Live Chat & Podcast at 1:00PM Eastern on Sunday!

Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post YellowMoxie Redirect
Go to first new post IE8 open then closes suddenly
Go to first new post Laptop is slow
Go to first new post Virus
Go to first new post Explorer.exe doesn't start
Go to first new post Conduit search provider in IE
Go to first new post Laptop is acting weird
Go to first new post Trojan virus
Go to first new post Suspected virus is causing havoc (contin ...
Go to first new post Suspected virus is causing havoc (contin ...
Go to first new post Suspected virus is causing havoc
Go to first new post intermittent freezing and strange progra ...
Go to first new post Browser shutdown
Go to first new post Infected with "Police Cybercrime In ...
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Winrscmde has stoppped working


(!)

Reply
Page 1 of 2 1 2
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
21-Feb-2012, 05:32 PM #1
Winrscmde has stoppped working
Hey Guys,

I have done quite a bit of searching on this topic and found various ways to fix the problem, but I was wanting to see what you recommend. I think there are a lot of people with these problems, so hopefully I'm not double posting on the same issue, sorry if I am.

One site said to run TDSSkiller: so I did. It found this:

Rootkit.Boot.Pihar.b
\Device\Harddisk0\DR0

There was a lot of other info in the report, but I dont know if it's important, and I don't know how to post it.

Anyway, they also said to run aswmbr: so I did. It found this:


aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-20 16:17:55
-----------------------------
16:17:55.308 OS Version: Windows x64 6.0.6002 Service Pack 2
16:17:55.308 Number of processors: 4 586 0x170A
16:17:55.309 ComputerName: OFFICE-PC UserName: Lucas
16:17:57.100 Initialize success
16:18:45.711 AVAST engine defs: 12022002
16:18:52.066 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:18:52.069 Disk 0 Vendor: Hitachi_ STDO Size: 610480MB BusType: 3
16:18:52.071 Device \Driver\iaStor -> MajorFunction fffffa80074e95c4
16:18:52.074 Disk 0 MBR read successfully
16:18:52.077 Disk 0 MBR scan
16:18:52.081 Disk 0 Windows VISTA default MBR code
16:18:52.102 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
16:18:52.145 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 597166 MB offset 27265024
16:18:52.150 Service scanning
16:19:20.254 Modules scanning
16:19:20.259 Disk 0 trace - called modules:
16:19:20.264 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8008865350]<<66742141.sys >>UNKNOWN [0xfffffa80074e95c4]<<hal.dll
16:19:20.267 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f7e790]
16:19:20.272 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003ec5050]
16:19:20.275 \Driver\iaStor[0xfffffa8007270530] -> IRP_MJ_CREATE -> 0xfffffa80074e95c4
16:19:23.001 AVAST engine scan C:\Windows
16:19:27.534 AVAST engine scan C:\Windows\system32
16:24:56.920 AVAST engine scan C:\Windows\system32\drivers
16:25:28.911 AVAST engine scan C:\Users\Lucas
16:31:53.633 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
16:31:53.640 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"
16:32:47.829 File: C:\Users\Lucas\AppData\Local\Temp\29E2.tmp **INFECTED** Win32:MalOb-IK [Cryp]
16:32:48.091 File: C:\Users\Lucas\AppData\Local\Temp\3076.tmp **INFECTED** Win32ropper-KDD [Drp]
16:35:11.400 File: C:\Users\Lucas\AppData\Local\Temp\jar_cache812827438487245398.tmp **INFECTED** Win32:Cycbot-OD [Trj]
16:35:29.822 File: C:\Users\Lucas\AppData\Local\Temp\nslB2FD.tmp\nlw6tmk.3bt **INFECTED** Win32:MalOb-HO [Cryp]
16:35:29.969 File: C:\Users\Lucas\AppData\Local\Temp\nslB2FD.tmp\qyrb5od.zfp **INFECTED** Win32:MalOb-HO [Cryp]
16:35:30.011 File: C:\Users\Lucas\AppData\Local\Temp\nslB2FD.tmp\uqb4apu.max **INFECTED** Win32:MalOb-HO [Cryp]
16:54:23.189 AVAST engine scan C:\ProgramData
16:56:53.314 File: C:\ProgramData\Microsoft\Windows\DRM\2934.tmp **INFECTED** Win32:Malware-gen
16:56:53.372 File: C:\ProgramData\Microsoft\Windows\DRM\2934.tmp.dat **INFECTED** Win32:MalOb-IK [Cryp]
16:56:53.461 File: C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp **INFECTED** Win32:Malware-gen
16:56:53.516 File: C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp.dat **INFECTED** Win32ropper-KDD [Drp]
16:56:53.680 File: C:\ProgramData\Microsoft\Windows\DRM\D3B5.tmp **INFECTED** Win32:MalOb-IK [Cryp]
17:20:39.501 Scan finished successfully
17:25:36.647 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
17:25:36.676 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"
17:28:08.627 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
17:28:08.633 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"

I have read to run something called ComboFix, but I have yet to do that because I wanted to see about the importance of what I already did.

I am not very good with computers, but I learn fast, so if you need more info, let me know.

Thanks!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
22-Feb-2012, 02:43 AM #2
Can I see the log from TDSSKiller, can be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
22-Feb-2012, 11:45 AM #3
kevin,

It's a long one, but here it is:

(Thanks, btw)

14:20:50.0885 6332 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
14:20:51.0394 6332 ============================================================
14:20:51.0394 6332 Current date / time: 2012/02/21 14:20:51.0394
14:20:51.0394 6332 SystemInfo:
14:20:51.0394 6332
14:20:51.0394 6332 OS Version: 6.0.6002 ServicePack: 2.0
14:20:51.0394 6332 Product type: Workstation
14:20:51.0394 6332 ComputerName: OFFICE-PC
14:20:51.0395 6332 UserName: Lucas
14:20:51.0395 6332 Windows directory: C:\Windows
14:20:51.0395 6332 System windows directory: C:\Windows
14:20:51.0395 6332 Running under WOW64
14:20:51.0395 6332 Processor architecture: Intel x64
14:20:51.0395 6332 Number of processors: 4
14:20:51.0395 6332 Page size: 0x1000
14:20:51.0395 6332 Boot type: Normal boot
14:20:51.0395 6332 ============================================================
14:20:51.0792 6332 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:51.0796 6332 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:20:51.0811 6332 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:20:51.0820 6332 \Device\Harddisk0\DR0:
14:20:51.0820 6332 MBR used
14:20:51.0820 6332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E57000
14:20:51.0820 6332 \Device\Harddisk1\DR1:
14:20:51.0820 6332 MBR used
14:20:51.0820 6332 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
14:20:51.0820 6332 \Device\Harddisk2\DR2:
14:20:51.0821 6332 MBR used
14:20:51.0821 6332 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
14:20:52.0261 6332 Initialize success
14:20:52.0261 6332 ============================================================
14:20:56.0356 6856 ============================================================
14:20:56.0356 6856 Scan started
14:20:56.0356 6856 Mode: Manual;
14:20:56.0356 6856 ============================================================
14:20:58.0144 6856 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
14:20:58.0145 6856 61883 - ok
14:20:58.0194 6856 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:20:58.0197 6856 ACPI - ok
14:20:58.0251 6856 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:20:58.0254 6856 adp94xx - ok
14:20:58.0335 6856 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:20:58.0338 6856 adpahci - ok
14:20:58.0362 6856 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:20:58.0363 6856 adpu160m - ok
14:20:58.0401 6856 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:20:58.0402 6856 adpu320 - ok
14:20:58.0499 6856 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
14:20:58.0502 6856 AFD - ok
14:20:58.0581 6856 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys
14:20:58.0591 6856 AgereSoftModem - ok
14:20:58.0631 6856 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:20:58.0632 6856 agp440 - ok
14:20:58.0675 6856 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:20:58.0676 6856 aic78xx - ok
14:20:58.0744 6856 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:20:58.0745 6856 aliide - ok
14:20:58.0764 6856 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:20:58.0765 6856 amdide - ok
14:20:58.0798 6856 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:20:58.0799 6856 AmdK8 - ok
14:20:58.0865 6856 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:20:58.0866 6856 arc - ok
14:20:58.0940 6856 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:20:58.0942 6856 arcsas - ok
14:20:58.0977 6856 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:20:58.0977 6856 AsyncMac - ok
14:20:59.0014 6856 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
14:20:59.0014 6856 atapi - ok
14:20:59.0080 6856 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
14:20:59.0081 6856 Avc - ok
14:20:59.0217 6856 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:20:59.0218 6856 Avgfwfd - ok
14:20:59.0282 6856 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:20:59.0283 6856 AVGIDSDriver - ok
14:20:59.0339 6856 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:20:59.0340 6856 AVGIDSEH - ok
14:20:59.0362 6856 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:20:59.0363 6856 AVGIDSFilter - ok
14:20:59.0390 6856 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
14:20:59.0392 6856 Avgldx64 - ok
14:20:59.0447 6856 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:20:59.0448 6856 Avgmfx64 - ok
14:20:59.0551 6856 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:20:59.0552 6856 Avgrkx64 - ok
14:20:59.0631 6856 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
14:20:59.0634 6856 Avgtdia - ok
14:20:59.0692 6856 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:20:59.0693 6856 blbdrive - ok
14:20:59.0810 6856 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:20:59.0811 6856 bowser - ok
14:20:59.0866 6856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:20:59.0867 6856 BrFiltLo - ok
14:20:59.0884 6856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:20:59.0884 6856 BrFiltUp - ok
14:20:59.0938 6856 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:20:59.0939 6856 Brserid - ok
14:20:59.0960 6856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:20:59.0960 6856 BrSerWdm - ok
14:21:01.0329 6856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:21:01.0330 6856 BrUsbMdm - ok
14:21:01.0362 6856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:21:01.0363 6856 BrUsbSer - ok
14:21:01.0411 6856 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:21:01.0412 6856 BTHMODEM - ok
14:21:01.0479 6856 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:21:01.0480 6856 cdfs - ok
14:21:01.0572 6856 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:21:01.0573 6856 cdrom - ok
14:21:01.0621 6856 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:21:01.0622 6856 circlass - ok
14:21:01.0689 6856 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:21:01.0694 6856 CLFS - ok
14:21:01.0791 6856 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:21:01.0792 6856 cmdide - ok
14:21:01.0827 6856 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
14:21:01.0828 6856 Compbatt - ok
14:21:01.0851 6856 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:21:01.0852 6856 crcdisk - ok
14:21:01.0935 6856 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:21:01.0936 6856 DfsC - ok
14:21:02.0029 6856 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:21:02.0030 6856 disk - ok
14:21:02.0076 6856 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
14:21:02.0077 6856 Dot4 - ok
14:21:02.0096 6856 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:21:02.0097 6856 Dot4Print - ok
14:21:02.0114 6856 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
14:21:02.0115 6856 dot4usb - ok
14:21:02.0179 6856 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:21:02.0180 6856 drmkaud - ok
14:21:02.0265 6856 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:21:02.0271 6856 DXGKrnl - ok
14:21:02.0318 6856 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:21:02.0319 6856 E1G60 - ok
14:21:02.0393 6856 e1yexpress (bddc6f6c49633aa85a30a989418e30f4) C:\Windows\system32\DRIVERS\e1y60x64.sys
14:21:02.0395 6856 e1yexpress - ok
14:21:02.0457 6856 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:21:02.0459 6856 Ecache - ok
14:21:02.0530 6856 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:21:02.0531 6856 ElbyCDIO - ok
14:21:02.0584 6856 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:21:02.0587 6856 elxstor - ok
14:21:02.0726 6856 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:21:02.0727 6856 ErrDev - ok
14:21:02.0816 6856 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:21:02.0817 6856 exfat - ok
14:21:02.0888 6856 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:21:02.0889 6856 fastfat - ok
14:21:02.0957 6856 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:21:02.0958 6856 fdc - ok
14:21:03.0028 6856 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:21:03.0030 6856 FileInfo - ok
14:21:03.0073 6856 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:21:03.0074 6856 Filetrace - ok
14:21:03.0131 6856 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:21:03.0132 6856 flpydisk - ok
14:21:03.0188 6856 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:21:03.0190 6856 FltMgr - ok
14:21:03.0237 6856 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:21:03.0238 6856 Fs_Rec - ok
14:21:03.0270 6856 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:21:03.0271 6856 gagp30kx - ok
14:21:03.0347 6856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:21:03.0348 6856 GEARAspiWDM - ok
14:21:04.0611 6856 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:21:04.0613 6856 HdAudAddService - ok
14:21:04.0691 6856 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:21:04.0697 6856 HDAudBus - ok
14:21:04.0730 6856 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:21:04.0731 6856 HidBth - ok
14:21:04.0772 6856 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:21:04.0772 6856 HidIr - ok
14:21:04.0877 6856 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:21:04.0878 6856 HidUsb - ok
14:21:04.0930 6856 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:21:04.0931 6856 HpCISSs - ok
14:21:05.0076 6856 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:21:05.0082 6856 HTTP - ok
14:21:05.0151 6856 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:21:05.0152 6856 i2omp - ok
14:21:05.0187 6856 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:21:05.0188 6856 i8042prt - ok
14:21:05.0269 6856 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
14:21:05.0272 6856 iaStor - ok
14:21:05.0346 6856 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:21:05.0348 6856 iaStorV - ok
14:21:05.0614 6856 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:21:05.0676 6856 igfx - ok
14:21:05.0755 6856 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:21:05.0756 6856 iirsp - ok
14:21:05.0834 6856 IntcAzAudAddService (fdfc40441fac0f3114a974168125279f) C:\Windows\system32\drivers\RTKVHD64.sys
14:21:05.0853 6856 IntcAzAudAddService - ok
14:21:05.0954 6856 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
14:21:05.0956 6856 IntcHdmiAddService - ok
14:21:05.0979 6856 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:21:05.0980 6856 intelide - ok
14:21:05.0999 6856 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:21:06.0000 6856 intelppm - ok
14:21:06.0050 6856 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:06.0052 6856 IpFilterDriver - ok
14:21:06.0098 6856 IpInIp - ok
14:21:06.0133 6856 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:21:06.0135 6856 IPMIDRV - ok
14:21:06.0196 6856 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:21:06.0198 6856 IPNAT - ok
14:21:06.0271 6856 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:21:06.0290 6856 IRENUM - ok
14:21:06.0323 6856 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:21:06.0324 6856 isapnp - ok
14:21:06.0415 6856 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:21:06.0418 6856 iScsiPrt - ok
14:21:06.0465 6856 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:21:06.0466 6856 iteatapi - ok
14:21:06.0532 6856 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:21:06.0534 6856 iteraid - ok
14:21:06.0560 6856 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:21:06.0561 6856 kbdclass - ok
14:21:07.0803 6856 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:21:07.0805 6856 kbdhid - ok
14:21:07.0905 6856 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
14:21:07.0912 6856 KSecDD - ok
14:21:07.0949 6856 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:21:07.0950 6856 ksthunk - ok
14:21:08.0090 6856 LGDDCDevice (9dcb9d9bdb7e3c0f66f86ee09a392cbb) C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys
14:21:08.0092 6856 LGDDCDevice - ok
14:21:08.0103 6856 LGII2CDevice (21a62a7a95b1905634e7c12e5158ec32) C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys
14:21:08.0104 6856 LGII2CDevice - ok
14:21:08.0159 6856 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:21:08.0161 6856 lltdio - ok
14:21:08.0208 6856 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:21:08.0210 6856 LSI_FC - ok
14:21:08.0249 6856 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:21:08.0251 6856 LSI_SAS - ok
14:21:08.0303 6856 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:21:08.0304 6856 LSI_SCSI - ok
14:21:08.0343 6856 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:21:08.0346 6856 luafv - ok
14:21:08.0451 6856 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:21:08.0452 6856 megasas - ok
14:21:08.0496 6856 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:21:08.0502 6856 MegaSR - ok
14:21:08.0638 6856 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:21:08.0639 6856 Modem - ok
14:21:08.0698 6856 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:21:08.0700 6856 monitor - ok
14:21:08.0717 6856 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:21:08.0718 6856 mouclass - ok
14:21:08.0739 6856 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:21:08.0740 6856 mouhid - ok
14:21:08.0772 6856 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:21:08.0774 6856 MountMgr - ok
14:21:08.0809 6856 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:21:08.0812 6856 mpio - ok
14:21:08.0884 6856 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:21:08.0886 6856 mpsdrv - ok
14:21:08.0946 6856 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:21:08.0947 6856 Mraid35x - ok
14:21:08.0987 6856 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:21:08.0989 6856 MRxDAV - ok
14:21:09.0051 6856 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:09.0053 6856 mrxsmb - ok
14:21:09.0124 6856 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:09.0128 6856 mrxsmb10 - ok
14:21:09.0171 6856 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:09.0174 6856 mrxsmb20 - ok
14:21:09.0217 6856 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:21:09.0218 6856 msahci - ok
14:21:09.0268 6856 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:21:09.0269 6856 msdsm - ok
14:21:09.0346 6856 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
14:21:09.0348 6856 MSDV - ok
14:21:09.0404 6856 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:21:09.0405 6856 Msfs - ok
14:21:09.0427 6856 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:21:09.0429 6856 msisadrv - ok
14:21:09.0470 6856 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:21:09.0471 6856 MSKSSRV - ok
14:21:09.0485 6856 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:09.0486 6856 MSPCLOCK - ok
14:21:09.0521 6856 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:21:09.0523 6856 MSPQM - ok
14:21:09.0587 6856 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:21:09.0591 6856 MsRPC - ok
14:21:09.0605 6856 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:21:09.0606 6856 mssmbios - ok
14:21:09.0637 6856 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:21:09.0638 6856 MSTEE - ok
14:21:09.0660 6856 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:21:09.0661 6856 Mup - ok
14:21:09.0768 6856 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:21:09.0771 6856 NativeWifiP - ok
14:21:09.0842 6856 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:21:09.0852 6856 NDIS - ok
14:21:09.0881 6856 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:11.0039 6856 NdisTapi - ok
14:21:11.0094 6856 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:11.0096 6856 Ndisuio - ok
14:21:11.0164 6856 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:11.0167 6856 NdisWan - ok
14:21:11.0220 6856 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:21:11.0221 6856 NDProxy - ok
14:21:11.0252 6856 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:21:11.0253 6856 NetBIOS - ok
14:21:11.0338 6856 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:21:11.0341 6856 netbt - ok
14:21:11.0411 6856 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:21:11.0413 6856 nfrd960 - ok
14:21:11.0456 6856 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:21:11.0457 6856 Npfs - ok
14:21:11.0468 6856 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:21:11.0469 6856 nsiproxy - ok
14:21:11.0533 6856 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:21:11.0552 6856 Ntfs - ok
14:21:11.0613 6856 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:21:11.0614 6856 Null - ok
14:21:11.0651 6856 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:21:11.0653 6856 nvraid - ok
14:21:11.0703 6856 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:21:11.0704 6856 nvstor - ok
14:21:11.0748 6856 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:21:11.0750 6856 nv_agp - ok
14:21:11.0757 6856 NwlnkFlt - ok
14:21:11.0767 6856 NwlnkFwd - ok
14:21:11.0843 6856 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
14:21:11.0845 6856 ohci1394 - ok
14:21:11.0933 6856 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:21:11.0935 6856 Parport - ok
14:21:11.0979 6856 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
14:21:11.0981 6856 partmgr - ok
14:21:12.0003 6856 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:21:12.0006 6856 pci - ok
14:21:12.0024 6856 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
14:21:12.0025 6856 pciide - ok
14:21:12.0071 6856 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:21:12.0073 6856 pcmcia - ok
14:21:12.0171 6856 pcouffin (899e41a057038cb5be892fe428bdc576) C:\Windows\system32\Drivers\pcouffin.sys
14:21:12.0173 6856 pcouffin - ok
14:21:12.0199 6856 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:21:12.0209 6856 PEAUTH - ok
14:21:12.0373 6856 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:12.0375 6856 PptpMiniport - ok
14:21:12.0414 6856 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:21:12.0415 6856 Processor - ok
14:21:12.0465 6856 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:21:12.0467 6856 PSched - ok
14:21:12.0503 6856 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:21:12.0517 6856 ql2300 - ok
14:21:12.0588 6856 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:21:12.0590 6856 ql40xx - ok
14:21:12.0625 6856 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:21:12.0626 6856 QWAVEdrv - ok
14:21:12.0641 6856 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:12.0642 6856 RasAcd - ok
14:21:12.0715 6856 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:12.0717 6856 Rasl2tp - ok
14:21:12.0778 6856 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:12.0779 6856 RasPppoe - ok
14:21:12.0868 6856 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:12.0869 6856 RasSstp - ok
14:21:12.0933 6856 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:12.0937 6856 rdbss - ok
14:21:12.0968 6856 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:12.0969 6856 RDPCDD - ok
14:21:13.0004 6856 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:21:13.0008 6856 rdpdr - ok
14:21:13.0018 6856 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:21:13.0019 6856 RDPENCDD - ok
14:21:13.0085 6856 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
14:21:13.0088 6856 RDPWD - ok
14:21:14.0431 6856 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:14.0433 6856 rspndr - ok
14:21:14.0469 6856 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:21:14.0471 6856 sbp2port - ok
14:21:14.0557 6856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:21:14.0558 6856 secdrv - ok
14:21:14.0586 6856 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:21:14.0587 6856 Serenum - ok
14:21:14.0622 6856 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:21:14.0624 6856 Serial - ok
14:21:14.0691 6856 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:21:14.0692 6856 sermouse - ok
14:21:14.0728 6856 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:21:14.0729 6856 sffdisk - ok
14:21:14.0755 6856 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:21:14.0756 6856 sffp_mmc - ok
14:21:14.0789 6856 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:21:14.0791 6856 sffp_sd - ok
14:21:14.0839 6856 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:21:14.0840 6856 sfloppy - ok
14:21:14.0876 6856 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:21:14.0878 6856 SiSRaid2 - ok
14:21:14.0957 6856 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:21:14.0958 6856 SiSRaid4 - ok
14:21:15.0055 6856 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:21:15.0057 6856 Smb - ok
14:21:15.0115 6856 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:21:15.0120 6856 spldr - ok
14:21:15.0194 6856 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:21:15.0201 6856 srv - ok
14:21:15.0299 6856 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:21:15.0303 6856 srv2 - ok
14:21:15.0485 6856 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:15.0494 6856 srvnet - ok
14:21:15.0560 6856 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:21:15.0561 6856 swenum - ok
14:21:15.0637 6856 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:21:15.0638 6856 Symc8xx - ok
14:21:15.0661 6856 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:21:15.0662 6856 Sym_hi - ok
14:21:15.0682 6856 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:21:15.0683 6856 Sym_u3 - ok
14:21:15.0849 6856 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
14:21:15.0880 6856 Tcpip - ok
14:21:16.0146 6856 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
14:21:16.0155 6856 Tcpip6 - ok
14:21:16.0210 6856 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
14:21:16.0235 6856 tcpipreg - ok
14:21:16.0287 6856 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:21:16.0288 6856 TDPIPE - ok
14:21:18.0030 6856 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:21:18.0051 6856 TDTCP - ok
14:21:18.0164 6856 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:21:18.0173 6856 tdx - ok
14:21:18.0374 6856 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:21:18.0376 6856 TermDD - ok
14:21:18.0481 6856 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:18.0482 6856 tssecsrv - ok
14:21:18.0513 6856 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:21:18.0546 6856 tunmp - ok
14:21:18.0624 6856 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:21:18.0626 6856 tunnel - ok
14:21:18.0694 6856 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:21:18.0695 6856 uagp35 - ok
14:21:18.0778 6856 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:21:18.0783 6856 udfs - ok
14:21:18.0832 6856 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:21:18.0834 6856 uliagpkx - ok
14:21:18.0876 6856 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:21:18.0880 6856 uliahci - ok
14:21:18.0937 6856 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:21:18.0939 6856 UlSata - ok
14:21:18.0995 6856 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:21:18.0998 6856 ulsata2 - ok
14:21:19.0041 6856 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:21:19.0042 6856 umbus - ok
14:21:19.0086 6856 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
14:21:19.0087 6856 UMPass - ok
14:21:19.0184 6856 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:21:19.0185 6856 USBAAPL64 - ok
14:21:19.0234 6856 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:19.0236 6856 usbccgp - ok
14:21:19.0273 6856 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:21:19.0275 6856 usbcir - ok
14:21:19.0351 6856 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:21:19.0352 6856 usbehci - ok
14:21:19.0380 6856 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:21:19.0384 6856 usbhub - ok
14:21:19.0443 6856 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:21:19.0444 6856 usbohci - ok
14:21:19.0477 6856 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:21:19.0478 6856 usbprint - ok
14:21:19.0540 6856 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:21:19.0541 6856 usbscan - ok
14:21:19.0602 6856 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:19.0604 6856 USBSTOR - ok
14:21:19.0653 6856 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:21:19.0655 6856 usbuhci - ok
14:21:19.0781 6856 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
14:21:19.0783 6856 VClone - ok
14:21:19.0823 6856 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:20.0981 6856 vga - ok
14:21:21.0039 6856 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:21:21.0040 6856 VgaSave - ok
14:21:21.0075 6856 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:21:21.0076 6856 viaide - ok
14:21:21.0139 6856 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:21:21.0141 6856 volmgr - ok
14:21:21.0211 6856 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:21:21.0216 6856 volmgrx - ok
14:21:21.0282 6856 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:21:21.0286 6856 volsnap - ok
14:21:21.0338 6856 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:21:21.0341 6856 vsmraid - ok
14:21:21.0385 6856 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:21:21.0386 6856 WacomPen - ok
14:21:21.0447 6856 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:21.0449 6856 Wanarp - ok
14:21:21.0452 6856 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:21.0454 6856 Wanarpv6 - ok
14:21:21.0473 6856 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:21:21.0474 6856 Wd - ok
14:21:21.0501 6856 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:21:21.0512 6856 Wdf01000 - ok
14:21:21.0609 6856 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:21:21.0610 6856 WmiAcpi - ok
14:21:21.0670 6856 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:21:21.0672 6856 WpdUsb - ok
14:21:21.0694 6856 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:21:21.0695 6856 ws2ifsl - ok
14:21:21.0793 6856 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:21.0796 6856 WUDFRd - ok
14:21:21.0846 6856 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
14:21:21.0880 6856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:21:21.0880 6856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:21:21.0897 6856 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
14:21:22.0700 6856 \Device\Harddisk1\DR1 - ok
14:21:22.0705 6856 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
14:21:22.0709 6856 \Device\Harddisk2\DR2 - ok
14:21:22.0730 6856 Boot (0x1200) (57be5541934a481ec729474d7f67498d) \Device\Harddisk0\DR0\Partition0
14:21:22.0731 6856 \Device\Harddisk0\DR0\Partition0 - ok
14:21:22.0755 6856 Boot (0x1200) (2727c5861400f09ddea8135a113a3b92) \Device\Harddisk1\DR1\Partition0
14:21:22.0756 6856 \Device\Harddisk1\DR1\Partition0 - ok
14:21:22.0760 6856 Boot (0x1200) (12013c822753260c32c2e6a00a77da91) \Device\Harddisk2\DR2\Partition0
14:21:22.0762 6856 \Device\Harddisk2\DR2\Partition0 - ok
14:21:22.0762 6856 ============================================================
14:21:22.0762 6856 Scan finished
14:21:22.0762 6856 ============================================================
14:21:22.0773 6328 Detected object count: 1
14:21:22.0773 6328 Actual detected object count: 1
14:25:16.0520 6328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
14:25:16.0521 6328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
14:28:26.0262 6112 Deinitialize success
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
22-Feb-2012, 03:22 PM #4
OK, Run TDSSKiller again as follows:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs from TDSSKiller and Combofix in next reply please...

Kevin
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
22-Feb-2012, 04:22 PM #5
Okay, first off, here is the report from TDSSkiller. It did "cure" one of the files, but skipped four other suspicious files.
One note, so far, the message "Winrscmde has stopped working" has yet to come back. Hopefully that's a good sign.
I'll run Combofix next.

Thanks again Kevin!

12:59:45.0415 9720 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:59:47.0418 9720 ============================================================
12:59:47.0418 9720 Current date / time: 2012/02/22 12:59:47.0418
12:59:47.0418 9720 SystemInfo:
12:59:47.0418 9720
12:59:47.0418 9720 OS Version: 6.0.6002 ServicePack: 2.0
12:59:47.0418 9720 Product type: Workstation
12:59:47.0418 9720 ComputerName: OFFICE-PC
12:59:47.0418 9720 UserName: Lucas
12:59:47.0418 9720 Windows directory: C:\Windows
12:59:47.0418 9720 System windows directory: C:\Windows
12:59:47.0418 9720 Running under WOW64
12:59:47.0418 9720 Processor architecture: Intel x64
12:59:47.0418 9720 Number of processors: 4
12:59:47.0418 9720 Page size: 0x1000
12:59:47.0418 9720 Boot type: Normal boot
12:59:47.0418 9720 ============================================================
12:59:55.0962 9720 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:59:55.0981 9720 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:59:56.0005 9720 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:59:56.0344 9720 \Device\Harddisk0\DR0:
12:59:56.0348 9720 MBR used
12:59:56.0348 9720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E57000
12:59:56.0348 9720 \Device\Harddisk1\DR1:
12:59:56.0362 9720 MBR used
12:59:56.0362 9720 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:59:56.0362 9720 \Device\Harddisk2\DR2:
12:59:56.0407 9720 MBR used
12:59:56.0407 9720 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
12:59:58.0045 9720 Initialize success
12:59:58.0045 9720 ============================================================
13:00:56.0809 10000 ============================================================
13:00:56.0809 10000 Scan started
13:00:56.0809 10000 Mode: Manual; SigCheck; TDLFS;
13:00:56.0809 10000 ============================================================
13:01:00.0328 10000 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
13:01:00.0886 10000 61883 - ok
13:01:01.0204 10000 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:01:01.0255 10000 ACPI - ok
13:01:01.0526 10000 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:01:01.0592 10000 adp94xx - ok
13:01:01.0685 10000 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:01:01.0704 10000 adpahci - ok
13:01:01.0729 10000 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:01:01.0742 10000 adpu160m - ok
13:01:01.0787 10000 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:01:01.0866 10000 adpu320 - ok
13:01:03.0366 10000 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:01:03.0568 10000 AFD - ok
13:01:03.0890 10000 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys
13:01:04.0009 10000 AgereSoftModem - ok
13:01:04.0189 10000 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:01:04.0238 10000 agp440 - ok
13:01:04.0308 10000 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:01:04.0322 10000 aic78xx - ok
13:01:04.0386 10000 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:01:04.0397 10000 aliide - ok
13:01:04.0423 10000 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:01:04.0439 10000 amdide - ok
13:01:04.0473 10000 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:01:04.0523 10000 AmdK8 - ok
13:01:04.0766 10000 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:01:04.0800 10000 arc - ok
13:01:04.0907 10000 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:01:04.0921 10000 arcsas - ok
13:01:04.0985 10000 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:01:05.0068 10000 AsyncMac - ok
13:01:05.0106 10000 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
13:01:05.0116 10000 atapi - ok
13:01:05.0330 10000 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
13:01:05.0388 10000 Avc - ok
13:01:06.0709 10000 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:01:06.0751 10000 Avgfwfd - ok
13:01:06.0924 10000 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:01:07.0091 10000 AVGIDSDriver - ok
13:01:07.0264 10000 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:01:07.0279 10000 AVGIDSEH - ok
13:01:07.0329 10000 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:01:07.0403 10000 AVGIDSFilter - ok
13:01:07.0680 10000 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
13:01:07.0729 10000 Avgldx64 - ok
13:01:07.0930 10000 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:01:07.0955 10000 Avgmfx64 - ok
13:01:08.0050 10000 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:01:08.0060 10000 Avgrkx64 - ok
13:01:08.0148 10000 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:01:08.0300 10000 Avgtdia - ok
13:01:08.0517 10000 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:01:08.0607 10000 blbdrive - ok
13:01:08.0926 10000 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:01:10.0319 10000 bowser - ok
13:01:10.0440 10000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:01:12.0294 10000 BrFiltLo - ok
13:01:13.0632 10000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:01:13.0743 10000 BrFiltUp - ok
13:01:13.0895 10000 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:01:14.0058 10000 Brserid - ok
13:01:14.0433 10000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:01:14.0557 10000 BrSerWdm - ok
13:01:14.0736 10000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:01:14.0918 10000 BrUsbMdm - ok
13:01:15.0219 10000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:01:15.0323 10000 BrUsbSer - ok
13:01:15.0643 10000 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:01:16.0971 10000 BTHMODEM - ok
13:01:17.0053 10000 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:01:17.0159 10000 cdfs - ok
13:01:17.0412 10000 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:01:17.0511 10000 cdrom - ok
13:01:17.0611 10000 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:01:17.0691 10000 circlass - ok
13:01:17.0945 10000 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:01:18.0044 10000 CLFS - ok
13:01:18.0222 10000 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:01:18.0273 10000 cmdide - ok
13:01:18.0384 10000 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:01:18.0401 10000 Compbatt - ok
13:01:18.0416 10000 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:01:18.0441 10000 crcdisk - ok
13:01:18.0600 10000 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:01:18.0691 10000 DfsC - ok
13:01:20.0144 10000 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:01:20.0251 10000 disk - ok
13:01:20.0434 10000 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
13:01:20.0560 10000 Dot4 - ok
13:01:20.0669 10000 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:01:20.0711 10000 Dot4Print - ok
13:01:20.0745 10000 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
13:01:20.0788 10000 dot4usb - ok
13:01:20.0919 10000 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:01:20.0998 10000 drmkaud - ok
13:01:21.0246 10000 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:01:21.0304 10000 DXGKrnl - ok
13:01:21.0623 10000 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:01:21.0721 10000 E1G60 - ok
13:01:21.0814 10000 e1yexpress (bddc6f6c49633aa85a30a989418e30f4) C:\Windows\system32\DRIVERS\e1y60x64.sys
13:01:21.0910 10000 e1yexpress - ok
13:01:21.0980 10000 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:01:22.0028 10000 Ecache - ok
13:01:22.0202 10000 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:01:23.0471 10000 ElbyCDIO - ok
13:01:24.0066 10000 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:01:24.0220 10000 elxstor - ok
13:01:24.0881 10000 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:01:25.0135 10000 ErrDev - ok
13:01:27.0154 10000 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:01:27.0366 10000 exfat - ok
13:01:27.0968 10000 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:01:28.0161 10000 fastfat - ok
13:01:28.0787 10000 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:01:28.0854 10000 fdc - ok
13:01:30.0616 10000 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:01:30.0682 10000 FileInfo - ok
13:01:31.0567 10000 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:01:31.0732 10000 Filetrace - ok
13:01:33.0810 10000 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:01:34.0098 10000 flpydisk - ok
13:01:34.0576 10000 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:01:34.0751 10000 FltMgr - ok
13:01:35.0599 10000 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:01:35.0705 10000 Fs_Rec - ok
13:01:37.0365 10000 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:01:37.0396 10000 gagp30kx - ok
13:01:37.0984 10000 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:01:38.0063 10000 GEARAspiWDM - ok
13:01:39.0103 10000 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
13:01:39.0243 10000 HdAudAddService - ok
13:01:40.0954 10000 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:01:42.0057 10000 HDAudBus - ok
13:01:44.0224 10000 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:01:44.0459 10000 HidBth - ok
13:01:45.0199 10000 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:01:45.0333 10000 HidIr - ok
13:01:45.0954 10000 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:01:47.0218 10000 HidUsb - ok
13:01:48.0315 10000 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:01:48.0342 10000 HpCISSs - ok
13:01:50.0765 10000 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:01:51.0470 10000 HTTP - ok
13:01:51.0985 10000 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:01:52.0132 10000 i2omp - ok
13:01:54.0255 10000 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:01:54.0532 10000 i8042prt - ok
13:01:56.0054 10000 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
13:01:56.0112 10000 iaStor - ok
13:01:58.0130 10000 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:01:58.0320 10000 iaStorV - ok
13:02:08.0936 10000 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:02:28.0556 10000 igfx - ok
13:02:29.0258 10000 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:02:29.0318 10000 iirsp - ok
13:02:32.0498 10000 IntcAzAudAddService (fdfc40441fac0f3114a974168125279f) C:\Windows\system32\drivers\RTKVHD64.sys
13:02:35.0768 10000 IntcAzAudAddService - ok
13:02:36.0607 10000 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
13:02:38.0772 10000 IntcHdmiAddService - ok
13:02:39.0305 10000 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:02:39.0352 10000 intelide - ok
13:02:40.0008 10000 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:02:40.0105 10000 intelppm - ok
13:02:42.0151 10000 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:42.0247 10000 IpFilterDriver - ok
13:02:43.0000 10000 IpInIp - ok
13:02:43.0633 10000 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:02:43.0827 10000 IPMIDRV - ok
13:02:46.0154 10000 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:02:46.0387 10000 IPNAT - ok
13:02:48.0870 10000 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:02:49.0061 10000 IRENUM - ok
13:02:50.0048 10000 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:02:50.0066 10000 isapnp - ok
13:02:52.0409 10000 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:02:52.0477 10000 iScsiPrt - ok
13:02:53.0164 10000 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:02:53.0318 10000 iteatapi - ok
13:02:54.0356 10000 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:02:54.0380 10000 iteraid - ok
13:02:56.0483 10000 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:02:56.0620 10000 kbdclass - ok
13:02:57.0852 10000 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:02:59.0932 10000 kbdhid - ok
13:03:02.0469 10000 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
13:03:02.0971 10000 KSecDD - ok
13:03:03.0354 10000 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:03:03.0693 10000 ksthunk - ok
13:03:04.0162 10000 LGDDCDevice (9dcb9d9bdb7e3c0f66f86ee09a392cbb) C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys
13:03:04.0317 10000 LGDDCDevice ( UnsignedFile.Multi.Generic ) - warning
13:03:04.0318 10000 LGDDCDevice - detected UnsignedFile.Multi.Generic (1)
13:03:06.0058 10000 LGII2CDevice (21a62a7a95b1905634e7c12e5158ec32) C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys
13:03:06.0131 10000 LGII2CDevice ( UnsignedFile.Multi.Generic ) - warning
13:03:06.0131 10000 LGII2CDevice - detected UnsignedFile.Multi.Generic (1)
13:03:07.0131 10000 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:03:07.0269 10000 lltdio - ok
13:03:09.0504 10000 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:03:09.0569 10000 LSI_FC - ok
13:03:10.0120 10000 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:03:10.0202 10000 LSI_SAS - ok
13:03:10.0699 10000 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:03:10.0765 10000 LSI_SCSI - ok
13:03:11.0314 10000 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:03:11.0513 10000 luafv - ok
13:03:13.0921 10000 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:03:13.0948 10000 megasas - ok
13:03:16.0250 10000 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:03:16.0434 10000 MegaSR - ok
13:03:17.0125 10000 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:03:17.0221 10000 Modem - ok
13:03:17.0785 10000 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:03:17.0943 10000 monitor - ok
13:03:18.0345 10000 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:03:18.0368 10000 mouclass - ok
13:03:20.0258 10000 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:03:20.0416 10000 mouhid - ok
13:03:21.0025 10000 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:03:21.0052 10000 MountMgr - ok
13:03:21.0628 10000 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:03:21.0742 10000 mpio - ok
13:03:23.0486 10000 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:03:23.0555 10000 mpsdrv - ok
13:03:23.0914 10000 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:03:23.0939 10000 Mraid35x - ok
13:03:24.0559 10000 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:03:24.0789 10000 MRxDAV - ok
13:03:25.0338 10000 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:03:26.0749 10000 mrxsmb - ok
13:03:27.0189 10000 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:03:27.0477 10000 mrxsmb10 - ok
13:03:28.0098 10000 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:03:28.0240 10000 mrxsmb20 - ok
13:03:28.0494 10000 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:03:28.0576 10000 msahci - ok
13:03:30.0127 10000 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:03:30.0198 10000 msdsm - ok
13:03:30.0805 10000 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
13:03:30.0902 10000 MSDV - ok
13:03:31.0571 10000 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:03:31.0795 10000 Msfs - ok
13:03:33.0505 10000 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:03:33.0531 10000 msisadrv - ok
13:03:33.0762 10000 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:03:33.0813 10000 MSKSSRV - ok
13:03:34.0094 10000 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:03:34.0282 10000 MSPCLOCK - ok
13:03:34.0897 10000 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:03:35.0009 10000 MSPQM - ok
13:03:36.0946 10000 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:03:37.0006 10000 MsRPC - ok
13:03:37.0596 10000 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:03:37.0635 10000 mssmbios - ok
13:03:38.0020 10000 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:03:38.0319 10000 MSTEE - ok
13:03:40.0551 10000 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:03:40.0688 10000 Mup - ok
13:03:41.0408 10000 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:03:41.0521 10000 NativeWifiP - ok
13:03:43.0732 10000 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:03:44.0034 10000 NDIS - ok
13:03:44.0854 10000 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:03:45.0043 10000 NdisTapi - ok
13:03:46.0984 10000 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:03:47.0108 10000 Ndisuio - ok
13:03:47.0924 10000 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:03:48.0177 10000 NdisWan - ok
13:03:50.0417 10000 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:03:50.0586 10000 NDProxy - ok
13:03:51.0274 10000 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:03:51.0422 10000 NetBIOS - ok
13:03:52.0355 10000 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:03:54.0073 10000 netbt - ok
13:03:55.0200 10000 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:03:55.0270 10000 nfrd960 - ok
13:03:57.0192 10000 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:03:57.0314 10000 Npfs - ok
13:03:58.0158 10000 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:03:58.0371 10000 nsiproxy - ok
13:04:00.0746 10000 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:04:02.0207 10000 Ntfs - ok
13:04:04.0392 10000 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:04:04.0550 10000 Null - ok
13:04:05.0271 10000 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:04:05.0304 10000 nvraid - ok
13:04:07.0506 10000 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:04:07.0559 10000 nvstor - ok
13:04:08.0551 10000 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:04:08.0579 10000 nv_agp - ok
13:04:08.0984 10000 NwlnkFlt - ok
13:04:10.0801 10000 NwlnkFwd - ok
13:04:11.0412 10000 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:04:11.0669 10000 ohci1394 - ok
13:04:12.0194 10000 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:04:12.0301 10000 Parport - ok
13:04:12.0798 10000 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:04:12.0906 10000 partmgr - ok
13:04:15.0655 10000 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:04:15.0979 10000 pci - ok
13:04:17.0850 10000 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
13:04:17.0947 10000 pciide - ok
13:04:18.0747 10000 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:04:18.0828 10000 pcmcia - ok
13:04:19.0739 10000 pcouffin (899e41a057038cb5be892fe428bdc576) C:\Windows\system32\Drivers\pcouffin.sys
13:04:21.0460 10000 pcouffin ( UnsignedFile.Multi.Generic ) - warning
13:04:21.0460 10000 pcouffin - detected UnsignedFile.Multi.Generic (1)
13:04:22.0459 10000 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:04:22.0743 10000 PEAUTH - ok
13:04:24.0932 10000 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:04:25.0174 10000 PptpMiniport - ok
13:04:25.0981 10000 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:04:26.0155 10000 Processor - ok
13:04:26.0690 10000 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:04:27.0981 10000 PSched - ok
13:04:29.0236 10000 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:04:29.0975 10000 ql2300 - ok
13:04:31.0987 10000 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:04:32.0043 10000 ql40xx - ok
13:04:32.0890 10000 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:04:35.0181 10000 QWAVEdrv - ok
13:04:36.0181 10000 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:04:36.0297 10000 RasAcd - ok
13:04:36.0963 10000 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:04:37.0127 10000 Rasl2tp - ok
13:04:39.0158 10000 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:04:39.0382 10000 RasPppoe - ok
13:04:41.0832 10000 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:04:41.0874 10000 RasSstp - ok
13:04:43.0026 10000 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:04:43.0248 10000 rdbss - ok
13:04:45.0198 10000 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:04:45.0295 10000 RDPCDD - ok
13:04:45.0910 10000 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:04:46.0028 10000 rdpdr - ok
13:04:46.0573 10000 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:04:46.0878 10000 RDPENCDD - ok
13:04:48.0947 10000 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
13:04:49.0110 10000 RDPWD - ok
13:04:49.0894 10000 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:04:50.0002 10000 rspndr - ok
13:04:50.0640 10000 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:04:50.0762 10000 sbp2port - ok
13:04:52.0670 10000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:04:52.0852 10000 secdrv - ok
13:04:53.0406 10000 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:04:53.0629 10000 Serenum - ok
13:04:54.0217 10000 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:04:55.0618 10000 Serial - ok
13:04:56.0153 10000 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:04:56.0252 10000 sermouse - ok
13:04:56.0681 10000 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:04:56.0947 10000 sffdisk - ok
13:04:57.0616 10000 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:04:59.0254 10000 sffp_mmc - ok
13:05:00.0075 10000 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:05:00.0289 10000 sffp_sd - ok
13:05:00.0975 10000 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:05:01.0115 10000 sfloppy - ok
13:05:03.0161 10000 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:05:03.0200 10000 SiSRaid2 - ok
13:05:03.0925 10000 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:05:04.0039 10000 SiSRaid4 - ok
13:05:05.0923 10000 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:05:06.0166 10000 Smb - ok
13:05:06.0750 10000 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:05:06.0818 10000 spldr - ok
13:05:07.0828 10000 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:05:09.0240 10000 srv - ok
13:05:09.0850 10000 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:05:10.0005 10000 srv2 - ok
13:05:10.0671 10000 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:05:10.0895 10000 srvnet - ok
13:05:12.0769 10000 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:05:12.0815 10000 swenum - ok
13:05:13.0487 10000 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:05:13.0526 10000 Symc8xx - ok
13:05:14.0170 10000 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:05:14.0201 10000 Sym_hi - ok
13:05:14.0624 10000 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:05:14.0653 10000 Sym_u3 - ok
13:05:16.0799 10000 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
13:05:19.0051 10000 Tcpip - ok
13:05:20.0223 10000 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
13:05:20.0380 10000 Tcpip6 - ok
13:05:20.0801 10000 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
13:05:21.0148 10000 tcpipreg - ok
13:05:22.0852 10000 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:05:23.0081 10000 TDPIPE - ok
13:05:23.0629 10000 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:05:23.0699 10000 TDTCP - ok
13:05:24.0496 10000 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:05:24.0595 10000 tdx - ok
13:05:26.0523 10000 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:05:26.0572 10000 TermDD - ok
13:05:27.0412 10000 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:05:27.0485 10000 tssecsrv - ok
13:05:27.0978 10000 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:05:29.0313 10000 tunmp - ok
13:05:29.0835 10000 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:05:30.0113 10000 tunnel - ok
13:05:30.0933 10000 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:05:31.0078 10000 uagp35 - ok
13:05:33.0326 10000 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:05:33.0846 10000 udfs - ok
13:05:34.0813 10000 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:05:34.0827 10000 uliagpkx - ok
13:05:36.0906 10000 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:05:37.0260 10000 uliahci - ok
13:05:38.0041 10000 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:05:38.0088 10000 UlSata - ok
13:05:40.0182 10000 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:05:40.0254 10000 ulsata2 - ok
13:05:40.0854 10000 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:05:41.0030 10000 umbus - ok
13:05:41.0698 10000 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
13:05:41.0779 10000 UMPass - ok
13:05:43.0429 10000 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:05:43.0667 10000 USBAAPL64 - ok
13:05:44.0263 10000 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:05:44.0350 10000 usbccgp - ok
13:05:44.0952 10000 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:05:45.0065 10000 usbcir - ok
13:05:46.0904 10000 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:05:47.0004 10000 usbehci - ok
13:05:47.0675 10000 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:05:47.0870 10000 usbhub - ok
13:05:48.0429 10000 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:05:48.0590 10000 usbohci - ok
13:05:50.0580 10000 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:05:50.0619 10000 usbprint - ok
13:05:51.0242 10000 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:05:51.0334 10000 usbscan - ok
13:05:51.0813 10000 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:05:51.0958 10000 USBSTOR - ok
13:05:52.0064 10000 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:05:52.0097 10000 usbuhci - ok
13:05:52.0234 10000 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
13:05:52.0276 10000 VClone - ok
13:05:53.0625 10000 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:05:53.0705 10000 vga - ok
13:05:53.0775 10000 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:05:53.0817 10000 VgaSave - ok
13:05:53.0869 10000 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:05:53.0918 10000 viaide - ok
13:05:54.0067 10000 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:05:54.0089 10000 volmgr - ok
13:05:54.0297 10000 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:05:54.0319 10000 volmgrx - ok
13:05:54.0447 10000 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:05:54.0481 10000 volsnap - ok
13:05:54.0576 10000 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:05:54.0590 10000 vsmraid - ok
13:05:54.0645 10000 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:05:54.0748 10000 WacomPen - ok
13:05:54.0890 10000 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:05:54.0938 10000 Wanarp - ok
13:05:54.0942 10000 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:05:54.0968 10000 Wanarpv6 - ok
13:05:55.0109 10000 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:05:55.0120 10000 Wd - ok
13:05:55.0312 10000 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:05:55.0357 10000 Wdf01000 - ok
13:05:55.0503 10000 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:05:55.0590 10000 WmiAcpi - ok
13:05:57.0014 10000 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:05:57.0067 10000 WpdUsb - ok
13:05:57.0204 10000 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:05:57.0269 10000 ws2ifsl - ok
13:05:57.0387 10000 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:05:57.0443 10000 WUDFRd - ok
13:05:57.0464 10000 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
13:05:57.0498 10000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:05:57.0499 10000 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:05:57.0596 10000 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:05:57.0596 10000 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:05:57.0613 10000 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
13:05:58.0526 10000 \Device\Harddisk1\DR1 - ok
13:05:58.0530 10000 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
13:05:59.0098 10000 \Device\Harddisk2\DR2 - ok
13:05:59.0124 10000 Boot (0x1200) (57be5541934a481ec729474d7f67498d) \Device\Harddisk0\DR0\Partition0
13:05:59.0125 10000 \Device\Harddisk0\DR0\Partition0 - ok
13:05:59.0130 10000 Boot (0x1200) (2727c5861400f09ddea8135a113a3b92) \Device\Harddisk1\DR1\Partition0
13:05:59.0133 10000 \Device\Harddisk1\DR1\Partition0 - ok
13:05:59.0168 10000 Boot (0x1200) (12013c822753260c32c2e6a00a77da91) \Device\Harddisk2\DR2\Partition0
13:05:59.0171 10000 \Device\Harddisk2\DR2\Partition0 - ok
13:05:59.0171 10000 ============================================================
13:05:59.0171 10000 Scan finished
13:05:59.0171 10000 ============================================================
13:05:59.0183 5944 Detected object count: 5
13:05:59.0183 5944 Actual detected object count: 5
13:06:46.0414 5944 LGDDCDevice ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:46.0415 5944 LGDDCDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:06:46.0416 5944 LGII2CDevice ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:46.0416 5944 LGII2CDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:06:46.0419 5944 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
13:06:46.0419 5944 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:06:46.0513 5944 \Device\Harddisk0\DR0\# - copied to quarantine
13:06:46.0513 5944 \Device\Harddisk0\DR0 - copied to quarantine
13:06:46.0604 5944 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:06:46.0605 5944 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:06:46.0613 5944 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:06:46.0620 5944 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:06:46.0621 5944 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:06:46.0622 5944 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:06:46.0624 5944 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:06:46.0627 5944 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:06:46.0629 5944 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:06:46.0631 5944 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:06:46.0693 5944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:06:46.0694 5944 \Device\Harddisk0\DR0 - ok
13:06:47.0000 5944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:06:47.0000 5944 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:06:47.0000 5944 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:07:27.0229 9840 Deinitialize success
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
22-Feb-2012, 04:27 PM #6
Nice job, lets see what CF picks up....
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
22-Feb-2012, 06:39 PM #7
Alrighty then....

This is what ComboFix has found:

ComboFix 12-02-21.01 - Lucas 02/22/2012 13:37:07.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2498 [GMT -8:00]
Running from: c:\users\Lucas\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_norma l.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{da69170f-208d-409d-bc84-dd561b5a60f4}
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{da69170f-208d-409d-bc84-dd561b5a60f4}\chrome.manifest
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{da69170f-208d-409d-bc84-dd561b5a60f4}\chrome\xulcache.jar
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{da69170f-208d-409d-bc84-dd561b5a60f4}\defaults\preferences\xulcache.js
c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\ex tensions\{da69170f-208d-409d-bc84-dd561b5a60f4}\install.rdf
c:\users\Lucas\AppData\Roaming\vso_ts_preview.xml
c:\windows\svchost.exe
H:\Autorun.inf
I:\Autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 21:59 . 2012-02-22 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 00:16 . 2012-02-22 21:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-20 21:20 . 2012-02-20 21:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\2FD8.tmp
2012-02-14 21:55 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:55 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:55 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 21:55 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-14 21:55 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-07 00:24 . 2012-02-07 00:21 128512 ----a-w- c:\programdata\Microsoft\Windows\DRM\D3B5.tmp
2012-02-07 00:21 . 2012-02-07 00:21 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\2934.tmp
2012-01-29 06:22 . 2012-01-29 06:22 -------- d-----w- c:\program files\iPod
2012-01-29 06:22 . 2012-01-29 06:23 -------- d-----w- c:\program files\iTunes
2012-01-29 06:22 . 2012-01-29 06:23 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 16:17 . 2012-02-14 21:55 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2011-12-14 02:57 . 2012-02-15 11:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-14 02:50 . 2012-02-15 11:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-10 23:24 . 2011-12-07 19:47 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 23:58 . 2011-12-09 23:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-09 23:58 . 2011-12-09 23:58 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-25 16:25 . 2012-01-11 09:16 451072 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-19 23:31 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-19 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-19 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-02-26 45056]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Plugin Install"="c:\program files (x86)\QuickTime\Plugins\DeleteMe1.exe" [2010-10-13 86016]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-19 939872]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-09 296056]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-12 136416]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files (x86)\LG Soft India\forteManager\bin\Monitor.exe [2010-10-17 1687552]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 21:13]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 21:13]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4001044642-3167016719-1614725866-1000Core.job
- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-19 19:08]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4001044642-3167016719-1614725866-1000UA.job
- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-19 19:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"combofix"="c:\combofix\CF7356.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\oas.support
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\mkes9c5o.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b6caa6d&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Go Green: fzamaan@gmail.com - %profile%\extensions\fzamaan@gmail.com
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-YouTubeGet_is1 - c:\youtubeget\unins000.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\YouTube Downloader\uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.ex e,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00, 59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\MHotKey.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgfws.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\windows\ChiFuncExt.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-02-22 14:14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 22:14
.
Pre-Run: 164,756,951,040 bytes free
Post-Run: 167,008,043,008 bytes free
.
- - End Of File - - 7F765F543C03B4FD2843EB25597D5007
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
22-Feb-2012, 06:45 PM #8
This notice showed up after the computer rebooted as well, thought I should show it to you:

"C:\Windows\system32\GfxUI.exe
A device attached to the system is not functioning."

Something I should be worried about?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
23-Feb-2012, 03:14 AM #9
GfxUI.exe is a part of the Intel drivers for your motherboard, update your Intel drivers from there website and see if that cures the alert.

First run the following and let me see the log:

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Kevin
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
23-Feb-2012, 11:00 AM #10
Okay,
Here is the log:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c82e0543825e44ba8b24cc76ddb1eb8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-23 03:45:04
# local_time=2012-02-23 07:45:04 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 6602542 6602542 0 0
# compatibility_mode=5892 16776574 100 56 15565159 166585743 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=469382
# found=31
# cleaned=0
# scan_time=24867
C:\ProgramData\Microsoft\Windows\DRM\2934.tmp Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\DRM\2934.tmp.dat a variant of Win32/Kryptik.AAKQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp.dat a variant of Win32/Kryptik.AAZO trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\DRM\D3B5.tmp a variant of Win32/Kryptik.AAKQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles \mkes9c5o.default\extensions\{da69170f-208d-409d-bc84-dd561b5a60f4}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Lucas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\12f4224d-15a61404 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Lucas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\61c81345-3bb2c334 a variant of Java/Exploit.CVE-2011-3544.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Lucas\Desktop\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Lucas\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Lucas\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
I:\Desktop\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
I:\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
I:\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
I:\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
I:\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I


And here is the list of threats:


C:\ProgramData\Microsoft\Windows\DRM\2934.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\2934.tmp.dat a variant of Win32/Kryptik.AAKQ trojan
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\D3B5.tmp a variant of Win32/Kryptik.AAKQ trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles \mkes9c5o.default\extensions\{da69170f-208d-409d-bc84-dd561b5a60f4}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_16.15.16\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.59.47\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\Lucas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\12f4224d-15a61404 multiple threats
C:\Users\Lucas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\61c81345-3bb2c334 a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\Users\Lucas\Desktop\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application
C:\Users\Lucas\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application
C:\Users\Lucas\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe a variant of Win32/InstallCore.D application
I:\Desktop\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application
I:\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application
I:\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe a variant of Win32/InstallCore.D application
I:\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application
I:\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
23-Feb-2012, 03:13 PM #11
Run the following:

Please download OTM by OldTimer.

Alternative Mirror 1
Alternative Mirror 2

Save it to your desktop.

Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
ipconfig /flushdns /c
C:\ProgramData\Microsoft\Windows\DRM\2934.tmp
C:\ProgramData\Microsoft\Windows\DRM\2934.tmp.dat
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp.dat
C:\ProgramData\Microsoft\Windows\DRM\D3B5.tmp
C:\Users\Lucas\Desktop\Downloads\Setup_FreeConverter.exe
C:\Users\Lucas\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe
C:\Users\Lucas\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe
I:\Desktop\Downloads\Setup_FreeConverter.exe
I:\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe
I:\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe
I:\Downloads\Setup_FreeConverter.exe
I:\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe
:Commands
[EmptyTemp]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see the logs from OTM and Security Checks, also give update on current issues/concerns..

Kevin
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
23-Feb-2012, 04:35 PM #12
Here is the OldTimer report:


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lucas\Desktop\cmd.bat deleted successfully.
C:\Users\Lucas\Desktop\cmd.txt deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\2934.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\2934.tmp.dat moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp.dat moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\D3B5.tmp moved successfully.
C:\Users\Lucas\Desktop\Downloads\Setup_FreeConverter.exe moved successfully.
C:\Users\Lucas\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe moved successfully.
C:\Users\Lucas\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe moved successfully.
I:\Desktop\Downloads\Setup_FreeConverter.exe moved successfully.
I:\Desktop\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe moved successfully.
I:\Downloads\cnet_SweetHome3D-3_3-windows_exe.exe moved successfully.
I:\Downloads\Setup_FreeConverter.exe moved successfully.
I:\Downloads\YouTube Videos\FreeYouTubeDownloaderSetup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lucas
->Temp folder emptied: 5207809 bytes
->Temporary Internet Files folder emptied: 102086782 bytes
->Java cache emptied: 62302385 bytes
->FireFox cache emptied: 66605657 bytes
->Google Chrome cache emptied: 113593782 bytes
->Apple Safari cache emptied: 24183808 bytes
->Flash cache emptied: 735796 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 209747 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118933 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\ Temporary Internet Files folder emptied: 10979864 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deploy ment folder emptied: 13690557 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 34041 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 381.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 02232012_131130

Files moved on Reboot...
File C:\Users\Lucas\AppData\Local\Temp\etilqs_1AiIyxU1M3uGuAT not found!
File C:\Users\Lucas\AppData\Local\Temp\etilqs_ukVjVPMfU3Xccm1 not found!
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Here is the SecurityCheck report:


Results of screen317's Security Check version 0.99.31
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Internet Security
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 23
Java(TM) 6 Update 5
Java version out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
23-Feb-2012, 04:51 PM #13
Have you made some changes? Combofix indicated SP2 (Service Pack 2) is installed, also security is AVG to include AV AS and Firewall...

Now Security checks indicates no service packs and security is now Avast and Windows Firewall, what is going on??
jonnycack's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Feb 2012
Experience: Beginner
23-Feb-2012, 04:58 PM #14
Yeah, sorry.

I had downloaded Avast about a week ago on suggestion from a friend, but then all of this started happening. I don't really know why I installed it. Seeing all of the files while doing some back-up, I decided to install it. The Firewall should be Avast though. It's turned on in the Avast Interface.

As for the SP of Windows, not sure why that would be different. I haven't messed with any of that. I was going to update the drivers like you suggested, but hadn't got to it yet.

Again, sorry. I get jumpy about all of this stuff cause it's over my head. I've just been told AVG isn't as good as it used to be.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
23-Feb-2012, 05:16 PM #15
Select > Start > Right click on "Computer" > select > Properties > What service pack does it show?

If Avast is the full suite, which it appears to be, you will have to turn off Windows Firewall. Two FW`s will clash and cause issues for your system....

Let me know how your system is responding, if no issues we can clean up, remove tools etc..
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 07:34 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑