Serndpt

Recurring IP Blocks -latest 208.210.73.29

16 posts in this topic

Per instructions, I've attached the .txt files created by running dds.com after receiving repeated notices that Malwarebytes has blocked IP 208.210.73.29

This has been happening periodically for some time even though I run an AV deep scan daily and have Malwarebytes running all the time and scan with it weekly.

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Tried to run RogueKiller three times. Each time the program closed once it started 'Reading MBR...."

I removed my external harddrive prior to running the program as instructed.

The text of the program failure window:

Problem signature:

Problem Event Name: APPCRASH

Application Name: RogueKiller.exe

Application Version: 7.3.2.0

Application Timestamp: 4f6c5752

Fault Module Name: StackHash_d8be

Fault Module Version: 6.0.6002.18327

Fault Module Timestamp: 4cb73436

Exception Code: c0000374

Exception Offset: 000b06fc

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: d8be

Additional Information 2: c794af452499d25aeda6b84b259f36de

Additional Information 3: 11c4

Additional Information 4: 2073a460db91e89da2991f0fb208a945

Problem signature:

Problem Event Name: APPCRASH

Application Name: RogueKiller.exe

Application Version: 7.3.2.0

Application Timestamp: 4f6c5752

Fault Module Name: StackHash_7e76

Fault Module Version: 6.0.6002.18327

Fault Module Timestamp: 4cb73436

Exception Code: c0000374

Exception Offset: 000b06fc

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: 7e76

Additional Information 2: 6f899f77992aa57f9def0db50788250f

Additional Information 3: f4ba

Additional Information 4: 4410e7bcee751616166d8e940d943a18

(did not bother copying the third time)

Share this post


Link to post
Share on other sites

It did list 5 items under the Registry tab. All 5 were Key Type HJ. The paths were as follows:

SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System

SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel

SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel

SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/ClassicStartMenu

SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel

I was not able to capture the data under 'Values'.

Share this post


Link to post
Share on other sites

Uncheck MBR and try it now, MrC

Share this post


Link to post
Share on other sites

Results of RogueKiller:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Kai [Admin rights]

Mode: Scan -- Date: 03/30/2012 07:42:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

80.79.117.220 search.yahoo.com

80.79.117.220 www.bing.com

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, run RogueKiller again and click Scan.

When the scan is fininshed, we want to fix these...they're all bad;

¤¤¤ Registry Entries: 6 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

¤¤¤ HOSTS File: ¤¤¤

80.79.117.220 search.yahoo.com

80.79.117.220 www.bing.com

First click on the Proxy Tab and then click on the ProxyFix on the right.

Now click on the Hosts tab and then click HostFix on the right.

Both of these will not be deleted but will be quarantined in the RK_Quarantine folder.

-------------------------------------

Next......

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

As instructed...contents of TDSKiller report:

09:39:50.0442 4316 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

09:39:51.0122 4316 ============================================================

09:39:51.0122 4316 Current date / time: 2012/03/30 09:39:51.0122

09:39:51.0122 4316 SystemInfo:

09:39:51.0122 4316

09:39:51.0122 4316 OS Version: 6.0.6002 ServicePack: 2.0

09:39:51.0122 4316 Product type: Workstation

09:39:51.0123 4316 ComputerName: KAI-PC

09:39:51.0123 4316 UserName: Kai

09:39:51.0123 4316 Windows directory: C:\Windows

09:39:51.0123 4316 System windows directory: C:\Windows

09:39:51.0123 4316 Processor architecture: Intel x86

09:39:51.0123 4316 Number of processors: 4

09:39:51.0123 4316 Page size: 0x1000

09:39:51.0123 4316 Boot type: Normal boot

09:39:51.0123 4316 ============================================================

09:39:51.0764 4316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1800000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:39:51.0776 4316 \Device\Harddisk0\DR0:

09:39:51.0776 4316 MBR used

09:39:51.0776 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15B98CB

09:39:51.0776 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15BA000, BlocksNum 0x73150000

09:39:51.0874 4316 Initialize success

09:39:51.0874 4316 ============================================================

09:41:00.0700 4956 ============================================================

09:41:00.0700 4956 Scan started

09:41:00.0700 4956 Mode: Manual; SigCheck; TDLFS;

09:41:00.0700 4956 ============================================================

09:41:00.0911 4956 64c7762c - ok

09:41:00.0984 4956 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys

09:41:01.0373 4956 ac97intc - ok

09:41:01.0431 4956 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

09:41:01.0636 4956 ACDaemon - ok

09:41:01.0678 4956 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

09:41:01.0697 4956 ACPI - ok

09:41:01.0721 4956 adfs - ok

09:41:01.0766 4956 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

09:41:01.0800 4956 adp94xx - ok

09:41:01.0874 4956 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

09:41:01.0889 4956 adpahci - ok

09:41:01.0952 4956 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

09:41:01.0966 4956 adpu160m - ok

09:41:02.0012 4956 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

09:41:02.0025 4956 adpu320 - ok

09:41:02.0060 4956 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

09:41:02.0133 4956 AeLookupSvc - ok

09:41:02.0172 4956 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

09:41:02.0228 4956 AFD - ok

09:41:02.0258 4956 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

09:41:02.0270 4956 agp440 - ok

09:41:02.0308 4956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

09:41:02.0320 4956 aic78xx - ok

09:41:02.0349 4956 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

09:41:02.0456 4956 ALG - ok

09:41:02.0469 4956 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

09:41:02.0480 4956 aliide - ok

09:41:02.0507 4956 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

09:41:02.0519 4956 amdagp - ok

09:41:02.0539 4956 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

09:41:02.0549 4956 amdide - ok

09:41:02.0578 4956 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

09:41:02.0628 4956 AmdK7 - ok

09:41:02.0653 4956 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

09:41:02.0699 4956 AmdK8 - ok

09:41:02.0767 4956 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe

09:41:02.0803 4956 AntiVirSchedulerService - ok

09:41:02.0859 4956 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

09:41:02.0895 4956 AntiVirService - ok

09:41:02.0957 4956 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

09:41:02.0978 4956 Appinfo - ok

09:41:03.0040 4956 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:41:03.0074 4956 Apple Mobile Device - ok

09:41:03.0125 4956 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

09:41:03.0137 4956 arc - ok

09:41:03.0154 4956 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

09:41:03.0166 4956 arcsas - ok

09:41:03.0199 4956 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

09:41:03.0239 4956 AsyncMac - ok

09:41:03.0262 4956 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

09:41:03.0274 4956 atapi - ok

09:41:03.0342 4956 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

09:41:03.0367 4956 AudioEndpointBuilder - ok

09:41:03.0384 4956 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

09:41:03.0403 4956 Audiosrv - ok

09:41:03.0429 4956 AVer88xHD (ee02618bbb1df4a6decb524a502ed61e) C:\Windows\system32\drivers\AVer88xHD.sys

09:41:03.0481 4956 AVer88xHD - ok

09:41:03.0560 4956 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

09:41:03.0582 4956 avgntflt - ok

09:41:03.0623 4956 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

09:41:03.0637 4956 avipbb - ok

09:41:03.0645 4956 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

09:41:03.0657 4956 avkmgr - ok

09:41:03.0685 4956 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

09:41:03.0740 4956 bcm4sbxp - ok

09:41:03.0774 4956 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

09:41:03.0809 4956 Beep - ok

09:41:03.0856 4956 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

09:41:03.0909 4956 BFE - ok

09:41:04.0029 4956 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

09:41:04.0165 4956 BITS - ok

09:41:04.0173 4956 blbdrive - ok

09:41:04.0378 4956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

09:41:04.0439 4956 Bonjour Service - ok

09:41:04.0619 4956 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

09:41:04.0646 4956 bowser - ok

09:41:04.0676 4956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

09:41:04.0699 4956 BrFiltLo - ok

09:41:04.0723 4956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

09:41:04.0741 4956 BrFiltUp - ok

09:41:04.0776 4956 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

09:41:04.0814 4956 Browser - ok

09:41:04.0848 4956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

09:41:04.0925 4956 Brserid - ok

09:41:04.0953 4956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

09:41:04.0993 4956 BrSerWdm - ok

09:41:05.0014 4956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

09:41:05.0059 4956 BrUsbMdm - ok

09:41:05.0079 4956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

09:41:05.0122 4956 BrUsbSer - ok

09:41:05.0148 4956 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

09:41:05.0200 4956 BTHMODEM - ok

09:41:05.0232 4956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

09:41:05.0270 4956 cdfs - ok

09:41:05.0318 4956 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

09:41:05.0349 4956 cdrom - ok

09:41:05.0386 4956 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

09:41:05.0444 4956 CertPropSvc - ok

09:41:05.0467 4956 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

09:41:05.0522 4956 circlass - ok

09:41:05.0537 4956 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

09:41:05.0563 4956 CLFS - ok

09:41:05.0621 4956 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:41:05.0653 4956 clr_optimization_v2.0.50727_32 - ok

09:41:05.0706 4956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:41:05.0743 4956 clr_optimization_v4.0.30319_32 - ok

09:41:05.0799 4956 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys

09:41:05.0848 4956 CmBatt - ok

09:41:05.0869 4956 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

09:41:05.0880 4956 cmdide - ok

09:41:05.0902 4956 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

09:41:05.0914 4956 Compbatt - ok

09:41:05.0921 4956 COMSysApp - ok

09:41:05.0965 4956 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys

09:41:05.0977 4956 cpuz135 - ok

09:41:05.0985 4956 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

09:41:05.0998 4956 crcdisk - ok

09:41:06.0022 4956 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

09:41:06.0077 4956 Crusoe - ok

09:41:06.0121 4956 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

09:41:06.0147 4956 CryptSvc - ok

09:41:06.0177 4956 CT20XUT (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS

09:41:06.0190 4956 CT20XUT - ok

09:41:06.0205 4956 CT20XUT.DLL - ok

09:41:06.0226 4956 CT20XUT.SYS (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS

09:41:06.0234 4956 CT20XUT.SYS - ok

09:41:06.0249 4956 ctac32k (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys

09:41:06.0271 4956 ctac32k - ok

09:41:06.0348 4956 ctaud2k (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys

09:41:06.0369 4956 ctaud2k - ok

09:41:06.0430 4956 CTEXFIFX (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS

09:41:06.0467 4956 CTEXFIFX - ok

09:41:06.0475 4956 CTEXFIFX.DLL - ok

09:41:06.0550 4956 CTEXFIFX.SYS (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS

09:41:06.0580 4956 CTEXFIFX.SYS - ok

09:41:06.0869 4956 CTHWIUT (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS

09:41:06.0880 4956 CTHWIUT - ok

09:41:06.0887 4956 CTHWIUT.DLL - ok

09:41:06.0898 4956 CTHWIUT.SYS (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS

09:41:06.0905 4956 CTHWIUT.SYS - ok

09:41:07.0198 4956 ctprxy2k (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys

09:41:07.0209 4956 ctprxy2k - ok

09:41:07.0218 4956 ctsfm2k (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys

09:41:07.0231 4956 ctsfm2k - ok

09:41:07.0271 4956 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

09:41:07.0420 4956 DcomLaunch - ok

09:41:07.0454 4956 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

09:41:07.0481 4956 DfsC - ok

09:41:07.0541 4956 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

09:41:08.0211 4956 DFSR - ok

09:41:08.0247 4956 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

09:41:08.0273 4956 Dhcp - ok

09:41:08.0305 4956 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

09:41:08.0319 4956 disk - ok

09:41:08.0364 4956 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

09:41:08.0433 4956 Dnscache - ok

09:41:08.0472 4956 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

09:41:08.0495 4956 dot3svc - ok

09:41:08.0519 4956 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

09:41:08.0563 4956 DPS - ok

09:41:08.0594 4956 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

09:41:08.0634 4956 drmkaud - ok

09:41:08.0660 4956 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys

09:41:08.0693 4956 DXGKrnl - ok

09:41:08.0892 4956 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

09:41:08.0957 4956 E1G60 - ok

09:41:08.0981 4956 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

09:41:09.0044 4956 EapHost - ok

09:41:09.0056 4956 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

09:41:09.0075 4956 Ecache - ok

09:41:09.0164 4956 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

09:41:09.0191 4956 ehRecvr - ok

09:41:09.0211 4956 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

09:41:09.0246 4956 ehSched - ok

09:41:09.0252 4956 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

09:41:09.0304 4956 ehstart - ok

09:41:09.0343 4956 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

09:41:09.0359 4956 elxstor - ok

09:41:09.0416 4956 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

09:41:09.0666 4956 EMDMgmt - ok

09:41:09.0698 4956 emupia (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys

09:41:09.0711 4956 emupia - ok

09:41:09.0796 4956 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

09:41:09.0848 4956 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

09:41:09.0848 4956 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

09:41:09.0878 4956 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

09:41:09.0941 4956 EventSystem - ok

09:41:09.0995 4956 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

09:41:10.0051 4956 exfat - ok

09:41:10.0087 4956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

09:41:10.0122 4956 fastfat - ok

09:41:10.0156 4956 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

09:41:10.0199 4956 fdc - ok

09:41:10.0213 4956 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

09:41:10.0240 4956 fdPHost - ok

09:41:10.0261 4956 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

09:41:10.0338 4956 FDResPub - ok

09:41:10.0376 4956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

09:41:10.0389 4956 FileInfo - ok

09:41:10.0409 4956 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

09:41:10.0445 4956 Filetrace - ok

09:41:10.0519 4956 FirebirdGuardianDefaultInstance (1a18ebd87aa9fbf6efe8cfada08d0275) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

09:41:10.0539 4956 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning

09:41:10.0539 4956 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)

09:41:10.0602 4956 FirebirdServerDefaultInstance (53c740150c082aaf3c7d21c1d6a9ff98) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

09:41:11.0287 4956 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning

09:41:11.0287 4956 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)

09:41:11.0435 4956 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

09:41:11.0475 4956 flpydisk - ok

09:41:11.0895 4956 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

09:41:11.0912 4956 FltMgr - ok

09:41:11.0963 4956 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:41:11.0976 4956 FontCache3.0.0.0 - ok

09:41:11.0997 4956 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

09:41:12.0016 4956 Fs_Rec - ok

09:41:12.0039 4956 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

09:41:12.0051 4956 gagp30kx - ok

09:41:12.0081 4956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:41:12.0092 4956 GEARAspiWDM - ok

09:41:12.0133 4956 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

09:41:12.0212 4956 gpsvc - ok

09:41:12.0331 4956 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:41:12.0363 4956 gupdate - ok

09:41:12.0391 4956 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:41:12.0398 4956 gupdatem - ok

09:41:12.0438 4956 ha20x2k (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys

09:41:12.0473 4956 ha20x2k - ok

09:41:12.0851 4956 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

09:41:12.0883 4956 HdAudAddService - ok

09:41:12.0927 4956 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:41:12.0988 4956 HDAudBus - ok

09:41:13.0041 4956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

09:41:13.0097 4956 HidBth - ok

09:41:13.0117 4956 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

09:41:13.0152 4956 HidIr - ok

09:41:13.0174 4956 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

09:41:13.0204 4956 hidserv - ok

09:41:13.0223 4956 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

09:41:13.0243 4956 HidUsb - ok

09:41:13.0267 4956 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

09:41:13.0293 4956 hkmsvc - ok

09:41:13.0320 4956 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

09:41:13.0327 4956 HpCISSs - ok

09:41:13.0370 4956 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

09:41:13.0476 4956 HTTP - ok

09:41:13.0488 4956 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

09:41:13.0496 4956 i2omp - ok

09:41:13.0536 4956 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

09:41:13.0560 4956 i8042prt - ok

09:41:13.0614 4956 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys

09:41:13.0969 4956 ialm - ok

09:41:13.0989 4956 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

09:41:13.0999 4956 iaStorV - ok

09:41:14.0055 4956 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:41:14.0110 4956 idsvc - ok

09:41:14.0224 4956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

09:41:14.0232 4956 iirsp - ok

09:41:14.0501 4956 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

09:41:14.0574 4956 IKEEXT - ok

09:41:14.0589 4956 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

09:41:14.0600 4956 intelide - ok

09:41:14.0663 4956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

09:41:14.0694 4956 intelppm - ok

09:41:14.0721 4956 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

09:41:14.0755 4956 IPBusEnum - ok

09:41:14.0786 4956 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:41:14.0816 4956 IpFilterDriver - ok

09:41:14.0847 4956 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

09:41:14.0906 4956 iphlpsvc - ok

09:41:14.0913 4956 IpInIp - ok

09:41:14.0942 4956 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

09:41:15.0019 4956 IPMIDRV - ok

09:41:15.0045 4956 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

09:41:15.0066 4956 IPNAT - ok

09:41:15.0123 4956 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe

09:41:15.0225 4956 iPod Service - ok

09:41:15.0396 4956 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

09:41:15.0421 4956 IRENUM - ok

09:41:15.0438 4956 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

09:41:15.0450 4956 isapnp - ok

09:41:15.0489 4956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

09:41:15.0500 4956 iScsiPrt - ok

09:41:15.0522 4956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

09:41:15.0529 4956 iteatapi - ok

09:41:15.0542 4956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

09:41:15.0550 4956 iteraid - ok

09:41:15.0580 4956 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

09:41:15.0588 4956 kbdclass - ok

09:41:15.0610 4956 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

09:41:15.0638 4956 kbdhid - ok

09:41:15.0673 4956 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

09:41:15.0714 4956 KeyIso - ok

09:41:15.0754 4956 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

09:41:15.0780 4956 KSecDD - ok

09:41:15.0916 4956 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

09:41:15.0996 4956 KtmRm - ok

09:41:16.0076 4956 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

09:41:16.0133 4956 LanmanServer - ok

09:41:16.0168 4956 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

09:41:16.0212 4956 LanmanWorkstation - ok

09:41:16.0232 4956 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

09:41:16.0258 4956 lltdio - ok

09:41:16.0319 4956 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

09:41:16.0413 4956 lltdsvc - ok

09:41:16.0427 4956 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

09:41:16.0469 4956 lmhosts - ok

09:41:16.0487 4956 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

09:41:16.0495 4956 LSI_FC - ok

09:41:16.0513 4956 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

09:41:16.0521 4956 LSI_SAS - ok

09:41:16.0540 4956 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

09:41:16.0548 4956 LSI_SCSI - ok

09:41:16.0560 4956 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

09:41:16.0598 4956 luafv - ok

09:41:16.0633 4956 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

09:41:16.0644 4956 MBAMProtector - ok

09:41:16.0715 4956 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:41:16.0751 4956 MBAMService - ok

09:41:16.0920 4956 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

09:41:16.0937 4956 Mcx2Svc - ok

09:41:16.0974 4956 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

09:41:16.0985 4956 megasas - ok

09:41:17.0001 4956 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

09:41:17.0052 4956 MMCSS - ok

09:41:17.0087 4956 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

09:41:17.0117 4956 Modem - ok

09:41:17.0150 4956 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

09:41:17.0170 4956 monitor - ok

09:41:17.0196 4956 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

09:41:17.0205 4956 mouclass - ok

09:41:17.0218 4956 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

09:41:17.0252 4956 mouhid - ok

09:41:17.0261 4956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

09:41:17.0276 4956 MountMgr - ok

09:41:17.0350 4956 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

09:41:17.0363 4956 mpio - ok

09:41:17.0400 4956 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

09:41:17.0425 4956 mpsdrv - ok

09:41:17.0452 4956 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

09:41:17.0589 4956 MpsSvc - ok

09:41:17.0618 4956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

09:41:17.0625 4956 Mraid35x - ok

09:41:17.0651 4956 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

09:41:17.0670 4956 MRxDAV - ok

09:41:17.0692 4956 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:41:17.0728 4956 mrxsmb - ok

09:41:17.0768 4956 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:41:17.0791 4956 mrxsmb10 - ok

09:41:17.0811 4956 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:41:17.0839 4956 mrxsmb20 - ok

09:41:17.0857 4956 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

09:41:17.0864 4956 msahci - ok

09:41:17.0885 4956 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

09:41:17.0898 4956 msdsm - ok

09:41:17.0913 4956 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

09:41:17.0942 4956 MSDTC - ok

09:41:17.0979 4956 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

09:41:18.0004 4956 Msfs - ok

09:41:18.0035 4956 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

09:41:18.0047 4956 msisadrv - ok

09:41:18.0081 4956 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

09:41:18.0145 4956 MSiSCSI - ok

09:41:18.0151 4956 msiserver - ok

09:41:18.0175 4956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

09:41:18.0214 4956 MSKSSRV - ok

09:41:18.0237 4956 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

09:41:18.0269 4956 MSPCLOCK - ok

09:41:18.0308 4956 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

09:41:18.0331 4956 MSPQM - ok

09:41:18.0351 4956 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

09:41:18.0367 4956 MsRPC - ok

09:41:18.0385 4956 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

09:41:18.0397 4956 mssmbios - ok

09:41:18.0413 4956 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

09:41:18.0442 4956 MSTEE - ok

09:41:18.0453 4956 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

09:41:18.0467 4956 Mup - ok

09:41:18.0495 4956 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

09:41:18.0543 4956 napagent - ok

09:41:18.0592 4956 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

09:41:18.0617 4956 NativeWifiP - ok

09:41:18.0646 4956 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

09:41:18.0663 4956 NDIS - ok

09:41:18.0753 4956 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

09:41:18.0780 4956 NdisTapi - ok

09:41:18.0807 4956 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

09:41:18.0831 4956 Ndisuio - ok

09:41:18.0844 4956 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

09:41:18.0871 4956 NdisWan - ok

09:41:18.0899 4956 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

09:41:18.0916 4956 NDProxy - ok

09:41:18.0932 4956 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

09:41:18.0963 4956 NetBIOS - ok

09:41:18.0983 4956 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

09:41:19.0000 4956 netbt - ok

09:41:19.0017 4956 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

09:41:19.0059 4956 Netlogon - ok

09:41:19.0234 4956 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

09:41:19.0278 4956 Netman - ok

09:41:19.0314 4956 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

09:41:19.0401 4956 netprofm - ok

09:41:19.0471 4956 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:41:19.0487 4956 NetTcpPortSharing - ok

09:41:19.0576 4956 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys

09:41:19.0985 4956 NETw2v32 - ok

09:41:20.0268 4956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

09:41:20.0280 4956 nfrd960 - ok

09:41:20.0307 4956 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

09:41:20.0387 4956 NlaSvc - ok

09:41:20.0425 4956 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

09:41:20.0453 4956 Npfs - ok

09:41:20.0468 4956 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

09:41:20.0501 4956 nsi - ok

09:41:20.0520 4956 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

09:41:20.0543 4956 nsiproxy - ok

09:41:20.0579 4956 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

09:41:20.0615 4956 Ntfs - ok

09:41:20.0634 4956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

09:41:20.0901 4956 ntrigdigi - ok

09:41:20.0917 4956 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

09:41:20.0941 4956 Null - ok

09:41:21.0005 4956 NVHDA (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys

09:41:21.0012 4956 NVHDA - ok

09:41:21.0207 4956 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys

09:41:23.0044 4956 nvlddmkm - ok

09:41:24.0114 4956 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

09:41:24.0135 4956 nvraid - ok

09:41:24.0173 4956 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\DRIVERS\NVRD32.SYS

09:41:24.0180 4956 nvrd32 - ok

09:41:24.0207 4956 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

09:41:24.0214 4956 nvstor - ok

09:41:24.0236 4956 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\DRIVERS\NVSTOR32.SYS

09:41:24.0244 4956 nvstor32 - ok

09:41:24.0302 4956 NVSvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe

09:41:24.0515 4956 NVSvc - ok

09:41:24.0738 4956 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

09:41:25.0198 4956 nvUpdatusService - ok

09:41:25.0434 4956 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

09:41:25.0442 4956 nv_agp - ok

09:41:25.0450 4956 NwlnkFlt - ok

09:41:25.0459 4956 NwlnkFwd - ok

09:41:25.0552 4956 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:41:25.0612 4956 odserv - ok

09:41:25.0652 4956 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

09:41:25.0673 4956 ohci1394 - ok

09:41:25.0737 4956 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:41:25.0753 4956 ose - ok

09:41:25.0789 4956 ossrv (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys

09:41:25.0801 4956 ossrv - ok

09:41:25.0837 4956 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:41:25.0882 4956 p2pimsvc - ok

09:41:26.0018 4956 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:41:26.0038 4956 p2psvc - ok

09:41:26.0200 4956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

09:41:26.0240 4956 Parport - ok

09:41:26.0261 4956 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

09:41:26.0277 4956 partmgr - ok

09:41:26.0291 4956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

09:41:26.0336 4956 Parvdm - ok

09:41:26.0364 4956 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

09:41:26.0432 4956 PcaSvc - ok

09:41:26.0462 4956 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

09:41:26.0480 4956 pci - ok

09:41:26.0495 4956 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

09:41:26.0510 4956 pciide - ok

09:41:26.0538 4956 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

09:41:26.0547 4956 pcmcia - ok

09:41:26.0592 4956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

09:41:26.0913 4956 PEAUTH - ok

09:41:26.0962 4956 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

09:41:27.0421 4956 pla - ok

09:41:27.0442 4956 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

09:41:27.0481 4956 PlugPlay - ok

09:41:27.0495 4956 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:41:27.0515 4956 PNRPAutoReg - ok

09:41:27.0525 4956 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:41:27.0545 4956 PNRPsvc - ok

09:41:27.0708 4956 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

09:41:28.0021 4956 PolicyAgent - ok

09:41:28.0042 4956 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

09:41:28.0071 4956 PptpMiniport - ok

09:41:28.0094 4956 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

09:41:28.0145 4956 Processor - ok

09:41:28.0170 4956 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

09:41:28.0222 4956 ProfSvc - ok

09:41:28.0253 4956 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

09:41:28.0284 4956 ProtectedStorage - ok

09:41:28.0310 4956 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

09:41:28.0335 4956 PSched - ok

09:41:28.0411 4956 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

09:41:28.0456 4956 PSI_SVC_2 - ok

09:41:28.0511 4956 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

09:41:28.0534 4956 ql2300 - ok

09:41:28.0762 4956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

09:41:28.0771 4956 ql40xx - ok

09:41:28.0814 4956 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

09:41:28.0843 4956 QWAVE - ok

09:41:28.0857 4956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

09:41:28.0879 4956 QWAVEdrv - ok

09:41:28.0904 4956 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

09:41:28.0929 4956 RasAcd - ok

09:41:28.0986 4956 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

09:41:29.0017 4956 RasAuto - ok

09:41:29.0039 4956 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:41:29.0061 4956 Rasl2tp - ok

09:41:29.0080 4956 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

09:41:29.0105 4956 RasMan - ok

09:41:29.0123 4956 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

09:41:29.0147 4956 RasPppoe - ok

09:41:29.0171 4956 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

09:41:29.0189 4956 RasSstp - ok

09:41:29.0204 4956 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

09:41:29.0232 4956 rdbss - ok

09:41:29.0252 4956 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:41:29.0278 4956 RDPCDD - ok

09:41:29.0303 4956 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

09:41:29.0364 4956 rdpdr - ok

09:41:29.0373 4956 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

09:41:29.0398 4956 RDPENCDD - ok

09:41:29.0436 4956 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

09:41:29.0453 4956 RDPWD - ok

09:41:29.0501 4956 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

09:41:29.0526 4956 RemoteAccess - ok

09:41:29.0543 4956 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

09:41:29.0567 4956 RemoteRegistry - ok

09:41:29.0594 4956 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

09:41:29.0654 4956 RpcLocator - ok

09:41:29.0685 4956 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

09:41:29.0722 4956 RpcSs - ok

09:41:29.0836 4956 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

09:41:29.0872 4956 rspndr - ok

09:41:29.0887 4956 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys

09:41:29.0918 4956 RTL8169 - ok

09:41:29.0946 4956 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

09:41:29.0957 4956 SamSs - ok

09:41:29.0988 4956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

09:41:29.0996 4956 sbp2port - ok

09:41:30.0029 4956 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

09:41:30.0052 4956 SCardSvr - ok

09:41:30.0079 4956 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

09:41:30.0321 4956 Schedule - ok

09:41:30.0347 4956 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

09:41:30.0363 4956 SCPolicySvc - ok

09:41:30.0390 4956 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys

09:41:30.0439 4956 sdbus - ok

09:41:30.0466 4956 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

09:41:30.0507 4956 SDRSVC - ok

09:41:30.0515 4956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

09:41:30.0562 4956 secdrv - ok

09:41:30.0578 4956 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

09:41:30.0604 4956 seclogon - ok

09:41:30.0620 4956 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

09:41:30.0654 4956 SENS - ok

09:41:30.0667 4956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

09:41:30.0705 4956 Serenum - ok

09:41:30.0732 4956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

09:41:30.0782 4956 Serial - ok

09:41:30.0828 4956 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

09:41:30.0852 4956 sermouse - ok

09:41:30.0884 4956 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

09:41:30.0945 4956 SessionEnv - ok

09:41:30.0964 4956 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

09:41:31.0003 4956 sffdisk - ok

09:41:31.0022 4956 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

09:41:31.0060 4956 sffp_mmc - ok

09:41:31.0081 4956 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

09:41:31.0141 4956 sffp_sd - ok

09:41:31.0154 4956 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

09:41:31.0193 4956 sfloppy - ok

09:41:31.0215 4956 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

09:41:31.0245 4956 SharedAccess - ok

09:41:31.0294 4956 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

09:41:31.0370 4956 ShellHWDetection - ok

09:41:31.0392 4956 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

09:41:31.0400 4956 sisagp - ok

09:41:31.0421 4956 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

09:41:31.0429 4956 SiSRaid2 - ok

09:41:31.0455 4956 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

09:41:31.0464 4956 SiSRaid4 - ok

09:41:31.0535 4956 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

09:41:32.0540 4956 slsvc - ok

09:41:32.0568 4956 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

09:41:32.0599 4956 SLUINotify - ok

09:41:32.0621 4956 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

09:41:32.0637 4956 Smb - ok

09:41:32.0657 4956 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

09:41:32.0673 4956 SNMPTRAP - ok

09:41:32.0695 4956 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

09:41:32.0707 4956 spldr - ok

09:41:32.0743 4956 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

09:41:32.0821 4956 Spooler - ok

09:41:32.0859 4956 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

09:41:32.0914 4956 srv - ok

09:41:32.0931 4956 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

09:41:32.0957 4956 srv2 - ok

09:41:32.0980 4956 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

09:41:32.0997 4956 srvnet - ok

09:41:33.0015 4956 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

09:41:33.0054 4956 SSDPSRV - ok

09:41:33.0081 4956 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

09:41:33.0087 4956 ssmdrv - ok

09:41:33.0125 4956 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

09:41:33.0145 4956 SstpSvc - ok

09:41:33.0230 4956 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

09:41:33.0313 4956 Stereo Service - ok

09:41:33.0427 4956 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

09:41:33.0512 4956 stisvc - ok

09:41:33.0588 4956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

09:41:33.0599 4956 swenum - ok

09:41:33.0670 4956 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

09:41:33.0733 4956 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

09:41:33.0733 4956 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

09:41:33.0753 4956 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

09:41:33.0784 4956 swprv - ok

09:41:33.0811 4956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

09:41:33.0819 4956 Symc8xx - ok

09:41:33.0844 4956 SymIM - ok

09:41:33.0853 4956 SymIMMP - ok

09:41:33.0879 4956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

09:41:33.0886 4956 Sym_hi - ok

09:41:33.0910 4956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

09:41:33.0918 4956 Sym_u3 - ok

09:41:33.0964 4956 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

09:41:34.0050 4956 SysMain - ok

09:41:34.0147 4956 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

09:41:34.0178 4956 TabletInputService - ok

09:41:34.0214 4956 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

09:41:34.0252 4956 TapiSrv - ok

09:41:34.0275 4956 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

09:41:34.0339 4956 TBS - ok

09:41:34.0381 4956 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

09:41:34.0430 4956 Tcpip - ok

09:41:34.0450 4956 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

09:41:34.0476 4956 Tcpip6 - ok

09:41:34.0711 4956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

09:41:34.0963 4956 tcpipreg - ok

09:41:34.0992 4956 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

09:41:35.0026 4956 TDPIPE - ok

09:41:35.0047 4956 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

09:41:35.0067 4956 TDTCP - ok

09:41:35.0088 4956 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

09:41:35.0109 4956 tdx - ok

09:41:35.0137 4956 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

09:41:35.0146 4956 TermDD - ok

09:41:35.0164 4956 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

09:41:35.0335 4956 TermService - ok

09:41:35.0377 4956 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

09:41:35.0391 4956 Themes - ok

09:41:35.0407 4956 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

09:41:35.0429 4956 THREADORDER - ok

09:41:35.0447 4956 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

09:41:35.0513 4956 TrkWks - ok

09:41:35.0526 4956 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

09:41:35.0586 4956 TrustedInstaller - ok

09:41:35.0605 4956 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:41:35.0626 4956 tssecsrv - ok

09:41:35.0651 4956 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

09:41:35.0681 4956 tunmp - ok

09:41:35.0695 4956 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

09:41:35.0707 4956 tunnel - ok

09:41:35.0740 4956 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

09:41:35.0747 4956 uagp35 - ok

09:41:35.0783 4956 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

09:41:35.0800 4956 udfs - ok

09:41:35.0841 4956 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

09:41:35.0869 4956 UI0Detect - ok

09:41:35.0892 4956 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

09:41:35.0900 4956 uliagpkx - ok

09:41:35.0926 4956 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

09:41:35.0941 4956 uliahci - ok

09:41:35.0960 4956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

09:41:35.0969 4956 UlSata - ok

09:41:35.0992 4956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

09:41:36.0001 4956 ulsata2 - ok

09:41:36.0035 4956 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

09:41:36.0063 4956 umbus - ok

09:41:36.0097 4956 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

09:41:36.0131 4956 upnphost - ok

09:41:36.0168 4956 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

09:41:36.0218 4956 USBAAPL - ok

09:41:36.0286 4956 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

09:41:36.0302 4956 usbaudio - ok

09:41:36.0336 4956 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

09:41:36.0364 4956 usbccgp - ok

09:41:36.0382 4956 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

09:41:36.0417 4956 usbcir - ok

09:41:36.0437 4956 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

09:41:36.0453 4956 usbehci - ok

09:41:36.0483 4956 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

09:41:36.0511 4956 usbhub - ok

09:41:36.0524 4956 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

09:41:36.0553 4956 usbohci - ok

09:41:36.0566 4956 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

09:41:36.0605 4956 usbprint - ok

09:41:36.0622 4956 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:41:36.0639 4956 USBSTOR - ok

09:41:36.0656 4956 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

09:41:36.0691 4956 usbuhci - ok

09:41:36.0714 4956 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

09:41:36.0756 4956 UxSms - ok

09:41:36.0796 4956 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

09:41:36.0834 4956 vds - ok

09:41:36.0857 4956 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

09:41:36.0878 4956 vga - ok

09:41:36.0917 4956 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

09:41:36.0944 4956 VgaSave - ok

09:41:36.0967 4956 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

09:41:36.0975 4956 viaagp - ok

09:41:36.0993 4956 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

09:41:37.0029 4956 ViaC7 - ok

09:41:37.0053 4956 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

09:41:37.0064 4956 viaide - ok

09:41:37.0094 4956 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

09:41:37.0107 4956 volmgr - ok

09:41:37.0135 4956 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

09:41:37.0161 4956 volmgrx - ok

09:41:37.0172 4956 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

09:41:37.0184 4956 volsnap - ok

09:41:37.0201 4956 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

09:41:37.0211 4956 vsmraid - ok

09:41:37.0252 4956 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

09:41:37.0402 4956 VSS - ok

09:41:37.0577 4956 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

09:41:37.0649 4956 W32Time - ok

09:41:37.0675 4956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

09:41:37.0710 4956 WacomPen - ok

09:41:37.0733 4956 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:41:37.0750 4956 Wanarp - ok

09:41:37.0753 4956 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:41:37.0769 4956 Wanarpv6 - ok

09:41:37.0787 4956 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

09:41:37.0892 4956 wcncsvc - ok

09:41:37.0913 4956 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

09:41:37.0943 4956 WcsPlugInService - ok

09:41:37.0967 4956 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

09:41:37.0979 4956 Wd - ok

09:41:38.0005 4956 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

09:41:38.0037 4956 WDC_SAM - ok

09:41:38.0126 4956 WDDMService (dbbab783009fbdf69b222641bb7831ae) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

09:41:38.0142 4956 WDDMService ( UnsignedFile.Multi.Generic ) - warning

09:41:38.0142 4956 WDDMService - detected UnsignedFile.Multi.Generic (1)

09:41:38.0173 4956 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

09:41:38.0202 4956 Wdf01000 - ok

09:41:38.0349 4956 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

09:41:38.0423 4956 WDFME ( UnsignedFile.Multi.Generic ) - warning

09:41:38.0424 4956 WDFME - detected UnsignedFile.Multi.Generic (1)

09:41:38.0518 4956 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

09:41:38.0708 4956 WdiServiceHost - ok

09:41:38.0712 4956 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

09:41:38.0735 4956 WdiSystemHost - ok

09:41:38.0755 4956 WDSC (b30940e39d5b3218958dbd2ea3d13bcb) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

09:41:38.0842 4956 WDSC ( UnsignedFile.Multi.Generic ) - warning

09:41:38.0842 4956 WDSC - detected UnsignedFile.Multi.Generic (1)

09:41:38.0951 4956 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

09:41:39.0005 4956 WebClient - ok

09:41:39.0035 4956 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll

09:41:39.0067 4956 Wecsvc - ok

09:41:39.0092 4956 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

09:41:39.0115 4956 wercplsupport - ok

09:41:39.0143 4956 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

09:41:39.0175 4956 WerSvc - ok

09:41:39.0202 4956 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

09:41:39.0236 4956 WinDefend - ok

09:41:39.0240 4956 WinHttpAutoProxySvc - ok

09:41:39.0271 4956 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

09:41:39.0296 4956 Winmgmt - ok

09:41:39.0330 4956 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll

09:41:39.0402 4956 WinRM - ok

09:41:39.0533 4956 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

09:41:39.0663 4956 Wlansvc - ok

09:41:39.0700 4956 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

09:41:39.0739 4956 WmiAcpi - ok

09:41:39.0771 4956 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

09:41:39.0804 4956 wmiApSrv - ok

09:41:39.0839 4956 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

09:41:40.0171 4956 WMPNetworkSvc - ok

09:41:40.0228 4956 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

09:41:40.0263 4956 WPCSvc - ok

09:41:40.0292 4956 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll

09:41:40.0368 4956 WPDBusEnum - ok

09:41:40.0427 4956 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:41:40.0453 4956 WPFFontCache_v0400 - ok

09:41:40.0610 4956 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

09:41:40.0634 4956 ws2ifsl - ok

09:41:40.0653 4956 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

09:41:40.0676 4956 wscsvc - ok

09:41:40.0682 4956 WSearch - ok

09:41:40.0749 4956 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

09:41:41.0076 4956 wuauserv - ok

09:41:41.0345 4956 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:41:41.0366 4956 WUDFRd - ok

09:41:41.0374 4956 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

09:41:41.0403 4956 wudfsvc - ok

09:41:41.0474 4956 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

09:41:41.0515 4956 YahooAUService - ok

09:41:41.0747 4956 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\CyberLink\PowerDVD\000.fcl

09:41:41.0760 4956 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok

09:41:41.0764 4956 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0

09:41:41.0784 4956 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

09:41:41.0784 4956 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

09:41:41.0804 4956 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:41:41.0804 4956 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:41:41.0807 4956 Boot (0x1200) (0ed24c7e9e13e5c99a5b0f5f07f4c612) \Device\Harddisk0\DR0\Partition0

09:41:41.0808 4956 \Device\Harddisk0\DR0\Partition0 - ok

09:41:41.0831 4956 Boot (0x1200) (fcada43a43d773a1c758389130c7a04e) \Device\Harddisk0\DR0\Partition1

09:41:41.0832 4956 \Device\Harddisk0\DR0\Partition1 - ok

09:41:41.0833 4956 ============================================================

09:41:41.0833 4956 Scan finished

09:41:41.0833 4956 ============================================================

09:41:41.0841 3612 Detected object count: 9

09:41:41.0841 3612 Actual detected object count: 9

09:42:23.0489 3612 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:23.0489 3612 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:23.0490 3612 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:23.0490 3612 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:23.0491 3612 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:23.0491 3612 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:23.0492 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:23.0492 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:23.0493 3612 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:23.0493 3612 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:23.0494 3612 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:23.0494 3612 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:23.0495 3612 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user

09:42:23.0495 3612 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:42:23.0582 3612 \Device\Harddisk0\DR0\# - copied to quarantine

09:42:23.0768 3612 \Device\Harddisk0\DR0 - copied to quarantine

09:42:23.0784 3612 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine

09:42:23.0787 3612 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

09:42:23.0800 3612 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

09:42:23.0893 3612 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

09:42:23.0926 3612 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

09:42:23.0939 3612 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

09:42:23.0953 3612 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

09:42:23.0967 3612 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

09:42:24.0041 3612 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

09:42:24.0085 3612 \Device\Harddisk0\DR0\TDLFS\lsflt7.ver - copied to quarantine

09:42:24.0091 3612 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

09:42:24.0092 3612 \Device\Harddisk0\DR0 - ok

09:42:24.0771 3612 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

09:42:24.0772 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:42:24.0772 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:43:12.0129 4852 Deinitialize success

Share this post


Link to post
Share on other sites

Great, TDSSKiller found a rootkit, make sure you have rebooted to ensure it will be cured.

Next..................

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Share this post


Link to post
Share on other sites

Results report after running Combofix:

ComboFix 12-03-30.06 - Kai 03/30/2012 11:14:49.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3327.2073 [GMT -5:00]

Running from: c:\users\Kai\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Public\Desktop\Security Protection.lnk

c:\windows\Update.bat

.

.

((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))

.

.

2012-03-30 16:24 . 2012-03-30 16:25 -------- d-----w- c:\users\Kai\AppData\Local\temp

2012-03-30 16:24 . 2012-03-30 16:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-30 16:24 . 2012-03-30 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-30 14:42 . 2012-03-30 14:42 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-30 11:45 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0D60E6-177B-4073-B320-E90616CC73AC}\mpengine.dll

2012-03-21 03:56 . 2012-03-30 16:01 -------- d-----w- c:\users\Kai\AppData\Local\Spotify

2012-03-21 03:55 . 2012-03-30 16:01 -------- d-----w- c:\users\Kai\AppData\Roaming\Spotify

2012-03-20 02:21 . 2012-03-20 02:21 -------- d-----w- c:\users\Kai\AppData\Roaming\Firestorm

2012-03-20 02:20 . 2012-03-30 12:40 -------- d-----w- c:\users\Kai\AppData\Local\Firestorm

2012-03-20 02:17 . 2012-03-20 02:20 -------- d-----w- c:\program files\Firestorm-Release

2012-03-20 01:57 . 2012-03-30 12:18 -------- d-----w- c:\users\Kai\AppData\Local\PhoenixViewer

2012-03-20 01:57 . 2012-03-28 20:38 -------- d-----w- c:\users\Kai\AppData\Roaming\SecondLife

2012-03-20 01:56 . 2012-03-20 01:57 -------- d-----w- c:\program files\Phoenix Viewer

2012-03-17 19:25 . 2012-03-17 19:25 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-17 19:25 . 2012-03-17 19:25 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-14 17:06 . 2012-03-14 17:06 -------- d-----w- C:\pbtemp9

2012-03-12 20:09 . 2012-03-12 20:09 -------- d-----w- c:\program files\Right Hemisphere

2012-03-12 20:08 . 2012-03-12 20:08 -------- d-----w- C:\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 14:18 . 2010-03-26 16:40 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-18 19:44 . 2011-05-17 21:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 18:04 . 2011-10-23 18:35 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-17 19:25 . 2011-03-24 02:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"MemDefrag"="c:\program files\MemDefrag\mdefrag.exe" [2003-03-18 303104]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4085484821-2894652817-819203291-1001]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

torlfsc REG_MULTI_SZ TermServices

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:53]

.

2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=mpes

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX540XV

uInternet Settings,ProxyOverride = <local>;*.local

IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\651ic4rf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-30 11:25

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

[0] 0xCE39277C

[0] 0x00000B58

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

.

c:\users\Kai\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\64c7762c]

"imagepath"="\??\c:\windows\TEMP\ABD6.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4085484821-2894652817-819203291-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AF05A570-0A72-565F-EA88-EF07E740ACAD}*]

"hanmgcjghacdbadd"=hex:6a,61,68,65,6d,6e,6b,6c,62,6f,70,6f,6b,6d,69,61,67,63,

6b,6b,00,01

"iahkabocbpalfiepbd"=hex:63,61,65,65,6b,67,00,7f

"iadligjfpifbnjmijo"=hex:6a,61,68,65,6d,6e,6b,6c,62,6f,70,6f,6b,6d,69,61,67,63,

6b,6b,00,01

"dbfekcpohifenhphcoeehnpccbmifpffigengecd"=hex:6a,62,68,65,6e,6e,65,67,65,6d,

65,69,68,6f,6e,69,68,6f,64,69,67,65,66,62,69,6f,6b,6c,69,6b,63,70,61,64,6c,\

"jbfekcpohifenhphcoeeemdojekgnlehljfbidcmahlkfjhopmfe"=hex:6f,61,64,6c,65,6b,

6f,6e,6f,6e,6e,66,6e,6f,65,68,67,61,62,6f,61,6d,62,6f,62,63,6f,70,62,62,00,\

.

Completion time: 2012-03-30 11:33:56

ComboFix-quarantined-files.txt 2012-03-30 16:33

.

Pre-Run: 731,154,173,952 bytes free

Post-Run: 731,834,781,696 bytes free

.

- - End Of File - - E52E0C4DAA7E5AEDDFC2BACFA4A3C732

Share this post


Link to post
Share on other sites

Looks Good.

Let clean out the temp files on the system:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Please do this: (it will reboot the computer)

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-------------------------

Then........

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

OTL Report:

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kai

->Temp folder emptied: 31832 bytes

->Temporary Internet Files folder emptied: 1933829 bytes

->Java cache emptied: 12398988 bytes

->FireFox cache emptied: 563042221 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 57647 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 378021 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 551.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 03302012_120406

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MBAM Quick Scan Results:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.30.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19120

Kai :: KAI-PC [administrator]

Protection: Enabled

3/30/2012 12:14:08 PM

mbam-log-2012-03-30 (12-14-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 214588

Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Thank you, MrC. No popups from MBam and everything is running smoothly. Can't figure out where on earth I got such a nasty little 'bug' but so very thanksful for your help in squashing it.

Share this post


Link to post
Share on other sites

Great!

Please uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

----------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Make sure you update your Java!

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.