Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Tazinga Redirects, Random Unknown Audio


(!)

Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
16-Aug-2012, 08:56 PM #1
Tazinga Redirects, Random Unknown Audio
Hello,
For about a week now I've been getting Google search redirects to Tazinga and other unknown sites, plus unknown audio playing randomly. Initially when I scanned with both MBAM and Anvi they found malicious items, and I thought it had been taken care of, but the problem persists. The Sysinfo log below shows that I have no anti-virus, but I do have Anvi. (I got rid of AVG after it had failed to detect whatever this is.) Also below are the other required logs. Thanks very much in advance.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+, x64 Family 15 Model 67 Stepping 2
Processor Count: 2
RAM: 2046 Mb
Graphics Card: ATI Radeon HD 4600 Series, 1024 Mb
Hard Drives: C: Total - 466896 MB, Free - 416085 MB; D: Total - 10040 MB, Free - 715 MB; J: Total - 476937 MB, Free - 252872 MB;
Motherboard: ASUSTek Computer INC., NARRA2
Antivirus: None

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Home at 18:24:52 on 2012-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1020 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\PKWARE\PKZIPM\14.00.0023\PKTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DoNotTrackPlus\PropertySync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\DoNotTrackPlus\PropertySync.exe
C:\Program Files\DoNotTrackPlus\PropertySync.exe
C:\Program Files\DoNotTrackPlus\PropertySync.exe
C:\Program Files\DoNotTrackPlus\PropertySync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Home\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ScriptHost.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link RangeBooster N DWA-140] c:\program files\d-link\dwa-140 revb\AirNCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pkzipa~1.lnk - c:\program files\pkware\pkzipm\14.00.0023\PKTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ScriptHost.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kenexa.webex.com/client/T27L10NSP11EP5/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://hosting.meringcarsoninteractive.com/disneyvirtualmagic/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{518CB914-10C4-4901-A9B4-3D8A91B75A39} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2011-8-27 12800]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [2012-8-13 16208]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2011-8-27 151552]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [2012-8-13 22864]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-7-20 686408]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [2012-8-13 14160]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-6-5 315392]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2011-8-27 750592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-28 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-2-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-2-28 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-28 135664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-5 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-16 05:31:54 891 ----a-w- c:\programdata\ystvcaa.tmp
2012-08-16 05:30:55 878 ----a-w- c:\programdata\zstvcaa.tmp
2012-08-15 02:15:42 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{56d2b15b-ae5b-41a0-97d4-d041b7cee174}\offreg.dll
2012-08-15 02:10:49 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 02:10:44 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 02:10:42 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 02:10:42 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 02:10:35 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 02:10:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 02:10:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:10:18 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{56d2b15b-ae5b-41a0-97d4-d041b7cee174}\mpengine.dll
2012-08-14 02:45:28 -------- d-----w- c:\users\home\appdata\local\CrashDumps
2012-08-14 02:43:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 19:26:24 -------- d-----w- c:\users\home\appdata\local\NPE
2012-08-13 18:53:25 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-08-13 18:19:43 -------- d-----w- c:\users\home\appdata\roaming\Anvisoft
2012-08-13 18:19:28 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-08-13 18:19:28 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-08-13 18:19:28 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-08-13 18:19:28 -------- d-----w- c:\programdata\Anvisoft
2012-08-13 18:19:25 -------- d-----w- c:\program files\Anvisoft
2012-08-13 17:56:38 -------- d-----w- c:\users\home\appdata\roaming\Ad-Aware Antivirus
2012-08-13 17:20:33 895 ----a-w- c:\programdata\cpcoaaa.tmp
2012-08-13 17:19:43 -------- d-----w- c:\programdata\Autorun Eater
2012-08-13 17:19:36 -------- d-----w- c:\program files\Autorun Eater
2012-08-13 17:18:31 -------- d-----w- c:\users\home\appdata\roaming\PKWARE
2012-08-13 17:18:31 -------- d-----w- c:\programdata\PKWARE
2012-08-13 17:17:49 888 ----a-w- c:\programdata\djnecaa.tmp
2012-08-13 17:15:57 -------- d-----w- c:\program files\PKWARE
2012-08-13 17:15:57 -------- d-----w- c:\program files\common files\PKWARE
2012-08-13 17:14:24 -------- d-----w- c:\users\home\appdata\local\Downloaded Installations
2012-08-11 22:24:02 879 ----a-w- c:\programdata\sxoqcaa.tmp
2012-08-11 21:49:42 903 ----a-w- c:\programdata\eypscaa.tmp
2012-08-11 21:44:12 -------- d-----w- c:\programdata\HitmanPro
2012-08-11 07:39:22 883 ----a-w- c:\programdata\iwzndaa.tmp
2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-16 05:35:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 05:35:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:25:38.90 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-16 18:54:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000067 WDC_WD50 rev.01.0
Running: 1rkgr9us.exe; Driver: C:\Users\Home\AppData\Local\Temp\pgddqpob.sys

---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C773C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F43D000, 0x38CD55, 0xE8000020]
? C:\Windows\system32\drivers\rootrepeal.sys The system cannot find the file specified. !
? C:\Users\Home\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[712] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[712] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[712] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\system32\svchost.exe[712] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\system32\svchost.exe[712] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Windows\system32\svchost.exe[712] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 0002483D
.text C:\Windows\system32\svchost.exe[796] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[796] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[796] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\system32\svchost.exe[796] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\system32\svchost.exe[796] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 0002483D
.text C:\Windows\system32\svchost.exe[1012] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1012] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1012] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\system32\svchost.exe[1012] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\system32\svchost.exe[1012] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 0002483D
.text C:\Windows\system32\svchost.exe[1172] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1172] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1172] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\system32\svchost.exe[1172] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\system32\svchost.exe[1172] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Windows\System32\svchost.exe[1768] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 0002483D
.text C:\Windows\system32\svchost.exe[1804] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1804] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1804] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\system32\svchost.exe[1804] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\system32\svchost.exe[1804] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Windows\Explorer.EXE[1832] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 0018483D
.text C:\Windows\system32\svchost.exe[2176] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[2176] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[2176] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\system32\svchost.exe[2176] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\system32\svchost.exe[2176] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!CreateThread 7616DCC2 5 Bytes JMP 6E9375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 00154865
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!EnableWindow 776B8D02 5 Bytes JMP 6E979EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!CallNextHookEx 776BABE1 5 Bytes JMP 6E997FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!UnhookWindowsHookEx 776BADF9 5 Bytes JMP 6E9BECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DefWindowProcA 776BBB1C 7 Bytes JMP 6E93980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!CreateWindowExA 776BBF40 5 Bytes JMP 6E943643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!SetWindowsHookExW 776BE30C 5 Bytes JMP 6E9725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!CreateWindowExW 776BEC7C 5 Bytes JMP 6E9A03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DefWindowProcW 776C507D 7 Bytes JMP 6E998042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxParamW 776D3B9B 5 Bytes JMP 6E8D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxIndirectParamW 776E3B7F 5 Bytes JMP 6EAC8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxParamA 776FCF42 5 Bytes JMP 6EAC8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!DialogBoxIndirectParamA 776FD274 5 Bytes JMP 6EAC8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxIndirectA 7770E869 5 Bytes JMP 6EAC8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxIndirectW 7770E963 5 Bytes JMP 6EAC8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxExA 7770E9C9 5 Bytes JMP 6EAC8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] USER32.dll!MessageBoxExW 7770E9ED 5 Bytes JMP 6EAC8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2656] ole32.dll!OleLoadFromStream 773A6143 5 Bytes JMP 6EAC96B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[3472] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[3472] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[3472] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\system32\svchost.exe[3472] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\system32\svchost.exe[3472] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 00054865
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!EnableWindow 776B8D02 5 Bytes JMP 6E979EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxParamW 776D3B9B 5 Bytes JMP 6E8D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxIndirectParamW 776E3B7F 5 Bytes JMP 6EAC8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxParamA 776FCF42 5 Bytes JMP 6EAC8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxIndirectParamA 776FD274 5 Bytes JMP 6EAC8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxIndirectA 7770E869 5 Bytes JMP 6EAC8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxIndirectW 7770E963 5 Bytes JMP 6EAC8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxExA 7770E9C9 5 Bytes JMP 6EAC8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxExW 7770E9ED 5 Bytes JMP 6EAC8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\System32\svchost.exe[4012] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\System32\svchost.exe[4012] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\System32\svchost.exe[4012] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\System32\svchost.exe[4012] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\System32\svchost.exe[4012] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Windows\system32\svchost.exe[4720] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 0002483D
.text C:\Windows\System32\svchost.exe[5084] svchost.exe 004D2104 11 Bytes CALL 004D1DDC C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\System32\svchost.exe[5084] svchost.exe 004D2110 14 Bytes CALL 004D1D8A C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation)
.text C:\Windows\System32\svchost.exe[5084] svchost.exe 004D2120 10 Bytes [8B, 70, 04, 89, 5D, E4, BF, ...]
.text C:\Windows\System32\svchost.exe[5084] svchost.exe 004D212B 15 Bytes [53, 56, 57, FF, 15, 70, 10, ...]
.text C:\Windows\System32\svchost.exe[5084] svchost.exe 004D213B 8 Bytes [00, 33, F6, 46, A1, 68, 50, ...] {ADD [EBX], DH; TEST BYTE [ESI-0x5f], 0x68; PUSH EAX; DEC EBP}
.text ...
.text C:\Windows\System32\svchost.exe[5084] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 0002483D
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] kernel32.dll!CreateThread 7616DCC2 5 Bytes JMP 6E9375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 00054865
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!EnableWindow 776B8D02 5 Bytes JMP 6E979EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!CallNextHookEx 776BABE1 5 Bytes JMP 6E997FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!UnhookWindowsHookEx 776BADF9 5 Bytes JMP 6E9BECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DefWindowProcA 776BBB1C 7 Bytes JMP 6E93980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!CreateWindowExA 776BBF40 5 Bytes JMP 6E943643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!SetWindowsHookExW 776BE30C 5 Bytes JMP 6E9725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!CreateWindowExW 776BEC7C 5 Bytes JMP 6E9A03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DefWindowProcW 776C507D 7 Bytes JMP 6E998042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamW 776D3B9B 5 Bytes JMP 6E8D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamW 776E3B7F 5 Bytes JMP 6EAC8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamA 776FCF42 5 Bytes JMP 6EAC8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamA 776FD274 5 Bytes JMP 6EAC8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectA 7770E869 5 Bytes JMP 6EAC8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectW 7770E963 5 Bytes JMP 6EAC8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExA 7770E9C9 5 Bytes JMP 6EAC8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExW 7770E9ED 5 Bytes JMP 6EAC8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] ole32.dll!OleLoadFromStream 773A6143 5 Bytes JMP 6EAC96B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] kernel32.dll!CreateThread 7616DCC2 5 Bytes JMP 6E9375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] kernel32.dll!CreateProcessInternalW 761707A2 5 Bytes JMP 00054865
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!EnableWindow 776B8D02 5 Bytes JMP 6E979EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!CallNextHookEx 776BABE1 5 Bytes JMP 6E997FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!UnhookWindowsHookEx 776BADF9 5 Bytes JMP 6E9BECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DefWindowProcA 776BBB1C 7 Bytes JMP 6E93980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!CreateWindowExA 776BBF40 5 Bytes JMP 6E943643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SetWindowsHookExW 776BE30C 5 Bytes JMP 6E9725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!CreateWindowExW 776BEC7C 5 Bytes JMP 6E9A03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DefWindowProcW 776C507D 7 Bytes JMP 6E998042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxParamW 776D3B9B 5 Bytes JMP 6E8D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxIndirectParamW 776E3B7F 5 Bytes JMP 6EAC8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxParamA 776FCF42 5 Bytes JMP 6EAC8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxIndirectParamA 776FD274 5 Bytes JMP 6EAC8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxIndirectA 7770E869 5 Bytes JMP 6EAC8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxIndirectW 7770E963 5 Bytes JMP 6EAC8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxExA 7770E9C9 5 Bytes JMP 6EAC8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxExW 7770E9ED 5 Bytes JMP 6EAC8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] ole32.dll!OleLoadFromStream 773A6143 5 Bytes JMP 6EAC96B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp asdws.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-781079770-3797773999-3051104473-1000@RefCount 2
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\T82XR20C\data[6].htm 54 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\TJ48FZ43\avatar[6].jpg 1205 bytes
File C:\Windows\Temp\TMP0000240B0E5230E918B970BA 0 bytes
---- EOF - GMER 1.0.15 ----
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
16-Aug-2012, 09:22 PM #2
Hi,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • When the window opens, click on Change Parameters
  • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------
Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
16-Aug-2012, 11:39 PM #3
Thanks very much for the quick reply. Here's the report from the TDSS scan:

21:35:51.0053 4728 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:35:51.0864 4728 ============================================================
21:35:51.0864 4728 Current date / time: 2012/08/16 21:35:51.0864
21:35:51.0864 4728 SystemInfo:
21:35:51.0864 4728
21:35:51.0864 4728 OS Version: 6.1.7601 ServicePack: 1.0
21:35:51.0864 4728 Product type: Workstation
21:35:51.0864 4728 ComputerName: CONFUTER
21:35:51.0864 4728 UserName: Home
21:35:51.0864 4728 Windows directory: C:\Windows
21:35:51.0864 4728 System windows directory: C:\Windows
21:35:51.0864 4728 Processor architecture: Intel x86
21:35:51.0864 4728 Number of processors: 2
21:35:51.0864 4728 Page size: 0x1000
21:35:51.0864 4728 Boot type: Normal boot
21:35:51.0864 4728 ============================================================
21:35:53.0440 4728 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:35:53.0440 4728 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:35:53.0471 4728 ============================================================
21:35:53.0471 4728 \Device\Harddisk0\DR0:
21:35:53.0471 4728 MBR partitions:
21:35:53.0471 4728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38FE8351
21:35:53.0471 4728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FE8390, BlocksNum 0x139C500
21:35:53.0471 4728 \Device\Harddisk2\DR2:
21:35:53.0471 4728 MBR partitions:
21:35:53.0471 4728 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:35:53.0471 4728 ============================================================
21:35:53.0486 4728 C: <-> \Device\Harddisk0\DR0\Partition1
21:35:53.0533 4728 D: <-> \Device\Harddisk0\DR0\Partition2
21:35:53.0564 4728 J: <-> \Device\Harddisk2\DR2\Partition1
21:35:53.0564 4728 ============================================================
21:35:53.0564 4728 Initialize success
21:35:53.0564 4728 ============================================================
21:36:20.0225 5044 ============================================================
21:36:20.0225 5044 Scan started
21:36:20.0225 5044 Mode: Manual; TDLFS;
21:36:20.0225 5044 ============================================================
21:36:21.0208 5044 ================ Scan services =============================
21:36:21.0349 5044 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:36:21.0365 5044 1394ohci - ok
21:36:21.0396 5044 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:36:21.0396 5044 ACPI - ok
21:36:21.0427 5044 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:36:21.0427 5044 AcpiPmi - ok
21:36:21.0489 5044 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:21.0489 5044 AdobeFlashPlayerUpdateSvc - ok
21:36:21.0536 5044 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:36:21.0552 5044 adp94xx - ok
21:36:21.0567 5044 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:36:21.0583 5044 adpahci - ok
21:36:21.0614 5044 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:36:21.0614 5044 adpu320 - ok
21:36:21.0645 5044 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:36:21.0645 5044 AeLookupSvc - ok
21:36:21.0677 5044 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:36:21.0677 5044 AFD - ok
21:36:21.0708 5044 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
21:36:21.0708 5044 agp440 - ok
21:36:21.0723 5044 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:36:21.0723 5044 aic78xx - ok
21:36:21.0755 5044 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
21:36:21.0755 5044 ALG - ok
21:36:21.0801 5044 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:36:21.0801 5044 aliide - ok
21:36:21.0817 5044 [ ebccbcbf1df132e4775e5d6e6dea3ed0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:36:21.0817 5044 AMD External Events Utility - ok
21:36:21.0848 5044 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:36:21.0848 5044 amdagp - ok
21:36:21.0864 5044 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:36:21.0864 5044 amdide - ok
21:36:21.0864 5044 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:36:21.0864 5044 AmdK8 - ok
21:36:22.0020 5044 [ f89643a2ca001b1162061e306f8bf267 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:36:22.0191 5044 amdkmdag - ok
21:36:22.0238 5044 [ fb68e1b9cec598f0f69503f3aebb45dd ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:36:22.0238 5044 amdkmdap - ok
21:36:22.0254 5044 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:36:22.0254 5044 AmdPPM - ok
21:36:22.0269 5044 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:36:22.0285 5044 amdsata - ok
21:36:22.0301 5044 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:36:22.0301 5044 amdsbs - ok
21:36:22.0316 5044 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:36:22.0316 5044 amdxata - ok
21:36:22.0347 5044 [ 3c417a392ec51e601ac55b5e196549e7 ] ANIWConnService C:\Windows\system32\ANIWConnService.exe
21:36:22.0347 5044 ANIWConnService - ok
21:36:22.0379 5044 [ 48e008cf2edcf8fc91a9d3507865a51d ] anodlwf C:\Windows\system32\DRIVERS\anodlwf.sys
21:36:22.0379 5044 anodlwf - ok
21:36:22.0410 5044 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
21:36:22.0410 5044 AppID - ok
21:36:22.0425 5044 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:36:22.0441 5044 AppIDSvc - ok
21:36:22.0457 5044 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
21:36:22.0457 5044 Appinfo - ok
21:36:22.0566 5044 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:36:22.0566 5044 Apple Mobile Device - ok
21:36:22.0613 5044 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:36:22.0613 5044 arc - ok
21:36:22.0628 5044 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:36:22.0628 5044 arcsas - ok
21:36:22.0659 5044 [ 16cde6977cc88433bf3767c4d42b22d3 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys
21:36:22.0659 5044 asdrm - ok
21:36:22.0675 5044 [ 3e62e3122e534254dd314fa8a7b6bf48 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys
21:36:22.0675 5044 asdrs - ok
21:36:22.0815 5044 [ 197eb3cde17b18c78e1b5324d2e0a451 ] asdsrv C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
21:36:22.0815 5044 asdsrv - ok
21:36:22.0831 5044 [ 9afcf85708576f3ef6fb868b6c604c01 ] asdws C:\Windows\system32\DRIVERS\asdws.sys
21:36:22.0831 5044 asdws - ok
21:36:22.0847 5044 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:36:22.0847 5044 AsyncMac - ok
21:36:22.0893 5044 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
21:36:22.0893 5044 atapi - ok
21:36:23.0112 5044 [ f89643a2ca001b1162061e306f8bf267 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:36:23.0174 5044 atikmdag - ok
21:36:23.0205 5044 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:36:23.0205 5044 AudioEndpointBuilder - ok
21:36:23.0237 5044 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:36:23.0237 5044 Audiosrv - ok
21:36:23.0268 5044 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:36:23.0268 5044 AxInstSV - ok
21:36:23.0299 5044 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:36:23.0299 5044 b06bdrv - ok
21:36:23.0330 5044 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:36:23.0330 5044 b57nd60x - ok
21:36:23.0346 5044 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:36:23.0361 5044 BDESVC - ok
21:36:23.0361 5044 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:36:23.0361 5044 Beep - ok
21:36:23.0408 5044 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll
21:36:23.0424 5044 BFE - ok
21:36:23.0439 5044 [ e585445d5021971fae10393f0f1c3961 ] BITS C:\Windows\System32\qmgr.dll
21:36:23.0455 5044 BITS - ok
21:36:23.0471 5044 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:36:23.0471 5044 blbdrive - ok
21:36:23.0533 5044 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:36:23.0533 5044 Bonjour Service - ok
21:36:23.0564 5044 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:36:23.0580 5044 bowser - ok
21:36:23.0595 5044 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:36:23.0595 5044 BrFiltLo - ok
21:36:23.0611 5044 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:36:23.0611 5044 BrFiltUp - ok
21:36:23.0642 5044 [ 3daa727b5b0a45039b0e1c9a211b8400 ] Browser C:\Windows\System32\browser.dll
21:36:23.0642 5044 Browser - ok
21:36:23.0658 5044 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:36:23.0658 5044 Brserid - ok
21:36:23.0673 5044 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:36:23.0673 5044 BrSerWdm - ok
21:36:23.0689 5044 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:36:23.0689 5044 BrUsbMdm - ok
21:36:23.0705 5044 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:36:23.0705 5044 BrUsbSer - ok
21:36:23.0720 5044 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:36:23.0720 5044 BTHMODEM - ok
21:36:23.0751 5044 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
21:36:23.0751 5044 bthserv - ok
21:36:23.0751 5044 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:36:23.0767 5044 cdfs - ok
21:36:23.0798 5044 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:36:23.0798 5044 cdrom - ok
21:36:23.0829 5044 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
21:36:23.0829 5044 CertPropSvc - ok
21:36:23.0845 5044 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:36:23.0845 5044 circlass - ok
21:36:23.0861 5044 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
21:36:23.0861 5044 CLFS - ok
21:36:23.0907 5044 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:23.0907 5044 clr_optimization_v2.0.50727_32 - ok
21:36:23.0985 5044 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:36:24.0001 5044 clr_optimization_v4.0.30319_32 - ok
21:36:24.0017 5044 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:36:24.0032 5044 CmBatt - ok
21:36:24.0032 5044 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:36:24.0032 5044 cmdide - ok
21:36:24.0063 5044 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys
21:36:24.0079 5044 CNG - ok
21:36:24.0079 5044 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:36:24.0079 5044 Compbatt - ok
21:36:24.0110 5044 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:36:24.0126 5044 CompositeBus - ok
21:36:24.0126 5044 COMSysApp - ok
21:36:24.0204 5044 cpuz134 - ok
21:36:24.0251 5044 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:36:24.0251 5044 crcdisk - ok
21:36:24.0297 5044 [ c8bd651e13895b93ed9ec5b4f1df42bc ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
21:36:24.0297 5044 Creative ALchemy AL6 Licensing Service - ok
21:36:24.0329 5044 [ c0ead9f8ab83d41ff07303c75589c2b8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:36:24.0329 5044 Creative Audio Engine Licensing Service - ok
21:36:24.0375 5044 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:36:24.0391 5044 CryptSvc - ok
21:36:24.0422 5044 [ b9106942eb5dd0e034ab40a9d48d056e ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
21:36:24.0422 5044 CT20XUT - ok
21:36:24.0438 5044 [ b9106942eb5dd0e034ab40a9d48d056e ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
21:36:24.0438 5044 CT20XUT.SYS - ok
21:36:24.0469 5044 [ f2b1d0a3d21bd0d9f46457cbcec1a0e9 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
21:36:24.0485 5044 ctac32k - ok
21:36:24.0500 5044 [ 44f60a5e3c3a8a6bba4c280948ea6095 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
21:36:24.0500 5044 ctaud2k - ok
21:36:24.0563 5044 [ 07ba6d17e66879018b30b6c3f976ebed ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
21:36:24.0563 5044 CTAudSvcService - ok
21:36:24.0609 5044 [ 8cbe82d6bbf206e144f22cb33fab1f2c ] ctdvda2k C:\Windows\system32\drivers\ctdvda2k.sys
21:36:24.0625 5044 ctdvda2k - ok
21:36:24.0656 5044 [ 4ae083d16ac9fc9bdf98498f93426226 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
21:36:24.0656 5044 CTEXFIFX - ok
21:36:24.0703 5044 [ 4ae083d16ac9fc9bdf98498f93426226 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
21:36:24.0703 5044 CTEXFIFX.SYS - ok
21:36:24.0719 5044 [ b610bfe02f9fc0cb0b1cde3ec4c13ffa ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
21:36:24.0719 5044 CTHWIUT - ok
21:36:24.0719 5044 [ b610bfe02f9fc0cb0b1cde3ec4c13ffa ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
21:36:24.0719 5044 CTHWIUT.SYS - ok
21:36:24.0734 5044 [ f0f19a13c948e5289601e354b08e0941 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
21:36:24.0734 5044 ctprxy2k - ok
21:36:24.0750 5044 [ c7b2c36a6203a5f3d0a378fd78c5ddd6 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
21:36:24.0750 5044 ctsfm2k - ok
21:36:24.0781 5044 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
21:36:24.0781 5044 DcomLaunch - ok
21:36:24.0812 5044 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:36:24.0812 5044 defragsvc - ok
21:36:24.0843 5044 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:36:24.0843 5044 DfsC - ok
21:36:24.0859 5044 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:36:24.0859 5044 Dhcp - ok
21:36:24.0875 5044 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
21:36:24.0875 5044 discache - ok
21:36:24.0890 5044 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:36:24.0890 5044 Disk - ok
21:36:24.0906 5044 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:36:24.0906 5044 Dnscache - ok
21:36:24.0921 5044 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:36:24.0921 5044 dot3svc - ok
21:36:24.0937 5044 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
21:36:24.0937 5044 DPS - ok
21:36:24.0968 5044 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:36:24.0968 5044 drmkaud - ok
21:36:24.0999 5044 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:36:25.0015 5044 DXGKrnl - ok
21:36:25.0031 5044 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
21:36:25.0031 5044 EapHost - ok
21:36:25.0124 5044 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:36:25.0202 5044 ebdrv - ok
21:36:25.0233 5044 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
21:36:25.0233 5044 EFS - ok
21:36:25.0296 5044 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:36:25.0296 5044 ehRecvr - ok
21:36:25.0311 5044 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
21:36:25.0311 5044 ehSched - ok
21:36:25.0327 5044 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:36:25.0343 5044 elxstor - ok
21:36:25.0358 5044 [ fb2d6d4d14ae801f5267b0368fc0cb0c ] emupia C:\Windows\system32\drivers\emupia2k.sys
21:36:25.0358 5044 emupia - ok
21:36:25.0374 5044 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:36:25.0374 5044 ErrDev - ok
21:36:25.0405 5044 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
21:36:25.0421 5044 EventSystem - ok
21:36:25.0421 5044 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
21:36:25.0436 5044 exfat - ok
21:36:25.0452 5044 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:36:25.0452 5044 fastfat - ok
21:36:25.0483 5044 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
21:36:25.0483 5044 Fax - ok
21:36:25.0499 5044 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:36:25.0499 5044 fdc - ok
21:36:25.0514 5044 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
21:36:25.0514 5044 fdPHost - ok
21:36:25.0514 5044 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
21:36:25.0530 5044 FDResPub - ok
21:36:25.0530 5044 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:36:25.0530 5044 FileInfo - ok
21:36:25.0545 5044 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:36:25.0545 5044 Filetrace - ok
21:36:25.0561 5044 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:36:25.0561 5044 flpydisk - ok
21:36:25.0577 5044 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:36:25.0577 5044 FltMgr - ok
21:36:25.0608 5044 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll
21:36:25.0639 5044 FontCache - ok
21:36:25.0686 5044 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:36:25.0686 5044 FontCache3.0.0.0 - ok
21:36:25.0701 5044 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:36:25.0717 5044 FsDepends - ok
21:36:25.0764 5044 [ d909075fa72c090f27aa926c32cb4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:36:25.0764 5044 fssfltr - ok
21:36:25.0857 5044 [ 4ce9dac1518ff7e77bd213e6394b9d77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:36:25.0904 5044 fsssvc - ok
21:36:25.0935 5044 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:36:25.0935 5044 Fs_Rec - ok
21:36:25.0982 5044 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:36:25.0982 5044 fvevol - ok
21:36:25.0998 5044 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:36:25.0998 5044 gagp30kx - ok
21:36:26.0013 5044 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:36:26.0013 5044 GEARAspiWDM - ok
21:36:26.0045 5044 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:36:26.0076 5044 gpsvc - ok
21:36:26.0123 5044 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:36:26.0123 5044 gupdate - ok
21:36:26.0138 5044 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:36:26.0138 5044 gupdatem - ok
21:36:26.0185 5044 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:36:26.0185 5044 gusvc - ok
21:36:26.0216 5044 [ 7ff1ced1201c169a783b0e81cc561fba ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
21:36:26.0232 5044 ha20x2k - ok
21:36:26.0263 5044 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:36:26.0263 5044 hcw85cir - ok
21:36:26.0310 5044 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:36:26.0310 5044 HdAudAddService - ok
21:36:26.0341 5044 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:36:26.0341 5044 HDAudBus - ok
21:36:26.0357 5044 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:36:26.0357 5044 HidBatt - ok
21:36:26.0372 5044 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:36:26.0372 5044 HidBth - ok
21:36:26.0388 5044 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:36:26.0388 5044 HidIr - ok
21:36:26.0403 5044 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\system32\hidserv.dll
21:36:26.0403 5044 hidserv - ok
21:36:26.0419 5044 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:36:26.0419 5044 HidUsb - ok
21:36:26.0450 5044 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:36:26.0450 5044 hkmsvc - ok
21:36:26.0466 5044 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:36:26.0481 5044 HomeGroupListener - ok
21:36:26.0481 5044 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:36:26.0497 5044 HomeGroupProvider - ok
21:36:26.0513 5044 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:36:26.0513 5044 HpSAMD - ok
21:36:26.0544 5044 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:36:26.0559 5044 HTTP - ok
21:36:26.0591 5044 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:36:26.0591 5044 hwpolicy - ok
21:36:26.0606 5044 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:36:26.0606 5044 i8042prt - ok
21:36:26.0637 5044 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:36:26.0653 5044 iaStorV - ok
21:36:26.0684 5044 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:36:26.0700 5044 idsvc - ok
21:36:26.0731 5044 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:36:26.0731 5044 iirsp - ok
21:36:26.0762 5044 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:36:26.0778 5044 IKEEXT - ok
21:36:26.0856 5044 [ 3914ea9111dbeffaf1c68200817768ad ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:36:26.0871 5044 IntcAzAudAddService - ok
21:36:26.0918 5044 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:36:26.0918 5044 intelide - ok
21:36:26.0934 5044 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:36:26.0934 5044 intelppm - ok
21:36:26.0949 5044 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:36:26.0949 5044 IPBusEnum - ok
21:36:26.0965 5044 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:36:26.0965 5044 IpFilterDriver - ok
21:36:26.0996 5044 [ 4d65a07b795d6674312f879d09aa7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:36:27.0027 5044 iphlpsvc - ok
21:36:27.0059 5044 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:36:27.0059 5044 IPMIDRV - ok
21:36:27.0090 5044 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:36:27.0090 5044 IPNAT - ok
21:36:27.0137 5044 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:36:27.0152 5044 iPod Service - ok
21:36:27.0168 5044 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:36:27.0168 5044 IRENUM - ok
21:36:27.0183 5044 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:36:27.0199 5044 isapnp - ok
21:36:27.0230 5044 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:36:27.0230 5044 iScsiPrt - ok
21:36:27.0261 5044 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:36:27.0261 5044 kbdclass - ok
21:36:27.0261 5044 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:36:27.0261 5044 kbdhid - ok
21:36:27.0277 5044 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
21:36:27.0277 5044 KeyIso - ok
21:36:27.0308 5044 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:36:27.0308 5044 KSecDD - ok
21:36:27.0339 5044 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:36:27.0339 5044 KSecPkg - ok
21:36:27.0371 5044 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
21:36:27.0371 5044 KtmRm - ok
21:36:27.0417 5044 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\system32\srvsvc.dll
21:36:27.0417 5044 LanmanServer - ok
21:36:27.0449 5044 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:36:27.0464 5044 LanmanWorkstation - ok
21:36:27.0480 5044 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:36:27.0480 5044 lltdio - ok
21:36:27.0495 5044 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:36:27.0511 5044 lltdsvc - ok
21:36:27.0527 5044 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
21:36:27.0527 5044 lmhosts - ok
21:36:27.0542 5044 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:36:27.0558 5044 LSI_FC - ok
21:36:27.0589 5044 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:36:27.0589 5044 LSI_SAS - ok
21:36:27.0605 5044 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:36:27.0605 5044 LSI_SAS2 - ok
21:36:27.0620 5044 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:36:27.0620 5044 LSI_SCSI - ok
21:36:27.0636 5044 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
21:36:27.0636 5044 luafv - ok
21:36:27.0698 5044 [ 47c3749e91df668180bd2d83893c4b0e ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
21:36:27.0698 5044 McciCMService - ok
21:36:27.0745 5044 [ 738f98228d449f5e5839c919e89c305e ] McciServiceHost C:\Program Files\Common Files\Motive\McciServiceHost.exe
21:36:27.0745 5044 McciServiceHost - ok
21:36:27.0776 5044 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:36:27.0792 5044 Mcx2Svc - ok
21:36:27.0839 5044 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:36:27.0839 5044 MDM - ok
21:36:27.0870 5044 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:36:27.0870 5044 megasas - ok
21:36:27.0885 5044 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:36:27.0901 5044 MegaSR - ok
21:36:27.0917 5044 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
21:36:27.0917 5044 MMCSS - ok
21:36:27.0932 5044 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:36:27.0932 5044 Modem - ok
21:36:27.0963 5044 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:36:27.0963 5044 monitor - ok
21:36:27.0995 5044 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:36:27.0995 5044 mouclass - ok
21:36:28.0010 5044 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:36:28.0010 5044 mouhid - ok
21:36:28.0041 5044 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:36:28.0041 5044 mountmgr - ok
21:36:28.0057 5044 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:36:28.0057 5044 mpio - ok
21:36:28.0073 5044 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:36:28.0088 5044 mpsdrv - ok
21:36:28.0119 5044 [ 9835584e999d25004e1ee8e5f3e3b881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:36:28.0135 5044 MpsSvc - ok
21:36:28.0182 5044 [ 9bd4dcb5412921864a7aacdedfbd1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:36:28.0182 5044 MREMP50 - ok
21:36:28.0182 5044 MREMPR5 - ok
21:36:28.0182 5044 MRENDIS5 - ok
21:36:28.0229 5044 [ 07c02c892e8e1a72d6bf35004f0e9c5e ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:36:28.0229 5044 MRESP50 - ok
21:36:28.0244 5044 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:36:28.0260 5044 MRxDAV - ok
21:36:28.0275 5044 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:36:28.0275 5044 mrxsmb - ok
21:36:28.0307 5044 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:36:28.0307 5044 mrxsmb10 - ok
21:36:28.0322 5044 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:36:28.0322 5044 mrxsmb20 - ok
21:36:28.0353 5044 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys
21:36:28.0353 5044 msahci - ok
21:36:28.0385 5044 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:36:28.0385 5044 msdsm - ok
21:36:28.0400 5044 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
21:36:28.0416 5044 MSDTC - ok
21:36:28.0431 5044 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:36:28.0431 5044 Msfs - ok
21:36:28.0447 5044 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:36:28.0447 5044 mshidkmdf - ok
21:36:28.0478 5044 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:36:28.0478 5044 msisadrv - ok
21:36:28.0494 5044 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:36:28.0494 5044 MSiSCSI - ok
21:36:28.0494 5044 msiserver - ok
21:36:28.0525 5044 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:36:28.0525 5044 MSKSSRV - ok
21:36:28.0541 5044 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:36:28.0541 5044 MSPCLOCK - ok
21:36:28.0572 5044 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:36:28.0572 5044 MSPQM - ok
21:36:28.0587 5044 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:36:28.0603 5044 MsRPC - ok
21:36:28.0619 5044 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:36:28.0619 5044 mssmbios - ok
21:36:28.0634 5044 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:36:28.0634 5044 MSTEE - ok
21:36:28.0650 5044 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:36:28.0650 5044 MTConfig - ok
21:36:28.0650 5044 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:36:28.0650 5044 Mup - ok
21:36:28.0681 5044 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
21:36:28.0697 5044 napagent - ok
21:36:28.0712 5044 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:36:28.0712 5044 NativeWifiP - ok
21:36:28.0743 5044 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:36:28.0759 5044 NDIS - ok
21:36:28.0775 5044 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:28.0790 5044 NdisCap - ok
21:36:28.0806 5044 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:28.0806 5044 NdisTapi - ok
21:36:28.0806 5044 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:28.0806 5044 Ndisuio - ok
21:36:28.0837 5044 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:28.0853 5044 NdisWan - ok
21:36:28.0853 5044 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:36:28.0853 5044 NDProxy - ok
21:36:28.0868 5044 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:36:28.0868 5044 NetBIOS - ok
21:36:28.0915 5044 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:36:28.0915 5044 NetBT - ok
21:36:28.0915 5044 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
21:36:28.0931 5044 Netlogon - ok
21:36:28.0962 5044 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
21:36:28.0962 5044 Netman - ok
21:36:28.0977 5044 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
21:36:28.0993 5044 netprofm - ok
21:36:29.0024 5044 [ a503a03ebd988483acd723166470bca2 ] netr28u C:\Windows\system32\DRIVERS\Dnetr28u.sys
21:36:29.0040 5044 netr28u - ok
21:36:29.0071 5044 [ f476ec40033cdb91efbe73eb99b8362d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:29.0071 5044 NetTcpPortSharing - ok
21:36:29.0102 5044 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:36:29.0102 5044 nfrd960 - ok
21:36:29.0118 5044 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:36:29.0118 5044 NlaSvc - ok
21:36:29.0133 5044 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:36:29.0133 5044 Npfs - ok
21:36:29.0149 5044 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
21:36:29.0149 5044 nsi - ok
21:36:29.0165 5044 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:36:29.0165 5044 nsiproxy - ok
21:36:29.0196 5044 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:36:29.0227 5044 Ntfs - ok
21:36:29.0243 5044 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
21:36:29.0243 5044 Null - ok
21:36:29.0274 5044 [ b5e37e31c053bc9950455a257526514b ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
21:36:29.0274 5044 NVENETFD - ok
21:36:29.0305 5044 [ 5bf9c11586f4764446407f509f1beca8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
21:36:29.0305 5044 NVNET - ok
21:36:29.0336 5044 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:36:29.0336 5044 nvraid - ok
21:36:29.0352 5044 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:36:29.0352 5044 nvstor - ok
21:36:29.0383 5044 [ f73533d47857d819e082e42ea1300e50 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
21:36:29.0383 5044 nvstor32 - ok
21:36:29.0399 5044 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:36:29.0399 5044 nv_agp - ok
21:36:29.0430 5044 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:36:29.0430 5044 ohci1394 - ok
21:36:29.0461 5044 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:29.0461 5044 ose - ok
21:36:29.0477 5044 [ ac5bf1a610effaae9cfc48cb53483f08 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
21:36:29.0477 5044 ossrv - ok
21:36:29.0508 5044 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:36:29.0508 5044 p2pimsvc - ok
21:36:29.0555 5044 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:36:29.0555 5044 p2psvc - ok
21:36:29.0586 5044 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:36:29.0586 5044 Parport - ok
21:36:29.0601 5044 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:36:29.0601 5044 partmgr - ok
21:36:29.0617 5044 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:36:29.0617 5044 Parvdm - ok
21:36:29.0648 5044 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:36:29.0664 5044 PcaSvc - ok
21:36:29.0695 5044 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys
21:36:29.0695 5044 pci - ok
21:36:29.0742 5044 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
21:36:29.0742 5044 pciide - ok
21:36:29.0789 5044 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:36:29.0789 5044 pcmcia - ok
21:36:29.0804 5044 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
21:36:29.0820 5044 pcw - ok
21:36:29.0851 5044 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:36:29.0867 5044 PEAUTH - ok
21:36:29.0945 5044 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
21:36:29.0976 5044 pla - ok
21:36:30.0007 5044 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:36:30.0007 5044 PlugPlay - ok
21:36:30.0023 5044 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:36:30.0023 5044 PNRPAutoReg - ok
21:36:30.0038 5044 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:36:30.0038 5044 PNRPsvc - ok
21:36:30.0069 5044 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:36:30.0069 5044 PolicyAgent - ok
21:36:30.0101 5044 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
21:36:30.0116 5044 Power - ok
21:36:30.0132 5044 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:36:30.0132 5044 PptpMiniport - ok
21:36:30.0147 5044 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:36:30.0147 5044 Processor - ok
21:36:30.0179 5044 [ cadefac453040e370a1bdff3973be00d ] ProfSvc C:\Windows\system32\profsvc.dll
21:36:30.0179 5044 ProfSvc - ok
21:36:30.0194 5044 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:36:30.0194 5044 ProtectedStorage - ok
21:36:30.0210 5044 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:36:30.0225 5044 Psched - ok
21:36:30.0272 5044 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:36:30.0288 5044 ql2300 - ok
21:36:30.0319 5044 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:36:30.0335 5044 ql40xx - ok
21:36:30.0381 5044 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
21:36:30.0397 5044 QWAVE - ok
21:36:30.0428 5044 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:36:30.0491 5044 QWAVEdrv - ok
21:36:30.0522 5044 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:36:30.0522 5044 RasAcd - ok
21:36:30.0600 5044 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:30.0615 5044 RasAgileVpn - ok
21:36:30.0647 5044 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
21:36:30.0647 5044 RasAuto - ok
21:36:30.0678 5044 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:30.0693 5044 Rasl2tp - ok
21:36:30.0756 5044 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
21:36:30.0771 5044 RasMan - ok
21:36:30.0787 5044 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:30.0803 5044 RasPppoe - ok
21:36:30.0818 5044 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:36:30.0834 5044 RasSstp - ok
21:36:30.0881 5044 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:36:30.0896 5044 rdbss - ok
21:36:30.0912 5044 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:36:30.0943 5044 rdpbus - ok
21:36:31.0068 5044 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:31.0068 5044 RDPCDD - ok
21:36:31.0099 5044 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:36:31.0099 5044 RDPENCDD - ok
21:36:31.0130 5044 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:36:31.0130 5044 RDPREFMP - ok
21:36:31.0146 5044 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:36:31.0161 5044 RDPWD - ok
21:36:31.0177 5044 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:36:31.0177 5044 rdyboost - ok
21:36:31.0193 5044 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
21:36:31.0208 5044 RemoteAccess - ok
21:36:31.0224 5044 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:36:31.0224 5044 RemoteRegistry - ok
21:36:31.0271 5044 [ 2c4fb2e9f039287767c384e46ee91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
21:36:31.0271 5044 RimVSerPort - ok
21:36:31.0286 5044 [ 564297827d213f52c7a3a2ff749568ca ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
21:36:31.0302 5044 ROOTMODEM - ok
21:36:31.0317 5044 rootrepeal - ok
21:36:31.0333 5044 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:36:31.0333 5044 RpcEptMapper - ok
21:36:31.0364 5044 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
21:36:31.0364 5044 RpcLocator - ok
21:36:31.0442 5044 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
21:36:31.0458 5044 RpcSs - ok
21:36:31.0505 5044 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:36:31.0505 5044 rspndr - ok
21:36:31.0536 5044 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
21:36:31.0536 5044 SamSs - ok
21:36:31.0598 5044 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:36:31.0598 5044 sbp2port - ok
21:36:31.0629 5044 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:36:31.0645 5044 SCardSvr - ok
21:36:31.0661 5044 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:36:31.0661 5044 scfilter - ok
21:36:31.0707 5044 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
21:36:31.0723 5044 Schedule - ok
21:36:31.0770 5044 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
21:36:31.0770 5044 SCPolicySvc - ok
21:36:31.0785 5044 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:36:31.0785 5044 SDRSVC - ok
21:36:31.0817 5044 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:36:31.0817 5044 secdrv - ok
21:36:31.0832 5044 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
21:36:31.0832 5044 seclogon - ok
21:36:31.0848 5044 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\System32\sens.dll
21:36:31.0848 5044 SENS - ok
21:36:31.0879 5044 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:36:31.0879 5044 SensrSvc - ok
21:36:31.0895 5044 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:36:31.0895 5044 Serenum - ok
21:36:31.0910 5044 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:36:31.0910 5044 Serial - ok
21:36:31.0926 5044 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:36:31.0926 5044 sermouse - ok
21:36:31.0957 5044 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:36:31.0973 5044 SessionEnv - ok
21:36:31.0973 5044 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:36:31.0988 5044 sffdisk - ok
21:36:31.0988 5044 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:36:31.0988 5044 sffp_mmc - ok
21:36:32.0004 5044 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:36:32.0004 5044 sffp_sd - ok
21:36:32.0019 5044 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:36:32.0019 5044 sfloppy - ok
21:36:32.0051 5044 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:36:32.0051 5044 SharedAccess - ok
21:36:32.0066 5044 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:36:32.0082 5044 ShellHWDetection - ok
21:36:32.0113 5044 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:36:32.0113 5044 sisagp - ok
21:36:32.0129 5044 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:36:32.0129 5044 SiSRaid2 - ok
21:36:32.0144 5044 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:36:32.0144 5044 SiSRaid4 - ok
21:36:32.0160 5044 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:36:32.0160 5044 Smb - ok
21:36:32.0207 5044 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:36:32.0207 5044 SNMPTRAP - ok
21:36:32.0222 5044 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:36:32.0222 5044 spldr - ok
21:36:32.0253 5044 [ 9aea093b8f9c37cf45538382caba2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:36:32.0253 5044 Spooler - ok
21:36:32.0347 5044 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:36:32.0409 5044 sppsvc - ok
21:36:32.0425 5044 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:36:32.0425 5044 sppuinotify - ok
21:36:32.0456 5044 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:36:32.0456 5044 srv - ok
21:36:32.0487 5044 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:36:32.0487 5044 srv2 - ok
21:36:32.0503 5044 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:36:32.0503 5044 srvnet - ok
21:36:32.0519 5044 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:36:32.0550 5044 SSDPSRV - ok
21:36:32.0581 5044 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:36:32.0581 5044 SstpSvc - ok
21:36:32.0597 5044 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:36:32.0597 5044 stexstor - ok
21:36:32.0628 5044 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:36:32.0659 5044 StiSvc - ok
21:36:32.0675 5044 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:36:32.0675 5044 swenum - ok
21:36:32.0690 5044 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
21:36:32.0706 5044 swprv - ok
21:36:32.0737 5044 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
21:36:32.0768 5044 SysMain - ok
21:36:32.0784 5044 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:36:32.0784 5044 TabletInputService - ok
21:36:32.0815 5044 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
21:36:32.0815 5044 TapiSrv - ok
21:36:32.0831 5044 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
21:36:32.0846 5044 TBS - ok
21:36:32.0877 5044 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:36:32.0909 5044 Tcpip - ok
21:36:32.0955 5044 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:36:32.0955 5044 TCPIP6 - ok
21:36:32.0987 5044 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:36:32.0987 5044 tcpipreg - ok
21:36:33.0018 5044 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:36:33.0018 5044 TDPIPE - ok
21:36:33.0033 5044 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:36:33.0033 5044 TDTCP - ok
21:36:33.0049 5044 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:36:33.0049 5044 tdx - ok
21:36:33.0065 5044 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:36:33.0065 5044 TermDD - ok
21:36:33.0111 5044 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
21:36:33.0127 5044 TermService - ok
21:36:33.0143 5044 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
21:36:33.0143 5044 Themes - ok
21:36:33.0158 5044 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
21:36:33.0158 5044 THREADORDER - ok
21:36:33.0174 5044 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
21:36:33.0174 5044 TrkWks - ok
21:36:33.0205 5044 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:36:33.0205 5044 TrustedInstaller - ok
21:36:33.0221 5044 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:33.0221 5044 tssecsrv - ok
21:36:33.0236 5044 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:36:33.0236 5044 TsUsbFlt - ok
21:36:33.0267 5044 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:36:33.0267 5044 tunnel - ok
21:36:33.0283 5044 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:36:33.0283 5044 uagp35 - ok
21:36:33.0299 5044 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:36:33.0299 5044 udfs - ok
21:36:33.0314 5044 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:36:33.0330 5044 UI0Detect - ok
21:36:33.0345 5044 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:36:33.0345 5044 uliagpkx - ok
21:36:33.0377 5044 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\Windows\system32\drivers\umbus.sys
21:36:33.0377 5044 umbus - ok
21:36:33.0392 5044 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:36:33.0392 5044 UmPass - ok
21:36:33.0408 5044 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
21:36:33.0408 5044 upnphost - ok
21:36:33.0439 5044 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:36:33.0439 5044 USBAAPL - ok
21:36:33.0439 5044 usbbus - ok
21:36:33.0455 5044 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:33.0455 5044 usbccgp - ok
21:36:33.0486 5044 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:36:33.0486 5044 usbcir - ok
21:36:33.0501 5044 UsbDiag - ok
21:36:33.0517 5044 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:36:33.0517 5044 usbehci - ok
21:36:33.0548 5044 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:36:33.0548 5044 usbhub - ok
21:36:33.0548 5044 USBModem - ok
21:36:33.0579 5044 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:36:33.0595 5044 usbohci - ok
21:36:33.0595 5044 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:36:33.0595 5044 usbprint - ok
21:36:33.0611 5044 [ 576096ccbc07e7c4ea4f5e6686d6888f ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:36:33.0611 5044 usbscan - ok
21:36:33.0626 5044 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:33.0626 5044 USBSTOR - ok
21:36:33.0642 5044 [ 68df884cf41cdada664beb01daf67e3d ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:36:33.0642 5044 usbuhci - ok
21:36:33.0657 5044 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
21:36:33.0657 5044 UxSms - ok
21:36:33.0673 5044 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
21:36:33.0673 5044 VaultSvc - ok
21:36:33.0673 5044 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:36:33.0673 5044 vdrvroot - ok
21:36:33.0720 5044 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
21:36:33.0720 5044 vds - ok
21:36:33.0735 5044 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:33.0735 5044 vga - ok
21:36:33.0751 5044 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:36:33.0751 5044 VgaSave - ok
21:36:33.0767 5044 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:36:33.0767 5044 vhdmp - ok
21:36:33.0798 5044 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:36:33.0798 5044 viaagp - ok
21:36:33.0813 5044 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:36:33.0813 5044 ViaC7 - ok
21:36:33.0813 5044 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
21:36:33.0813 5044 viaide - ok
21:36:33.0829 5044 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:36:33.0829 5044 volmgr - ok
21:36:33.0860 5044 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:36:33.0860 5044 volmgrx - ok
21:36:33.0876 5044 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:36:33.0876 5044 volsnap - ok
21:36:33.0891 5044 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:36:33.0891 5044 vsmraid - ok
21:36:33.0938 5044 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
21:36:33.0938 5044 VSS - ok
21:36:33.0954 5044 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:33.0954 5044 vwifibus - ok
21:36:33.0969 5044 [ 7090d3436eeb4e7da3373090a23448f7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:33.0969 5044 vwififlt - ok
21:36:33.0985 5044 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
21:36:34.0001 5044 W32Time - ok
21:36:34.0001 5044 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:36:34.0001 5044 WacomPen - ok
21:36:34.0032 5044 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:36:34.0032 5044 WANARP - ok
21:36:34.0032 5044 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:36:34.0032 5044 Wanarpv6 - ok
21:36:34.0094 5044 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:36:34.0125 5044 WatAdminSvc - ok
21:36:34.0172 5044 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
21:36:34.0188 5044 wbengine - ok
21:36:34.0235 5044 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:36:34.0235 5044 WbioSrvc - ok
21:36:34.0250 5044 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:36:34.0266 5044 wcncsvc - ok
21:36:34.0281 5044 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:34.0281 5044 WcsPlugInService - ok
21:36:34.0297 5044 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:36:34.0297 5044 Wd - ok
21:36:34.0313 5044 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:36:34.0328 5044 Wdf01000 - ok
21:36:34.0344 5044 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:36:34.0344 5044 WdiServiceHost - ok
21:36:34.0359 5044 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:36:34.0359 5044 WdiSystemHost - ok
21:36:34.0359 5044 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
21:36:34.0375 5044 WebClient - ok
21:36:34.0375 5044 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:36:34.0391 5044 Wecsvc - ok
21:36:34.0406 5044 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:36:34.0406 5044 wercplsupport - ok
21:36:34.0422 5044 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:36:34.0422 5044 WerSvc - ok
21:36:34.0453 5044 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:34.0453 5044 WfpLwf - ok
21:36:34.0453 5044 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:36:34.0469 5044 WIMMount - ok
21:36:34.0500 5044 [ 3fae8f94296001c32eab62cd7d82e0fd ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:36:34.0515 5044 WinDefend - ok
21:36:34.0531 5044 WinHttpAutoProxySvc - ok
21:36:34.0609 5044 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:36:34.0609 5044 Winmgmt - ok
21:36:34.0671 5044 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
21:36:34.0718 5044 WinRM - ok
21:36:34.0765 5044 [ a67e5f9a400f3bd1be3d80613b45f708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:36:34.0765 5044 WinUsb - ok
21:36:34.0796 5044 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:36:34.0812 5044 Wlansvc - ok
21:36:34.0874 5044 [ 6067acef367e79914af628fa1e9b5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:36:34.0874 5044 wlcrasvc - ok
21:36:34.0937 5044 [ 0a70f4022ec2e14c159efc4f69aa2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:34.0952 5044 wlidsvc - ok
21:36:34.0952 5044 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:36:34.0968 5044 WmiAcpi - ok
21:36:34.0983 5044 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:36:34.0983 5044 wmiApSrv - ok
21:36:35.0046 5044 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:36:35.0061 5044 WMPNetworkSvc - ok
21:36:35.0217 5044 [ 017695393afffed8de58abd1b085be6d ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
21:36:35.0233 5044 WMZuneComm - ok
21:36:35.0264 5044 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:36:35.0264 5044 WPCSvc - ok
21:36:35.0280 5044 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:36:35.0280 5044 WPDBusEnum - ok
21:36:35.0311 5044 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:36:35.0311 5044 ws2ifsl - ok
21:36:35.0327 5044 [ 6f5d49efe0e7164e03ae773a3fe25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:36:35.0342 5044 wscsvc - ok
21:36:35.0342 5044 WSearch - ok
21:36:35.0405 5044 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
21:36:35.0436 5044 wuauserv - ok
21:36:35.0467 5044 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:36:35.0467 5044 WudfPf - ok
21:36:35.0483 5044 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:35.0483 5044 WUDFRd - ok
21:36:35.0514 5044 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:36:35.0514 5044 wudfsvc - ok
21:36:35.0529 5044 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:36:35.0545 5044 WwanSvc - ok
21:36:35.0717 5044 [ 1076df9ade4e13ea3bf39d2165aeb903 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
21:36:35.0810 5044 ZuneNetworkSvc - ok
21:36:35.0857 5044 [ de1cdb333a402b279f04d627122fa08e ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
21:36:35.0873 5044 ZuneWlanCfgSvc - ok
21:36:35.0904 5044 ================ Scan global ===============================
21:36:35.0935 5044 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
21:36:35.0951 5044 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
21:36:35.0966 5044 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
21:36:35.0982 5044 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
21:36:36.0013 5044 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
21:36:36.0013 5044 [Global] - ok
21:36:36.0013 5044 ================ Scan MBR ==================================
21:36:36.0029 5044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:36:36.0294 5044 \Device\Harddisk0\DR0 - ok
21:36:36.0309 5044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
21:36:36.0465 5044 \Device\Harddisk2\DR2 - ok
21:36:36.0465 5044 ================ Scan VBR ==================================
21:36:36.0465 5044 Boot (0x1200) (70420a1521b677b127c234cd9dfa3e76) \Device\Harddisk0\DR0\Partition1
21:36:36.0465 5044 \Device\Harddisk0\DR0\Partition1 - ok
21:36:36.0497 5044 Boot (0x1200) (7d0791bcaf274653831043664a276db8) \Device\Harddisk0\DR0\Partition2
21:36:36.0497 5044 \Device\Harddisk0\DR0\Partition2 - ok
21:36:36.0497 5044 Boot (0x1200) (422c6b3a5ba133a91d0d291d5ec92a86) \Device\Harddisk2\DR2\Partition1
21:36:36.0497 5044 \Device\Harddisk2\DR2\Partition1 - ok
21:36:36.0497 5044 ============================================================
21:36:36.0497 5044 Scan finished
21:36:36.0497 5044 ============================================================
21:36:36.0512 5028 Detected object count: 0
21:36:36.0512 5028 Actual detected object count: 0
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
17-Aug-2012, 08:54 AM #4
Hi,

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------
Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
17-Aug-2012, 01:12 PM #5
OK, below is the log from ComboFix. On the scan it restored svchost and explorer, but not winlogon. I believe it was able to clean it on startup. When it restarted my Anvi and Autorun Eater started up, but I quickly disabled them. ( I had disabled them during the scan, but I didn't know it was going to restart.) I got the registry interference messages, but it seemed to go through with it. I hope I didn't screw anything up, and that the log will show it. It also produced a text file called "catchme" showing that svchost, explorer, and winlogon had been restored. *EDIT: catchme might have been created by the GMER scan and I didn't notice at the time.
Anyway, here it is, and thanks again:

ComboFix 12-08-17.03 - Home 08/17/2012 10:04:34.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1287 [GMT -7:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\cpcoaaa.tmp
c:\programdata\djnecaa.tmp
c:\programdata\eypscaa.tmp
c:\programdata\hrmkaaa.tmp
c:\programdata\iwzndaa.tmp
c:\programdata\quyzcaa.tmp
c:\programdata\sxoqcaa.tmp
c:\programdata\ystvcaa.tmp
c:\programdata\zstvcaa.tmp
c:\users\Home\Documents\~WRL2624.tmp
c:\windows\expl.dat
c:\windows\system32\svch.dat
c:\windows\system32\win91D7.tmp
c:\windows\system32\winl.dat
c:\windows\win90FB.tmp
.
c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!explorer.exe
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!explorer.exe
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-15 02:10 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 02:10 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 02:10 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 02:10 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 02:10 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 02:10 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 02:10 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:10 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56D2B15B-AE5B-41A0-97D4-D041B7CEE174}\mpengine.dll
2012-08-14 02:45 . 2012-08-17 01:07 -------- d-----w- c:\users\Home\AppData\Local\CrashDumps
2012-08-14 02:43 . 2012-08-14 02:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 19:26 . 2012-08-13 19:37 -------- d-----w- c:\users\Home\AppData\Local\NPE
2012-08-13 18:53 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-08-13 18:19 . 2012-08-13 18:19 -------- d-----w- c:\users\Home\AppData\Roaming\Anvisoft
2012-08-13 18:19 . 2012-08-13 18:19 -------- d-----w- c:\programdata\Anvisoft
2012-08-13 18:19 . 2012-07-13 05:49 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-08-13 18:19 . 2012-07-13 05:49 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-08-13 18:19 . 2012-07-13 05:49 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-08-13 18:19 . 2012-08-13 18:19 -------- d-----w- c:\program files\Anvisoft
2012-08-13 17:56 . 2012-08-13 17:56 -------- d-----w- c:\users\Home\AppData\Roaming\Ad-Aware Antivirus
2012-08-13 17:19 . 2012-08-13 17:19 -------- d-----w- c:\programdata\Autorun Eater
2012-08-13 17:19 . 2012-08-13 17:32 -------- d-----w- c:\program files\Autorun Eater
2012-08-13 17:18 . 2012-08-13 17:18 -------- d-----w- c:\users\Home\AppData\Roaming\PKWARE
2012-08-13 17:18 . 2012-08-13 17:18 -------- d-----w- c:\programdata\PKWARE
2012-08-13 17:15 . 2012-08-13 17:15 -------- d-----w- c:\program files\PKWARE
2012-08-13 17:15 . 2012-08-13 17:15 -------- d-----w- c:\program files\Common Files\PKWARE
2012-08-13 17:14 . 2012-08-13 17:14 -------- d-----w- c:\users\Home\AppData\Local\Downloaded Installations
2012-08-11 21:44 . 2012-08-11 22:13 -------- d-----w- c:\programdata\HitmanPro
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 05:35 . 2012-04-12 16:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 05:35 . 2011-05-29 01:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2010-06-03 05:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 05:05 . 2012-07-10 23:15 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:15 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:16 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 01:00 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 01:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:01 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 01:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 01:01 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 01:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 01:00 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 04:45 . 2012-07-10 23:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-10 23:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-10 23:16 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-10 23:16 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-10 23:16 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25 . 2010-02-28 23:34 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-01 39408]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2012-02-18 522720]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-07-20 1217864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PKZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\14.00.0023\PKTray.exe [2012-8-13 935320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
path=c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
backup=c:\windows\pss\V CAST Media Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYRUA_AGENT]
2012-03-15 07:15 392280 ----a-w- c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpuz134;cpuz134;c:\users\Home\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [x]
S2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:35]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 01:28]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 01:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://hosting.meringcarsoninteractive.com/disneyvirtualmagic/plugin/DFusionHomeWebPlugIn.Installer.exe
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-Mozilla Thunderbird (3.1.12) - j:\program files\Mozilla Thunderbird\uninstall\helper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6E45F3E8-2683-4824-A6BE-08108022FB36}"=hex:51,66,7a,6c,4c,1d,38,12,86,f0,56,
6a,b1,68,4a,0d,d9,a8,4b,50,85,7c,bf,22
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:18,c3,6d,7f,8c,77,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,f7,5c,97,3f,6e,4e,43,a8,03,14, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,f7,5c,97,3f,6e,4e,43,a8,03,14, \
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-17 10:27:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 17:27
.
Pre-Run: 436,192,927,744 bytes free
Post-Run: 436,114,128,896 bytes free
.
- - End Of File - - 97E916BC94E986A9AA73A9937F4F4A0E

Last edited by Headwound_Harry; 17-Aug-2012 at 01:26 PM..
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
17-Aug-2012, 08:27 PM #6
Hi,

Good job running that.

Please run ComboFix again and post the fresh log that is created.
Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
18-Aug-2012, 12:49 AM #7
Second ComboFix scan after cleaning:

ComboFix 12-08-17.03 - Home 08/17/2012 12:36:06.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1206 [GMT -7:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 19:43 . 2012-08-17 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 19:43 . 2012-08-17 19:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-15 02:10 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 02:10 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 02:10 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 02:10 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 02:10 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 02:10 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 02:10 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:10 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56D2B15B-AE5B-41A0-97D4-D041B7CEE174}\mpengine.dll
2012-08-14 02:45 . 2012-08-17 01:07 -------- d-----w- c:\users\Home\AppData\Local\CrashDumps
2012-08-14 02:43 . 2012-08-14 02:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 19:26 . 2012-08-13 19:37 -------- d-----w- c:\users\Home\AppData\Local\NPE
2012-08-13 18:53 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-08-13 18:19 . 2012-08-17 19:27 -------- d-----w- c:\users\Home\AppData\Roaming\Anvisoft
2012-08-13 18:19 . 2012-08-13 18:19 -------- d-----w- c:\programdata\Anvisoft
2012-08-13 18:19 . 2012-08-17 19:27 -------- d-----w- c:\program files\Anvisoft
2012-08-13 17:56 . 2012-08-13 17:56 -------- d-----w- c:\users\Home\AppData\Roaming\Ad-Aware Antivirus
2012-08-13 17:19 . 2012-08-13 17:19 -------- d-----w- c:\programdata\Autorun Eater
2012-08-13 17:19 . 2012-08-13 17:32 -------- d-----w- c:\program files\Autorun Eater
2012-08-13 17:18 . 2012-08-13 17:18 -------- d-----w- c:\users\Home\AppData\Roaming\PKWARE
2012-08-13 17:18 . 2012-08-13 17:18 -------- d-----w- c:\programdata\PKWARE
2012-08-13 17:15 . 2012-08-13 17:15 -------- d-----w- c:\program files\PKWARE
2012-08-13 17:15 . 2012-08-13 17:15 -------- d-----w- c:\program files\Common Files\PKWARE
2012-08-13 17:14 . 2012-08-13 17:14 -------- d-----w- c:\users\Home\AppData\Local\Downloaded Installations
2012-08-11 21:44 . 2012-08-11 22:13 -------- d-----w- c:\programdata\HitmanPro
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 05:35 . 2012-04-12 16:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 05:35 . 2011-05-29 01:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2010-06-03 05:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 05:05 . 2012-07-10 23:15 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:15 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:16 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 01:00 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 01:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:01 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 01:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 01:01 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 01:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 01:00 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 04:45 . 2012-07-10 23:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-10 23:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-10 23:16 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-10 23:16 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-10 23:16 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25 . 2010-02-28 23:34 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PKZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\14.00.0023\PKTray.exe [2012-8-13 935320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
path=c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
backup=c:\windows\pss\V CAST Media Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYRUA_AGENT]
2012-03-15 07:15 392280 ----a-w- c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - asdrs
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:35]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 01:28]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 01:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://hosting.meringcarsoninteractive.com/disneyvirtualmagic/plugin/DFusionHomeWebPlugIn.Installer.exe
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6E45F3E8-2683-4824-A6BE-08108022FB36}"=hex:51,66,7a,6c,4c,1d,38,12,86,f0,56,
6a,b1,68,4a,0d,d9,a8,4b,50,85,7c,bf,22
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:18,c3,6d,7f,8c,77,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,f7,5c,97,3f,6e,4e,43,a8,03,14, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,f7,5c,97,3f,6e,4e,43,a8,03,14, \
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-17 12:49:45
ComboFix-quarantined-files.txt 2012-08-17 19:49
ComboFix2.txt 2012-08-17 17:27
.
Pre-Run: 435,953,979,392 bytes free
Post-Run: 435,665,649,664 bytes free
.
- - End Of File - - 8529F876B8BC117B49B80879640DCB38
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
18-Aug-2012, 03:26 PM #8
Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
  • Copy and paste/or attach that log as a reply to this topic
**Note** If no threats are found there will not be a log created.
----------
Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
20-Aug-2012, 12:37 AM #9
Jeffce,
OK, I ran the ESET scan and another MBAM scan. ESET did not produce a log, but no infection was found. Here's the MBAM log (clean):

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.18.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Home :: CONFUTER [administrator]
8/18/2012 2:09:21 PM
mbam-log-2012-08-18 (14-09-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212643
Time elapsed: 6 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Thanks again.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Aug-2012, 10:47 AM #10
Looks good. How is your system running?
Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
20-Aug-2012, 12:44 PM #11
Jeffce,
It's running well considering its age (5+ years). I also solved an unrelated hardware problem I was having, so it's never been better.

This is a great thing you guys do here. A donation is coming your way.

I also wanted to mention something you may be interested in. Going through this process I changed anti-virus programs from AVG to Anvisoft. I decided on Anvi because it got top reviews on CNET. Anvisoft kept running on startup, even though I had disabled it and told it not to run on startup, so I uninstalled it until I was done with all this. So when I went back to CNET to re-install it, any trace of it was completely gone from CNET, as if it never existed. Any idea what happened?
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Aug-2012, 12:49 PM #12
Hi,

Glad to hear that your system is running better.

Hard to say what happened over at CNET. I would recommend either of the following...

Microsoft Security Essentials
Avast
----------

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------
Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
20-Aug-2012, 04:57 PM #13
Is Security Essentials OK by itself or can you have both?

Here's the checkup log (*EDIT: I updated Java and Adobe and turned UAC on):

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Last edited by Headwound_Harry; 20-Aug-2012 at 05:05 PM..
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Aug-2012, 08:23 PM #14
Quote:
Is Security Essentials OK by itself or can you have both?
As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
-----------

If you updated Java and Adobe already do one last thing and check to see that you are able to perform Windows Updates. Let me know in your next reply.
Headwound_Harry's Avatar
Headwound_Harry Headwound_Harry is offline
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
21-Aug-2012, 09:04 PM #15
Is MBAM antispyware?

Yes, I'm able to do Windows updates.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2