548 IpFilterDriver - ok

16:49:32.0137 5548 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

16:49:32.0156 5548 IPMIDRV - ok

16:49:32.0171 5548 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

16:49:32.0199 5548 IPNAT - ok

16:49:32.0228 5548 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

16:49:32.0253 5548 IRENUM - ok

16:49:32.0267 5548 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

16:49:32.0272 5548 isapnp - ok

16:49:32.0285 5548 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

16:49:32.0291 5548 iScsiPrt - ok

16:49:32.0324 5548 KAPFA (f0c4a6d81d30866aaf8cfa983d9d13d7) C:\Windows\system32\drivers\KAPFA.SYS

16:49:32.0334 5548 KAPFA ( UnsignedFile.Multi.Generic ) - warning

16:49:32.0334 5548 KAPFA - detected UnsignedFile.Multi.Generic (1)

16:49:32.0401 5548 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:49:32.0408 5548 kbdclass - ok

16:49:32.0421 5548 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

16:49:32.0441 5548 kbdhid - ok

16:49:32.0462 5548 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

16:49:32.0469 5548 KSecDD - ok

16:49:32.0489 5548 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

16:49:32.0497 5548 KSecPkg - ok

16:49:32.0528 5548 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

16:49:32.0555 5548 lltdio - ok

16:49:32.0586 5548 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:49:32.0592 5548 LSI_FC - ok

16:49:32.0603 5548 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:49:32.0609 5548 LSI_SAS - ok

16:49:32.0624 5548 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:49:32.0630 5548 LSI_SAS2 - ok

16:49:32.0647 5548 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:49:32.0653 5548 LSI_SCSI - ok

16:49:32.0666 5548 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

16:49:32.0695 5548 luafv - ok

16:49:32.0731 5548 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

16:49:32.0739 5548 MBAMProtector - ok

16:49:32.0762 5548 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

16:49:32.0769 5548 megasas - ok

16:49:32.0788 5548 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

16:49:32.0795 5548 MegaSR - ok

16:49:32.0822 5548 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys

16:49:32.0841 5548 MEI - ok

16:49:32.0873 5548 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

16:49:32.0911 5548 Modem - ok

16:49:32.0938 5548 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

16:49:32.0961 5548 monitor - ok

16:49:33.0070 5548 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys

16:49:33.0104 5548 motusbdevice - ok

16:49:33.0127 5548 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

16:49:33.0138 5548 mouclass - ok

16:49:33.0165 5548 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

16:49:33.0184 5548 mouhid - ok

16:49:33.0200 5548 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

16:49:33.0211 5548 mountmgr - ok

16:49:33.0227 5548 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

16:49:33.0233 5548 mpio - ok

16:49:33.0246 5548 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

16:49:33.0275 5548 mpsdrv - ok

16:49:33.0287 5548 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

16:49:33.0305 5548 MRxDAV - ok

16:49:33.0340 5548 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:49:33.0378 5548 mrxsmb - ok

16:49:33.0443 5548 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:49:33.0467 5548 mrxsmb10 - ok

16:49:33.0498 5548 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:49:33.0512 5548 mrxsmb20 - ok

16:49:33.0532 5548 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys

16:49:33.0537 5548 msahci - ok

16:49:33.0571 5548 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

16:49:33.0579 5548 msdsm - ok

16:49:33.0610 5548 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

16:49:33.0626 5548 Msfs - ok

16:49:33.0636 5548 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

16:49:33.0656 5548 mshidkmdf - ok

16:49:33.0673 5548 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

16:49:33.0678 5548 msisadrv - ok

16:49:33.0706 5548 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

16:49:33.0726 5548 MSKSSRV - ok

16:49:33.0740 5548 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

16:49:33.0764 5548 MSPCLOCK - ok

16:49:33.0770 5548 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

16:49:33.0792 5548 MSPQM - ok

16:49:33.0807 5548 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

16:49:33.0814 5548 MsRPC - ok

16:49:33.0826 5548 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

16:49:33.0831 5548 mssmbios - ok

16:49:33.0861 5548 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

16:49:33.0881 5548 MSTEE - ok

16:49:33.0895 5548 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

16:49:33.0910 5548 MTConfig - ok

16:49:33.0925 5548 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

16:49:33.0930 5548 Mup - ok

16:49:33.0955 5548 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

16:49:33.0981 5548 NativeWifiP - ok

16:49:34.0010 5548 NDIS (1f4b318f88984545cd108bd777258924) C:\Windows\system32\drivers\ndis.sys

16:49:34.0022 5548 NDIS - ok

16:49:34.0034 5548 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

16:49:34.0050 5548 NdisCap - ok

16:49:34.0070 5548 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

16:49:34.0107 5548 NdisTapi - ok

16:49:34.0120 5548 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

16:49:34.0136 5548 Ndisuio - ok

16:49:34.0151 5548 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

16:49:34.0168 5548 NdisWan - ok

16:49:34.0177 5548 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

16:49:34.0193 5548 NDProxy - ok

16:49:34.0287 5548 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

16:49:34.0327 5548 NetBIOS - ok

16:49:34.0346 5548 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

16:49:34.0363 5548 NetBT - ok

16:49:34.0400 5548 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

16:49:34.0405 5548 nfrd960 - ok

16:49:34.0423 5548 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

16:49:34.0439 5548 Npfs - ok

16:49:34.0477 5548 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

16:49:34.0502 5548 nsiproxy - ok

16:49:34.0551 5548 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

16:49:34.0568 5548 Ntfs - ok

16:49:34.0589 5548 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

16:49:34.0613 5548 Null - ok

16:49:34.0654 5548 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

16:49:34.0664 5548 nvraid - ok

16:49:34.0683 5548 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

16:49:34.0690 5548 nvstor - ok

16:49:34.0727 5548 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

16:49:34.0733 5548 nv_agp - ok

16:49:34.0757 5548 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

16:49:34.0802 5548 ohci1394 - ok

16:49:34.0852 5548 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

16:49:34.0875 5548 Parport - ok

16:49:34.0888 5548 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

16:49:34.0897 5548 partmgr - ok

16:49:34.0906 5548 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

16:49:34.0920 5548 Parvdm - ok

16:49:34.0952 5548 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys

16:49:34.0961 5548 PBADRV - ok

16:49:34.0985 5548 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

16:49:34.0993 5548 pci - ok

16:49:35.0013 5548 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

16:49:35.0019 5548 pciide - ok

16:49:35.0039 5548 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

16:49:35.0047 5548 pcmcia - ok

16:49:35.0060 5548 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

16:49:35.0065 5548 pcw - ok

16:49:35.0090 5548 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

16:49:35.0119 5548 PEAUTH - ok

16:49:35.0185 5548 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

16:49:35.0194 5548 Point32 - ok

16:49:35.0232 5548 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

16:49:35.0273 5548 PptpMiniport - ok

16:49:35.0298 5548 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

16:49:35.0321 5548 Processor - ok

16:49:35.0356 5548 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

16:49:35.0382 5548 Psched - ok

16:49:35.0428 5548 PTSimBus (c456c2db7f7d6a3112a360ddf315298b) C:\Windows\system32\DRIVERS\PTSimBus.sys

16:49:35.0441 5548 PTSimBus - ok

16:49:35.0453 5548 PTSimHid (f98bb914074a43e7e83ea98d7d13d612) C:\Windows\system32\DRIVERS\PTSimHid.sys

16:49:35.0472 5548 PTSimHid - ok

16:49:35.0499 5548 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

16:49:35.0509 5548 PxHelp20 - ok

16:49:35.0554 5548 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

16:49:35.0573 5548 ql2300 - ok

16:49:35.0598 5548 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

16:49:35.0604 5548 ql40xx - ok

16:49:35.0626 5548 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

16:49:35.0651 5548 QWAVEdrv - ok

16:49:35.0665 5548 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

16:49:35.0691 5548 RasAcd - ok

16:49:35.0739 5548 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:49:35.0778 5548 RasAgileVpn - ok

16:49:35.0795 5548 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:49:35.0823 5548 Rasl2tp - ok

16:49:35.0840 5548 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

16:49:35.0864 5548 RasPppoe - ok

16:49:35.0891 5548 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

16:49:35.0907 5548 RasSstp - ok

16:49:35.0919 5548 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

16:49:35.0945 5548 rdbss - ok

16:49:35.0970 5548 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

16:49:35.0995 5548 rdpbus - ok

16:49:36.0015 5548 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:49:36.0040 5548 RDPCDD - ok

16:49:36.0072 5548 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

16:49:36.0093 5548 RDPDR - ok

16:49:36.0129 5548 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

16:49:36.0160 5548 RDPENCDD - ok

16:49:36.0172 5548 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

16:49:36.0193 5548 RDPREFMP - ok

16:49:36.0211 5548 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

16:49:36.0227 5548 RDPWD - ok

16:49:36.0258 5548 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

16:49:36.0265 5548 rdyboost - ok

16:49:36.0307 5548 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

16:49:36.0343 5548 RimUsb - ok

16:49:36.0381 5548 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

16:49:36.0408 5548 RimVSerPort - ok

16:49:36.0441 5548 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys

16:49:36.0482 5548 ROOTMODEM - ok

16:49:36.0523 5548 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys

16:49:36.0529 5548 RsFx0150 - ok

16:49:36.0554 5548 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

16:49:36.0576 5548 rspndr - ok

16:49:36.0596 5548 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

16:49:36.0613 5548 s3cap - ok

16:49:36.0659 5548 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

16:49:36.0670 5548 sbp2port - ok

16:49:36.0702 5548 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

16:49:36.0750 5548 scfilter - ok

16:49:36.0861 5548 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:49:36.0915 5548 secdrv - ok

16:49:37.0031 5548 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

16:49:37.0044 5548 Serenum - ok

16:49:37.0080 5548 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

16:49:37.0111 5548 Serial - ok

16:49:37.0150 5548 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

16:49:37.0175 5548 sermouse - ok

16:49:37.0213 5548 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

16:49:37.0256 5548 sffdisk - ok

16:49:37.0265 5548 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

16:49:37.0290 5548 sffp_mmc - ok

16:49:37.0307 5548 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

16:49:37.0319 5548 sffp_sd - ok

16:49:37.0333 5548 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

16:49:37.0349 5548 sfloppy - ok

16:49:37.0377 5548 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

16:49:37.0383 5548 sisagp - ok

16:49:37.0400 5548 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:49:37.0405 5548 SiSRaid2 - ok

16:49:37.0421 5548 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

16:49:37.0426 5548 SiSRaid4 - ok

16:49:37.0458 5548 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

16:49:37.0504 5548 Smb - ok

16:49:37.0539 5548 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

16:49:37.0550 5548 spldr - ok

16:49:37.0621 5548 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

16:49:37.0647 5548 srv - ok

16:49:37.0681 5548 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

16:49:37.0706 5548 srv2 - ok

16:49:37.0725 5548 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

16:49:37.0742 5548 srvnet - ok

16:49:37.0770 5548 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

16:49:37.0777 5548 stexstor - ok

16:49:37.0821 5548 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

16:49:37.0831 5548 storflt - ok

16:49:37.0849 5548 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

16:49:37.0854 5548 storvsc - ok

16:49:37.0868 5548 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

16:49:37.0873 5548 swenum - ok

16:49:37.0879 5548 Tablet2k - ok

16:49:37.0910 5548 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\Windows\system32\DRIVERS\TClass2k.sys

16:49:37.0933 5548 TClass2k - ok

16:49:37.0993 5548 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys

16:49:38.0021 5548 Tcpip - ok

16:49:38.0072 5548 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys

16:49:38.0104 5548 TCPIP6 - ok

16:49:38.0132 5548 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

16:49:38.0157 5548 tcpipreg - ok

16:49:38.0191 5548 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

16:49:38.0207 5548 TDPIPE - ok

16:49:38.0222 5548 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

16:49:38.0238 5548 TDTCP - ok

16:49:38.0250 5548 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

16:49:38.0266 5548 tdx - ok

16:49:38.0281 5548 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

16:49:38.0286 5548 TermDD - ok

16:49:38.0319 5548 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:49:38.0334 5548 tssecsrv - ok

16:49:38.0360 5548 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

16:49:38.0382 5548 tunnel - ok

16:49:38.0398 5548 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

16:49:38.0404 5548 uagp35 - ok

16:49:38.0451 5548 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\Windows\system32\DRIVERS\UCTblHid.sys

16:49:38.0474 5548 UCTblHid - ok

16:49:38.0502 5548 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys

16:49:38.0540 5548 udfs - ok

16:49:38.0584 5548 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

16:49:38.0594 5548 uliagpkx - ok

16:49:38.0617 5548 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

16:49:38.0637 5548 umbus - ok

16:49:38.0659 5548 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

16:49:38.0681 5548 UmPass - ok

16:49:38.0731 5548 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

16:49:38.0757 5548 USBAAPL - ok

16:49:38.0786 5548 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys

16:49:38.0825 5548 usbccgp - ok

16:49:38.0859 5548 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

16:49:38.0882 5548 usbcir - ok

16:49:38.0905 5548 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys

16:49:38.0918 5548 usbehci - ok

16:49:38.0946 5548 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys

16:49:38.0962 5548 usbhub - ok

16:49:38.0976 5548 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys

16:49:38.0990 5548 usbohci - ok

16:49:39.0012 5548 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

16:49:39.0028 5548 usbprint - ok

16:49:39.0058 5548 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

16:49:39.0081 5548 usbscan - ok

16:49:39.0103 5548 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:49:39.0123 5548 USBSTOR - ok

16:49:39.0152 5548 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys

16:49:39.0171 5548 usbuhci - ok

16:49:39.0633 5548 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

16:49:39.0643 5548 vdrvroot - ok

16:49:39.0659 5548 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

16:49:39.0680 5548 vga - ok

16:49:39.0698 5548 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

16:49:39.0721 5548 VgaSave - ok

16:49:39.0735 5548 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

16:49:39.0742 5548 vhdmp - ok

16:49:39.0761 5548 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

16:49:39.0766 5548 viaagp - ok

16:49:39.0773 5548 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

16:49:39.0789 5548 ViaC7 - ok

16:49:39.0809 5548 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

16:49:39.0814 5548 viaide - ok

16:49:39.0835 5548 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

16:49:39.0841 5548 vmbus - ok

16:49:39.0852 5548 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

16:49:39.0859 5548 VMBusHID - ok

16:49:39.0869 5548 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

16:49:39.0874 5548 volmgr - ok

16:49:39.0892 5548 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

16:49:39.0900 5548 volmgrx - ok

16:49:39.0913 5548 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

16:49:39.0920 5548 volsnap - ok

16:49:39.0942 5548 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

16:49:39.0948 5548 vsmraid - ok

16:49:39.0960 5548 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

16:49:39.0978 5548 vwifibus - ok

16:49:39.0995 5548 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

16:49:40.0016 5548 WacomPen - ok

16:49:40.0034 5548 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

16:49:40.0059 5548 WANARP - ok

16:49:40.0063 5548 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

16:49:40.0079 5548 Wanarpv6 - ok

16:49:40.0109 5548 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

16:49:40.0114 5548 Wd - ok

16:49:40.0132 5548 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

16:49:40.0141 5548 Wdf01000 - ok

16:49:40.0177 5548 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

16:49:40.0206 5548 WfpLwf - ok

16:49:40.0218 5548 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

16:49:40.0223 5548 WIMMount - ok

16:49:40.0280 5548 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:49:40.0299 5548 WmiAcpi - ok

16:49:40.0324 5548 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

16:49:40.0351 5548 ws2ifsl - ok

16:49:40.0378 5548 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

16:49:40.0398 5548 WSDPrintDevice - ok

16:49:40.0431 5548 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys

16:49:40.0438 5548 WudfPf - ok

16:49:40.0461 5548 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:49:40.0476 5548 WUDFRd - ok

16:49:40.0500 5548 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:49:40.0589 5548 \Device\Harddisk0\DR0 - ok

16:49:40.0595 5548 Boot (0x1200) (1804e341854e9d8c25c177a7e98b0db0) \Device\Harddisk0\DR0\Partition0

16:49:40.0596 5548 \Device\Harddisk0\DR0\Partition0 - ok

16:49:40.0624 5548 Boot (0x1200) (c43a712a689cbffd6b34f45b6daab063) \Device\Harddisk0\DR0\Partition1

16:49:40.0625 5548 \Device\Harddisk0\DR0\Partition1 - ok

16:49:40.0626 5548 ============================================================

16:49:40.0626 5548 Scan finished

16:49:40.0626 5548 ============================================================

16:49:40.0641 5880 Detected object count: 1

16:49:40.0641 5880 Actual detected object count: 1

16:50:52.0261 5880 KAPFA ( UnsignedFile.Multi.Generic ) - skipped by user

16:50:52.0261 5880 KAPFA ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:51:15.0849 7780 ============================================================

16:51:15.0849 7780 Scan started

16:51:15.0849 7780 Mode: Manual; SigCheck; TDLFS;

16:51:15.0849 7780 ============================================================

16:51:16.0020 7780 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys

16:51:16.0051 7780 1394ohci - ok

16:51:16.0075 7780 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

16:51:16.0083 7780 ACPI - ok

16:51:16.0095 7780 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

16:51:16.0103 7780 AcpiPmi - ok

16:51:16.0142 7780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

16:51:16.0159 7780 adp94xx - ok

16:51:16.0176 7780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

16:51:16.0183 7780 adpahci - ok

16:51:16.0197 7780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

16:51:16.0203 7780 adpu320 - ok

16:51:16.0228 7780 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

16:51:16.0237 7780 AFD - ok

16:51:16.0252 7780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

16:51:16.0258 7780 agp440 - ok

16:51:16.0268 7780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

16:51:16.0274 7780 aic78xx - ok

16:51:16.0286 7780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

16:51:16.0291 7780 aliide - ok

16:51:16.0305 7780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

16:51:16.0310 7780 amdagp - ok

16:51:16.0331 7780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

16:51:16.0336 7780 amdide - ok

16:51:16.0348 7780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

16:51:16.0354 7780 AmdK8 - ok

16:51:16.0477 7780 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys

16:51:16.0538 7780 amdkmdag - ok

16:51:16.0568 7780 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys

16:51:16.0576 7780 amdkmdap - ok

16:51:16.0590 7780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

16:51:16.0596 7780 AmdPPM - ok

16:51:16.0614 7780 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

16:51:16.0620 7780 amdsata - ok

16:51:16.0632 7780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

16:51:16.0638 7780 amdsbs - ok

16:51:16.0649 7780 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

16:51:16.0654 7780 amdxata - ok

16:51:16.0666 7780 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

16:51:16.0675 7780 AppID - ok

16:51:16.0703 7780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

16:51:16.0709 7780 arc - ok

16:51:16.0721 7780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

16:51:16.0727 7780 arcsas - ok

16:51:16.0736 7780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

16:51:16.0752 7780 AsyncMac - ok

16:51:16.0781 7780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

16:51:16.0786 7780 atapi - ok

16:51:16.0827 7780 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys

16:51:16.0839 7780 AvgLdx86 - ok

16:51:16.0867 7780 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\system32\Drivers\avgmfx86.sys

16:51:16.0872 7780 AvgMfx86 - ok

16:51:16.0883 7780 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys

16:51:16.0888 7780 AvgRkx86 - ok

16:51:16.0901 7780 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys

16:51:16.0907 7780 AvgTdiX - ok

16:51:16.0934 7780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

16:51:16.0943 7780 b06bdrv - ok

16:51:16.0962 7780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

16:51:16.0970 7780 b57nd60x - ok

16:51:16.0996 7780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

16:51:17.0011 7780 Beep - ok

16:51:17.0047 7780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

16:51:17.0060 7780 blbdrive - ok

16:51:17.0090 7780 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

16:51:17.0101 7780 bowser - ok

16:51:17.0113 7780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:51:17.0120 7780 BrFiltLo - ok

16:51:17.0129 7780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:51:17.0136 7780 BrFiltUp - ok

16:51:17.0154 7780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

16:51:17.0163 7780 Brserid - ok

16:51:17.0175 7780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

16:51:17.0183 7780 BrSerWdm - ok

16:51:17.0192 7780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:51:17.0199 7780 BrUsbMdm - ok

16:51:17.0205 7780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

16:51:17.0212 7780 BrUsbSer - ok

16:51:17.0221 7780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

16:51:17.0228 7780 BTHMODEM - ok

16:51:17.0288 7780 catchme - ok

16:51:17.0306 7780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

16:51:17.0337 7780 cdfs - ok

16:51:17.0352 7780 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

16:51:17.0359 7780 cdrom - ok

16:51:17.0368 7780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

16:51:17.0376 7780 circlass - ok

16:51:17.0399 7780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

16:51:17.0407 7780 CLFS - ok

16:51:17.0435 7780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

16:51:17.0442 7780 CmBatt - ok

16:51:17.0457 7780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

16:51:17.0461 7780 cmdide - ok

16:51:17.0481 7780 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

16:51:17.0492 7780 CNG - ok

16:51:17.0498 7780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

16:51:17.0503 7780 Compbatt - ok

16:51:17.0513 7780 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:51:17.0521 7780 CompositeBus - ok

16:51:17.0540 7780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

16:51:17.0545 7780 crcdisk - ok

16:51:17.0571 7780 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

16:51:17.0580 7780 CSC - ok

16:51:17.0618 7780 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

16:51:17.0624 7780 DfsC - ok

16:51:17.0645 7780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

16:51:17.0661 7780 discache - ok

16:51:17.0674 7780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

16:51:17.0680 7780 Disk - ok

16:51:17.0719 7780 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

16:51:17.0727 7780 Dot4 - ok

16:51:17.0739 7780 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:51:17.0746 7780 Dot4Print - ok

16:51:17.0759 7780 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

16:51:17.0767 7780 dot4usb - ok

16:51:17.0789 7780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

16:51:17.0796 7780 drmkaud - ok

16:51:17.0905 7780 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

16:51:17.0929 7780 DXGKrnl - ok

16:51:17.0949 7780 e1cexpress (94ad8bae670e55bf646796b56bac53a4) C:\Windows\system32\DRIVERS\e1c6232.sys

16:51:17.0956 7780 e1cexpress - ok

16:51:18.0030 7780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

16:51:18.0059 7780 ebdrv - ok

16:51:18.0081 7780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

16:51:18.0090 7780 elxstor - ok

16:51:18.0101 7780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

16:51:18.0108 7780 ErrDev - ok

16:51:18.0132 7780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

16:51:18.0148 7780 exfat - ok

16:51:18.0165 7780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

16:51:18.0182 7780 fastfat - ok

16:51:18.0198 7780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

16:51:18.0205 7780 fdc - ok

16:51:18.0218 7780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

16:51:18.0224 7780 FileInfo - ok

16:51:18.0239 7780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

16:51:18.0255 7780 Filetrace - ok

16:51:18.0264 7780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

16:51:18.0270 7780 flpydisk - ok

16:51:18.0286 7780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

16:51:18.0292 7780 FltMgr - ok

16:51:18.0301 7780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

16:51:18.0306 7780 FsDepends - ok

16:51:18.0319 7780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

16:51:18.0324 7780 Fs_Rec - ok

16:51:18.0351 7780 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

16:51:18.0359 7780 fvevol - ok

16:51:18.0376 7780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:51:18.0381 7780 gagp30kx - ok

16:51:18.0406 7780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:51:18.0410 7780 GEARAspiWDM - ok

16:51:18.0422 7780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

16:51:18.0428 7780 hcw85cir - ok

16:51:18.0441 7780 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:51:18.0449 7780 HDAudBus - ok

16:51:18.0457 7780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

16:51:18.0464 7780 HidBatt - ok

16:51:18.0482 7780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

16:51:18.0490 7780 HidBth - ok

16:51:18.0501 7780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

16:51:18.0509 7780 HidIr - ok

16:51:18.0535 7780 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

16:51:18.0544 7780 HidUsb - ok

16:51:18.0573 7780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

16:51:18.0578 7780 HpSAMD - ok

16:51:18.0596 7780 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

16:51:18.0616 7780 HTTP - ok

16:51:18.0627 7780 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

16:51:18.0632 7780 hwpolicy - ok

16:51:18.0648 7780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

16:51:18.0655 7780 i8042prt - ok

16:51:18.0678 7780 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys

16:51:18.0687 7780 iaStor - ok

16:51:18.0717 7780 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

16:51:18.0731 7780 iaStorV - ok

16:51:18.0745 7780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

16:51:18.0752 7780 iirsp - ok

16:51:18.0807 7780 IntcAzAudAddService (55da507ff4762d38427c19dbfdf56763) C:\Windows\system32\drivers\RTDVHDA.sys

16:51:18.0839 7780 IntcAzAudAddService - ok

16:51:18.0860 7780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

16:51:18.0865 7780 intelide - ok

16:51:18.0876 7780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

16:51:18.0883 7780 intelppm - ok

16:51:18.0905 7780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:51:18.0921 7780 IpFilterDriver - ok

16:51:18.0936 7780 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

16:51:18.0943 7780 IPMIDRV - ok

16:51:18.0952 7780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

16:51:18.0968 7780 IPNAT - ok

16:51:18.0985 7780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

16:51:18.0994 7780 IRENUM - ok

16:51:19.0007 7780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

16:51:19.0013 7780 isapnp - ok

16:51:19.0025 7780 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

16:51:19.0032 7780 iScsiPrt - ok

16:51:19.0064 7780 KAPFA (f0c4a6d81d30866aaf8cfa983d9d13d7) C:\Windows\system32\drivers\KAPFA.SYS

16:51:19.0067 7780 KAPFA ( UnsignedFile.Multi.Generic ) - warning

16:51:19.0067 7780 KAPFA - detected UnsignedFile.Multi.Generic (1)

16:51:19.0083 7780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:51:19.0093 7780 kbdclass - ok

16:51:19.0104 7780 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

16:51:19.0112 7780 kbdhid - ok

16:51:19.0127 7780 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

16:51:19.0133 7780 KSecDD - ok

16:51:19.0155 7780 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

16:51:19.0161 7780 KSecPkg - ok

16:51:19.0186 7780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

16:51:19.0201 7780 lltdio - ok

16:51:19.0227 7780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:51:19.0232 7780 LSI_FC - ok

16:51:19.0244 7780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:51:19.0249 7780 LSI_SAS - ok

16:51:19.0265 7780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:51:19.0271 7780 LSI_SAS2 - ok

16:51:19.0288 7780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:51:19.0294 7780 LSI_SCSI - ok

16:51:19.0306 7780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

16:51:19.0323 7780 luafv - ok

16:51:19.0363 7780 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

16:51:19.0374 7780 MBAMProtector - ok

16:51:19.0394 7780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

16:51:19.0404 7780 megasas - ok

16:51:19.0420 7780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

16:51:19.0427 7780 MegaSR - ok

16:51:19.0446 7780 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys

16:51:19.0451 7780 MEI - ok

16:51:19.0460 7780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

16:51:19.0477 7780 Modem - ok

16:51:19.0487 7780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

16:51:19.0494 7780 monitor - ok

16:51:19.0519 7780 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys

16:51:19.0528 7780 motusbdevice - ok

16:51:19.0543 7780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

16:51:19.0548 7780 mouclass - ok

16:51:19.0564 7780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

16:51:19.0571 7780 mouhid - ok

16:51:19.0582 7780 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

16:51:19.0588 7780 mountmgr - ok

16:51:19.0601 7780 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

16:51:19.0607 7780 mpio - ok

16:51:19.0620 7780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

16:51:19.0636 7780 mpsdrv - ok

16:51:19.0652 7780 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

16:51:19.0661 7780 MRxDAV - ok

16:51:19.0689 7780 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:51:19.0696 7780 mrxsmb - ok

16:51:19.0724 7780 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:51:19.0732 7780 mrxsmb10 - ok

16:51:19.0747 7780 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:51:19.0753 7780 mrxsmb20 - ok

16:51:19.0773 7780 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys

16:51:19.0778 7780 msahci - ok

16:51:19.0804 7780 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

16:51:19.0815 7780 msdsm - ok

16:51:19.0842 7780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

16:51:19.0858 7780 Msfs - ok

16:51:19.0868 7780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

16:51:19.0883 7780 mshidkmdf - ok

16:51:19.0897 7780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

16:51:19.0902 7780 msisadrv - ok

16:51:19.0921 7780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

16:51:19.0937 7780 MSKSSRV - ok

16:51:19.0947 7780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

16:51:19.0963 7780 MSPCLOCK - ok

16:51:19.0968 7780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

16:51:19.0984 7780 MSPQM - ok

16:51:19.0998 7780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

16:51:20.0005 7780 MsRPC - ok

16:51:20.0016 7780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

16:51:20.0021 7780 mssmbios - ok

16:51:20.0037 7780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

16:51:20.0053 7780 MSTEE - ok

16:51:20.0069 7780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

16:51:20.0075 7780 MTConfig - ok

16:51:20.0090 7780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

16:51:20.0095 7780 Mup - ok

16:51:20.0112 7780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

16:51:20.0122 7780 NativeWifiP - ok

16:51:20.0151 7780 NDIS (1f4b318f88984545cd108bd777258924) C:\Windows\system32\drivers\ndis.sys

16:51:20.0163 7780 NDIS - ok

16:51:20.0175 7780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

16:51:20.0191 7780 NdisCap - ok

16:51:20.0202 7780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

16:51:20.0218 7780 NdisTapi - ok

16:51:20.0227 7780 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

16:51:20.0243 7780 Ndisuio - ok

16:51:20.0258 7780 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

16:51:20.0275 7780 NdisWan - ok

16:51:20.0284 7780 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

16:51:20.0300 7780 NDProxy - ok

16:51:20.0319 7780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

16:51:20.0335 7780 NetBIOS - ok

16:51:20.0345 7780 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

16:51:20.0362 7780 NetBT - ok

16:51:20.0390 7780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

16:51:20.0396 7780 nfrd960 - ok

16:51:20.0403 7780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

16:51:20.0419 7780 Npfs - ok

16:51:20.0451 7780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

16:51:20.0466 7780 nsiproxy - ok

16:51:20.0517 7780 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

16:51:20.0549 7780 Ntfs - ok

16:51:20.0563 7780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

16:51:20.0579 7780 Null - ok

16:51:20.0602 7780 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

16:51:20.0608 7780 nvraid - ok

16:51:20.0623 7780 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

16:51:20.0630 7780 nvstor - ok

16:51:20.0643 7780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

16:51:20.0649 7780 nv_agp - ok

16:51:20.0673 7780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

16:51:20.0686 7780 ohci1394 - ok

16:51:20.0709 7780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

16:51:20.0716 7780 Parport - ok

16:51:20.0729 7780 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

16:51:20.0734 7780 partmgr - ok

16:51:20.0747 7780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

16:51:20.0754 7780 Parvdm - ok

16:51:20.0776 7780 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys

16:51:20.0781 7780 PBADRV - ok

16:51:20.0808 7780 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

16:51:20.0815 7780 pci - ok

16:51:20.0837 7780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

16:51:20.0842 7780 pciide - ok

16:51:20.0854 7780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

16:51:20.0861 7780 pcmcia - ok

16:51:20.0875 7780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

16:51:20.0881 7780 pcw - ok

16:51:20.0897 7780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

16:51:20.0917 7780 PEAUTH - ok

16:51:20.0950 7780 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

16:51:20.0955 7780 Point32 - ok

16:51:20.0972 7780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

16:51:20.0988 7780 PptpMiniport - ok

16:51:20.0997 7780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

16:51:21.0004 7780 Processor - ok

16:51:21.0021 7780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

16:51:21.0037 7780 Psched - ok

16:51:21.0068 7780 PTSimBus (c456c2db7f7d6a3112a360ddf315298b) C:\Windows\system32\DRIVERS\PTSimBus.sys

16:51:21.0075 7780 PTSimBus - ok

16:51:21.0085 7780 PTSimHid (f98bb914074a43e7e83ea98d7d13d612) C:\Windows\system32\DRIVERS\PTSimHid.sys

16:51:21.0092 7780 PTSimHid - ok

16:51:21.0114 7780 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

16:51:21.0119 7780 PxHelp20 - ok

16:51:21.0153 7780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

16:51:21.0172 7780 ql2300 - ok

16:51:21.0188 7780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

16:51:21.0194 7780 ql40xx - ok

16:51:21.0208 7780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

16:51:21.0216 7780 QWAVEdrv - ok

16:51:21.0231 7780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

16:51:21.0246 7780 RasAcd - ok

16:51:21.0271 7780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:51:21.0287 7780 RasAgileVpn - ok

16:51:21.0303 7780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:51:21.0319 7780 Rasl2tp - ok

16:51:21.0331 7780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

16:51:21.0347 7780 RasPppoe - ok

16:51:21.0357 7780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

16:51:21.0373 7780 RasSstp - ok

16:51:21.0384 7780 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

16:51:21.0402 7780 rdbss - ok

16:51:21.0419 7780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

16:51:21.0426 7780 rdpbus - ok

16:51:21.0439 7780 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:51:21.0455 7780 RDPCDD - ok

16:51:21.0480 7780 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

16:51:21.0487 7780 RDPDR - ok

16:51:21.0503 7780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

16:51:21.0518 7780 RDPENCDD - ok

16:51:21.0530 7780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

16:51:21.0545 7780 RDPREFMP - ok

16:51:21.0560 7780 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

16:51:21.0576 7780 RDPWD - ok

16:51:21.0591 7780 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

16:51:21.0597 7780 rdyboost - ok

16:51:21.0623 7780 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

16:51:21.0628 7780 RimUsb - ok

16:51:21.0664 7780 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

16:51:21.0674 7780 RimVSerPort - ok

16:51:21.0690 7780 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys

16:51:21.0706 7780 ROOTMODEM - ok

16:51:21.0730 7780 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys

16:51:21.0736 7780 RsFx0150 - ok

16:51:21.0753 7780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

16:51:21.0769 7780 rspndr - ok

16:51:21.0795 7780 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

16:51:21.0801 7780 s3cap - ok

16:51:21.0816 7780 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

16:51:21.0821 7780 sbp2port - ok

16:51:21.0834 7780 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

16:51:21.0850 7780 scfilter - ok

16:51:21.0868 7780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:51:21.0884 7780 secdrv - ok

16:51:21.0896 7780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

16:51:21.0903 7780 Serenum - ok

16:51:21.0912 7780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

16:51:21.0919 7780 Serial - ok

16:51:21.0926 7780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

16:51:21.0932 7780 sermouse - ok

16:51:21.0962 7780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

16:51:21.0968 7780 sffdisk - ok

16:51:21.0981 7780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

16:51:21.0987 7780 sffp_mmc - ok

16:51:21.0998 7780 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

16:51:22.0004 7780 sffp_sd - ok

16:51:22.0015 7780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

16:51:22.0022 7780 sfloppy - ok

16:51:22.0043 7780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

16:51:22.0048 7780 sisagp - ok

16:51:22.0057 7780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:51:22.0062 7780 SiSRaid2 - ok

16:51:22.0078 7780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

16:51:22.0084 7780 SiSRaid4 - ok

16:51:22.0099 7780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

16:51:22.0115 7780 Smb - ok

16:51:22.0130 7780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

16:51:22.0135 7780 spldr - ok

16:51:22.0169 7780 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

16:51:22.0185 7780 srv - ok

16:51:22.0221 7780 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

16:51:22.0237 7780 srv2 - ok

16:51:22.0249 7780 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

16:51:22.0261 7780 srvnet - ok

16:51:22.0278 7780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

16:51:22.0283 7780 stexstor - ok

16:51:22.0311 7780 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

16:51:22.0317 7780 storflt - ok

16:51:22.0331 7780 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

16:51:22.0341 7780 storvsc - ok

16:51:22.0359 7780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

16:51:22.0364 7780 swenum - ok

16:51:22.0369 7780 Tablet2k - ok

16:51:22.0400 7780 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\Windows\system32\DRIVERS\TClass2k.sys

16:51:22.0407 7780 TClass2k - ok

16:51:22.0458 7780 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys

16:51:22.0481 7780 Tcpip - ok

16:51:22.0504 7780 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys

16:51:22.0522 7780 TCPIP6 - ok

16:51:22.0540 7780 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

16:51:22.0556 7780 tcpipreg - ok

16:51:22.0573 7780 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

16:51:22.0588 7780 TDPIPE - ok

16:51:22.0596 7780 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

16:51:22.0612 7780 TDTCP - ok

16:51:22.0624 7780 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

16:51:22.0640 7780 tdx - ok

16:51:22.0655 7780 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

16:51:22.0660 7780 TermDD - ok

16:51:22.0684 7780 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:51:22.0700 7780 tssecsrv - ok

16:51:22.0709 7780 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

16:51:22.0726 7780 tunnel - ok

16:51:22.0739 7780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

16:51:22.0744 7780 uagp35 - ok

16:51:22.0767 7780 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\Windows\system32\DRIVERS\UCTblHid.sys

16:51:22.0774 7780 UCTblHid - ok

16:51:22.0800 7780 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys

16:51:22.0808 7780 udfs - ok

16:51:22.0818 7780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

16:51:22.0823 7780 uliagpkx - ok

16:51:22.0832 7780 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

16:51:22.0839 7780 umbus - ok

16:51:22.0849 7780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

16:51:22.0856 7780 UmPass - ok

16:51:22.0888 7780 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

16:51:22.0899 7780 USBAAPL - ok

16:51:22.0926 7780 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys

16:51:22.0933 7780 usbccgp - ok

16:51:22.0949 7780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

16:51:22.0958 7780 usbcir - ok

16:51:22.0971 7780 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys

16:51:22.0977 7780 usbehci - ok

16:51:22.0994 7780 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys

16:51:23.0002 7780 usbhub - ok

16:51:23.0016 7780 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys

16:51:23.0023 7780 usbohci - ok

16:51:23.0036 7780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

16:51:23.0043 7780 usbprint - ok

16:51:23.0073 7780 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

16:51:23.0088 7780 usbscan - ok

16:51:23.0110 7780 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:51:23.0116 7780 USBSTOR - ok

16:51:23.0132 7780 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys

16:51:23.0139 7780 usbuhci - ok

16:51:23.0157 7780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

16:51:23.0162 7780 vdrvroot - ok

16:51:23.0175 7780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

16:51:23.0183 7780 vga - ok

16:51:23.0197 7780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

16:51:23.0213 7780 VgaSave - ok

16:51:23.0226 7780 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

16:51:23.0232 7780 vhdmp - ok

16:51:23.0243 7780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

16:51:23.0249 7780 viaagp - ok

16:51:23.0256 7780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

16:51:23.0262 7780 ViaC7 - ok

16:51:23.0283 7780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

16:51:23.0289 7780 viaide - ok

16:51:23.0309 7780 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

16:51:23.0315 7780 vmbus - ok

16:51:23.0776 7780 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

16:51:23.0788 7780 VMBusHID - ok

16:51:23.0801 7780 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

16:51:23.0807 7780 volmgr - ok

16:51:23.0825 7780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

16:51:23.0835 7780 volmgrx - ok

16:51:23.0845 7780 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

16:51:23.0853 7780 volsnap - ok

16:51:23.0866 7780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

16:51:23.0872 7780 vsmraid - ok

16:51:23.0884 7780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

16:51:23.0892 7780 vwifibus - ok

16:51:23.0911 7780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

16:51:23.0917 7780 WacomPen - ok

16:51:23.0933 7780 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

16:51:23.0949 7780 WANARP - ok

16:51:23.0951 7780 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

16:51:23.0967 7780 Wanarpv6 - ok

16:51:23.0983 7780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

16:51:23.0989 7780 Wd - ok

16:51:24.0006 7780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

16:51:24.0015 7780 Wdf01000 - ok

16:51:24.0034 7780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

16:51:24.0050 7780 WfpLwf - ok

16:51:24.0059 7780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

16:51:24.0064 7780 WIMMount - ok

16:51:24.0087 7780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:51:24.0094 7780 WmiAcpi - ok

16:51:24.0114 7780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

16:51:24.0130 7780 ws2ifsl - ok

16:51:24.0151 7780 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

16:51:24.0159 7780 WSDPrintDevice - ok

16:51:24.0180 7780 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys

16:51:24.0186 7780 WudfPf - ok

16:51:24.0201 7780 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:51:24.0208 7780 WUDFRd - ok

16:51:24.0224 7780 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:51:24.0313 7780 \Device\Harddisk0\DR0 - ok

16:51:24.0318 7780 Boot (0x1200) (1804e341854e9d8c25c177a7e98b0db0) \Device\Harddisk0\DR0\Partition0

16:51:24.0319 7780 \Device\Harddisk0\DR0\Partition0 - ok

16:51:24.0348 7780 Boot (0x1200) (c43a712a689cbffd6b34f45b6daab063) \Device\Harddisk0\DR0\Partition1

16:51:24.0349 7780 \Device\Harddisk0\DR0\Partition1 - ok

16:51:24.0350 7780 ============================================================

16:51:24.0350 7780 Scan finished

16:51:24.0350 7780 ============================================================

16:51:24.0362 9124 Detected object count: 1

16:51:24.0362 9124 Actual detected object count: 1

16:51:46.0808 9124 KAPFA ( UnsignedFile.Multi.Generic ) - skipped by user

16:51:46.0808 9124 KAPFA ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:52:09.0129 3176 Deinitialize success

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-16 17:33:56

-----------------------------

17:33:56.927 OS Version: Windows 6.1.7600

17:33:56.927 Number of processors: 4 586 0x2A07

17:33:56.928 ComputerName: OFFMGR3 UserName:

17:33:57.690 Initialize success

17:33:59.808 AVAST engine defs: 11111601

17:34:03.279 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:34:03.282 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 8

17:34:03.298 Disk 0 MBR read successfully

17:34:03.302 Disk 0 MBR scan

17:34:03.308 Disk 0 Windows VISTA default MBR code

17:34:03.315 Disk 0 scanning sectors +976764928

17:34:03.387 Disk 0 scanning C:\Windows\system32\drivers

17:34:10.185 Service scanning

17:34:10.514 Service Tablet2k C:\Windows\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123

17:34:11.040 Modules scanning

17:34:14.036 Disk 0 trace - called modules:

17:34:14.056

17:34:14.875 AVAST engine scan C:\Windows

17:34:17.974 AVAST engine scan C:\Windows\system32

17:35:33.683 AVAST engine scan C:\Windows\system32\drivers

17:35:40.598 AVAST engine scan C:\Users\tdrosdak

17:36:52.072 Disk 0 MBR has been saved successfully to "C:\Users\tdrosdak\Desktop\MBR.dat"

17:36:52.079 The log file has been saved successfully to "C:\Users\tdrosdak\Desktop\aswMBR.txt"

  1. Download aswMBR.exe (1870KB) to your desktop.
  2. Double click the aswMBR.exe to run it
    aswMBR1.png
  3. Click the [scan] button to start scan
    aswMBR2.png
  4. On completion of the scan click [save log], save it to your desktop and post in your next reply.

Link to post
Share on other sites

Step 1

Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.

In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Under Protection Settings, click Configure.

Under Disk Space Usage, click Delete.

Click Continue, and then click OK.

Step 2

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Autoscan.
  • Under Autoscan make sure these are checked.


  • System Memory
  • Hidden startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

After that click on Recommended to the right of Security level then choose settings then click on the tab that says Additional then under Rootkit scan choose Deep scan then choose OK.

  • Then click on Start Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
    Note: This Tool will self uninstall when you close it so please save the log before closing it.

In your next rpely, please include Kaspersky AVP log file and a new fresh DDS log only.

Link to post
Share on other sites

Maniac,

I am having difficulty copying and pasting the kas.txt file. I copy the text, but it won't paste (here or anywhere!)

Here is the DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by tdrosdak at 9:56:37 on 2011-11-18

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1367 [GMT -5:00]

.

AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Kaseya\Agent\KasAVSrv.exe

C:\Program Files\Kaseya\Agent\AgentMon.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TightVNC\tvnserver.exe

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\TightVNC\tvnserver.exe

C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe

C:\Windows\System32\WTClient.exe

C:\Program Files\Kaseya\Agent\KaUsrTsk.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\ManicTime\ManicTime.exe

C:\Program Files\CompanionLink\CompanionLink.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exe

C:\Users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\TweetDeck\TweetDeck.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [ManicTime] c:\program files\manictime\ManicTime.exe /minimized /name:

uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"

mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload

mRun: [WTClient] WTClient.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KASHTHRNTW24532506725118] "c:\program files\kaseya\agent\KaUsrTsk.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\tdrosdak\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tdrosdak\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2

TCP: Interfaces\{E5AFBC9E-9822-4344-B598-2F71600FF3F1} : DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: spba - c:\program files\common files\spba\homefus2.dll

AppInit_DLLs: c:\windows\system32\avgrsstx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\tdrosdak\appdata\roaming\mozilla\firefox\profiles\uxigwg36.default\

FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\tdrosdak\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-6-14 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-6-14 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-6-14 29712]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-6-14 243152]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-29 176128]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-6-14 308136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-29 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-4-29 110752]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2010-11-29 210896]

R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2011-6-14 221184]

R2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2011-6-14 835584]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-9 366152]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]

R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-29 2656280]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-4-29 238760]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2011-6-14 17920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-9 22216]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-29 41088]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-12 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-11-17 17:46:53 -------- d-----w- c:\programdata\Kaspersky Lab

2011-11-17 02:49:06 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-17 02:48:49 2339840 ----a-w- c:\windows\system32\win32k.sys

2011-11-17 02:48:17 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-16 21:08:09 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-15 22:55:02 -------- d-----w- c:\program files\ESET

2011-10-25 14:31:13 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}

2011-10-25 14:31:09 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}

2011-10-20 01:52:42 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-20 01:52:42 233472 ----a-w- c:\windows\system32\oleacc.dll

.

==================== Find3M ====================

.

2011-11-18 14:02:56 1682 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-15 20:41:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-12 13:27:45 12526792 ----a-w- c:\program files\common files\lpuninstall.exe

.

============= FINISH: 10:02:36.75 ===============

Step 1

Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.

In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Under Protection Settings, click Configure.

Under Disk Space Usage, click Delete.

Click Continue, and then click OK.

Step 2

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Autoscan.
  • Under Autoscan make sure these are checked.


  • System Memory
  • Hidden startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

After that click on Recommended to the right of Security level then choose settings then click on the tab that says Additional then under Rootkit scan choose Deep scan then choose OK.

  • Then click on Start Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
    Note: This Tool will self uninstall when you close it so please save the log before closing it.

In your next rpely, please include Kaspersky AVP log file and a new fresh DDS log only.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.