Jump to content


Photo
- - - - -

Recurring IP Blocks -latest 208.210.73.29


  • This topic is locked This topic is locked
15 replies to this topic

#1 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 28 March 2012 - 04:39 PM

Per instructions, I've attached the .txt files created by running dds.com after receiving repeated notices that Malwarebytes has blocked IP 208.210.73.29

This has been happening periodically for some time even though I run an AV deep scan daily and have Malwarebytes running all the time and scan with it weekly.

Attached Files



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 March 2012 - 09:33 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 March 2012 - 01:21 AM

Tried to run RogueKiller three times. Each time the program closed once it started 'Reading MBR...."

I removed my external harddrive prior to running the program as instructed.

The text of the program failure window:

Problem signature:
Problem Event Name: APPCRASH
Application Name: RogueKiller.exe
Application Version: 7.3.2.0
Application Timestamp: 4f6c5752
Fault Module Name: StackHash_d8be
Fault Module Version: 6.0.6002.18327
Fault Module Timestamp: 4cb73436
Exception Code: c0000374
Exception Offset: 000b06fc
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: d8be
Additional Information 2: c794af452499d25aeda6b84b259f36de
Additional Information 3: 11c4
Additional Information 4: 2073a460db91e89da2991f0fb208a945


Problem signature:
Problem Event Name: APPCRASH
Application Name: RogueKiller.exe
Application Version: 7.3.2.0
Application Timestamp: 4f6c5752
Fault Module Name: StackHash_7e76
Fault Module Version: 6.0.6002.18327
Fault Module Timestamp: 4cb73436
Exception Code: c0000374
Exception Offset: 000b06fc
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 7e76
Additional Information 2: 6f899f77992aa57f9def0db50788250f
Additional Information 3: f4ba
Additional Information 4: 4410e7bcee751616166d8e940d943a18

(did not bother copying the third time)

#4 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 March 2012 - 01:35 AM

It did list 5 items under the Registry tab. All 5 were Key Type HJ. The paths were as follows:

SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel
SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel
SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/ClassicStartMenu
SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel

I was not able to capture the data under 'Values'.

#5 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 March 2012 - 07:31 AM

Uncheck MBR and try it now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#6 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 March 2012 - 07:44 AM

Results of RogueKiller:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Kai [Admin rights]
Mode: Scan -- Date: 03/30/2012 07:42:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
80.79.117.220 search.yahoo.com
80.79.117.220 www.bing.com


¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 March 2012 - 08:00 AM

OK, run RogueKiller again and click Scan.

When the scan is fininshed, we want to fix these...they're all bad;

¤¤¤ Registry Entries: 6 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND



¤¤¤ HOSTS File: ¤¤¤
80.79.117.220 search.yahoo.com
80.79.117.220 www.bing.com


First click on the Proxy Tab and then click on the ProxyFix on the right.

Now click on the Hosts tab and then click HostFix on the right.

Both of these will not be deleted but will be quarantined in the RK_Quarantine folder.

-------------------------------------

Next......

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 March 2012 - 09:51 AM

As instructed...contents of TDSKiller report:

09:39:50.0442 4316 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:39:51.0122 4316 ============================================================
09:39:51.0122 4316 Current date / time: 2012/03/30 09:39:51.0122
09:39:51.0122 4316 SystemInfo:
09:39:51.0122 4316
09:39:51.0122 4316 OS Version: 6.0.6002 ServicePack: 2.0
09:39:51.0122 4316 Product type: Workstation
09:39:51.0123 4316 ComputerName: KAI-PC
09:39:51.0123 4316 UserName: Kai
09:39:51.0123 4316 Windows directory: C:\Windows
09:39:51.0123 4316 System windows directory: C:\Windows
09:39:51.0123 4316 Processor architecture: Intel x86
09:39:51.0123 4316 Number of processors: 4
09:39:51.0123 4316 Page size: 0x1000
09:39:51.0123 4316 Boot type: Normal boot
09:39:51.0123 4316 ============================================================
09:39:51.0764 4316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1800000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:39:51.0776 4316 \Device\Harddisk0\DR0:
09:39:51.0776 4316 MBR used
09:39:51.0776 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15B98CB
09:39:51.0776 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15BA000, BlocksNum 0x73150000
09:39:51.0874 4316 Initialize success
09:39:51.0874 4316 ============================================================
09:41:00.0700 4956 ============================================================
09:41:00.0700 4956 Scan started
09:41:00.0700 4956 Mode: Manual; SigCheck; TDLFS;
09:41:00.0700 4956 ============================================================
09:41:00.0911 4956 64c7762c - ok
09:41:00.0984 4956 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
09:41:01.0373 4956 ac97intc - ok
09:41:01.0431 4956 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:41:01.0636 4956 ACDaemon - ok
09:41:01.0678 4956 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:41:01.0697 4956 ACPI - ok
09:41:01.0721 4956 adfs - ok
09:41:01.0766 4956 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:41:01.0800 4956 adp94xx - ok
09:41:01.0874 4956 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:41:01.0889 4956 adpahci - ok
09:41:01.0952 4956 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:41:01.0966 4956 adpu160m - ok
09:41:02.0012 4956 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:41:02.0025 4956 adpu320 - ok
09:41:02.0060 4956 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:41:02.0133 4956 AeLookupSvc - ok
09:41:02.0172 4956 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:41:02.0228 4956 AFD - ok
09:41:02.0258 4956 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:41:02.0270 4956 agp440 - ok
09:41:02.0308 4956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:41:02.0320 4956 aic78xx - ok
09:41:02.0349 4956 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:41:02.0456 4956 ALG - ok
09:41:02.0469 4956 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:41:02.0480 4956 aliide - ok
09:41:02.0507 4956 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:41:02.0519 4956 amdagp - ok
09:41:02.0539 4956 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:41:02.0549 4956 amdide - ok
09:41:02.0578 4956 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:41:02.0628 4956 AmdK7 - ok
09:41:02.0653 4956 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:41:02.0699 4956 AmdK8 - ok
09:41:02.0767 4956 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:41:02.0803 4956 AntiVirSchedulerService - ok
09:41:02.0859 4956 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:41:02.0895 4956 AntiVirService - ok
09:41:02.0957 4956 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:41:02.0978 4956 Appinfo - ok
09:41:03.0040 4956 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:41:03.0074 4956 Apple Mobile Device - ok
09:41:03.0125 4956 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:41:03.0137 4956 arc - ok
09:41:03.0154 4956 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:41:03.0166 4956 arcsas - ok
09:41:03.0199 4956 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:41:03.0239 4956 AsyncMac - ok
09:41:03.0262 4956 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:41:03.0274 4956 atapi - ok
09:41:03.0342 4956 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:41:03.0367 4956 AudioEndpointBuilder - ok
09:41:03.0384 4956 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:41:03.0403 4956 Audiosrv - ok
09:41:03.0429 4956 AVer88xHD (ee02618bbb1df4a6decb524a502ed61e) C:\Windows\system32\drivers\AVer88xHD.sys
09:41:03.0481 4956 AVer88xHD - ok
09:41:03.0560 4956 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
09:41:03.0582 4956 avgntflt - ok
09:41:03.0623 4956 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
09:41:03.0637 4956 avipbb - ok
09:41:03.0645 4956 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
09:41:03.0657 4956 avkmgr - ok
09:41:03.0685 4956 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
09:41:03.0740 4956 bcm4sbxp - ok
09:41:03.0774 4956 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:41:03.0809 4956 Beep - ok
09:41:03.0856 4956 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:41:03.0909 4956 BFE - ok
09:41:04.0029 4956 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
09:41:04.0165 4956 BITS - ok
09:41:04.0173 4956 blbdrive - ok
09:41:04.0378 4956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:41:04.0439 4956 Bonjour Service - ok
09:41:04.0619 4956 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:41:04.0646 4956 bowser - ok
09:41:04.0676 4956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:41:04.0699 4956 BrFiltLo - ok
09:41:04.0723 4956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:41:04.0741 4956 BrFiltUp - ok
09:41:04.0776 4956 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:41:04.0814 4956 Browser - ok
09:41:04.0848 4956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:41:04.0925 4956 Brserid - ok
09:41:04.0953 4956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:41:04.0993 4956 BrSerWdm - ok
09:41:05.0014 4956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:41:05.0059 4956 BrUsbMdm - ok
09:41:05.0079 4956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:41:05.0122 4956 BrUsbSer - ok
09:41:05.0148 4956 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:41:05.0200 4956 BTHMODEM - ok
09:41:05.0232 4956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:41:05.0270 4956 cdfs - ok
09:41:05.0318 4956 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:41:05.0349 4956 cdrom - ok
09:41:05.0386 4956 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:41:05.0444 4956 CertPropSvc - ok
09:41:05.0467 4956 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:41:05.0522 4956 circlass - ok
09:41:05.0537 4956 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:41:05.0563 4956 CLFS - ok
09:41:05.0621 4956 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:41:05.0653 4956 clr_optimization_v2.0.50727_32 - ok
09:41:05.0706 4956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:41:05.0743 4956 clr_optimization_v4.0.30319_32 - ok
09:41:05.0799 4956 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
09:41:05.0848 4956 CmBatt - ok
09:41:05.0869 4956 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:41:05.0880 4956 cmdide - ok
09:41:05.0902 4956 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:41:05.0914 4956 Compbatt - ok
09:41:05.0921 4956 COMSysApp - ok
09:41:05.0965 4956 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys
09:41:05.0977 4956 cpuz135 - ok
09:41:05.0985 4956 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:41:05.0998 4956 crcdisk - ok
09:41:06.0022 4956 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:41:06.0077 4956 Crusoe - ok
09:41:06.0121 4956 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
09:41:06.0147 4956 CryptSvc - ok
09:41:06.0177 4956 CT20XUT (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS
09:41:06.0190 4956 CT20XUT - ok
09:41:06.0205 4956 CT20XUT.DLL - ok
09:41:06.0226 4956 CT20XUT.SYS (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS
09:41:06.0234 4956 CT20XUT.SYS - ok
09:41:06.0249 4956 ctac32k (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys
09:41:06.0271 4956 ctac32k - ok
09:41:06.0348 4956 ctaud2k (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys
09:41:06.0369 4956 ctaud2k - ok
09:41:06.0430 4956 CTEXFIFX (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS
09:41:06.0467 4956 CTEXFIFX - ok
09:41:06.0475 4956 CTEXFIFX.DLL - ok
09:41:06.0550 4956 CTEXFIFX.SYS (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS
09:41:06.0580 4956 CTEXFIFX.SYS - ok
09:41:06.0869 4956 CTHWIUT (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS
09:41:06.0880 4956 CTHWIUT - ok
09:41:06.0887 4956 CTHWIUT.DLL - ok
09:41:06.0898 4956 CTHWIUT.SYS (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS
09:41:06.0905 4956 CTHWIUT.SYS - ok
09:41:07.0198 4956 ctprxy2k (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys
09:41:07.0209 4956 ctprxy2k - ok
09:41:07.0218 4956 ctsfm2k (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys
09:41:07.0231 4956 ctsfm2k - ok
09:41:07.0271 4956 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:41:07.0420 4956 DcomLaunch - ok
09:41:07.0454 4956 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:41:07.0481 4956 DfsC - ok
09:41:07.0541 4956 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:41:08.0211 4956 DFSR - ok
09:41:08.0247 4956 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:41:08.0273 4956 Dhcp - ok
09:41:08.0305 4956 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:41:08.0319 4956 disk - ok
09:41:08.0364 4956 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:41:08.0433 4956 Dnscache - ok
09:41:08.0472 4956 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:41:08.0495 4956 dot3svc - ok
09:41:08.0519 4956 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:41:08.0563 4956 DPS - ok
09:41:08.0594 4956 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:41:08.0634 4956 drmkaud - ok
09:41:08.0660 4956 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
09:41:08.0693 4956 DXGKrnl - ok
09:41:08.0892 4956 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:41:08.0957 4956 E1G60 - ok
09:41:08.0981 4956 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:41:09.0044 4956 EapHost - ok
09:41:09.0056 4956 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:41:09.0075 4956 Ecache - ok
09:41:09.0164 4956 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:41:09.0191 4956 ehRecvr - ok
09:41:09.0211 4956 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:41:09.0246 4956 ehSched - ok
09:41:09.0252 4956 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:41:09.0304 4956 ehstart - ok
09:41:09.0343 4956 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:41:09.0359 4956 elxstor - ok
09:41:09.0416 4956 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:41:09.0666 4956 EMDMgmt - ok
09:41:09.0698 4956 emupia (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys
09:41:09.0711 4956 emupia - ok
09:41:09.0796 4956 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
09:41:09.0848 4956 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
09:41:09.0848 4956 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
09:41:09.0878 4956 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:41:09.0941 4956 EventSystem - ok
09:41:09.0995 4956 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:41:10.0051 4956 exfat - ok
09:41:10.0087 4956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:41:10.0122 4956 fastfat - ok
09:41:10.0156 4956 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:41:10.0199 4956 fdc - ok
09:41:10.0213 4956 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:41:10.0240 4956 fdPHost - ok
09:41:10.0261 4956 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:41:10.0338 4956 FDResPub - ok
09:41:10.0376 4956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:41:10.0389 4956 FileInfo - ok
09:41:10.0409 4956 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:41:10.0445 4956 Filetrace - ok
09:41:10.0519 4956 FirebirdGuardianDefaultInstance (1a18ebd87aa9fbf6efe8cfada08d0275) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
09:41:10.0539 4956 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:41:10.0539 4956 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:41:10.0602 4956 FirebirdServerDefaultInstance (53c740150c082aaf3c7d21c1d6a9ff98) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
09:41:11.0287 4956 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:41:11.0287 4956 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:41:11.0435 4956 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:41:11.0475 4956 flpydisk - ok
09:41:11.0895 4956 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:41:11.0912 4956 FltMgr - ok
09:41:11.0963 4956 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:41:11.0976 4956 FontCache3.0.0.0 - ok
09:41:11.0997 4956 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:41:12.0016 4956 Fs_Rec - ok
09:41:12.0039 4956 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:41:12.0051 4956 gagp30kx - ok
09:41:12.0081 4956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:41:12.0092 4956 GEARAspiWDM - ok
09:41:12.0133 4956 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:41:12.0212 4956 gpsvc - ok
09:41:12.0331 4956 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:12.0363 4956 gupdate - ok
09:41:12.0391 4956 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:12.0398 4956 gupdatem - ok
09:41:12.0438 4956 ha20x2k (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys
09:41:12.0473 4956 ha20x2k - ok
09:41:12.0851 4956 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
09:41:12.0883 4956 HdAudAddService - ok
09:41:12.0927 4956 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:41:12.0988 4956 HDAudBus - ok
09:41:13.0041 4956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:41:13.0097 4956 HidBth - ok
09:41:13.0117 4956 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:41:13.0152 4956 HidIr - ok
09:41:13.0174 4956 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
09:41:13.0204 4956 hidserv - ok
09:41:13.0223 4956 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:41:13.0243 4956 HidUsb - ok
09:41:13.0267 4956 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:41:13.0293 4956 hkmsvc - ok
09:41:13.0320 4956 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:41:13.0327 4956 HpCISSs - ok
09:41:13.0370 4956 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:41:13.0476 4956 HTTP - ok
09:41:13.0488 4956 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:41:13.0496 4956 i2omp - ok
09:41:13.0536 4956 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:41:13.0560 4956 i8042prt - ok
09:41:13.0614 4956 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
09:41:13.0969 4956 ialm - ok
09:41:13.0989 4956 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:41:13.0999 4956 iaStorV - ok
09:41:14.0055 4956 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:41:14.0110 4956 idsvc - ok
09:41:14.0224 4956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:41:14.0232 4956 iirsp - ok
09:41:14.0501 4956 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:41:14.0574 4956 IKEEXT - ok
09:41:14.0589 4956 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:41:14.0600 4956 intelide - ok
09:41:14.0663 4956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:41:14.0694 4956 intelppm - ok
09:41:14.0721 4956 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:41:14.0755 4956 IPBusEnum - ok
09:41:14.0786 4956 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:41:14.0816 4956 IpFilterDriver - ok
09:41:14.0847 4956 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:41:14.0906 4956 iphlpsvc - ok
09:41:14.0913 4956 IpInIp - ok
09:41:14.0942 4956 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:41:15.0019 4956 IPMIDRV - ok
09:41:15.0045 4956 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:41:15.0066 4956 IPNAT - ok
09:41:15.0123 4956 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
09:41:15.0225 4956 iPod Service - ok
09:41:15.0396 4956 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:41:15.0421 4956 IRENUM - ok
09:41:15.0438 4956 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:41:15.0450 4956 isapnp - ok
09:41:15.0489 4956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:41:15.0500 4956 iScsiPrt - ok
09:41:15.0522 4956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:41:15.0529 4956 iteatapi - ok
09:41:15.0542 4956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:41:15.0550 4956 iteraid - ok
09:41:15.0580 4956 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:41:15.0588 4956 kbdclass - ok
09:41:15.0610 4956 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:41:15.0638 4956 kbdhid - ok
09:41:15.0673 4956 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:41:15.0714 4956 KeyIso - ok
09:41:15.0754 4956 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:41:15.0780 4956 KSecDD - ok
09:41:15.0916 4956 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:41:15.0996 4956 KtmRm - ok
09:41:16.0076 4956 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
09:41:16.0133 4956 LanmanServer - ok
09:41:16.0168 4956 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:41:16.0212 4956 LanmanWorkstation - ok
09:41:16.0232 4956 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:41:16.0258 4956 lltdio - ok
09:41:16.0319 4956 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:41:16.0413 4956 lltdsvc - ok
09:41:16.0427 4956 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:41:16.0469 4956 lmhosts - ok
09:41:16.0487 4956 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:41:16.0495 4956 LSI_FC - ok
09:41:16.0513 4956 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:41:16.0521 4956 LSI_SAS - ok
09:41:16.0540 4956 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:41:16.0548 4956 LSI_SCSI - ok
09:41:16.0560 4956 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:41:16.0598 4956 luafv - ok
09:41:16.0633 4956 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
09:41:16.0644 4956 MBAMProtector - ok
09:41:16.0715 4956 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:41:16.0751 4956 MBAMService - ok
09:41:16.0920 4956 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:41:16.0937 4956 Mcx2Svc - ok
09:41:16.0974 4956 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:41:16.0985 4956 megasas - ok
09:41:17.0001 4956 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:41:17.0052 4956 MMCSS - ok
09:41:17.0087 4956 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:41:17.0117 4956 Modem - ok
09:41:17.0150 4956 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:41:17.0170 4956 monitor - ok
09:41:17.0196 4956 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:41:17.0205 4956 mouclass - ok
09:41:17.0218 4956 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:41:17.0252 4956 mouhid - ok
09:41:17.0261 4956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:41:17.0276 4956 MountMgr - ok
09:41:17.0350 4956 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:41:17.0363 4956 mpio - ok
09:41:17.0400 4956 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:41:17.0425 4956 mpsdrv - ok
09:41:17.0452 4956 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:41:17.0589 4956 MpsSvc - ok
09:41:17.0618 4956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:41:17.0625 4956 Mraid35x - ok
09:41:17.0651 4956 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:41:17.0670 4956 MRxDAV - ok
09:41:17.0692 4956 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:41:17.0728 4956 mrxsmb - ok
09:41:17.0768 4956 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:41:17.0791 4956 mrxsmb10 - ok
09:41:17.0811 4956 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:41:17.0839 4956 mrxsmb20 - ok
09:41:17.0857 4956 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:41:17.0864 4956 msahci - ok
09:41:17.0885 4956 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:41:17.0898 4956 msdsm - ok
09:41:17.0913 4956 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:41:17.0942 4956 MSDTC - ok
09:41:17.0979 4956 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:41:18.0004 4956 Msfs - ok
09:41:18.0035 4956 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:41:18.0047 4956 msisadrv - ok
09:41:18.0081 4956 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:41:18.0145 4956 MSiSCSI - ok
09:41:18.0151 4956 msiserver - ok
09:41:18.0175 4956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:41:18.0214 4956 MSKSSRV - ok
09:41:18.0237 4956 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:41:18.0269 4956 MSPCLOCK - ok
09:41:18.0308 4956 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:41:18.0331 4956 MSPQM - ok
09:41:18.0351 4956 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:41:18.0367 4956 MsRPC - ok
09:41:18.0385 4956 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:41:18.0397 4956 mssmbios - ok
09:41:18.0413 4956 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:41:18.0442 4956 MSTEE - ok
09:41:18.0453 4956 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:41:18.0467 4956 Mup - ok
09:41:18.0495 4956 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:41:18.0543 4956 napagent - ok
09:41:18.0592 4956 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:41:18.0617 4956 NativeWifiP - ok
09:41:18.0646 4956 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:41:18.0663 4956 NDIS - ok
09:41:18.0753 4956 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:41:18.0780 4956 NdisTapi - ok
09:41:18.0807 4956 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:41:18.0831 4956 Ndisuio - ok
09:41:18.0844 4956 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:41:18.0871 4956 NdisWan - ok
09:41:18.0899 4956 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:41:18.0916 4956 NDProxy - ok
09:41:18.0932 4956 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:41:18.0963 4956 NetBIOS - ok
09:41:18.0983 4956 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:41:19.0000 4956 netbt - ok
09:41:19.0017 4956 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:41:19.0059 4956 Netlogon - ok
09:41:19.0234 4956 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:41:19.0278 4956 Netman - ok
09:41:19.0314 4956 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:41:19.0401 4956 netprofm - ok
09:41:19.0471 4956 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:41:19.0487 4956 NetTcpPortSharing - ok
09:41:19.0576 4956 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
09:41:19.0985 4956 NETw2v32 - ok
09:41:20.0268 4956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:41:20.0280 4956 nfrd960 - ok
09:41:20.0307 4956 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:41:20.0387 4956 NlaSvc - ok
09:41:20.0425 4956 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:41:20.0453 4956 Npfs - ok
09:41:20.0468 4956 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:41:20.0501 4956 nsi - ok
09:41:20.0520 4956 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:41:20.0543 4956 nsiproxy - ok
09:41:20.0579 4956 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:41:20.0615 4956 Ntfs - ok
09:41:20.0634 4956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:41:20.0901 4956 ntrigdigi - ok
09:41:20.0917 4956 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:41:20.0941 4956 Null - ok
09:41:21.0005 4956 NVHDA (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys
09:41:21.0012 4956 NVHDA - ok
09:41:21.0207 4956 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:41:23.0044 4956 nvlddmkm - ok
09:41:24.0114 4956 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:41:24.0135 4956 nvraid - ok
09:41:24.0173 4956 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\DRIVERS\NVRD32.SYS
09:41:24.0180 4956 nvrd32 - ok
09:41:24.0207 4956 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:41:24.0214 4956 nvstor - ok
09:41:24.0236 4956 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\DRIVERS\NVSTOR32.SYS
09:41:24.0244 4956 nvstor32 - ok
09:41:24.0302 4956 NVSvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
09:41:24.0515 4956 NVSvc - ok
09:41:24.0738 4956 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
09:41:25.0198 4956 nvUpdatusService - ok
09:41:25.0434 4956 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:41:25.0442 4956 nv_agp - ok
09:41:25.0450 4956 NwlnkFlt - ok
09:41:25.0459 4956 NwlnkFwd - ok
09:41:25.0552 4956 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:41:25.0612 4956 odserv - ok
09:41:25.0652 4956 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:41:25.0673 4956 ohci1394 - ok
09:41:25.0737 4956 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:41:25.0753 4956 ose - ok
09:41:25.0789 4956 ossrv (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys
09:41:25.0801 4956 ossrv - ok
09:41:25.0837 4956 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:41:25.0882 4956 p2pimsvc - ok
09:41:26.0018 4956 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:41:26.0038 4956 p2psvc - ok
09:41:26.0200 4956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:41:26.0240 4956 Parport - ok
09:41:26.0261 4956 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:41:26.0277 4956 partmgr - ok
09:41:26.0291 4956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:41:26.0336 4956 Parvdm - ok
09:41:26.0364 4956 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:41:26.0432 4956 PcaSvc - ok
09:41:26.0462 4956 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:41:26.0480 4956 pci - ok
09:41:26.0495 4956 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:41:26.0510 4956 pciide - ok
09:41:26.0538 4956 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
09:41:26.0547 4956 pcmcia - ok
09:41:26.0592 4956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:41:26.0913 4956 PEAUTH - ok
09:41:26.0962 4956 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:41:27.0421 4956 pla - ok
09:41:27.0442 4956 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:41:27.0481 4956 PlugPlay - ok
09:41:27.0495 4956 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:41:27.0515 4956 PNRPAutoReg - ok
09:41:27.0525 4956 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:41:27.0545 4956 PNRPsvc - ok
09:41:27.0708 4956 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:41:28.0021 4956 PolicyAgent - ok
09:41:28.0042 4956 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:41:28.0071 4956 PptpMiniport - ok
09:41:28.0094 4956 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:41:28.0145 4956 Processor - ok
09:41:28.0170 4956 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:41:28.0222 4956 ProfSvc - ok
09:41:28.0253 4956 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:41:28.0284 4956 ProtectedStorage - ok
09:41:28.0310 4956 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:41:28.0335 4956 PSched - ok
09:41:28.0411 4956 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:41:28.0456 4956 PSI_SVC_2 - ok
09:41:28.0511 4956 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:41:28.0534 4956 ql2300 - ok
09:41:28.0762 4956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:41:28.0771 4956 ql40xx - ok
09:41:28.0814 4956 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:41:28.0843 4956 QWAVE - ok
09:41:28.0857 4956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:41:28.0879 4956 QWAVEdrv - ok
09:41:28.0904 4956 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:41:28.0929 4956 RasAcd - ok
09:41:28.0986 4956 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:41:29.0017 4956 RasAuto - ok
09:41:29.0039 4956 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:41:29.0061 4956 Rasl2tp - ok
09:41:29.0080 4956 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:41:29.0105 4956 RasMan - ok
09:41:29.0123 4956 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:41:29.0147 4956 RasPppoe - ok
09:41:29.0171 4956 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:41:29.0189 4956 RasSstp - ok
09:41:29.0204 4956 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:41:29.0232 4956 rdbss - ok
09:41:29.0252 4956 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:41:29.0278 4956 RDPCDD - ok
09:41:29.0303 4956 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:41:29.0364 4956 rdpdr - ok
09:41:29.0373 4956 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:41:29.0398 4956 RDPENCDD - ok
09:41:29.0436 4956 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:41:29.0453 4956 RDPWD - ok
09:41:29.0501 4956 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:41:29.0526 4956 RemoteAccess - ok
09:41:29.0543 4956 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:41:29.0567 4956 RemoteRegistry - ok
09:41:29.0594 4956 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:41:29.0654 4956 RpcLocator - ok
09:41:29.0685 4956 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:41:29.0722 4956 RpcSs - ok
09:41:29.0836 4956 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:41:29.0872 4956 rspndr - ok
09:41:29.0887 4956 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:41:29.0918 4956 RTL8169 - ok
09:41:29.0946 4956 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:41:29.0957 4956 SamSs - ok
09:41:29.0988 4956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:41:29.0996 4956 sbp2port - ok
09:41:30.0029 4956 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:41:30.0052 4956 SCardSvr - ok
09:41:30.0079 4956 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:41:30.0321 4956 Schedule - ok
09:41:30.0347 4956 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:41:30.0363 4956 SCPolicySvc - ok
09:41:30.0390 4956 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
09:41:30.0439 4956 sdbus - ok
09:41:30.0466 4956 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:41:30.0507 4956 SDRSVC - ok
09:41:30.0515 4956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:41:30.0562 4956 secdrv - ok
09:41:30.0578 4956 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:41:30.0604 4956 seclogon - ok
09:41:30.0620 4956 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
09:41:30.0654 4956 SENS - ok
09:41:30.0667 4956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:41:30.0705 4956 Serenum - ok
09:41:30.0732 4956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:41:30.0782 4956 Serial - ok
09:41:30.0828 4956 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:41:30.0852 4956 sermouse - ok
09:41:30.0884 4956 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:41:30.0945 4956 SessionEnv - ok
09:41:30.0964 4956 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:41:31.0003 4956 sffdisk - ok
09:41:31.0022 4956 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:41:31.0060 4956 sffp_mmc - ok
09:41:31.0081 4956 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:41:31.0141 4956 sffp_sd - ok
09:41:31.0154 4956 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:41:31.0193 4956 sfloppy - ok
09:41:31.0215 4956 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:41:31.0245 4956 SharedAccess - ok
09:41:31.0294 4956 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:41:31.0370 4956 ShellHWDetection - ok
09:41:31.0392 4956 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:41:31.0400 4956 sisagp - ok
09:41:31.0421 4956 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:41:31.0429 4956 SiSRaid2 - ok
09:41:31.0455 4956 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:41:31.0464 4956 SiSRaid4 - ok
09:41:31.0535 4956 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:41:32.0540 4956 slsvc - ok
09:41:32.0568 4956 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
09:41:32.0599 4956 SLUINotify - ok
09:41:32.0621 4956 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:41:32.0637 4956 Smb - ok
09:41:32.0657 4956 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:41:32.0673 4956 SNMPTRAP - ok
09:41:32.0695 4956 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:41:32.0707 4956 spldr - ok
09:41:32.0743 4956 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:41:32.0821 4956 Spooler - ok
09:41:32.0859 4956 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:41:32.0914 4956 srv - ok
09:41:32.0931 4956 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:41:32.0957 4956 srv2 - ok
09:41:32.0980 4956 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:41:32.0997 4956 srvnet - ok
09:41:33.0015 4956 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:41:33.0054 4956 SSDPSRV - ok
09:41:33.0081 4956 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
09:41:33.0087 4956 ssmdrv - ok
09:41:33.0125 4956 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:41:33.0145 4956 SstpSvc - ok
09:41:33.0230 4956 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:41:33.0313 4956 Stereo Service - ok
09:41:33.0427 4956 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:41:33.0512 4956 stisvc - ok
09:41:33.0588 4956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:41:33.0599 4956 swenum - ok
09:41:33.0670 4956 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:41:33.0733 4956 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
09:41:33.0733 4956 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
09:41:33.0753 4956 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:41:33.0784 4956 swprv - ok
09:41:33.0811 4956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:41:33.0819 4956 Symc8xx - ok
09:41:33.0844 4956 SymIM - ok
09:41:33.0853 4956 SymIMMP - ok
09:41:33.0879 4956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:41:33.0886 4956 Sym_hi - ok
09:41:33.0910 4956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:41:33.0918 4956 Sym_u3 - ok
09:41:33.0964 4956 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:41:34.0050 4956 SysMain - ok
09:41:34.0147 4956 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:41:34.0178 4956 TabletInputService - ok
09:41:34.0214 4956 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:41:34.0252 4956 TapiSrv - ok
09:41:34.0275 4956 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:41:34.0339 4956 TBS - ok
09:41:34.0381 4956 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
09:41:34.0430 4956 Tcpip - ok
09:41:34.0450 4956 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
09:41:34.0476 4956 Tcpip6 - ok
09:41:34.0711 4956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:41:34.0963 4956 tcpipreg - ok
09:41:34.0992 4956 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:41:35.0026 4956 TDPIPE - ok
09:41:35.0047 4956 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:41:35.0067 4956 TDTCP - ok
09:41:35.0088 4956 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:41:35.0109 4956 tdx - ok
09:41:35.0137 4956 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:41:35.0146 4956 TermDD - ok
09:41:35.0164 4956 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:41:35.0335 4956 TermService - ok
09:41:35.0377 4956 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:41:35.0391 4956 Themes - ok
09:41:35.0407 4956 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:41:35.0429 4956 THREADORDER - ok
09:41:35.0447 4956 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:41:35.0513 4956 TrkWks - ok
09:41:35.0526 4956 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:41:35.0586 4956 TrustedInstaller - ok
09:41:35.0605 4956 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:41:35.0626 4956 tssecsrv - ok
09:41:35.0651 4956 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:41:35.0681 4956 tunmp - ok
09:41:35.0695 4956 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:41:35.0707 4956 tunnel - ok
09:41:35.0740 4956 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:41:35.0747 4956 uagp35 - ok
09:41:35.0783 4956 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:41:35.0800 4956 udfs - ok
09:41:35.0841 4956 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:41:35.0869 4956 UI0Detect - ok
09:41:35.0892 4956 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:41:35.0900 4956 uliagpkx - ok
09:41:35.0926 4956 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:41:35.0941 4956 uliahci - ok
09:41:35.0960 4956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:41:35.0969 4956 UlSata - ok
09:41:35.0992 4956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:41:36.0001 4956 ulsata2 - ok
09:41:36.0035 4956 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:41:36.0063 4956 umbus - ok
09:41:36.0097 4956 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:41:36.0131 4956 upnphost - ok
09:41:36.0168 4956 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:41:36.0218 4956 USBAAPL - ok
09:41:36.0286 4956 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:41:36.0302 4956 usbaudio - ok
09:41:36.0336 4956 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:41:36.0364 4956 usbccgp - ok
09:41:36.0382 4956 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:41:36.0417 4956 usbcir - ok
09:41:36.0437 4956 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:41:36.0453 4956 usbehci - ok
09:41:36.0483 4956 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:41:36.0511 4956 usbhub - ok
09:41:36.0524 4956 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:41:36.0553 4956 usbohci - ok
09:41:36.0566 4956 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
09:41:36.0605 4956 usbprint - ok
09:41:36.0622 4956 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:41:36.0639 4956 USBSTOR - ok
09:41:36.0656 4956 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:41:36.0691 4956 usbuhci - ok
09:41:36.0714 4956 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:41:36.0756 4956 UxSms - ok
09:41:36.0796 4956 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:41:36.0834 4956 vds - ok
09:41:36.0857 4956 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:41:36.0878 4956 vga - ok
09:41:36.0917 4956 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:41:36.0944 4956 VgaSave - ok
09:41:36.0967 4956 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:41:36.0975 4956 viaagp - ok
09:41:36.0993 4956 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:41:37.0029 4956 ViaC7 - ok
09:41:37.0053 4956 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:41:37.0064 4956 viaide - ok
09:41:37.0094 4956 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:41:37.0107 4956 volmgr - ok
09:41:37.0135 4956 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:41:37.0161 4956 volmgrx - ok
09:41:37.0172 4956 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:41:37.0184 4956 volsnap - ok
09:41:37.0201 4956 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:41:37.0211 4956 vsmraid - ok
09:41:37.0252 4956 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:41:37.0402 4956 VSS - ok
09:41:37.0577 4956 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:41:37.0649 4956 W32Time - ok
09:41:37.0675 4956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:41:37.0710 4956 WacomPen - ok
09:41:37.0733 4956 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:41:37.0750 4956 Wanarp - ok
09:41:37.0753 4956 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:41:37.0769 4956 Wanarpv6 - ok
09:41:37.0787 4956 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:41:37.0892 4956 wcncsvc - ok
09:41:37.0913 4956 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:41:37.0943 4956 WcsPlugInService - ok
09:41:37.0967 4956 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:41:37.0979 4956 Wd - ok
09:41:38.0005 4956 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
09:41:38.0037 4956 WDC_SAM - ok
09:41:38.0126 4956 WDDMService (dbbab783009fbdf69b222641bb7831ae) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
09:41:38.0142 4956 WDDMService ( UnsignedFile.Multi.Generic ) - warning
09:41:38.0142 4956 WDDMService - detected UnsignedFile.Multi.Generic (1)
09:41:38.0173 4956 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:41:38.0202 4956 Wdf01000 - ok
09:41:38.0349 4956 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
09:41:38.0423 4956 WDFME ( UnsignedFile.Multi.Generic ) - warning
09:41:38.0424 4956 WDFME - detected UnsignedFile.Multi.Generic (1)
09:41:38.0518 4956 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:41:38.0708 4956 WdiServiceHost - ok
09:41:38.0712 4956 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:41:38.0735 4956 WdiSystemHost - ok
09:41:38.0755 4956 WDSC (b30940e39d5b3218958dbd2ea3d13bcb) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
09:41:38.0842 4956 WDSC ( UnsignedFile.Multi.Generic ) - warning
09:41:38.0842 4956 WDSC - detected UnsignedFile.Multi.Generic (1)
09:41:38.0951 4956 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:41:39.0005 4956 WebClient - ok
09:41:39.0035 4956 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
09:41:39.0067 4956 Wecsvc - ok
09:41:39.0092 4956 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:41:39.0115 4956 wercplsupport - ok
09:41:39.0143 4956 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:41:39.0175 4956 WerSvc - ok
09:41:39.0202 4956 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:41:39.0236 4956 WinDefend - ok
09:41:39.0240 4956 WinHttpAutoProxySvc - ok
09:41:39.0271 4956 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:41:39.0296 4956 Winmgmt - ok
09:41:39.0330 4956 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
09:41:39.0402 4956 WinRM - ok
09:41:39.0533 4956 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:41:39.0663 4956 Wlansvc - ok
09:41:39.0700 4956 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:41:39.0739 4956 WmiAcpi - ok
09:41:39.0771 4956 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:41:39.0804 4956 wmiApSrv - ok
09:41:39.0839 4956 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:41:40.0171 4956 WMPNetworkSvc - ok
09:41:40.0228 4956 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:41:40.0263 4956 WPCSvc - ok
09:41:40.0292 4956 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
09:41:40.0368 4956 WPDBusEnum - ok
09:41:40.0427 4956 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:41:40.0453 4956 WPFFontCache_v0400 - ok
09:41:40.0610 4956 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:41:40.0634 4956 ws2ifsl - ok
09:41:40.0653 4956 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
09:41:40.0676 4956 wscsvc - ok
09:41:40.0682 4956 WSearch - ok
09:41:40.0749 4956 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
09:41:41.0076 4956 wuauserv - ok
09:41:41.0345 4956 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:41:41.0366 4956 WUDFRd - ok
09:41:41.0374 4956 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
09:41:41.0403 4956 wudfsvc - ok
09:41:41.0474 4956 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:41:41.0515 4956 YahooAUService - ok
09:41:41.0747 4956 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\CyberLink\PowerDVD\000.fcl
09:41:41.0760 4956 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
09:41:41.0764 4956 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
09:41:41.0784 4956 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
09:41:41.0784 4956 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
09:41:41.0804 4956 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:41:41.0804 4956 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:41:41.0807 4956 Boot (0x1200) (0ed24c7e9e13e5c99a5b0f5f07f4c612) \Device\Harddisk0\DR0\Partition0
09:41:41.0808 4956 \Device\Harddisk0\DR0\Partition0 - ok
09:41:41.0831 4956 Boot (0x1200) (fcada43a43d773a1c758389130c7a04e) \Device\Harddisk0\DR0\Partition1
09:41:41.0832 4956 \Device\Harddisk0\DR0\Partition1 - ok
09:41:41.0833 4956 ============================================================
09:41:41.0833 4956 Scan finished
09:41:41.0833 4956 ============================================================
09:41:41.0841 3612 Detected object count: 9
09:41:41.0841 3612 Actual detected object count: 9
09:42:23.0489 3612 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
09:42:23.0489 3612 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:42:23.0490 3612 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:42:23.0490 3612 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:42:23.0491 3612 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:42:23.0491 3612 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:42:23.0492 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
09:42:23.0492 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:42:23.0493 3612 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
09:42:23.0493 3612 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:42:23.0494 3612 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
09:42:23.0494 3612 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:42:23.0495 3612 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
09:42:23.0495 3612 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:42:23.0582 3612 \Device\Harddisk0\DR0\# - copied to quarantine
09:42:23.0768 3612 \Device\Harddisk0\DR0 - copied to quarantine
09:42:23.0784 3612 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
09:42:23.0787 3612 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:42:23.0800 3612 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:42:23.0893 3612 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
09:42:23.0926 3612 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:42:23.0939 3612 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:42:23.0953 3612 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:42:23.0967 3612 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
09:42:24.0041 3612 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:42:24.0085 3612 \Device\Harddisk0\DR0\TDLFS\lsflt7.ver - copied to quarantine
09:42:24.0091 3612 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
09:42:24.0092 3612 \Device\Harddisk0\DR0 - ok
09:42:24.0771 3612 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
09:42:24.0772 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:42:24.0772 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:43:12.0129 4852 Deinitialize success

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 March 2012 - 10:00 AM

Great, TDSSKiller found a rootkit, make sure you have rebooted to ensure it will be cured.

Next..................

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 March 2012 - 11:37 AM

Results report after running Combofix:

ComboFix 12-03-30.06 - Kai 03/30/2012 11:14:49.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3327.2073 [GMT -5:00]
Running from: c:\users\Kai\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Public\Desktop\Security Protection.lnk
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 16:24 . 2012-03-30 16:25 -------- d-----w- c:\users\Kai\AppData\Local\temp
2012-03-30 16:24 . 2012-03-30 16:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-30 16:24 . 2012-03-30 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 14:42 . 2012-03-30 14:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-30 11:45 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0D60E6-177B-4073-B320-E90616CC73AC}\mpengine.dll
2012-03-21 03:56 . 2012-03-30 16:01 -------- d-----w- c:\users\Kai\AppData\Local\Spotify
2012-03-21 03:55 . 2012-03-30 16:01 -------- d-----w- c:\users\Kai\AppData\Roaming\Spotify
2012-03-20 02:21 . 2012-03-20 02:21 -------- d-----w- c:\users\Kai\AppData\Roaming\Firestorm
2012-03-20 02:20 . 2012-03-30 12:40 -------- d-----w- c:\users\Kai\AppData\Local\Firestorm
2012-03-20 02:17 . 2012-03-20 02:20 -------- d-----w- c:\program files\Firestorm-Release
2012-03-20 01:57 . 2012-03-30 12:18 -------- d-----w- c:\users\Kai\AppData\Local\PhoenixViewer
2012-03-20 01:57 . 2012-03-28 20:38 -------- d-----w- c:\users\Kai\AppData\Roaming\SecondLife
2012-03-20 01:56 . 2012-03-20 01:57 -------- d-----w- c:\program files\Phoenix Viewer
2012-03-17 19:25 . 2012-03-17 19:25 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 19:25 . 2012-03-17 19:25 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 17:06 . 2012-03-14 17:06 -------- d-----w- C:\pbtemp9
2012-03-12 20:09 . 2012-03-12 20:09 -------- d-----w- c:\program files\Right Hemisphere
2012-03-12 20:08 . 2012-03-12 20:08 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2010-03-26 16:40 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 19:44 . 2011-05-17 21:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 18:04 . 2011-10-23 18:35 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-17 19:25 . 2011-03-24 02:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"MemDefrag"="c:\program files\MemDefrag\mdefrag.exe" [2003-03-18 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4085484821-2894652817-819203291-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
torlfsc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:53]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=mpes
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX540XV
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\651ic4rf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 11:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0xCE39277C
[0] 0x00000B58
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
.
c:\users\Kai\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\64c7762c]
"imagepath"="\??\c:\windows\TEMP\ABD6.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4085484821-2894652817-819203291-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AF05A570-0A72-565F-EA88-EF07E740ACAD}*]
"hanmgcjghacdbadd"=hex:6a,61,68,65,6d,6e,6b,6c,62,6f,70,6f,6b,6d,69,61,67,63,
6b,6b,00,01
"iahkabocbpalfiepbd"=hex:63,61,65,65,6b,67,00,7f
"iadligjfpifbnjmijo"=hex:6a,61,68,65,6d,6e,6b,6c,62,6f,70,6f,6b,6d,69,61,67,63,
6b,6b,00,01
"dbfekcpohifenhphcoeehnpccbmifpffigengecd"=hex:6a,62,68,65,6e,6e,65,67,65,6d,
65,69,68,6f,6e,69,68,6f,64,69,67,65,66,62,69,6f,6b,6c,69,6b,63,70,61,64,6c,\
"jbfekcpohifenhphcoeeemdojekgnlehljfbidcmahlkfjhopmfe"=hex:6f,61,64,6c,65,6b,
6f,6e,6f,6e,6e,66,6e,6f,65,68,67,61,62,6f,61,6d,62,6f,62,63,6f,70,62,62,00,\
.
Completion time: 2012-03-30 11:33:56
ComboFix-quarantined-files.txt 2012-03-30 16:33
.
Pre-Run: 731,154,173,952 bytes free
Post-Run: 731,834,781,696 bytes free
.
- - End Of File - - E52E0C4DAA7E5AEDDFC2BACFA4A3C732

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 March 2012 - 11:55 AM

Looks Good.

Let clean out the temp files on the system:

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Please do this: (it will reboot the computer)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
-------------------------

Then........
Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 March 2012 - 12:23 PM

OTL Report:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kai
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 1933829 bytes
->Java cache emptied: 12398988 bytes
->FireFox cache emptied: 563042221 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57647 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 378021 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 551.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03302012_120406

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





MBAM Quick Scan Results:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19120
Kai :: KAI-PC [administrator]

Protection: Enabled

3/30/2012 12:14:08 PM
mbam-log-2012-03-30 (12-14-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 214588
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 March 2012 - 12:35 PM

How is it??? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 Serndpt

Serndpt

    New Member

  • Members
  • Pip
  • 8 posts

Posted 30 March 2012 - 01:18 PM

Thank you, MrC. No popups from MBam and everything is running smoothly. Can't figure out where on earth I got such a nasty little 'bug' but so very thanksful for your help in squashing it.

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,194 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 March 2012 - 01:23 PM

Great!
Please uninstall ComboFix:


Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

----------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Make sure you update your Java!

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 31 March 2012 - 07:58 AM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users