TerryD Posted November 15, 2011 ID:494972 Share Posted November 15, 2011 I get the same 184 infected files no matter how many times or ways I try to run malwarebytes.I hope I am doing this correctly, I have never posted here before!DDS:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by tdrosdak at 17:24:47 on 2011-11-15Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1562 [GMT -5:00].AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exeC:\Windows\system32\atieclxx.exeC:\Program Files\Common Files\SPBA\upeksvr.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\system32\IProsetMonitor.exeC:\Program Files\Intel\Services\IPT\jhi_service.exeC:\Program Files\Kaseya\Agent\KasAVSrv.exeC:\Program Files\Kaseya\Agent\AgentMon.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXEC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\TightVNC\tvnserver.exeC:\Windows\System32\Drivers\WTSRV.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\taskhost.exeC:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtDCpl.exeC:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\dell\DBRM\Reminder\DbrmTrayicon.exeC:\Program Files\TightVNC\tvnserver.exeC:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exeC:\Windows\System32\WTClient.exeC:\Program Files\Kaseya\Agent\KaUsrTsk.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\DisplayFusion\DisplayFusion.exeC:\Program Files\ManicTime\ManicTime.exeC:\Program Files\CompanionLink\CompanionLink.exeC:\Program Files\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exeC:\Users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = 192.168.*.*;*.localBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLLBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLLBHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"uRun: [ManicTime] c:\program files\manictime\ManicTime.exe /minimized /name: uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -IconuRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exemRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exemRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exemRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slavemRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preloadmRun: [WTClient] WTClient.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [KASHTHRNTW24532506725118] "c:\program files\kaseya\agent\KaUsrTsk.exe"mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [<NO NAME>] mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\users\tdrosdak\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tdrosdak\appdata\roaming\dropbox\bin\Dropbox.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exemPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: DisableCAD = 1 (0x1)mPolicies-system: SoftwareSASGeneration = 1 (0x1)IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2TCP: Interfaces\{E5AFBC9E-9822-4344-B598-2F71600FF3F1} : DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: spba - c:\program files\common files\spba\homefus2.dllAppInit_DLLs: c:\windows\system32\avgrsstx.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\tdrosdak\appdata\roaming\mozilla\firefox\profiles\uxigwg36.default\FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2FF - prefs.js: network.proxy.type - 0FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\tdrosdak\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll.============= SERVICES / DRIVERS ===============.R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-6-14 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-6-14 216400]R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-6-14 29712]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-6-14 243152]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-29 176128]R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-6-14 308136]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-29 13336]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-4-29 110752]R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2010-11-29 210896]R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2011-6-14 221184]R2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2011-6-14 835584]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-9 366152]R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-29 2656280]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-4-29 238760]R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2011-6-14 17920]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-9 22216]R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-29 41088]R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-12 1343400]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040].=============== Created Last 30 ================.2011-11-15 22:16:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-11-15 22:16:03 65536 ---hatw- c:\users\tdrosdak\~archive.pst.tmp2011-10-25 14:31:13 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}2011-10-25 14:31:09 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}2011-10-20 01:53:16 2332672 ----a-w- c:\windows\system32\win32k.sys2011-10-20 01:52:42 571904 ----a-w- c:\windows\system32\oleaut32.dll2011-10-20 01:52:42 233472 ----a-w- c:\windows\system32\oleacc.dll.==================== Find3M ====================.2011-11-15 22:15:26 1682 --sha-w- c:\programdata\KGyGaAvL.sys2011-11-15 20:41:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec2011-05-12 13:27:45 12526792 ----a-w- c:\program files\common files\lpuninstall.exe.============= FINISH: 17:25:33.47 ===============Attach.txt Link to post Share on other sites More sharing options...
Maniac Posted November 15, 2011 ID:495005 Share Posted November 15, 2011 Hello TerryD! My name is Maniac and I will be glad to help you solve your malware problem.Please note:I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/paste in your next reply.Step 1Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.Click Start => Control Panel.Double-click the Java icon in the control panel. The Java Control Panel appears.Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.Click Delete Files. The Delete Temporary Files dialog box appears.Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively. Step 2I need to know what Malwarebytes' Anti-Malware found on your system, so:Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, please post the following log files:Malwarebytes' Anti-Malware loga new fresh DDS log only Link to post Share on other sites More sharing options...
TerryD Posted November 16, 2011 Author ID:495225 Share Posted November 16, 2011 Maniac,Thanks so much for your help and clear directions. Let me know if I do this correctly...mbam log:Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8175Windows 6.1.7600Internet Explorer 8.0.7600.1638511/16/2011 9:47:44 AMmbam-log-2011-11-16 (09-47-44).txtScan type: Quick scanObjects scanned: 243571Time elapsed: 3 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 184Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\winapp\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windupdt\control\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\windowsupdate\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\admin\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\exch-serv\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\public\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\qbdataserviceuser18\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdrosdak\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdservice\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\localservice\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\desktop\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\win\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\programdata\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\admin\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\windows\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\programdata\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\admin\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\winupdater\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\winupdater\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\program files\install\winupdate.exe (Trojan.Agent.I) -> Delete on reboot.c:\programdata\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\users\admin\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\users\tdservice\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\directory\winupdate.exe (Worm.Ainslot) -> Delete on reboot.c:\windows\cache\winupdate.exe (Email.Worm) -> Delete on reboot.c:\windows\k\winupdate.exe (Backdoor.IRCBot) -> Delete on reboot.c:\windows\system32\windupdt\winupdate.exe (Trojan.Dropper) -> Delete on reboot.c:\programdata\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\users\admin\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\users\tdservice\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\users\admin\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\exch-serv\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\public\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdrosdak\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\documents\sys\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\admin\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\exch-serv\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\public\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdrosdak\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\documents\system\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\program files\windows updates\winupdate.exe (Backdoor.Bifrose) -> Delete on reboot.c:\windows\system32\command\winupdate.exe (Backdoor.SpyNet) -> Delete on reboot.c:\windows\system32\system32\winupdate.exe (Backdoor.SpyNet) -> Delete on reboot.c:\windows\system32\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\windows\system32\winupdate\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\ocxlist\winupdate.exe (Trojan.Banker) -> Delete on reboot.c:\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\programdata\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\users\admin\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\users\tdservice\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\system32\hosts\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\programdata\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\admin\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\updates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\n\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\recache\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\windupdt\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\system32\install\winupdate.exe (Trojan.Backdoor) -> Delete on reboot.c:\windows\windowsupdate\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\programdata\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\admin\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\windupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\1634\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\winupdate\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\admin\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\exch-serv\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\public\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdrosdak\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\local\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\temp\windupdt\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\programdata\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\admin\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\windowsupdatesystem\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\update\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\update\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\windupdte\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\aggiornamenti\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\censoredyou\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\winupt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\sys64\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\system32\win\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\programdata\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\admin\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdservice\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\update\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\install\winupdate.exe (Backdoor.Agent) -> Delete on reboot.c:\windows\system32\winndupdat\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows update\winupdate.exe (Backdoor.Bot) -> Delete on reboot.c:\windows\system32\rrt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\programdata\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\users\tdservice\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\windupdt\winupdate.exe (Trojan.Inject) -> Delete on reboot.c:\programdata\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\admin\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\exch-serv\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\qbdataserviceuser18\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdrosdak\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\tdservice\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\localservice\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\config\systemprofile\appdata\roaming\windows updates\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\driver\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\configuration\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\windows\system32\xwindupdt\winupdate.exe (Backdoor.Agent.DC) -> Delete on reboot.c:\users\admin\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\exch-serv\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\public\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\qbdataserviceuser18\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdrosdak\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\users\tdservice\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\localservice\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\serviceprofiles\networkservice\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.c:\windows\system32\config\systemprofile\templates\winupdate.exe (Trojan.Agent) -> Delete on reboot.DDS log.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by tdrosdak at 10:03:45 on 2011-11-16Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1603 [GMT -5:00].AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exeC:\Program Files\Common Files\SPBA\upeksvr.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\system32\IProsetMonitor.exeC:\Program Files\Intel\Services\IPT\jhi_service.exeC:\Program Files\Kaseya\Agent\KasAVSrv.exeC:\Program Files\Kaseya\Agent\AgentMon.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXEC:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\TightVNC\tvnserver.exeC:\Windows\System32\Drivers\WTSRV.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files\Realtek\Audio\HDA\RtDCpl.exeC:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\dell\DBRM\Reminder\DbrmTrayicon.exeC:\Program Files\TightVNC\tvnserver.exeC:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exeC:\Windows\System32\WTClient.exeC:\Program Files\Kaseya\Agent\KaUsrTsk.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\DisplayFusion\DisplayFusion.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\ManicTime\ManicTime.exeC:\Program Files\CompanionLink\CompanionLink.exeC:\Program Files\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exeC:\Users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Windows\system32\wbem\wmiprvse.exe\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\conhost.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = 192.168.*.*;*.localBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLLBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLLBHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"uRun: [ManicTime] c:\program files\manictime\ManicTime.exe /minimized /name: uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -IconuRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exemRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exemRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exemRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slavemRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preloadmRun: [WTClient] WTClient.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [KASHTHRNTW24532506725118] "c:\program files\kaseya\agent\KaUsrTsk.exe"mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [<NO NAME>] mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\users\tdrosdak\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tdrosdak\appdata\roaming\dropbox\bin\Dropbox.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exemPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: DisableCAD = 1 (0x1)mPolicies-system: SoftwareSASGeneration = 1 (0x1)IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2TCP: Interfaces\{E5AFBC9E-9822-4344-B598-2F71600FF3F1} : DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: spba - c:\program files\common files\spba\homefus2.dllAppInit_DLLs: c:\windows\system32\avgrsstx.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\tdrosdak\appdata\roaming\mozilla\firefox\profiles\uxigwg36.default\FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2FF - prefs.js: network.proxy.type - 0FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\tdrosdak\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll.============= SERVICES / DRIVERS ===============.R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-6-14 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-6-14 216400]R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-6-14 29712]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-6-14 243152]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-29 176128]R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-6-14 308136]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-29 13336]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-4-29 110752]R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2010-11-29 210896]R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2011-6-14 221184]R2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2011-6-14 835584]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-9 366152]R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-29 2656280]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-4-29 238760]R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2011-6-14 17920]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-9 22216]R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-29 41088]R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-12 1343400]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040].=============== Created Last 30 ================.2011-11-16 15:02:06 65536 ---hatw- c:\users\tdrosdak\~archive.pst.tmp2011-11-15 22:55:02 -------- d-----w- c:\program files\ESET2011-10-25 14:31:13 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}2011-10-25 14:31:09 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}2011-10-20 01:53:16 2332672 ----a-w- c:\windows\system32\win32k.sys2011-10-20 01:52:42 571904 ----a-w- c:\windows\system32\oleaut32.dll2011-10-20 01:52:42 233472 ----a-w- c:\windows\system32\oleacc.dll.==================== Find3M ====================.2011-11-16 14:59:16 1682 --sha-w- c:\programdata\KGyGaAvL.sys2011-11-15 20:41:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec2011-05-12 13:27:45 12526792 ----a-w- c:\program files\common files\lpuninstall.exe.============= FINISH: 10:10:53.86 =============== Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495235 Share Posted November 16, 2011 Thanks!Follow the instructions here to download and run ComboFix tool:bleepingcomputer.com/combofix/how-to-use-combofix#usePlease post the log file when you are ready. Link to post Share on other sites More sharing options...
TerryD Posted November 16, 2011 Author ID:495323 Share Posted November 16, 2011 Here is the log file:ComboFix 11-11-16.01 - tdrosdak 11/16/2011 16:01:12.2.4 - x86Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1809 [GMT -5:00]Running from: c:\users\tdrosdak\Desktop\ComboFix.exeAV: AVG Internet Security Network Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Internet Security Network Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))..2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\tdservice\AppData\Local\temp2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\Public\AppData\Local\temp2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\exch-serv\AppData\Local\temp2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-16 21:07 . 2011-11-16 21:07 -------- d-----w- c:\users\admin\AppData\Local\temp2011-11-15 22:55 . 2011-11-15 22:55 -------- d-----w- c:\program files\ESET2011-10-25 14:31 . 2011-10-25 14:31 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}2011-10-25 14:31 . 2011-10-25 14:31 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}2011-10-20 01:53 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys2011-10-20 01:52 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll2011-10-20 01:52 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-16 20:57 . 2011-05-11 20:51 1682 --sha-w- c:\programdata\KGyGaAvL.sys2011-11-16 13:35 . 2011-05-12 02:40 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin2011-11-15 20:41 . 2011-05-27 16:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-11 13:22 . 2010-11-30 10:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll2011-09-13 08:52 . 2011-06-14 15:24 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2011-08-31 22:00 . 2011-06-09 18:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-12 13:27 . 2011-05-12 13:27 12526792 ----a-w- c:\program files\Common Files\lpuninstall.exe2011-11-09 21:01 . 2011-05-11 20:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2011-10-03 2456992]"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2011-07-26 585040]"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2011-08-11 26451456]"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2010-10-04 2697832]"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-17 98304]"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-12-21 28672]"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-12-21 337224]"WTClient"="WTClient.exe" [2009-10-30 32768]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"KASHTHRNTW24532506725118"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2011-01-26 380928]"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-5-12 12526792].c:\users\exch-serv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-5-12 12526792].c:\users\tdrosdak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-12 113664]Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-12-21 91136].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"DisableCAD"= 1 (0x1)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]"NoAutoUpdate"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KATHRNTW24532506725118]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]R2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-12-21 81920]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1343400]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2011-06-14 52872]S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2011-06-14 216400]S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-06-14 243152]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 176128]S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2011-06-14 308136]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 110752]S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]S2 KaseyaAVService;Kaseya Security Service;c:\program files\Kaseya\Agent\KasAVSrv.exe [2011-06-24 221184]S2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [2011-04-11 835584]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 1577376]S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448]S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-27 7566848]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-27 238592]S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-10-28 238760]S3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [2010-11-18 17920]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = 192.168.*.*;*.localIE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2FF - ProfilePath - c:\users\tdrosdak\AppData\Roaming\Mozilla\Firefox\Profiles\uxigwg36.default\FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2FF - prefs.js: network.proxy.type - 0..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(616)c:\windows\System32\TdmNetworkProvider.dll.- - - - - - - > 'Explorer.exe'(5424)c:\users\tdrosdak\AppData\Roaming\Dropbox\bin\DropboxExt.14.dllc:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dllc:\program files\DisplayFusion\Hooks\AppHookx86_F4071ADA-0905-4280-8A67-1EBE97946CC3.dll.Completion time: 2011-11-16 16:08:41ComboFix-quarantined-files.txt 2011-11-16 21:08ComboFix2.txt 2011-09-02 15:18.Pre-Run: 415,147,454,464 bytes freePost-Run: 415,155,265,536 bytes free.- - End Of File - - 1E1148BA47C14ABCF800B953B3EE8AE8Thanks!Follow the instructions here to download and run ComboFix tool:bleepingcomputer.com/combofix/how-to-use-combofix#usePlease post the log file when you are ready. Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495326 Share Posted November 16, 2011 Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. Link to post Share on other sites More sharing options...
TerryD Posted November 16, 2011 Author ID:495331 Share Posted November 16, 2011 Here is the result from TDSSKiller:16:48:55.0001 9596 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:5016:48:55.0300 9596 ============================================================16:48:55.0300 9596 Current date / time: 2011/11/16 16:48:55.029916:48:55.0300 9596 SystemInfo:16:48:55.0300 9596 16:48:55.0300 9596 OS Version: 6.1.7600 ServicePack: 0.016:48:55.0300 9596 Product type: Workstation16:48:55.0300 9596 ComputerName: OFFMGR316:48:55.0300 9596 UserName: tdrosdak16:48:55.0300 9596 Windows directory: C:\Windows16:48:55.0300 9596 System windows directory: C:\Windows16:48:55.0300 9596 Processor architecture: Intel x8616:48:55.0300 9596 Number of processors: 416:48:55.0300 9596 Page size: 0x100016:48:55.0300 9596 Boot type: Normal boot16:48:55.0300 9596 ============================================================16:48:55.0619 9596 Initialize success16:49:26.0935 5548 ============================================================16:49:26.0935 5548 Scan started16:49:26.0935 5548 Mode: Manual; SigCheck; TDLFS; 16:49:26.0935 5548 ============================================================16:49:27.0338 5548 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys16:49:27.0426 5548 1394ohci - ok16:49:27.0511 5548 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys16:49:27.0527 5548 ACPI - ok16:49:27.0563 5548 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys16:49:27.0590 5548 AcpiPmi - ok16:49:27.0692 5548 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys16:49:27.0704 5548 adp94xx - ok16:49:27.0727 5548 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys16:49:27.0735 5548 adpahci - ok16:49:27.0748 5548 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys16:49:27.0755 5548 adpu320 - ok16:49:27.0788 5548 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys16:49:27.0805 5548 AFD - ok16:49:27.0820 5548 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys16:49:27.0826 5548 agp440 - ok16:49:27.0853 5548 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys16:49:27.0859 5548 aic78xx - ok16:49:27.0887 5548 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys16:49:27.0892 5548 aliide - ok16:49:27.0914 5548 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys16:49:27.0920 5548 amdagp - ok16:49:27.0941 5548 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys16:49:27.0946 5548 amdide - ok16:49:27.0966 5548 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys16:49:27.0979 5548 AmdK8 - ok16:49:28.0117 5548 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys16:49:28.0180 5548 amdkmdag - ok16:49:28.0211 5548 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys16:49:28.0225 5548 amdkmdap - ok16:49:28.0258 5548 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys16:49:28.0281 5548 AmdPPM - ok16:49:28.0316 5548 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys16:49:28.0327 5548 amdsata - ok16:49:28.0367 5548 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys16:49:28.0379 5548 amdsbs - ok16:49:28.0392 5548 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys16:49:28.0397 5548 amdxata - ok16:49:28.0426 5548 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys16:49:28.0446 5548 AppID - ok16:49:28.0480 5548 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys16:49:28.0487 5548 arc - ok16:49:28.0498 5548 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys16:49:28.0505 5548 arcsas - ok16:49:28.0529 5548 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys16:49:28.0567 5548 AsyncMac - ok16:49:28.0607 5548 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys16:49:28.0617 5548 atapi - ok16:49:28.0679 5548 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys16:49:28.0706 5548 AvgLdx86 - ok16:49:29.0202 5548 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\system32\Drivers\avgmfx86.sys16:49:29.0210 5548 AvgMfx86 - ok16:49:29.0234 5548 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys16:49:29.0243 5548 AvgRkx86 - ok16:49:29.0261 5548 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys16:49:29.0267 5548 AvgTdiX - ok16:49:29.0302 5548 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys16:49:29.0333 5548 b06bdrv - ok16:49:29.0364 5548 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys16:49:29.0391 5548 b57nd60x - ok16:49:29.0422 5548 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys16:49:29.0464 5548 Beep - ok16:49:29.0507 5548 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys16:49:29.0525 5548 blbdrive - ok16:49:29.0566 5548 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys16:49:29.0592 5548 bowser - ok16:49:29.0614 5548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys16:49:29.0641 5548 BrFiltLo - ok16:49:29.0663 5548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys16:49:29.0688 5548 BrFiltUp - ok16:49:29.0723 5548 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys16:49:29.0748 5548 Brserid - ok16:49:29.0776 5548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys16:49:29.0789 5548 BrSerWdm - ok16:49:29.0801 5548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys16:49:29.0825 5548 BrUsbMdm - ok16:49:29.0831 5548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys16:49:29.0846 5548 BrUsbSer - ok16:49:29.0863 5548 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys16:49:29.0879 5548 BTHMODEM - ok16:49:29.0973 5548 catchme - ok16:49:30.0047 5548 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys16:49:30.0091 5548 cdfs - ok16:49:30.0120 5548 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys16:49:30.0143 5548 cdrom - ok16:49:30.0178 5548 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys16:49:30.0189 5548 circlass - ok16:49:30.0217 5548 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys16:49:30.0226 5548 CLFS - ok16:49:30.0253 5548 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys16:49:30.0259 5548 CmBatt - ok16:49:30.0266 5548 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys16:49:30.0271 5548 cmdide - ok16:49:30.0290 5548 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys16:49:30.0312 5548 CNG - ok16:49:30.0318 5548 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys16:49:30.0323 5548 Compbatt - ok16:49:30.0347 5548 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys16:49:30.0365 5548 CompositeBus - ok16:49:30.0383 5548 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys16:49:30.0388 5548 crcdisk - ok16:49:30.0422 5548 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys16:49:30.0442 5548 CSC - ok16:49:30.0486 5548 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys16:49:30.0510 5548 DfsC - ok16:49:30.0538 5548 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys16:49:30.0575 5548 discache - ok16:49:30.0609 5548 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys16:49:30.0619 5548 Disk - ok16:49:30.0679 5548 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys16:49:30.0702 5548 Dot4 - ok16:49:30.0723 5548 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys16:49:30.0739 5548 Dot4Print - ok16:49:30.0752 5548 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys16:49:30.0760 5548 dot4usb - ok16:49:30.0782 5548 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys16:49:30.0801 5548 drmkaud - ok16:49:30.0829 5548 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys16:49:30.0841 5548 DXGKrnl - ok16:49:30.0867 5548 e1cexpress (94ad8bae670e55bf646796b56bac53a4) C:\Windows\system32\DRIVERS\e1c6232.sys16:49:30.0873 5548 e1cexpress - ok16:49:30.0958 5548 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys16:49:30.0995 5548 ebdrv - ok16:49:31.0015 5548 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys16:49:31.0025 5548 elxstor - ok16:49:31.0036 5548 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys16:49:31.0053 5548 ErrDev - ok16:49:31.0075 5548 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys16:49:31.0091 5548 exfat - ok16:49:31.0108 5548 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys16:49:31.0125 5548 fastfat - ok16:49:31.0149 5548 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys16:49:31.0166 5548 fdc - ok16:49:31.0186 5548 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys16:49:31.0192 5548 FileInfo - ok16:49:31.0207 5548 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys16:49:31.0223 5548 Filetrace - ok16:49:31.0231 5548 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys16:49:31.0249 5548 flpydisk - ok16:49:31.0262 5548 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys16:49:31.0268 5548 FltMgr - ok16:49:31.0288 5548 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys16:49:31.0294 5548 FsDepends - ok16:49:31.0320 5548 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys16:49:31.0326 5548 Fs_Rec - ok16:49:31.0353 5548 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys16:49:31.0369 5548 fvevol - ok16:49:31.0386 5548 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys16:49:31.0391 5548 gagp30kx - ok16:49:31.0415 5548 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys16:49:31.0423 5548 GEARAspiWDM - ok16:49:31.0440 5548 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys16:49:31.0452 5548 hcw85cir - ok16:49:31.0476 5548 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys16:49:31.0492 5548 HDAudBus - ok16:49:31.0508 5548 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys16:49:31.0521 5548 HidBatt - ok16:49:31.0533 5548 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys16:49:31.0548 5548 HidBth - ok16:49:31.0569 5548 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys16:49:31.0589 5548 HidIr - ok16:49:31.0620 5548 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys16:49:31.0644 5548 HidUsb - ok16:49:31.0683 5548 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys16:49:31.0693 5548 HpSAMD - ok16:49:31.0715 5548 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys16:49:31.0735 5548 HTTP - ok16:49:31.0745 5548 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys16:49:31.0750 5548 hwpolicy - ok16:49:31.0774 5548 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys16:49:31.0792 5548 i8042prt - ok16:49:31.0821 5548 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys16:49:31.0829 5548 iaStor - ok16:49:31.0869 5548 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys16:49:31.0885 5548 iaStorV - ok16:49:31.0913 5548 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys16:49:31.0918 5548 iirsp - ok16:49:31.0984 5548 IntcAzAudAddService (55da507ff4762d38427c19dbfdf56763) C:\Windows\system32\drivers\RTDVHDA.sys16:49:32.0016 5548 IntcAzAudAddService - ok16:49:32.0037 5548 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys16:49:32.0041 5548 intelide - ok16:49:32.0069 5548 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys16:49:32.0078 5548 intelppm - ok16:49:32.0098 5548 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys16:49:32.0122 5548 IpFilterDriver - ok16:49:32.0137 5548 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys16:49:32.0156 5548 IPMIDRV - ok16:49:32.0171 5548 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys16:49:32.0199 5548 IPNAT - ok16:49:32.0228 5548 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys16:49:32.0253 5548 IRENUM - ok16:49:32.0267 5548 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys16:49:32.0272 5548 isapnp - ok16:49:32.0285 5548 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys16:49:32.0291 5548 iScsiPrt - ok16:49:32.0324 5548 KAPFA (f0c4a6d81d30866aaf8cfa983d9d13d7) C:\Windows\system32\drivers\KAPFA.SYS16:49:32.0334 5548 KAPFA ( UnsignedFile.Multi.Generic ) - warning16:49:32.0334 5548 KAPFA - detected UnsignedFile.Multi.Generic (1)16:49:32.0401 5548 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys16:49:32.0408 5548 kbdclass - ok16:49:32.0421 5548 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys16:49:32.0441 5548 kbdhid - ok16:49:32.0462 5548 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys16:49:32.0469 5548 KSecDD - ok16:49:32.0489 5548 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys16:49:32.0497 5548 KSecPkg - ok16:49:32.0528 5548 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys16:49:32.0555 5548 lltdio - ok16:49:32.0586 5548 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys16:49:32.0592 5548 LSI_FC - ok16:49:32.0603 5548 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys16:49:32.0609 5548 LSI_SAS - ok16:49:32.0624 5548 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys16:49:32.0630 5548 LSI_SAS2 - ok16:49:32.0647 5548 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys16:49:32.0653 5548 LSI_SCSI - ok16:49:32.0666 5548 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys16:49:32.0695 5548 luafv - ok16:49:32.0731 5548 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys16:49:32.0739 5548 MBAMProtector - ok16:49:32.0762 5548 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys16:49:32.0769 5548 megasas - ok16:49:32.0788 5548 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys16:49:32.0795 5548 MegaSR - ok16:49:32.0822 5548 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys16:49:32.0841 5548 MEI - ok16:49:32.0873 5548 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys16:49:32.0911 5548 Modem - ok16:49:32.0938 5548 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys16:49:32.0961 5548 monitor - ok16:49:33.0070 5548 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys16:49:33.0104 5548 motusbdevice - ok16:49:33.0127 5548 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys16:49:33.0138 5548 mouclass - ok16:49:33.0165 5548 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys16:49:33.0184 5548 mouhid - ok16:49:33.0200 5548 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys16:49:33.0211 5548 mountmgr - ok16:49:33.0227 5548 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys16:49:33.0233 5548 mpio - ok16:49:33.0246 5548 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys16:49:33.0275 5548 mpsdrv - ok16:49:33.0287 5548 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys16:49:33.0305 5548 MRxDAV - ok16:49:33.0340 5548 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys16:49:33.0378 5548 mrxsmb - ok16:49:33.0443 5548 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys16:49:33.0467 5548 mrxsmb10 - ok16:49:33.0498 5548 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys16:49:33.0512 5548 mrxsmb20 - ok16:49:33.0532 5548 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys16:49:33.0537 5548 msahci - ok16:49:33.0571 5548 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys16:49:33.0579 5548 msdsm - ok16:49:33.0610 5548 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys16:49:33.0626 5548 Msfs - ok16:49:33.0636 5548 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys16:49:33.0656 5548 mshidkmdf - ok16:49:33.0673 5548 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys16:49:33.0678 5548 msisadrv - ok16:49:33.0706 5548 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys16:49:33.0726 5548 MSKSSRV - ok16:49:33.0740 5548 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys16:49:33.0764 5548 MSPCLOCK - ok16:49:33.0770 5548 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys16:49:33.0792 5548 MSPQM - ok16:49:33.0807 5548 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys16:49:33.0814 5548 MsRPC - ok16:49:33.0826 5548 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys16:49:33.0831 5548 mssmbios - ok16:49:33.0861 5548 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys16:49:33.0881 5548 MSTEE - ok16:49:33.0895 5548 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys16:49:33.0910 5548 MTConfig - ok16:49:33.0925 5548 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys16:49:33.0930 5548 Mup - ok16:49:33.0955 5548 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys16:49:33.0981 5548 NativeWifiP - ok16:49:34.0010 5548 NDIS (1f4b318f88984545cd108bd777258924) C:\Windows\system32\drivers\ndis.sys16:49:34.0022 5548 NDIS - ok16:49:34.0034 5548 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys16:49:34.0050 5548 NdisCap - ok16:49:34.0070 5548 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys16:49:34.0107 5548 NdisTapi - ok16:49:34.0120 5548 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys16:49:34.0136 5548 Ndisuio - ok16:49:34.0151 5548 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys16:49:34.0168 5548 NdisWan - ok16:49:34.0177 5548 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys16:49:34.0193 5548 NDProxy - ok16:49:34.0287 5548 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys16:49:34.0327 5548 NetBIOS - ok16:49:34.0346 5548 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys16:49:34.0363 5548 NetBT - ok16:49:34.0400 5548 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys16:49:34.0405 5548 nfrd960 - ok16:49:34.0423 5548 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys16:49:34.0439 5548 Npfs - ok16:49:34.0477 5548 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys16:49:34.0502 5548 nsiproxy - ok16:49:34.0551 5548 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys16:49:34.0568 5548 Ntfs - ok16:49:34.0589 5548 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys16:49:34.0613 5548 Null - ok16:49:34.0654 5548 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys16:49:34.0664 5548 nvraid - ok16:49:34.0683 5548 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys16:49:34.0690 5548 nvstor - ok16:49:34.0727 5548 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys16:49:34.0733 5548 nv_agp - ok16:49:34.0757 5548 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys16:49:34.0802 5548 ohci1394 - ok16:49:34.0852 5548 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys16:49:34.0875 5548 Parport - ok16:49:34.0888 5548 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys16:49:34.0897 5548 partmgr - ok16:49:34.0906 5548 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys16:49:34.0920 5548 Parvdm - ok16:49:34.0952 5548 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys16:49:34.0961 5548 PBADRV - ok16:49:34.0985 5548 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys16:49:34.0993 5548 pci - ok16:49:35.0013 5548 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys16:49:35.0019 5548 pciide - ok16:49:35.0039 5548 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys16:49:35.0047 5548 pcmcia - ok16:49:35.0060 5548 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys16:49:35.0065 5548 pcw - ok16:49:35.0090 5548 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys16:49:35.0119 5548 PEAUTH - ok16:49:35.0185 5548 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys16:49:35.0194 5548 Point32 - ok16:49:35.0232 5548 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys16:49:35.0273 5548 PptpMiniport - ok16:49:35.0298 5548 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys16:49:35.0321 5548 Processor - ok16:49:35.0356 5548 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys16:49:35.0382 5548 Psched - ok16:49:35.0428 5548 PTSimBus (c456c2db7f7d6a3112a360ddf315298b) C:\Windows\system32\DRIVERS\PTSimBus.sys16:49:35.0441 5548 PTSimBus - ok16:49:35.0453 5548 PTSimHid (f98bb914074a43e7e83ea98d7d13d612) C:\Windows\system32\DRIVERS\PTSimHid.sys16:49:35.0472 5548 PTSimHid - ok16:49:35.0499 5548 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys16:49:35.0509 5548 PxHelp20 - ok16:49:35.0554 5548 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys16:49:35.0573 5548 ql2300 - ok16:49:35.0598 5548 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys16:49:35.0604 5548 ql40xx - ok16:49:35.0626 5548 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys16:49:35.0651 5548 QWAVEdrv - ok16:49:35.0665 5548 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys16:49:35.0691 5548 RasAcd - ok16:49:35.0739 5548 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys16:49:35.0778 5548 RasAgileVpn - ok16:49:35.0795 5548 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys16:49:35.0823 5548 Rasl2tp - ok16:49:35.0840 5548 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys16:49:35.0864 5548 RasPppoe - ok16:49:35.0891 5548 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys16:49:35.0907 5548 RasSstp - ok16:49:35.0919 5548 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys16:49:35.0945 5548 rdbss - ok16:49:35.0970 5548 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys16:49:35.0995 5548 rdpbus - ok16:49:36.0015 5548 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys16:49:36.0040 5548 RDPCDD - ok16:49:36.0072 5548 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys16:49:36.0093 5548 RDPDR - ok16:49:36.0129 5548 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys16:49:36.0160 5548 RDPENCDD - ok16:49:36.0172 5548 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys16:49:36.0193 5548 RDPREFMP - ok16:49:36.0211 5548 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys16:49:36.0227 5548 RDPWD - ok16:49:36.0258 5548 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys16:49:36.0265 5548 rdyboost - ok16:49:36.0307 5548 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys16:49:36.0343 5548 RimUsb - ok16:49:36.0381 5548 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys16:49:36.0408 5548 RimVSerPort - ok16:49:36.0441 5548 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys16:49:36.0482 5548 ROOTMODEM - ok16:49:36.0523 5548 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys16:49:36.0529 5548 RsFx0150 - ok16:49:36.0554 5548 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys16:49:36.0576 5548 rspndr - ok16:49:36.0596 5548 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys16:49:36.0613 5548 s3cap - ok16:49:36.0659 5548 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys16:49:36.0670 5548 sbp2port - ok16:49:36.0702 5548 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys16:49:36.0750 5548 scfilter - ok16:49:36.0861 5548 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys16:49:36.0915 5548 secdrv - ok16:49:37.0031 5548 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys16:49:37.0044 5548 Serenum - ok16:49:37.0080 5548 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys16:49:37.0111 5548 Serial - ok16:49:37.0150 5548 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys16:49:37.0175 5548 sermouse - ok16:49:37.0213 5548 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys16:49:37.0256 5548 sffdisk - ok16:49:37.0265 5548 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys16:49:37.0290 5548 sffp_mmc - ok16:49:37.0307 5548 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys16:49:37.0319 5548 sffp_sd - ok16:49:37.0333 5548 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys16:49:37.0349 5548 sfloppy - ok16:49:37.0377 5548 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys16:49:37.0383 5548 sisagp - ok16:49:37.0400 5548 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys16:49:37.0405 5548 SiSRaid2 - ok16:49:37.0421 5548 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys16:49:37.0426 5548 SiSRaid4 - ok16:49:37.0458 5548 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys16:49:37.0504 5548 Smb - ok16:49:37.0539 5548 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys16:49:37.0550 5548 spldr - ok16:49:37.0621 5548 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys16:49:37.0647 5548 srv - ok16:49:37.0681 5548 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys16:49:37.0706 5548 srv2 - ok16:49:37.0725 5548 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys16:49:37.0742 5548 srvnet - ok16:49:37.0770 5548 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys16:49:37.0777 5548 stexstor - ok16:49:37.0821 5548 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys16:49:37.0831 5548 storflt - ok16:49:37.0849 5548 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys16:49:37.0854 5548 storvsc - ok16:49:37.0868 5548 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys16:49:37.0873 5548 swenum - ok16:49:37.0879 5548 Tablet2k - ok16:49:37.0910 5548 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\Windows\system32\DRIVERS\TClass2k.sys16:49:37.0933 5548 TClass2k - ok16:49:37.0993 5548 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys16:49:38.0021 5548 Tcpip - ok16:49:38.0072 5548 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys16:49:38.0104 5548 TCPIP6 - ok16:49:38.0132 5548 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys16:49:38.0157 5548 tcpipreg - ok16:49:38.0191 5548 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys16:49:38.0207 5548 TDPIPE - ok16:49:38.0222 5548 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys16:49:38.0238 5548 TDTCP - ok16:49:38.0250 5548 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys16:49:38.0266 5548 tdx - ok16:49:38.0281 5548 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys16:49:38.0286 5548 TermDD - ok16:49:38.0319 5548 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys16:49:38.0334 5548 tssecsrv - ok16:49:38.0360 5548 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys16:49:38.0382 5548 tunnel - ok16:49:38.0398 5548 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys16:49:38.0404 5548 uagp35 - ok16:49:38.0451 5548 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\Windows\system32\DRIVERS\UCTblHid.sys16:49:38.0474 5548 UCTblHid - ok16:49:38.0502 5548 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys16:49:38.0540 5548 udfs - ok16:49:38.0584 5548 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys16:49:38.0594 5548 uliagpkx - ok16:49:38.0617 5548 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys16:49:38.0637 5548 umbus - ok16:49:38.0659 5548 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys16:49:38.0681 5548 UmPass - ok16:49:38.0731 5548 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys16:49:38.0757 5548 USBAAPL - ok16:49:38.0786 5548 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys16:49:38.0825 5548 usbccgp - ok16:49:38.0859 5548 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys16:49:38.0882 5548 usbcir - ok16:49:38.0905 5548 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys16:49:38.0918 5548 usbehci - ok16:49:38.0946 5548 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys16:49:38.0962 5548 usbhub - ok16:49:38.0976 5548 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys16:49:38.0990 5548 usbohci - ok16:49:39.0012 5548 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys16:49:39.0028 5548 usbprint - ok16:49:39.0058 5548 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys16:49:39.0081 5548 usbscan - ok16:49:39.0103 5548 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS16:49:39.0123 5548 USBSTOR - ok16:49:39.0152 5548 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys16:49:39.0171 5548 usbuhci - ok16:49:39.0633 5548 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys16:49:39.0643 5548 vdrvroot - ok16:49:39.0659 5548 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys16:49:39.0680 5548 vga - ok16:49:39.0698 5548 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys16:49:39.0721 5548 VgaSave - ok16:49:39.0735 5548 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys16:49:39.0742 5548 vhdmp - ok16:49:39.0761 5548 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys16:49:39.0766 5548 viaagp - ok16:49:39.0773 5548 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys16:49:39.0789 5548 ViaC7 - ok16:49:39.0809 5548 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys16:49:39.0814 5548 viaide - ok16:49:39.0835 5548 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys16:49:39.0841 5548 vmbus - ok16:49:39.0852 5548 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys16:49:39.0859 5548 VMBusHID - ok16:49:39.0869 5548 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys16:49:39.0874 5548 volmgr - ok16:49:39.0892 5548 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys16:49:39.0900 5548 volmgrx - ok16:49:39.0913 5548 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys16:49:39.0920 5548 volsnap - ok16:49:39.0942 5548 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys16:49:39.0948 5548 vsmraid - ok16:49:39.0960 5548 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys16:49:39.0978 5548 vwifibus - ok16:49:39.0995 5548 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys16:49:40.0016 5548 WacomPen - ok16:49:40.0034 5548 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys16:49:40.0059 5548 WANARP - ok16:49:40.0063 5548 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys16:49:40.0079 5548 Wanarpv6 - ok16:49:40.0109 5548 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys16:49:40.0114 5548 Wd - ok16:49:40.0132 5548 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys16:49:40.0141 5548 Wdf01000 - ok16:49:40.0177 5548 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys16:49:40.0206 5548 WfpLwf - ok16:49:40.0218 5548 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys16:49:40.0223 5548 WIMMount - ok16:49:40.0280 5548 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys16:49:40.0299 5548 WmiAcpi - ok16:49:40.0324 5548 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys16:49:40.0351 5548 ws2ifsl - ok16:49:40.0378 5548 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys16:49:40.0398 5548 WSDPrintDevice - ok16:49:40.0431 5548 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys16:49:40.0438 5548 WudfPf - ok16:49:40.0461 5548 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys16:49:40.0476 5548 WUDFRd - ok16:49:40.0500 5548 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR016:49:40.0589 5548 \Device\Harddisk0\DR0 - ok16:49:40.0595 5548 Boot (0x1200) (1804e341854e9d8c25c177a7e98b0db0) \Device\Harddisk0\DR0\Partition016:49:40.0596 5548 \Device\Harddisk0\DR0\Partition0 - ok16:49:40.0624 5548 Boot (0x1200) (c43a712a689cbffd6b34f45b6daab063) \Device\Harddisk0\DR0\Partition116:49:40.0625 5548 \Device\Harddisk0\DR0\Partition1 - ok16:49:40.0626 5548 ============================================================16:49:40.0626 5548 Scan finished16:49:40.0626 5548 ============================================================16:49:40.0641 5880 Detected object count: 116:49:40.0641 5880 Actual detected object count: 116:50:52.0261 5880 KAPFA ( UnsignedFile.Multi.Generic ) - skipped by user16:50:52.0261 5880 KAPFA ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:51:15.0849 7780 ============================================================16:51:15.0849 7780 Scan started16:51:15.0849 7780 Mode: Manual; SigCheck; TDLFS; 16:51:15.0849 7780 ============================================================16:51:16.0020 7780 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys16:51:16.0051 7780 1394ohci - ok16:51:16.0075 7780 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys16:51:16.0083 7780 ACPI - ok16:51:16.0095 7780 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys16:51:16.0103 7780 AcpiPmi - ok16:51:16.0142 7780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys16:51:16.0159 7780 adp94xx - ok16:51:16.0176 7780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys16:51:16.0183 7780 adpahci - ok16:51:16.0197 7780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys16:51:16.0203 7780 adpu320 - ok16:51:16.0228 7780 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys16:51:16.0237 7780 AFD - ok16:51:16.0252 7780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys16:51:16.0258 7780 agp440 - ok16:51:16.0268 7780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys16:51:16.0274 7780 aic78xx - ok16:51:16.0286 7780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys16:51:16.0291 7780 aliide - ok16:51:16.0305 7780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys16:51:16.0310 7780 amdagp - ok16:51:16.0331 7780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys16:51:16.0336 7780 amdide - ok16:51:16.0348 7780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys16:51:16.0354 7780 AmdK8 - ok16:51:16.0477 7780 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys16:51:16.0538 7780 amdkmdag - ok16:51:16.0568 7780 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys16:51:16.0576 7780 amdkmdap - ok16:51:16.0590 7780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys16:51:16.0596 7780 AmdPPM - ok16:51:16.0614 7780 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys16:51:16.0620 7780 amdsata - ok16:51:16.0632 7780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys16:51:16.0638 7780 amdsbs - ok16:51:16.0649 7780 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys16:51:16.0654 7780 amdxata - ok16:51:16.0666 7780 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys16:51:16.0675 7780 AppID - ok16:51:16.0703 7780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys16:51:16.0709 7780 arc - ok16:51:16.0721 7780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys16:51:16.0727 7780 arcsas - ok16:51:16.0736 7780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys16:51:16.0752 7780 AsyncMac - ok16:51:16.0781 7780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys16:51:16.0786 7780 atapi - ok16:51:16.0827 7780 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys16:51:16.0839 7780 AvgLdx86 - ok16:51:16.0867 7780 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\system32\Drivers\avgmfx86.sys16:51:16.0872 7780 AvgMfx86 - ok16:51:16.0883 7780 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys16:51:16.0888 7780 AvgRkx86 - ok16:51:16.0901 7780 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys16:51:16.0907 7780 AvgTdiX - ok16:51:16.0934 7780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys16:51:16.0943 7780 b06bdrv - ok16:51:16.0962 7780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys16:51:16.0970 7780 b57nd60x - ok16:51:16.0996 7780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys16:51:17.0011 7780 Beep - ok16:51:17.0047 7780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys16:51:17.0060 7780 blbdrive - ok16:51:17.0090 7780 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys16:51:17.0101 7780 bowser - ok16:51:17.0113 7780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys16:51:17.0120 7780 BrFiltLo - ok16:51:17.0129 7780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys16:51:17.0136 7780 BrFiltUp - ok16:51:17.0154 7780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys16:51:17.0163 7780 Brserid - ok16:51:17.0175 7780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys16:51:17.0183 7780 BrSerWdm - ok16:51:17.0192 7780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys16:51:17.0199 7780 BrUsbMdm - ok16:51:17.0205 7780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys16:51:17.0212 7780 BrUsbSer - ok16:51:17.0221 7780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys16:51:17.0228 7780 BTHMODEM - ok16:51:17.0288 7780 catchme - ok16:51:17.0306 7780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys16:51:17.0337 7780 cdfs - ok16:51:17.0352 7780 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys16:51:17.0359 7780 cdrom - ok16:51:17.0368 7780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys16:51:17.0376 7780 circlass - ok16:51:17.0399 7780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys16:51:17.0407 7780 CLFS - ok16:51:17.0435 7780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys16:51:17.0442 7780 CmBatt - ok16:51:17.0457 7780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys16:51:17.0461 7780 cmdide - ok16:51:17.0481 7780 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys16:51:17.0492 7780 CNG - ok16:51:17.0498 7780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys16:51:17.0503 7780 Compbatt - ok16:51:17.0513 7780 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys16:51:17.0521 7780 CompositeBus - ok16:51:17.0540 7780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys16:51:17.0545 7780 crcdisk - ok16:51:17.0571 7780 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys16:51:17.0580 7780 CSC - ok16:51:17.0618 7780 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys16:51:17.0624 7780 DfsC - ok16:51:17.0645 7780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys16:51:17.0661 7780 discache - ok16:51:17.0674 7780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys16:51:17.0680 7780 Disk - ok16:51:17.0719 7780 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys16:51:17.0727 7780 Dot4 - ok16:51:17.0739 7780 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys16:51:17.0746 7780 Dot4Print - ok16:51:17.0759 7780 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys16:51:17.0767 7780 dot4usb - ok16:51:17.0789 7780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys16:51:17.0796 7780 drmkaud - ok16:51:17.0905 7780 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys16:51:17.0929 7780 DXGKrnl - ok16:51:17.0949 7780 e1cexpress (94ad8bae670e55bf646796b56bac53a4) C:\Windows\system32\DRIVERS\e1c6232.sys16:51:17.0956 7780 e1cexpress - ok16:51:18.0030 7780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys16:51:18.0059 7780 ebdrv - ok16:51:18.0081 7780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys16:51:18.0090 7780 elxstor - ok16:51:18.0101 7780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys16:51:18.0108 7780 ErrDev - ok16:51:18.0132 7780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys16:51:18.0148 7780 exfat - ok16:51:18.0165 7780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys16:51:18.0182 7780 fastfat - ok16:51:18.0198 7780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys16:51:18.0205 7780 fdc - ok16:51:18.0218 7780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys16:51:18.0224 7780 FileInfo - ok16:51:18.0239 7780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys16:51:18.0255 7780 Filetrace - ok16:51:18.0264 7780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys16:51:18.0270 7780 flpydisk - ok16:51:18.0286 7780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys16:51:18.0292 7780 FltMgr - ok16:51:18.0301 7780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys16:51:18.0306 7780 FsDepends - ok16:51:18.0319 7780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys16:51:18.0324 7780 Fs_Rec - ok16:51:18.0351 7780 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys16:51:18.0359 7780 fvevol - ok16:51:18.0376 7780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys16:51:18.0381 7780 gagp30kx - ok16:51:18.0406 7780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys16:51:18.0410 7780 GEARAspiWDM - ok16:51:18.0422 7780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys16:51:18.0428 7780 hcw85cir - ok16:51:18.0441 7780 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys16:51:18.0449 7780 HDAudBus - ok16:51:18.0457 7780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys16:51:18.0464 7780 HidBatt - ok16:51:18.0482 7780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys16:51:18.0490 7780 HidBth - ok16:51:18.0501 7780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys16:51:18.0509 7780 HidIr - ok16:51:18.0535 7780 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys16:51:18.0544 7780 HidUsb - ok16:51:18.0573 7780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys16:51:18.0578 7780 HpSAMD - ok16:51:18.0596 7780 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys16:51:18.0616 7780 HTTP - ok16:51:18.0627 7780 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys16:51:18.0632 7780 hwpolicy - ok16:51:18.0648 7780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys16:51:18.0655 7780 i8042prt - ok16:51:18.0678 7780 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys16:51:18.0687 7780 iaStor - ok16:51:18.0717 7780 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys16:51:18.0731 7780 iaStorV - ok16:51:18.0745 7780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys16:51:18.0752 7780 iirsp - ok16:51:18.0807 7780 IntcAzAudAddService (55da507ff4762d38427c19dbfdf56763) C:\Windows\system32\drivers\RTDVHDA.sys16:51:18.0839 7780 IntcAzAudAddService - ok16:51:18.0860 7780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys16:51:18.0865 7780 intelide - ok16:51:18.0876 7780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys16:51:18.0883 7780 intelppm - ok16:51:18.0905 7780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys16:51:18.0921 7780 IpFilterDriver - ok16:51:18.0936 7780 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys16:51:18.0943 7780 IPMIDRV - ok16:51:18.0952 7780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys16:51:18.0968 7780 IPNAT - ok16:51:18.0985 7780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys16:51:18.0994 7780 IRENUM - ok16:51:19.0007 7780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys16:51:19.0013 7780 isapnp - ok16:51:19.0025 7780 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys16:51:19.0032 7780 iScsiPrt - ok16:51:19.0064 7780 KAPFA (f0c4a6d81d30866aaf8cfa983d9d13d7) C:\Windows\system32\drivers\KAPFA.SYS16:51:19.0067 7780 KAPFA ( UnsignedFile.Multi.Generic ) - warning16:51:19.0067 7780 KAPFA - detected UnsignedFile.Multi.Generic (1)16:51:19.0083 7780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys16:51:19.0093 7780 kbdclass - ok16:51:19.0104 7780 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys16:51:19.0112 7780 kbdhid - ok16:51:19.0127 7780 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys16:51:19.0133 7780 KSecDD - ok16:51:19.0155 7780 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys16:51:19.0161 7780 KSecPkg - ok16:51:19.0186 7780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys16:51:19.0201 7780 lltdio - ok16:51:19.0227 7780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys16:51:19.0232 7780 LSI_FC - ok16:51:19.0244 7780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys16:51:19.0249 7780 LSI_SAS - ok16:51:19.0265 7780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys16:51:19.0271 7780 LSI_SAS2 - ok16:51:19.0288 7780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys16:51:19.0294 7780 LSI_SCSI - ok16:51:19.0306 7780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys16:51:19.0323 7780 luafv - ok16:51:19.0363 7780 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys16:51:19.0374 7780 MBAMProtector - ok16:51:19.0394 7780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys16:51:19.0404 7780 megasas - ok16:51:19.0420 7780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys16:51:19.0427 7780 MegaSR - ok16:51:19.0446 7780 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys16:51:19.0451 7780 MEI - ok16:51:19.0460 7780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys16:51:19.0477 7780 Modem - ok16:51:19.0487 7780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys16:51:19.0494 7780 monitor - ok16:51:19.0519 7780 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys16:51:19.0528 7780 motusbdevice - ok16:51:19.0543 7780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys16:51:19.0548 7780 mouclass - ok16:51:19.0564 7780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys16:51:19.0571 7780 mouhid - ok16:51:19.0582 7780 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys16:51:19.0588 7780 mountmgr - ok16:51:19.0601 7780 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys16:51:19.0607 7780 mpio - ok16:51:19.0620 7780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys16:51:19.0636 7780 mpsdrv - ok16:51:19.0652 7780 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys16:51:19.0661 7780 MRxDAV - ok16:51:19.0689 7780 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys16:51:19.0696 7780 mrxsmb - ok16:51:19.0724 7780 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys16:51:19.0732 7780 mrxsmb10 - ok16:51:19.0747 7780 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys16:51:19.0753 7780 mrxsmb20 - ok16:51:19.0773 7780 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys16:51:19.0778 7780 msahci - ok16:51:19.0804 7780 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys16:51:19.0815 7780 msdsm - ok16:51:19.0842 7780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys16:51:19.0858 7780 Msfs - ok16:51:19.0868 7780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys16:51:19.0883 7780 mshidkmdf - ok16:51:19.0897 7780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys16:51:19.0902 7780 msisadrv - ok16:51:19.0921 7780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys16:51:19.0937 7780 MSKSSRV - ok16:51:19.0947 7780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys16:51:19.0963 7780 MSPCLOCK - ok16:51:19.0968 7780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys16:51:19.0984 7780 MSPQM - ok16:51:19.0998 7780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys16:51:20.0005 7780 MsRPC - ok16:51:20.0016 7780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys16:51:20.0021 7780 mssmbios - ok16:51:20.0037 7780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys16:51:20.0053 7780 MSTEE - ok16:51:20.0069 7780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys16:51:20.0075 7780 MTConfig - ok16:51:20.0090 7780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys16:51:20.0095 7780 Mup - ok16:51:20.0112 7780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys16:51:20.0122 7780 NativeWifiP - ok16:51:20.0151 7780 NDIS (1f4b318f88984545cd108bd777258924) C:\Windows\system32\drivers\ndis.sys16:51:20.0163 7780 NDIS - ok16:51:20.0175 7780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys16:51:20.0191 7780 NdisCap - ok16:51:20.0202 7780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys16:51:20.0218 7780 NdisTapi - ok16:51:20.0227 7780 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys16:51:20.0243 7780 Ndisuio - ok16:51:20.0258 7780 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys16:51:20.0275 7780 NdisWan - ok16:51:20.0284 7780 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys16:51:20.0300 7780 NDProxy - ok16:51:20.0319 7780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys16:51:20.0335 7780 NetBIOS - ok16:51:20.0345 7780 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys16:51:20.0362 7780 NetBT - ok16:51:20.0390 7780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys16:51:20.0396 7780 nfrd960 - ok16:51:20.0403 7780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys16:51:20.0419 7780 Npfs - ok16:51:20.0451 7780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys16:51:20.0466 7780 nsiproxy - ok16:51:20.0517 7780 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys16:51:20.0549 7780 Ntfs - ok16:51:20.0563 7780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys16:51:20.0579 7780 Null - ok16:51:20.0602 7780 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys16:51:20.0608 7780 nvraid - ok16:51:20.0623 7780 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys16:51:20.0630 7780 nvstor - ok16:51:20.0643 7780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys16:51:20.0649 7780 nv_agp - ok16:51:20.0673 7780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys16:51:20.0686 7780 ohci1394 - ok16:51:20.0709 7780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys16:51:20.0716 7780 Parport - ok16:51:20.0729 7780 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys16:51:20.0734 7780 partmgr - ok16:51:20.0747 7780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys16:51:20.0754 7780 Parvdm - ok16:51:20.0776 7780 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys16:51:20.0781 7780 PBADRV - ok16:51:20.0808 7780 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys16:51:20.0815 7780 pci - ok16:51:20.0837 7780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys16:51:20.0842 7780 pciide - ok16:51:20.0854 7780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys16:51:20.0861 7780 pcmcia - ok16:51:20.0875 7780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys16:51:20.0881 7780 pcw - ok16:51:20.0897 7780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys16:51:20.0917 7780 PEAUTH - ok16:51:20.0950 7780 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys16:51:20.0955 7780 Point32 - ok16:51:20.0972 7780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys16:51:20.0988 7780 PptpMiniport - ok16:51:20.0997 7780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys16:51:21.0004 7780 Processor - ok16:51:21.0021 7780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys16:51:21.0037 7780 Psched - ok16:51:21.0068 7780 PTSimBus (c456c2db7f7d6a3112a360ddf315298b) C:\Windows\system32\DRIVERS\PTSimBus.sys16:51:21.0075 7780 PTSimBus - ok16:51:21.0085 7780 PTSimHid (f98bb914074a43e7e83ea98d7d13d612) C:\Windows\system32\DRIVERS\PTSimHid.sys16:51:21.0092 7780 PTSimHid - ok16:51:21.0114 7780 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys16:51:21.0119 7780 PxHelp20 - ok16:51:21.0153 7780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys16:51:21.0172 7780 ql2300 - ok16:51:21.0188 7780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys16:51:21.0194 7780 ql40xx - ok16:51:21.0208 7780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys16:51:21.0216 7780 QWAVEdrv - ok16:51:21.0231 7780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys16:51:21.0246 7780 RasAcd - ok16:51:21.0271 7780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys16:51:21.0287 7780 RasAgileVpn - ok16:51:21.0303 7780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys16:51:21.0319 7780 Rasl2tp - ok16:51:21.0331 7780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys16:51:21.0347 7780 RasPppoe - ok16:51:21.0357 7780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys16:51:21.0373 7780 RasSstp - ok16:51:21.0384 7780 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys16:51:21.0402 7780 rdbss - ok16:51:21.0419 7780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys16:51:21.0426 7780 rdpbus - ok16:51:21.0439 7780 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys16:51:21.0455 7780 RDPCDD - ok16:51:21.0480 7780 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys16:51:21.0487 7780 RDPDR - ok16:51:21.0503 7780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys16:51:21.0518 7780 RDPENCDD - ok16:51:21.0530 7780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys16:51:21.0545 7780 RDPREFMP - ok16:51:21.0560 7780 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys16:51:21.0576 7780 RDPWD - ok16:51:21.0591 7780 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys16:51:21.0597 7780 rdyboost - ok16:51:21.0623 7780 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys16:51:21.0628 7780 RimUsb - ok16:51:21.0664 7780 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys16:51:21.0674 7780 RimVSerPort - ok16:51:21.0690 7780 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys16:51:21.0706 7780 ROOTMODEM - ok16:51:21.0730 7780 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys16:51:21.0736 7780 RsFx0150 - ok16:51:21.0753 7780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys16:51:21.0769 7780 rspndr - ok16:51:21.0795 7780 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys16:51:21.0801 7780 s3cap - ok16:51:21.0816 7780 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys16:51:21.0821 7780 sbp2port - ok16:51:21.0834 7780 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys16:51:21.0850 7780 scfilter - ok16:51:21.0868 7780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys16:51:21.0884 7780 secdrv - ok16:51:21.0896 7780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys16:51:21.0903 7780 Serenum - ok16:51:21.0912 7780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys16:51:21.0919 7780 Serial - ok16:51:21.0926 7780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys16:51:21.0932 7780 sermouse - ok16:51:21.0962 7780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys16:51:21.0968 7780 sffdisk - ok16:51:21.0981 7780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys16:51:21.0987 7780 sffp_mmc - ok16:51:21.0998 7780 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys16:51:22.0004 7780 sffp_sd - ok16:51:22.0015 7780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys16:51:22.0022 7780 sfloppy - ok16:51:22.0043 7780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys16:51:22.0048 7780 sisagp - ok16:51:22.0057 7780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys16:51:22.0062 7780 SiSRaid2 - ok16:51:22.0078 7780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys16:51:22.0084 7780 SiSRaid4 - ok16:51:22.0099 7780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys16:51:22.0115 7780 Smb - ok16:51:22.0130 7780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys16:51:22.0135 7780 spldr - ok16:51:22.0169 7780 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys16:51:22.0185 7780 srv - ok16:51:22.0221 7780 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys16:51:22.0237 7780 srv2 - ok16:51:22.0249 7780 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys16:51:22.0261 7780 srvnet - ok16:51:22.0278 7780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys16:51:22.0283 7780 stexstor - ok16:51:22.0311 7780 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys16:51:22.0317 7780 storflt - ok16:51:22.0331 7780 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys16:51:22.0341 7780 storvsc - ok16:51:22.0359 7780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys16:51:22.0364 7780 swenum - ok16:51:22.0369 7780 Tablet2k - ok16:51:22.0400 7780 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\Windows\system32\DRIVERS\TClass2k.sys16:51:22.0407 7780 TClass2k - ok16:51:22.0458 7780 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys16:51:22.0481 7780 Tcpip - ok16:51:22.0504 7780 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys16:51:22.0522 7780 TCPIP6 - ok16:51:22.0540 7780 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys16:51:22.0556 7780 tcpipreg - ok16:51:22.0573 7780 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys16:51:22.0588 7780 TDPIPE - ok16:51:22.0596 7780 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys16:51:22.0612 7780 TDTCP - ok16:51:22.0624 7780 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys16:51:22.0640 7780 tdx - ok16:51:22.0655 7780 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys16:51:22.0660 7780 TermDD - ok16:51:22.0684 7780 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys16:51:22.0700 7780 tssecsrv - ok16:51:22.0709 7780 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys16:51:22.0726 7780 tunnel - ok16:51:22.0739 7780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys16:51:22.0744 7780 uagp35 - ok16:51:22.0767 7780 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\Windows\system32\DRIVERS\UCTblHid.sys16:51:22.0774 7780 UCTblHid - ok16:51:22.0800 7780 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys16:51:22.0808 7780 udfs - ok16:51:22.0818 7780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys16:51:22.0823 7780 uliagpkx - ok16:51:22.0832 7780 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys16:51:22.0839 7780 umbus - ok16:51:22.0849 7780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys16:51:22.0856 7780 UmPass - ok16:51:22.0888 7780 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys16:51:22.0899 7780 USBAAPL - ok16:51:22.0926 7780 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys16:51:22.0933 7780 usbccgp - ok16:51:22.0949 7780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys16:51:22.0958 7780 usbcir - ok16:51:22.0971 7780 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys16:51:22.0977 7780 usbehci - ok16:51:22.0994 7780 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys16:51:23.0002 7780 usbhub - ok16:51:23.0016 7780 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys16:51:23.0023 7780 usbohci - ok16:51:23.0036 7780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys16:51:23.0043 7780 usbprint - ok16:51:23.0073 7780 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys16:51:23.0088 7780 usbscan - ok16:51:23.0110 7780 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS16:51:23.0116 7780 USBSTOR - ok16:51:23.0132 7780 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys16:51:23.0139 7780 usbuhci - ok16:51:23.0157 7780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys16:51:23.0162 7780 vdrvroot - ok16:51:23.0175 7780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys16:51:23.0183 7780 vga - ok16:51:23.0197 7780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys16:51:23.0213 7780 VgaSave - ok16:51:23.0226 7780 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys16:51:23.0232 7780 vhdmp - ok16:51:23.0243 7780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys16:51:23.0249 7780 viaagp - ok16:51:23.0256 7780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys16:51:23.0262 7780 ViaC7 - ok16:51:23.0283 7780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys16:51:23.0289 7780 viaide - ok16:51:23.0309 7780 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys16:51:23.0315 7780 vmbus - ok16:51:23.0776 7780 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys16:51:23.0788 7780 VMBusHID - ok16:51:23.0801 7780 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys16:51:23.0807 7780 volmgr - ok16:51:23.0825 7780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys16:51:23.0835 7780 volmgrx - ok16:51:23.0845 7780 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys16:51:23.0853 7780 volsnap - ok16:51:23.0866 7780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys16:51:23.0872 7780 vsmraid - ok16:51:23.0884 7780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys16:51:23.0892 7780 vwifibus - ok16:51:23.0911 7780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys16:51:23.0917 7780 WacomPen - ok16:51:23.0933 7780 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys16:51:23.0949 7780 WANARP - ok16:51:23.0951 7780 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys16:51:23.0967 7780 Wanarpv6 - ok16:51:23.0983 7780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys16:51:23.0989 7780 Wd - ok16:51:24.0006 7780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys16:51:24.0015 7780 Wdf01000 - ok16:51:24.0034 7780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys16:51:24.0050 7780 WfpLwf - ok16:51:24.0059 7780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys16:51:24.0064 7780 WIMMount - ok16:51:24.0087 7780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys16:51:24.0094 7780 WmiAcpi - ok16:51:24.0114 7780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys16:51:24.0130 7780 ws2ifsl - ok16:51:24.0151 7780 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys16:51:24.0159 7780 WSDPrintDevice - ok16:51:24.0180 7780 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys16:51:24.0186 7780 WudfPf - ok16:51:24.0201 7780 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys16:51:24.0208 7780 WUDFRd - ok16:51:24.0224 7780 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR016:51:24.0313 7780 \Device\Harddisk0\DR0 - ok16:51:24.0318 7780 Boot (0x1200) (1804e341854e9d8c25c177a7e98b0db0) \Device\Harddisk0\DR0\Partition016:51:24.0319 7780 \Device\Harddisk0\DR0\Partition0 - ok16:51:24.0348 7780 Boot (0x1200) (c43a712a689cbffd6b34f45b6daab063) \Device\Harddisk0\DR0\Partition116:51:24.0349 7780 \Device\Harddisk0\DR0\Partition1 - ok16:51:24.0350 7780 ============================================================16:51:24.0350 7780 Scan finished16:51:24.0350 7780 ============================================================16:51:24.0362 9124 Detected object count: 116:51:24.0362 9124 Actual detected object count: 116:51:46.0808 9124 KAPFA ( UnsignedFile.Multi.Generic ) - skipped by user16:51:46.0808 9124 KAPFA ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:52:09.0129 3176 Deinitialize successDownload the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495334 Share Posted November 16, 2011 Download aswMBR.exe (1870KB) to your desktop.Double click the aswMBR.exe to run itClick the [scan] button to start scanOn completion of the scan click [save log], save it to your desktop and post in your next reply. Link to post Share on other sites More sharing options...
TerryD Posted November 16, 2011 Author ID:495348 Share Posted November 16, 2011 aswMBR version 0.9.8.986 Copyright© 2011 AVAST SoftwareRun date: 2011-11-16 17:33:56-----------------------------17:33:56.927 OS Version: Windows 6.1.7600 17:33:56.927 Number of processors: 4 586 0x2A0717:33:56.928 ComputerName: OFFMGR3 UserName: 17:33:57.690 Initialize success17:33:59.808 AVAST engine defs: 1111160117:34:03.279 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-117:34:03.282 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 817:34:03.298 Disk 0 MBR read successfully17:34:03.302 Disk 0 MBR scan17:34:03.308 Disk 0 Windows VISTA default MBR code17:34:03.315 Disk 0 scanning sectors +97676492817:34:03.387 Disk 0 scanning C:\Windows\system32\drivers17:34:10.185 Service scanning17:34:10.514 Service Tablet2k C:\Windows\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 12317:34:11.040 Modules scanning17:34:14.036 Disk 0 trace - called modules:17:34:14.056 17:34:14.875 AVAST engine scan C:\Windows17:34:17.974 AVAST engine scan C:\Windows\system3217:35:33.683 AVAST engine scan C:\Windows\system32\drivers17:35:40.598 AVAST engine scan C:\Users\tdrosdak17:36:52.072 Disk 0 MBR has been saved successfully to "C:\Users\tdrosdak\Desktop\MBR.dat"17:36:52.079 The log file has been saved successfully to "C:\Users\tdrosdak\Desktop\aswMBR.txt"Download aswMBR.exe (1870KB) to your desktop.Double click the aswMBR.exe to run itClick the [scan] button to start scanOn completion of the scan click [save log], save it to your desktop and post in your next reply. Link to post Share on other sites More sharing options...
Maniac Posted November 17, 2011 ID:495550 Share Posted November 17, 2011 Step 1Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.Under Protection Settings, click Configure.Under Disk Space Usage, click Delete.Click Continue, and then click OK.Step 2Please click here to download AVP Tool by Kaspersky.Save it to your desktop. Double click the setup file to run it.Click Next to continue.It will by default install it to your desktop folder.Click Next.It will then open a box There will be a tab that says Autoscan.Under Autoscan make sure these are checked. System MemoryHidden startup ObjectsDisk Boot Sectors.My Computer.Also any other drives (Removable that you may have) After that click on Recommended to the right of Security level then choose settings then click on the tab that says Additional then under Rootkit scan choose Deep scan then choose OK.Then click on Start Scan at the to right hand Corner.It will automatically Neutralize any objects found.If some objects are left un-neutralized then click the button that says Neutralize allIf it says it cannot be Neutralized then choose The delete option when prompted.After that is done click on the reports button at the bottom and save it to file name it Kas.Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.Note: This Tool will self uninstall when you close it so please save the log before closing it.In your next rpely, please include Kaspersky AVP log file and a new fresh DDS log only. Link to post Share on other sites More sharing options...
TerryD Posted November 18, 2011 Author ID:495911 Share Posted November 18, 2011 Maniac,I am having difficulty copying and pasting the kas.txt file. I copy the text, but it won't paste (here or anywhere!)Here is the DDS log..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by tdrosdak at 9:56:37 on 2011-11-18Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3317.1367 [GMT -5:00].AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\system32\IProsetMonitor.exeC:\Program Files\Intel\Services\IPT\jhi_service.exeC:\Program Files\Kaseya\Agent\KasAVSrv.exeC:\Program Files\Kaseya\Agent\AgentMon.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exeC:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\TightVNC\tvnserver.exeC:\Windows\System32\Drivers\WTSRV.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\atieclxx.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\SPBA\upeksvr.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files\Realtek\Audio\HDA\RtDCpl.exeC:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\dell\DBRM\Reminder\DbrmTrayicon.exeC:\Program Files\TightVNC\tvnserver.exeC:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exeC:\Windows\System32\WTClient.exeC:\Program Files\Kaseya\Agent\KaUsrTsk.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\DisplayFusion\DisplayFusion.exeC:\Program Files\ManicTime\ManicTime.exeC:\Program Files\CompanionLink\CompanionLink.exeC:\Program Files\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exeC:\Users\tdrosdak\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Windows\system32\conhost.exeC:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Program Files\TweetDeck\TweetDeck.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\conhost.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = 192.168.*.*;*.localBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLLBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLLBHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"uRun: [ManicTime] c:\program files\manictime\ManicTime.exe /minimized /name: uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -IconuRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exemRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exemRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exemRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slavemRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preloadmRun: [WTClient] WTClient.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [KASHTHRNTW24532506725118] "c:\program files\kaseya\agent\KaUsrTsk.exe"mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\users\tdrosdak\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tdrosdak\appdata\roaming\dropbox\bin\Dropbox.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exemPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: DisableCAD = 1 (0x1)mPolicies-system: SoftwareSASGeneration = 1 (0x1)IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2TCP: Interfaces\{E5AFBC9E-9822-4344-B598-2F71600FF3F1} : DhcpNameServer = 192.168.224.3 192.168.224.7 192.168.232.2Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: spba - c:\program files\common files\spba\homefus2.dllAppInit_DLLs: c:\windows\system32\avgrsstx.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\tdrosdak\appdata\roaming\mozilla\firefox\profiles\uxigwg36.default\FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg5.mail.yahoo.com%2Fdc%2Flaunch%3Fymv%3D2FF - prefs.js: network.proxy.type - 0FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\tdrosdak\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll.============= SERVICES / DRIVERS ===============.R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-6-14 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-6-14 216400]R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-6-14 29712]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-6-14 243152]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-29 176128]R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-6-14 308136]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-29 13336]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-4-29 110752]R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2010-11-29 210896]R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2011-6-14 221184]R2 KATHRNTW24532506725118;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2011-6-14 835584]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-9 366152]R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-29 2656280]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-4-29 238760]R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2011-6-14 17920]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-9 22216]R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-29 41088]R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-6-22 23208]R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-6-22 14504]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-12 1343400]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040].=============== Created Last 30 ================.2011-11-17 17:46:53 -------- d-----w- c:\programdata\Kaspersky Lab2011-11-17 02:49:06 708608 ----a-w- c:\program files\common files\system\wab32.dll2011-11-17 02:48:49 2339840 ----a-w- c:\windows\system32\win32k.sys2011-11-17 02:48:17 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-16 21:08:09 -------- d-sh--w- C:\$RECYCLE.BIN2011-11-15 22:55:02 -------- d-----w- c:\program files\ESET2011-10-25 14:31:13 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}2011-10-25 14:31:09 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}2011-10-20 01:52:42 571904 ----a-w- c:\windows\system32\oleaut32.dll2011-10-20 01:52:42 233472 ----a-w- c:\windows\system32\oleacc.dll.==================== Find3M ====================.2011-11-18 14:02:56 1682 --sha-w- c:\programdata\KGyGaAvL.sys2011-11-15 20:41:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-12 13:27:45 12526792 ----a-w- c:\program files\common files\lpuninstall.exe.============= FINISH: 10:02:36.75 ===============Step 1Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.Under Protection Settings, click Configure.Under Disk Space Usage, click Delete.Click Continue, and then click OK.Step 2Please click here to download AVP Tool by Kaspersky.Save it to your desktop. Double click the setup file to run it.Click Next to continue.It will by default install it to your desktop folder.Click Next.It will then open a box There will be a tab that says Autoscan.Under Autoscan make sure these are checked. System MemoryHidden startup ObjectsDisk Boot Sectors.My Computer.Also any other drives (Removable that you may have) After that click on Recommended to the right of Security level then choose settings then click on the tab that says Additional then under Rootkit scan choose Deep scan then choose OK.Then click on Start Scan at the to right hand Corner.It will automatically Neutralize any objects found.If some objects are left un-neutralized then click the button that says Neutralize allIf it says it cannot be Neutralized then choose The delete option when prompted.After that is done click on the reports button at the bottom and save it to file name it Kas.Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.Note: This Tool will self uninstall when you close it so please save the log before closing it.In your next rpely, please include Kaspersky AVP log file and a new fresh DDS log only. Link to post Share on other sites More sharing options...
Maniac Posted November 18, 2011 ID:495993 Share Posted November 18, 2011 Please attach it in your post. Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2011 ID:500019 Share Posted December 1, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts