JLedge
Members-
Posts
10 -
Joined
-
Last visited
Reputation
0 Neutral-
It's definitely not lagging as bad. Also, my speakers were playing some static noise, which they only usually do when I'm downloading something big, and they're not doing that any more. How much have we cleaned up so far? And sorry to tell you this but I'm going on vacation till the 29th, so we'll have to resume this then if you don't mind.
-
ComboFix's log. Thanks for the help by the way, and kind of random but your dogs are adorable! ComboFix.txt
-
Here's the log TDSSKiller.2.7.46.0_21.07.2012_13.11.45_log.txt
-
Here's the report. RKreport1.txt
-
So I'm starting to get the problems I got in this thread again. -PC has been especially laggy -A couple days ago it locked up after idling -Bluescreened once a week ago Attach.txt DDS.txt
-
Is there a 100% chance that someone was accessing my PC with this, or was it just a function of it that someone COULD do. I'm a gamer so I usually use Pre-paid cards for everything...So I'm not too worried about anything financial. The last time I used my Credit Card was for a college application, and that's not saved info that stays on the browser's cookies (or whatever), and I didn't get the rootkit til about two weeks ago, a month after I used the card. So if there's a keylogger there's no chance that info could've been stored right? If I do the re-format and reinstallation of the OS, would it be safe to trust my pc fully?
- 9 replies
-
- google redirects
- svchost.exe
-
(and 1 more)
Tagged with:
-
ComboFix 12-02-09.04 - Richard 02/09/2012 15:14:57.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1135 [GMT -5:00] Running from: c:\users\Richard\Desktop\ComboFix.exe AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D} c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D}\chrome.manifest c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D}\chrome\content\overlay.xul c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D}\install.rdf c:\windows\system32\2f42b6ea.dll c:\windows\system32\514a280.dll c:\windows\system32\725ae3e.dll c:\windows\system32\dc4afcc.dll c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\drivers\RKHit.sys c:\windows\system32\system . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_RkHit . . ((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 ))))))))))))))))))))))))))))))) . . 2012-02-09 20:29 . 2012-02-09 20:39 -------- d-----w- c:\users\Richard\AppData\Local\temp 2012-02-09 20:29 . 2012-02-09 20:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-02-09 20:29 . 2012-02-09 20:29 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-02-09 20:29 . 2012-02-09 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-09 19:58 . 2012-02-09 19:58 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-09 00:05 . 2012-02-09 00:05 -------- d-----w- c:\users\Richard\AppData\Local\Trend Micro 2012-02-09 00:02 . 2012-02-08 23:39 55056 ----a-w- c:\windows\system32\drivers\tmeevw.sys 2012-02-09 00:02 . 2012-02-08 23:39 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys 2012-02-09 00:02 . 2012-02-08 23:39 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-02-09 00:00 . 2012-02-08 23:39 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-02-09 00:00 . 2012-02-08 23:39 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-02-09 00:00 . 2012-02-08 23:39 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-02-08 23:57 . 2012-02-09 00:06 -------- d-----w- c:\programdata\Trend Micro 2012-02-08 23:56 . 2012-02-08 23:56 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-02-08 23:38 . 2012-02-09 00:08 -------- d-----w- c:\program files\Trend Micro 2012-02-08 19:33 . 2012-02-08 19:33 -------- d---a-w- C:\tmbrfix 2012-02-07 21:03 . 2012-02-07 21:03 -------- d-----w- c:\users\Richard\AppData\Roaming\Malwarebytes 2012-02-07 21:03 . 2012-02-07 21:03 -------- d-----w- c:\programdata\Malwarebytes 2012-01-31 03:40 . 2011-11-09 22:38 132768 ----a-w- c:\windows\system32\IPROSetMonitor.exe 2012-01-31 03:39 . 2012-02-01 00:58 -------- d-----w- c:\program files\Intel 2012-01-31 03:39 . 2011-10-14 17:16 294600 ----a-w- c:\windows\system32\PROUnstl.exe 2012-01-31 03:36 . 2011-10-14 15:36 231112 ----a-w- c:\windows\system32\drivers\e1e6032.sys 2012-01-31 03:36 . 2011-06-16 05:04 81592 ----a-w- c:\windows\system32\NicInE6.dll 2012-01-31 03:36 . 2007-12-14 17:06 121440 ----a-w- c:\windows\system32\e1000msg.dll 2012-01-31 03:36 . 2007-08-24 12:58 28272 ----a-w- c:\windows\system32\NicCo26.dll 2012-01-31 02:59 . 2012-01-31 02:59 -------- d-----w- c:\program files\SystemRequirementsLab 2012-01-31 02:51 . 2012-01-31 02:51 -------- d-----w- c:\users\Richard\AppData\Roaming\SystemRequirementsLab 2012-01-31 02:49 . 2012-01-31 02:49 -------- d-----w- c:\users\Richard\AppData\Local\eSupport.com 2012-01-31 02:49 . 2012-01-31 02:49 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-01-31 02:15 . 2012-02-01 23:24 -------- d-----w- c:\program files\PCSafeDoctor 2012-01-28 01:35 . 2012-02-09 20:32 -------- d-----w- c:\windows\system32\wbem\repository 2012-01-27 22:09 . 2012-01-27 22:09 -------- d-----w- c:\program files\CCleaner 2012-01-21 00:19 . 2012-01-21 00:19 -------- d-----w- c:\program files\iPod 2012-01-21 00:19 . 2012-01-26 01:09 -------- d-----w- c:\program files\iTunes 2012-01-11 20:51 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-11 20:51 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-11 20:51 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-11 20:51 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-11 20:51 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-11 20:51 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2009-10-02 18:47 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-11-27 16:41 . 2011-05-18 17:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-25 15:59 . 2012-01-10 20:09 376320 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:37 . 2011-12-15 19:43 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 22:31 . 2011-11-18 22:31 169472 ----a-w- c:\windows\system32\Ncs2Setp.dll 2011-11-18 22:17 . 2011-11-18 22:17 683640 ----a-w- c:\windows\system32\ncs2dmix.dll 2011-11-18 22:17 . 2011-11-18 22:17 557176 ----a-w- c:\windows\system32\accesor.dll 2011-11-18 22:07 . 2011-11-18 22:07 160376 ----a-w- c:\windows\system32\ncs2instutility.dll 2011-11-18 22:04 . 2011-11-18 22:04 2241656 ----a-w- c:\windows\system32\ncscolib.dll 2011-11-18 20:23 . 2012-01-10 20:09 1205064 ----a-w- c:\windows\system32\ntdll.dll 2011-11-18 17:47 . 2012-01-10 20:09 66560 ----a-w- c:\windows\system32\packager.dll 2012-02-02 03:52 . 2011-05-01 16:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2009-10-19 23:59 . 2009-07-10 15:30 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}] 2011-01-17 20:54 175912 ----a-w- c:\program files\Messenger_Plus\prxtbMess.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B760D5A4-8D24-4CB6-942E-D6BB540AD88C}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448] "WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-04 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640] "WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816] "PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "pcsafedoctor.exe"="c:\program files\PCSafeDoctor\pcsafedoctor.exe" [2012-01-18 2055680] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-08 129304] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAQgAzADIARwAtAFUAUABXADgAVQAtAFQAUgBMAFEAUgAtAEIAQQBRAEYAUAAtAEMARQBNAEIAUgA&inst=NwA2AC0ANQAxADYANQAwADIANQA0ADUALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwA0ADEAOQA3AC0ASQA5ADAAKwAxAC0ARABEADkAMAArADEALQBTAFQAOQAwAEEAUABQACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFQAQgArADIA∏=53&ver=9.0.894" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WN121T Smart Wizard.lnk - c:\program files\NETGEAR\WN121T\wn121t.exe [2008-3-17 2498560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2011-12-23 10:57 3334432 ----a-w- c:\users\Richard\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2011-09-15 01:19 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-07-04 21:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2949154 uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\9ry7duts.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://drgunz.net/forum/forum.php FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b494177&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll AddRemove-Project Gunz V3.0 Beta - c:\program files\Project Gamers\Project Gunz V3.0 Beta\Uninstal.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-09 15:39 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\Richard\AppData\Local\Temp\EIWF4AA.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />" "Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs=" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3008) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\libapr_tsvn.dll c:\program files\TortoiseSVN\bin\libaprutil_tsvn.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atiesrxx.exe c:\windows\system32\atieclxx.exe c:\program files\Trend Micro\AMSP\coreServiceShell.exe c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\IProsetMonitor.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\TeamViewer\Version5\TeamViewer_Service.exe c:\program files\TeamViewer\Version6\TeamViewer_Service.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-02-09 15:49:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-09 20:48 . Pre-Run: 302,074,236,928 bytes free Post-Run: 302,549,864,448 bytes free . - - End Of File - - 592E79CC88B5D2386CFA75D331990EEE
- 9 replies
-
- google redirects
- svchost.exe
-
(and 1 more)
Tagged with:
-
14:54:12.0416 5756 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 14:54:12.0825 5756 ============================================================ 14:54:12.0825 5756 Current date / time: 2012/02/09 14:54:12.0825 14:54:12.0825 5756 SystemInfo: 14:54:12.0825 5756 14:54:12.0825 5756 OS Version: 6.0.6002 ServicePack: 2.0 14:54:12.0825 5756 Product type: Workstation 14:54:12.0825 5756 ComputerName: JARED-PC 14:54:12.0825 5756 UserName: Richard 14:54:12.0825 5756 Windows directory: C:\Windows 14:54:12.0825 5756 System windows directory: C:\Windows 14:54:12.0826 5756 Processor architecture: Intel x86 14:54:12.0826 5756 Number of processors: 2 14:54:12.0826 5756 Page size: 0x1000 14:54:12.0826 5756 Boot type: Normal boot 14:54:12.0826 5756 ============================================================ 14:54:19.0053 5756 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:54:19.0073 5756 \Device\Harddisk0\DR0: 14:54:19.0216 5756 MBR used 14:54:19.0217 5756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000 14:54:19.0364 5756 Initialize success 14:54:19.0364 5756 ============================================================ 14:54:37.0578 3972 ============================================================ 14:54:37.0578 3972 Scan started 14:54:37.0578 3972 Mode: Manual; 14:54:37.0578 3972 ============================================================ 14:54:52.0298 3972 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 14:54:52.0384 3972 ACPI - ok 14:54:52.0983 3972 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 14:54:53.0424 3972 adp94xx - ok 14:54:53.0826 3972 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 14:54:53.0929 3972 adpahci - ok 14:54:54.0012 3972 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 14:54:54.0068 3972 adpu160m - ok 14:54:54.0390 3972 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 14:54:54.0507 3972 adpu320 - ok 14:54:54.0671 3972 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 14:54:54.0852 3972 AFD - ok 14:54:55.0199 3972 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 14:54:55.0238 3972 agp440 - ok 14:54:55.0391 3972 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 14:54:55.0497 3972 aic78xx - ok 14:54:55.0755 3972 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 14:54:55.0852 3972 aliide - ok 14:54:56.0113 3972 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 14:54:56.0162 3972 amdagp - ok 14:54:56.0431 3972 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 14:54:56.0510 3972 amdide - ok 14:54:56.0625 3972 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 14:54:56.0666 3972 AmdK7 - ok 14:54:56.0913 3972 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 14:54:56.0951 3972 AmdK8 - ok 14:54:58.0492 3972 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys 14:55:02.0413 3972 amdkmdag - ok 14:55:03.0234 3972 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys 14:55:03.0381 3972 amdkmdap - ok 14:55:03.0824 3972 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 14:55:03.0860 3972 arc - ok 14:55:04.0048 3972 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 14:55:04.0111 3972 arcsas - ok 14:55:04.0383 3972 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 14:55:04.0415 3972 AsyncMac - ok 14:55:04.0551 3972 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 14:55:04.0552 3972 atapi - ok 14:55:06.0079 3972 atikmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys 14:55:06.0125 3972 atikmdag - ok 14:55:06.0611 3972 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 14:55:06.0637 3972 Beep - ok 14:55:06.0997 3972 blbdrive - ok 14:55:07.0298 3972 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 14:55:07.0337 3972 bowser - ok 14:55:07.0746 3972 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 14:55:07.0787 3972 BrFiltLo - ok 14:55:08.0020 3972 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 14:55:08.0141 3972 BrFiltUp - ok 14:55:08.0319 3972 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 14:55:08.0364 3972 Brserid - ok 14:55:08.0572 3972 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 14:55:08.0656 3972 BrSerWdm - ok 14:55:08.0859 3972 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 14:55:08.0888 3972 BrUsbMdm - ok 14:55:09.0122 3972 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 14:55:09.0134 3972 BrUsbSer - ok 14:55:09.0352 3972 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 14:55:09.0462 3972 BTHMODEM - ok 14:55:09.0799 3972 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 14:55:09.0876 3972 cdfs - ok 14:55:10.0090 3972 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 14:55:10.0126 3972 cdrom - ok 14:55:10.0296 3972 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 14:55:10.0338 3972 circlass - ok 14:55:10.0427 3972 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 14:55:10.0478 3972 CLFS - ok 14:55:10.0790 3972 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 14:55:10.0857 3972 cmdide - ok 14:55:11.0110 3972 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 14:55:11.0140 3972 Compbatt - ok 14:55:11.0251 3972 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 14:55:11.0295 3972 crcdisk - ok 14:55:11.0582 3972 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 14:55:11.0614 3972 Crusoe - ok 14:55:11.0976 3972 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 14:55:12.0057 3972 DfsC - ok 14:55:12.0502 3972 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 14:55:12.0607 3972 disk - ok 14:55:13.0039 3972 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 14:55:13.0075 3972 drmkaud - ok 14:55:13.0286 3972 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys 14:55:13.0320 3972 DrvAgent32 - ok 14:55:13.0798 3972 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 14:55:13.0962 3972 DXGKrnl - ok 14:55:14.0246 3972 e1express (422ca8361d33da819976b428b9c8e560) C:\Windows\system32\DRIVERS\e1e6032.sys 14:55:14.0372 3972 e1express - ok 14:55:14.0650 3972 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 14:55:14.0972 3972 E1G60 - ok 14:55:16.0047 3972 EagleNT - ok 14:55:16.0830 3972 EagleXNt - ok 14:55:17.0050 3972 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 14:55:17.0089 3972 Ecache - ok 14:55:17.0193 3972 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 14:55:17.0293 3972 elxstor - ok 14:55:17.0566 3972 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 14:55:17.0627 3972 exfat - ok 14:55:17.0865 3972 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 14:55:17.0956 3972 fastfat - ok 14:55:18.0145 3972 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 14:55:18.0256 3972 fdc - ok 14:55:18.0494 3972 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 14:55:18.0596 3972 FileInfo - ok 14:55:18.0701 3972 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 14:55:18.0774 3972 Filetrace - ok 14:55:18.0998 3972 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 14:55:19.0028 3972 flpydisk - ok 14:55:19.0297 3972 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 14:55:19.0440 3972 FltMgr - ok 14:55:19.0719 3972 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 14:55:19.0749 3972 Fs_Rec - ok 14:55:19.0923 3972 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 14:55:19.0988 3972 gagp30kx - ok 14:55:20.0359 3972 GarenaPEngine - ok 14:55:20.0473 3972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:55:20.0499 3972 GEARAspiWDM - ok 14:55:20.0554 3972 GGSAFERDriver - ok 14:55:20.0947 3972 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys 14:55:20.0990 3972 hamachi - ok 14:55:21.0262 3972 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 14:55:21.0336 3972 HdAudAddService - ok 14:55:21.0476 3972 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:55:21.0663 3972 HDAudBus - ok 14:55:21.0856 3972 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 14:55:21.0896 3972 HidBth - ok 14:55:21.0929 3972 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 14:55:22.0003 3972 HidIr - ok 14:55:22.0370 3972 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 14:55:22.0399 3972 HidUsb - ok 14:55:22.0527 3972 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 14:55:22.0571 3972 HpCISSs - ok 14:55:22.0937 3972 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys 14:55:22.0968 3972 HTCAND32 - ok 14:55:23.0086 3972 HtcUsbMdmV32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys 14:55:23.0193 3972 HtcUsbMdmV32 - ok 14:55:23.0537 3972 HtcVCom32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcVComV32.sys 14:55:23.0671 3972 HtcVCom32 - ok 14:55:23.0845 3972 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 14:55:24.0010 3972 HTTP - ok 14:55:24.0132 3972 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 14:55:24.0178 3972 i2omp - ok 14:55:24.0835 3972 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 14:55:24.0904 3972 i8042prt - ok 14:55:25.0082 3972 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 14:55:25.0164 3972 iaStorV - ok 14:55:25.0588 3972 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys 14:55:25.0750 3972 igfx - ok 14:55:26.0149 3972 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 14:55:26.0168 3972 iirsp - ok 14:55:26.0484 3972 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 14:55:26.0515 3972 intelide - ok 14:55:26.0925 3972 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 14:55:26.0945 3972 intelppm - ok 14:55:27.0221 3972 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:55:27.0347 3972 IpFilterDriver - ok 14:55:27.0519 3972 IpInIp - ok 14:55:27.0800 3972 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 14:55:27.0886 3972 IPMIDRV - ok 14:55:28.0127 3972 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 14:55:28.0246 3972 IPNAT - ok 14:55:28.0404 3972 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 14:55:28.0560 3972 IRENUM - ok 14:55:29.0155 3972 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 14:55:29.0223 3972 isapnp - ok 14:55:29.0569 3972 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 14:55:29.0698 3972 iScsiPrt - ok 14:55:29.0893 3972 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 14:55:30.0123 3972 iteatapi - ok 14:55:30.0373 3972 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 14:55:30.0450 3972 iteraid - ok 14:55:30.0774 3972 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:55:30.0862 3972 kbdclass - ok 14:55:31.0096 3972 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 14:55:31.0147 3972 kbdhid - ok 14:55:31.0355 3972 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 14:55:31.0558 3972 KSecDD - ok 14:55:31.0831 3972 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 14:55:31.0915 3972 lltdio - ok 14:55:32.0105 3972 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 14:55:32.0159 3972 LSI_FC - ok 14:55:32.0214 3972 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 14:55:32.0258 3972 LSI_SAS - ok 14:55:32.0340 3972 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 14:55:32.0441 3972 LSI_SCSI - ok 14:55:32.0667 3972 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 14:55:32.0732 3972 luafv - ok 14:55:32.0840 3972 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 14:55:32.0878 3972 megasas - ok 14:55:33.0158 3972 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 14:55:33.0189 3972 Modem - ok 14:55:33.0370 3972 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 14:55:33.0375 3972 monitor - ok 14:55:33.0700 3972 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 14:55:33.0721 3972 mouclass - ok 14:55:33.0898 3972 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 14:55:33.0914 3972 mouhid - ok 14:55:34.0063 3972 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 14:55:34.0175 3972 MountMgr - ok 14:55:34.0379 3972 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 14:55:34.0422 3972 mpio - ok 14:55:34.0683 3972 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 14:55:34.0761 3972 mpsdrv - ok 14:55:34.0882 3972 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 14:55:34.0975 3972 Mraid35x - ok 14:55:35.0463 3972 MRV6X32U (27454c7ce157ae14fe82070eee2504d5) C:\Windows\system32\DRIVERS\WN111.sys 14:55:35.0723 3972 MRV6X32U - ok 14:55:35.0902 3972 Mrvleap (f87d977649d2d067697a3c331794785d) C:\Windows\system32\DRIVERS\mrveap32.sys 14:55:35.0935 3972 Mrvleap - ok 14:55:36.0269 3972 MRVW245 (1e68eebb627f31409c9eeedc64924b29) C:\Windows\system32\DRIVERS\WN121TXP.sys 14:55:36.0669 3972 MRVW245 - ok 14:55:36.0852 3972 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 14:55:36.0890 3972 MRxDAV - ok 14:55:37.0095 3972 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:55:37.0181 3972 mrxsmb - ok 14:55:37.0286 3972 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:55:37.0460 3972 mrxsmb10 - ok 14:55:37.0622 3972 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:55:37.0721 3972 mrxsmb20 - ok 14:55:37.0766 3972 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 14:55:37.0804 3972 msahci - ok 14:55:37.0976 3972 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 14:55:38.0027 3972 msdsm - ok 14:55:38.0084 3972 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 14:55:38.0113 3972 Msfs - ok 14:55:38.0350 3972 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 14:55:38.0362 3972 msisadrv - ok 14:55:38.0658 3972 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 14:55:38.0695 3972 MSKSSRV - ok 14:55:39.0128 3972 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 14:55:39.0157 3972 MSPCLOCK - ok 14:55:39.0358 3972 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 14:55:39.0388 3972 MSPQM - ok 14:55:39.0817 3972 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 14:55:39.0927 3972 MsRPC - ok 14:55:40.0120 3972 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 14:55:40.0180 3972 mssmbios - ok 14:55:40.0390 3972 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 14:55:40.0440 3972 MSTEE - ok 14:55:40.0599 3972 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 14:55:40.0660 3972 Mup - ok 14:55:41.0111 3972 NAL (f6e75901ddb5f54005cfce9edf2ec237) C:\Windows\system32\Drivers\iqvw32.sys 14:55:41.0199 3972 NAL - ok 14:55:41.0578 3972 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 14:55:41.0712 3972 NativeWifiP - ok 14:55:42.0010 3972 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 14:55:42.0117 3972 NDIS - ok 14:55:42.0416 3972 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 14:55:42.0457 3972 NdisTapi - ok 14:55:42.0692 3972 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 14:55:42.0723 3972 Ndisuio - ok 14:55:42.0811 3972 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:55:42.0847 3972 NdisWan - ok 14:55:42.0955 3972 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 14:55:42.0987 3972 NDProxy - ok 14:55:43.0237 3972 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 14:55:43.0263 3972 NetBIOS - ok 14:55:43.0305 3972 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 14:55:43.0443 3972 netbt - ok 14:55:43.0799 3972 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 14:55:43.0873 3972 nfrd960 - ok 14:55:43.0928 3972 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 14:55:43.0961 3972 Npfs - ok 14:55:44.0286 3972 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 14:55:44.0322 3972 nsiproxy - ok 14:55:44.0751 3972 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 14:55:45.0302 3972 Ntfs - ok 14:55:45.0817 3972 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 14:55:45.0953 3972 ntrigdigi - ok 14:55:46.0463 3972 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 14:55:46.0513 3972 Null - ok 14:55:46.0781 3972 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 14:55:46.0832 3972 nvraid - ok 14:55:46.0929 3972 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 14:55:46.0962 3972 nvstor - ok 14:55:47.0104 3972 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 14:55:47.0250 3972 nv_agp - ok 14:55:47.0330 3972 NwlnkFlt - ok 14:55:47.0378 3972 NwlnkFwd - ok 14:55:47.0501 3972 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 14:55:47.0544 3972 ohci1394 - ok 14:55:48.0191 3972 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 14:55:48.0226 3972 Parport - ok 14:55:48.0333 3972 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 14:55:48.0360 3972 partmgr - ok 14:55:48.0425 3972 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 14:55:48.0450 3972 Parvdm - ok 14:55:48.0537 3972 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 14:55:48.0562 3972 pci - ok 14:55:48.0717 3972 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys 14:55:48.0757 3972 pciide - ok 14:55:48.0837 3972 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 14:55:48.0880 3972 pcmcia - ok 14:55:49.0093 3972 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 14:55:49.0247 3972 PEAUTH - ok 14:55:49.0351 3972 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 14:55:49.0385 3972 PptpMiniport - ok 14:55:49.0447 3972 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 14:55:49.0487 3972 Processor - ok 14:55:49.0644 3972 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 14:55:49.0655 3972 PSched - ok 14:55:50.0025 3972 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 14:55:50.0474 3972 ql2300 - ok 14:55:50.0537 3972 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 14:55:50.0653 3972 ql40xx - ok 14:55:50.0875 3972 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 14:55:50.0876 3972 QWAVEdrv - ok 14:55:51.0075 3972 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 14:55:51.0099 3972 RasAcd - ok 14:55:51.0269 3972 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:55:51.0360 3972 Rasl2tp - ok 14:55:51.0659 3972 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 14:55:51.0717 3972 RasPppoe - ok 14:55:51.0876 3972 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 14:55:51.0907 3972 RasSstp - ok 14:55:52.0010 3972 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 14:55:52.0067 3972 rdbss - ok 14:55:52.0200 3972 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:55:52.0214 3972 RDPCDD - ok 14:55:52.0415 3972 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 14:55:52.0604 3972 rdpdr - ok 14:55:52.0777 3972 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 14:55:52.0789 3972 RDPENCDD - ok 14:55:52.0913 3972 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 14:55:53.0054 3972 RDPWD - ok 14:55:53.0370 3972 RkHit (330e42b31708ca5a7bad26ff96de2dae) C:\Windows\system32\drivers\RKHit.sys 14:55:53.0408 3972 RkHit - ok 14:55:53.0673 3972 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 14:55:53.0723 3972 rspndr - ok 14:55:53.0889 3972 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 14:55:53.0907 3972 sbp2port - ok 14:55:53.0957 3972 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:55:53.0982 3972 secdrv - ok 14:55:54.0227 3972 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 14:55:54.0262 3972 Serenum - ok 14:55:54.0581 3972 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 14:55:54.0768 3972 Serial - ok 14:55:54.0890 3972 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 14:55:54.0927 3972 sermouse - ok 14:55:54.0998 3972 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 14:55:55.0078 3972 sffdisk - ok 14:55:55.0216 3972 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 14:55:55.0231 3972 sffp_mmc - ok 14:55:55.0417 3972 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 14:55:55.0500 3972 sffp_sd - ok 14:55:55.0758 3972 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 14:55:55.0786 3972 sfloppy - ok 14:55:55.0941 3972 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 14:55:56.0031 3972 sisagp - ok 14:55:56.0274 3972 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 14:55:56.0304 3972 SiSRaid2 - ok 14:55:56.0337 3972 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 14:55:56.0452 3972 SiSRaid4 - ok 14:55:56.0735 3972 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 14:55:56.0767 3972 Smb - ok 14:55:57.0061 3972 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS 14:55:57.0292 3972 SMSIVZAM5 - ok 14:55:57.0538 3972 SPCP825K (eab58359f7de5eece6e0c8d4221046fa) C:\Windows\system32\DRIVERS\SPCP825K.sys 14:55:57.0599 3972 SPCP825K - ok 14:55:57.0936 3972 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 14:55:58.0077 3972 spldr - ok 14:55:58.0613 3972 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys 14:55:58.0903 3972 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9 14:55:58.0930 3972 sptd ( LockedFile.Multi.Generic ) - warning 14:55:58.0931 3972 sptd - detected LockedFile.Multi.Generic (1) 14:55:59.0079 3972 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 14:55:59.0344 3972 srv - ok 14:55:59.0483 3972 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 14:55:59.0695 3972 srv2 - ok 14:55:59.0934 3972 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 14:56:00.0038 3972 srvnet - ok 14:56:00.0185 3972 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 14:56:00.0199 3972 swenum - ok 14:56:00.0313 3972 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 14:56:00.0354 3972 Symc8xx - ok 14:56:00.0486 3972 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 14:56:00.0510 3972 Sym_hi - ok 14:56:00.0763 3972 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 14:56:00.0851 3972 Sym_u3 - ok 14:56:01.0224 3972 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 14:56:01.0616 3972 Tcpip - ok 14:56:01.0685 3972 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 14:56:01.0693 3972 Tcpip6 - ok 14:56:01.0915 3972 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 14:56:01.0951 3972 tcpipreg - ok 14:56:02.0109 3972 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 14:56:02.0141 3972 TDPIPE - ok 14:56:02.0197 3972 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 14:56:02.0233 3972 TDTCP - ok 14:56:02.0613 3972 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 14:56:02.0755 3972 tdx - ok 14:56:03.0248 3972 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys 14:56:03.0323 3972 teamviewervpn - ok 14:56:03.0554 3972 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 14:56:03.0599 3972 TermDD - ok 14:56:03.0847 3972 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\Windows\system32\DRIVERS\tmactmon.sys 14:56:03.0870 3972 tmactmon - ok 14:56:04.0181 3972 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\Windows\system32\DRIVERS\tmcomm.sys 14:56:04.0330 3972 tmcomm - ok 14:56:04.0705 3972 tmeevw (f49ca5c26378f4d5603f2a2fc86e09a1) C:\Windows\system32\DRIVERS\tmeevw.sys 14:56:04.0804 3972 tmeevw - ok 14:56:04.0935 3972 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\Windows\system32\DRIVERS\tmevtmgr.sys 14:56:05.0002 3972 tmevtmgr - ok 14:56:05.0199 3972 tmnciesc (2e078184034a179c47787f87f238d5ba) C:\Windows\system32\DRIVERS\tmnciesc.sys 14:56:05.0243 3972 tmnciesc - ok 14:56:05.0288 3972 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys 14:56:05.0401 3972 tmtdi - ok 14:56:05.0680 3972 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:56:05.0772 3972 tssecsrv - ok 14:56:05.0966 3972 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 14:56:05.0995 3972 tunmp - ok 14:56:06.0225 3972 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 14:56:06.0262 3972 tunnel - ok 14:56:06.0516 3972 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 14:56:06.0661 3972 uagp35 - ok 14:56:06.0907 3972 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 14:56:07.0000 3972 udfs - ok 14:56:07.0057 3972 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 14:56:07.0180 3972 uliagpkx - ok 14:56:07.0346 3972 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 14:56:07.0463 3972 uliahci - ok 14:56:07.0689 3972 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 14:56:07.0750 3972 UlSata - ok 14:56:07.0872 3972 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 14:56:08.0129 3972 ulsata2 - ok 14:56:08.0234 3972 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 14:56:08.0270 3972 umbus - ok 14:56:08.0582 3972 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys 14:56:08.0607 3972 UMPass - ok 14:56:08.0863 3972 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 14:56:08.0899 3972 USBAAPL - ok 14:56:09.0201 3972 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 14:56:09.0275 3972 usbaudio - ok 14:56:09.0516 3972 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 14:56:09.0583 3972 usbccgp - ok 14:56:09.0766 3972 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 14:56:09.0806 3972 usbcir - ok 14:56:09.0948 3972 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 14:56:10.0003 3972 usbehci - ok 14:56:10.0160 3972 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 14:56:10.0263 3972 usbhub - ok 14:56:10.0438 3972 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 14:56:10.0524 3972 usbohci - ok 14:56:10.0973 3972 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 14:56:11.0091 3972 usbprint - ok 14:56:11.0356 3972 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:56:11.0451 3972 USBSTOR - ok 14:56:11.0521 3972 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 14:56:11.0549 3972 usbuhci - ok 14:56:12.0093 3972 vga (f81c2da3d75352e50f4a9ac2c7fdd492) C:\Windows\system32\DRIVERS\vgapnp.sys 14:56:12.0151 3972 vga - ok 14:56:12.0343 3972 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 14:56:12.0375 3972 VgaSave - ok 14:56:12.0642 3972 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 14:56:12.0710 3972 viaagp - ok 14:56:12.0831 3972 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 14:56:12.0866 3972 ViaC7 - ok 14:56:13.0115 3972 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 14:56:13.0130 3972 viaide - ok 14:56:13.0506 3972 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 14:56:13.0555 3972 volmgr - ok 14:56:13.0813 3972 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 14:56:13.0948 3972 volmgrx - ok 14:56:14.0238 3972 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 14:56:14.0434 3972 volsnap - ok 14:56:14.0673 3972 vsbus - ok 14:56:14.0810 3972 vserial (b6103690e7764bd77500ac03e78c3bc0) C:\Windows\system32\DRIVERS\vserial.sys 14:56:14.0890 3972 vserial - ok 14:56:15.0119 3972 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 14:56:15.0217 3972 vsmraid - ok 14:56:15.0668 3972 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS 14:56:15.0894 3972 VSTHWBS2 - ok 14:56:16.0339 3972 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 14:56:17.0109 3972 VST_DPV - ok 14:56:18.0022 3972 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\Windows\system32\DRIVERS\VX3000.sys 14:56:19.0751 3972 VX3000 - ok 14:56:20.0307 3972 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 14:56:20.0410 3972 WacomPen - ok 14:56:20.0678 3972 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 14:56:20.0800 3972 Wanarp - ok 14:56:20.0919 3972 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 14:56:20.0921 3972 Wanarpv6 - ok 14:56:21.0213 3972 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 14:56:21.0299 3972 Wd - ok 14:56:21.0484 3972 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 14:56:21.0864 3972 Wdf01000 - ok 14:56:22.0177 3972 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 14:56:22.0637 3972 winachsf - ok 14:56:22.0943 3972 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 14:56:22.0982 3972 WmiAcpi - ok 14:56:23.0188 3972 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 14:56:23.0311 3972 WpdUsb - ok 14:56:23.0575 3972 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 14:56:23.0631 3972 ws2ifsl - ok 14:56:23.0762 3972 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:56:23.0804 3972 WUDFRd - ok 14:56:23.0934 3972 XDva332 - ok 14:56:23.0998 3972 XDva337 - ok 14:56:24.0114 3972 XDva341 - ok 14:56:24.0314 3972 XDva343 - ok 14:56:24.0527 3972 XDva346 - ok 14:56:24.0801 3972 XDva347 - ok 14:56:24.0942 3972 XDva349 - ok 14:56:25.0067 3972 XDva351 - ok 14:56:25.0121 3972 XDva352 - ok 14:56:25.0332 3972 XDva358 - ok 14:56:25.0391 3972 XDva359 - ok 14:56:25.0401 3972 XDva362 - ok 14:56:25.0423 3972 XDva370 - ok 14:56:25.0452 3972 XDva380 - ok 14:56:25.0664 3972 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys 14:56:25.0708 3972 xusb21 - ok 14:56:25.0722 3972 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0 14:56:25.0752 3972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 14:56:25.0752 3972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 14:56:25.0791 3972 Boot (0x1200) (e7cbbebbd4d255e4f1daa771892bf184) \Device\Harddisk0\DR0\Partition0 14:56:25.0928 3972 \Device\Harddisk0\DR0\Partition0 - ok 14:56:25.0928 3972 ============================================================ 14:56:25.0928 3972 Scan finished 14:56:25.0928 3972 ============================================================ 14:56:25.0940 1448 Detected object count: 2 14:56:25.0940 1448 Actual detected object count: 2 14:58:10.0739 1448 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 14:58:10.0839 1448 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 14:58:16.0079 1448 \Device\Harddisk0\DR0\# - copied to quarantine 14:58:16.0087 1448 \Device\Harddisk0\DR0 - copied to quarantine 14:58:18.0084 1448 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 14:58:18.0322 1448 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 14:58:19.0676 1448 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 14:58:44.0615 1448 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 14:58:47.0253 1448 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 14:58:49.0403 1448 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 14:59:13.0408 1448 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 14:59:18.0332 1448 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine 14:59:21.0069 1448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 14:59:21.0181 1448 \Device\Harddisk0\DR0 - ok 14:59:21.0472 1448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 14:59:53.0048 4816 Deinitialize success
- 9 replies
-
- google redirects
- svchost.exe
-
(and 1 more)
Tagged with:
-
I ran TrendMicro and it detected something in system32/drivers, then it prompted me to the rescuedisk USB method, which I did, and that said nothing turned up.... I have the same exact problem as in this thread now... http://www.techsupportforum.com/forums/f50/cant-view-google-web-threats-piling-up-via-trend-micro-629248.html It's blocking that website a billion times a minute.
- 9 replies
-
- google redirects
- svchost.exe
-
(and 1 more)
Tagged with:
-
A couple weeks ago, my computer started getting a lot of BSoD's...Now I get it maybe once every 3 days. I had scanned my computer, deleted some malwares with AVG. Then I kept getting more problems, so I uninstalled AVG which was outdated, installed different antiviruses which helped a little, to the point where I'm at now. If I sit idle for 5-10 minutes, my PC "locks up" and the programs won't open and Ctrl+alt+Del results in an error. Google results in redirects to some puma website... WinRAR somehow was corrupted and even after reinstalling it's still messed up. I downloaded MalwareBytes to help with the problems, it found some more malwares and deleted them, but the problem keeps persisting. Now for two days straight I've been getting popups regarding blocked IPs, associated with SVCHost.exe Attach.txt DDS.txt
- 9 replies
-
- google redirects
- svchost.exe
-
(and 1 more)
Tagged with: