Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have Virus Believe Its Google Redirect [Solved]

Started by maradei , Mar 11 2012 01:35 PM

  • This topic is locked This topic is locked

#1
maradei
Posted 11 March 2012 - 01:35 PM

maradei

    Member

  • Member
  • PipPipPip
  • 145 posts
Have what I think is Google redirect because there are no sponsored results and when I see false urls in the results.Dont have problem in Yahoo search results-Ran Avira scan ).Have avira identify and remove infected htmlwebpage.gen.Have windows 7 2 mo old sony laptop...
thank you-
Mark

OTL logfile created on: 3/11/2012 12:41:09 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\mark\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 39.30% Memory free
7.90 Gb Paging File | 4.57 Gb Available in Paging File | 57.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.26 Gb Total Space | 500.94 Gb Free Space | 85.59% Space Free | Partition Type: NTFS

Computer Name: MARK-VAIO | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 12:22:09 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Downloads\OTL.exe
PRC - [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/15 13:00:40 | 000,492,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2012/02/01 15:18:14 | 002,918,224 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/23 19:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 19:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 12:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/08/31 10:44:30 | 000,477,200 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/02/01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/08/06 03:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
PRC - [2008/08/06 03:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/27 13:05:02 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/17 12:19:08 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\b7bf9745b6ac67086c7364ee34174c51\System.Management.ni.dll
MOD - [2012/02/17 12:17:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9eb937785d5a8bc2767ae7efcdd29d43\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 12:17:19 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll
MOD - [2012/02/17 12:16:09 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/17 12:14:20 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c6b914d595e5b00ae540004a71c6c3a2\IAStorUtil.ni.dll
MOD - [2012/02/17 10:43:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 10:43:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 10:43:05 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/17 10:42:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/17 10:42:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/17 10:42:44 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/17 10:42:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/17 10:42:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/17 10:42:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/17 10:42:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/17 10:38:09 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
MOD - [2012/02/17 10:37:57 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
MOD - [2012/02/17 10:37:54 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
MOD - [2012/02/17 10:37:49 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
MOD - [2012/02/17 10:37:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 10:37:44 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
MOD - [2012/02/17 10:37:43 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
MOD - [2012/02/17 10:37:42 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
MOD - [2012/02/17 10:37:40 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
MOD - [2012/02/17 10:37:38 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
MOD - [2012/02/16 07:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/01 15:18:20 | 001,144,656 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Jing\Recorder.dll
MOD - [2012/01/12 18:48:06 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2012/01/12 18:40:39 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2012/01/12 18:40:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/12 18:40:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/12 18:12:06 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/08/31 12:06:52 | 000,027,104 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
MOD - [2011/08/31 12:06:48 | 000,161,256 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
MOD - [2011/08/31 10:44:30 | 000,477,200 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/08/06 03:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
MOD - [2008/08/06 03:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
MOD - [2008/06/27 15:09:06 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.monitor.core.dll
MOD - [2008/06/27 15:09:06 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.monitor.common.dll
MOD - [2008/06/27 15:08:17 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/06/06 20:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/09/07 05:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvscw.dll
MOD - [2007/08/11 04:49:54 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvcaps.dll
MOD - [2007/07/20 20:30:02 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvdatr.dll
MOD - [2006/12/29 00:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvcats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/27 18:12:16 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/08/12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/07/19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2011/05/19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011/01/20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/07/24 22:34:05 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdvcoms.exe -- (lxdv_device)
SRV:64bit: - [2008/07/24 22:33:59 | 000,033,448 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/23 19:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 19:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 23:13:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/24 22:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdvcoms.exe -- (lxdv_device)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 13:00:40 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/09/20 08:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/09/16 00:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/16 00:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/08 02:30:08 | 001,591,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/07/18 23:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/29 02:00:53 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/28 23:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/28 23:15:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 08:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/04/26 13:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/29 16:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/12 17:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Extensions
[2012/02/29 16:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/16 07:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdvamon] C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe ()
O4:64bit: - HKLM..\Run: [lxdvmon.exe] C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SB3D7.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44EB22D6-23F9-47FA-AFF3-84647070C430}: DhcpNameServer = 68.105.28.16 68.105.29.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6418CA52-0B68-4660-A700-92D38D0027D1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 18:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger
[2012/03/10 18:53:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F974CC36-BF25-4374-A035-B0A9DA79E735}
[2012/03/09 18:04:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/09 08:41:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/03/01 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Local\Diagnostics
[2012/02/29 15:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/29 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/29 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/02/29 15:34:03 | 000,000,000 | ---D | C] -- C:\54c7209a3812255c490a3d01ca
[2012/02/29 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\AusLogics
[2012/02/28 09:10:16 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Corel
[2012/02/28 09:10:13 | 000,000,000 | ---D | C] -- C:\Users\mark\Corel
[2012/02/27 13:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/27 13:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/02/27 13:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012/02/22 13:37:43 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Apple Computer
[2012/02/22 13:37:43 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Local\Apple Computer
[2012/02/22 13:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/22 13:37:13 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/02/22 13:37:13 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/02/22 13:37:13 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/02/22 13:37:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/02/22 13:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/22 13:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/02/22 13:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/22 13:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/22 13:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/22 13:36:10 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Local\Apple
[2012/02/22 13:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/02/22 13:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/02/22 13:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/02/22 13:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/02/22 13:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/02/22 13:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/02/17 11:17:09 | 000,000,000 | ---D | C] -- C:\Users\mark\Documents\GETG
[2012/02/17 10:30:31 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 10:30:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 10:30:30 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 10:30:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 10:30:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 10:30:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 10:30:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 10:30:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 10:30:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 10:30:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/17 10:30:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 17:04:04 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 17:03:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 17:03:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 17:01:46 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 13:00:04 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Avira
[2012/02/13 12:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/02/13 12:59:37 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/13 12:59:37 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/02/13 12:59:37 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/02/13 12:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/02/13 12:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

========== Files - Modified Within 30 Days ==========

[2012/03/10 18:55:24 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 18:55:24 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 18:53:56 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 18:53:56 | 000,663,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 18:53:56 | 000,122,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 18:47:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 18:47:24 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 19:32:37 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/01 08:49:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/29 16:35:52 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/29 14:31:13 | 000,055,563 | ---- | M] () -- C:\test.xml
[2012/02/28 11:49:08 | 001,230,144 | ---- | M] () -- C:\Users\mark\Desktop\img023.jpg
[2012/02/28 11:48:20 | 001,223,999 | ---- | M] () -- C:\Users\mark\Desktop\img022.jpg
[2012/02/28 11:47:32 | 001,721,564 | ---- | M] () -- C:\Users\mark\Desktop\img021.jpg
[2012/02/28 11:46:44 | 001,451,433 | ---- | M] () -- C:\Users\mark\Desktop\img020.jpg
[2012/02/28 11:45:55 | 001,566,275 | ---- | M] () -- C:\Users\mark\Desktop\img018.jpg
[2012/02/28 11:45:07 | 001,559,271 | ---- | M] () -- C:\Users\mark\Desktop\img017.jpg
[2012/02/28 09:10:16 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/27 13:07:30 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/27 13:06:59 | 000,002,515 | ---- | M] () -- C:\Users\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/02/27 13:06:59 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/02/22 13:37:41 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/17 10:41:46 | 000,443,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 13:00:40 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/13 13:12:09 | 000,507,687 | ---- | M] () -- C:\Users\mark\Desktop\img016.jpg
[2012/02/13 13:11:20 | 000,506,652 | ---- | M] () -- C:\Users\mark\Desktop\img015.jpg
[2012/02/13 12:59:52 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

========== Files Created - No Company Name ==========

[2012/02/29 16:35:52 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/29 16:35:52 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/29 14:31:13 | 000,055,563 | ---- | C] () -- C:\test.xml
[2012/02/28 11:54:07 | 001,230,144 | ---- | C] () -- C:\Users\mark\Desktop\img023.jpg
[2012/02/28 11:53:59 | 001,223,999 | ---- | C] () -- C:\Users\mark\Desktop\img022.jpg
[2012/02/28 11:53:50 | 001,721,564 | ---- | C] () -- C:\Users\mark\Desktop\img021.jpg
[2012/02/28 11:53:28 | 001,451,433 | ---- | C] () -- C:\Users\mark\Desktop\img020.jpg
[2012/02/28 11:52:28 | 001,566,275 | ---- | C] () -- C:\Users\mark\Desktop\img018.jpg
[2012/02/28 11:52:07 | 001,559,271 | ---- | C] () -- C:\Users\mark\Desktop\img017.jpg
[2012/02/28 09:10:16 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/27 13:07:30 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/27 13:06:59 | 000,002,515 | ---- | C] () -- C:\Users\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/02/27 13:06:59 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/02/27 13:06:59 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/02/22 13:37:41 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/22 13:36:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/13 13:13:12 | 000,507,687 | ---- | C] () -- C:\Users\mark\Desktop\img016.jpg
[2012/02/13 13:12:56 | 000,506,652 | ---- | C] () -- C:\Users\mark\Desktop\img015.jpg
[2012/02/13 12:59:52 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/28 11:05:14 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvserv.dll
[2012/01/28 11:05:14 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvusb1.dll
[2012/01/28 11:05:14 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomc.dll
[2012/01/28 11:05:14 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvhbn3.dll
[2012/01/28 11:05:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvpmui.dll
[2012/01/28 11:05:14 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcoms.exe
[2012/01/28 11:05:14 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvlmpm.dll
[2012/01/28 11:05:14 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdvcomx.dll
[2012/01/28 11:05:14 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcfg.exe
[2012/01/28 11:05:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomm.dll
[2012/01/28 11:05:14 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvinpa.dll
[2012/01/28 11:05:14 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDVinst.dll
[2012/01/28 11:05:14 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdviesc.dll
[2012/01/28 11:05:14 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvih.exe
[2012/01/28 11:05:14 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvprox.dll
[2012/01/17 10:56:37 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/01/17 10:56:37 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/01/17 10:56:37 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/01/17 10:56:37 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/01/17 10:56:37 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/01/17 10:56:37 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/01/17 10:56:37 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/01/17 10:56:37 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/01/17 10:56:37 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/01/17 10:56:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/01/17 10:56:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/01/17 10:56:37 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/01/17 10:56:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/01/17 10:56:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/01/17 10:56:37 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/01/17 10:56:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/20 05:37:49 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/18 23:38:04 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/18 23:38:04 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/18 23:33:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/07/18 23:15:30 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/03/29 18:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 16:03:27 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >

Edited by maradei, 11 March 2012 - 01:51 PM.

  • 0

Advertisements

#2
maliprog
Posted 15 March 2012 - 12:42 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello maradei and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe &amp; follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
maradei
Posted 15 March 2012 - 09:18 AM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
Hi and Thank you! here TDSS log


08:01:45.0592 9788 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:01:46.0096 9788 ============================================================
08:01:46.0096 9788 Current date / time: 2012/03/15 08:01:46.0096
08:01:46.0096 9788 SystemInfo:
08:01:46.0096 9788
08:01:46.0096 9788 OS Version: 6.1.7601 ServicePack: 1.0
08:01:46.0096 9788 Product type: Workstation
08:01:46.0096 9788 ComputerName: MARK-VAIO
08:01:46.0096 9788 UserName: mark
08:01:46.0096 9788 Windows directory: C:\Windows
08:01:46.0096 9788 System windows directory: C:\Windows
08:01:46.0096 9788 Running under WOW64
08:01:46.0096 9788 Processor architecture: Intel x64
08:01:46.0096 9788 Number of processors: 4
08:01:46.0096 9788 Page size: 0x1000
08:01:46.0096 9788 Boot type: Normal boot
08:01:46.0096 9788 ============================================================
08:01:47.0023 9788 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:01:47.0040 9788 \Device\Harddisk0\DR0:
08:01:47.0079 9788 MBR used
08:01:47.0079 9788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x15A1800, BlocksNum 0x32000
08:01:47.0079 9788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15D3800, BlocksNum 0x492842B0
08:01:47.0154 9788 Initialize success
08:01:47.0154 9788 ============================================================
08:03:23.0957 10216 ============================================================
08:03:23.0957 10216 Scan started
08:03:23.0957 10216 Mode: Manual; SigCheck; TDLFS;
08:03:23.0957 10216 ============================================================
08:03:28.0138 10216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:03:28.0649 10216 1394ohci - ok
08:03:28.0762 10216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:03:28.0774 10216 ACPI - ok
08:03:28.0896 10216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:03:29.0089 10216 AcpiPmi - ok
08:03:29.0197 10216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:03:29.0213 10216 adp94xx - ok
08:03:29.0319 10216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:03:29.0332 10216 adpahci - ok
08:03:29.0456 10216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:03:29.0466 10216 adpu320 - ok
08:03:29.0614 10216 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:03:29.0713 10216 AFD - ok
08:03:29.0906 10216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:03:29.0914 10216 agp440 - ok
08:03:30.0025 10216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:03:30.0033 10216 aliide - ok
08:03:30.0131 10216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:03:30.0138 10216 amdide - ok
08:03:30.0241 10216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:03:30.0289 10216 AmdK8 - ok
08:03:30.0401 10216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:03:30.0433 10216 AmdPPM - ok
08:03:30.0543 10216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:03:30.0552 10216 amdsata - ok
08:03:30.0661 10216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:03:30.0671 10216 amdsbs - ok
08:03:30.0776 10216 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:03:30.0783 10216 amdxata - ok
08:03:30.0929 10216 ApfiltrService (12bfa9ec4b03cc16bb7d19baa308aef2) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:03:31.0045 10216 ApfiltrService - ok
08:03:31.0139 10216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:03:31.0423 10216 AppID - ok
08:03:31.0532 10216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:03:31.0541 10216 arc - ok
08:03:31.0640 10216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:03:31.0649 10216 arcsas - ok
08:03:31.0752 10216 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
08:03:31.0758 10216 ArcSoftKsUFilter - ok
08:03:31.0894 10216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:03:32.0130 10216 AsyncMac - ok
08:03:32.0234 10216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:03:32.0241 10216 atapi - ok
08:03:32.0398 10216 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
08:03:32.0480 10216 athr - ok
08:03:32.0588 10216 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
08:03:32.0596 10216 avgntflt - ok
08:03:32.0703 10216 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
08:03:32.0711 10216 avipbb - ok
08:03:32.0854 10216 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:03:32.0860 10216 avkmgr - ok
08:03:33.0002 10216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:03:33.0131 10216 b06bdrv - ok
08:03:33.0257 10216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:03:33.0312 10216 b57nd60a - ok
08:03:33.0491 10216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:03:33.0564 10216 Beep - ok
08:03:33.0803 10216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:03:33.0840 10216 blbdrive - ok
08:03:34.0014 10216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:03:34.0141 10216 bowser - ok
08:03:34.0257 10216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:03:34.0304 10216 BrFiltLo - ok
08:03:34.0488 10216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:03:34.0541 10216 BrFiltUp - ok
08:03:34.0697 10216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:03:34.0821 10216 Brserid - ok
08:03:34.0974 10216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:03:35.0013 10216 BrSerWdm - ok
08:03:35.0187 10216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:03:35.0226 10216 BrUsbMdm - ok
08:03:35.0388 10216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:03:35.0426 10216 BrUsbSer - ok
08:03:35.0529 10216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:03:35.0563 10216 BTHMODEM - ok
08:03:35.0748 10216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:03:35.0797 10216 cdfs - ok
08:03:35.0915 10216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:03:36.0003 10216 cdrom - ok
08:03:36.0165 10216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:03:36.0203 10216 circlass - ok
08:03:36.0357 10216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:03:36.0370 10216 CLFS - ok
08:03:36.0487 10216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:03:36.0535 10216 CmBatt - ok
08:03:36.0699 10216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:03:36.0707 10216 cmdide - ok
08:03:36.0821 10216 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:03:36.0857 10216 CNG - ok
08:03:37.0033 10216 CnxtHdAudService (61f989b3e4c097de52330ba00fcbcb67) C:\Windows\system32\drivers\CHDRT64.sys
08:03:37.0084 10216 CnxtHdAudService - ok
08:03:37.0191 10216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:03:37.0199 10216 Compbatt - ok
08:03:37.0293 10216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:03:37.0334 10216 CompositeBus - ok
08:03:37.0498 10216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:03:37.0505 10216 crcdisk - ok
08:03:37.0612 10216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:03:37.0664 10216 DfsC - ok
08:03:37.0767 10216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:03:37.0808 10216 discache - ok
08:03:37.0975 10216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:03:37.0983 10216 Disk - ok
08:03:38.0105 10216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:03:38.0146 10216 drmkaud - ok
08:03:38.0331 10216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:03:38.0355 10216 DXGKrnl - ok
08:03:38.0538 10216 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
08:03:38.0577 10216 e1yexpress - ok
08:03:38.0804 10216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:03:38.0899 10216 ebdrv - ok
08:03:39.0111 10216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:03:39.0127 10216 elxstor - ok
08:03:39.0225 10216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:03:39.0293 10216 ErrDev - ok
08:03:39.0411 10216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:03:39.0451 10216 exfat - ok
08:03:39.0550 10216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:03:39.0595 10216 fastfat - ok
08:03:39.0738 10216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:03:39.0824 10216 fdc - ok
08:03:39.0973 10216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:03:39.0982 10216 FileInfo - ok
08:03:40.0119 10216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:03:40.0228 10216 Filetrace - ok
08:03:40.0343 10216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:03:40.0360 10216 flpydisk - ok
08:03:40.0574 10216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:03:40.0586 10216 FltMgr - ok
08:03:40.0695 10216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:03:40.0703 10216 FsDepends - ok
08:03:40.0801 10216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:03:40.0808 10216 Fs_Rec - ok
08:03:40.0921 10216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:03:40.0933 10216 fvevol - ok
08:03:41.0037 10216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:03:41.0044 10216 gagp30kx - ok
08:03:41.0183 10216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:03:41.0189 10216 GEARAspiWDM - ok
08:03:41.0284 10216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:03:41.0343 10216 hcw85cir - ok
08:03:41.0443 10216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:03:41.0472 10216 HdAudAddService - ok
08:03:41.0581 10216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:03:41.0624 10216 HDAudBus - ok
08:03:41.0804 10216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:03:41.0823 10216 HidBatt - ok
08:03:41.0936 10216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:03:42.0043 10216 HidBth - ok
08:03:42.0230 10216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:03:42.0261 10216 HidIr - ok
08:03:42.0359 10216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:03:42.0390 10216 HidUsb - ok
08:03:42.0491 10216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:03:42.0498 10216 HpSAMD - ok
08:03:42.0607 10216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:03:42.0681 10216 HTTP - ok
08:03:42.0788 10216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:03:42.0796 10216 hwpolicy - ok
08:03:42.0899 10216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:03:42.0910 10216 i8042prt - ok
08:03:43.0007 10216 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
08:03:43.0017 10216 iaStor - ok
08:03:43.0155 10216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:03:43.0169 10216 iaStorV - ok
08:03:43.0498 10216 igfx (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:03:43.0834 10216 igfx - ok
08:03:43.0944 10216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:03:43.0952 10216 iirsp - ok
08:03:44.0062 10216 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:03:44.0113 10216 IntcDAud - ok
08:03:44.0247 10216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:03:44.0254 10216 intelide - ok
08:03:44.0354 10216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
08:03:44.0379 10216 intelppm - ok
08:03:44.0481 10216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:03:44.0507 10216 IpFilterDriver - ok
08:03:44.0607 10216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:03:44.0635 10216 IPMIDRV - ok
08:03:44.0741 10216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:03:44.0783 10216 IPNAT - ok
08:03:44.0885 10216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:03:44.0939 10216 IRENUM - ok
08:03:45.0048 10216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:03:45.0063 10216 isapnp - ok
08:03:45.0195 10216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:03:45.0206 10216 iScsiPrt - ok
08:03:45.0307 10216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:03:45.0314 10216 kbdclass - ok
08:03:45.0421 10216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:03:45.0444 10216 kbdhid - ok
08:03:45.0563 10216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:03:45.0571 10216 KSecDD - ok
08:03:45.0692 10216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:03:45.0702 10216 KSecPkg - ok
08:03:45.0791 10216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:03:45.0828 10216 ksthunk - ok
08:03:45.0938 10216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:03:45.0982 10216 lltdio - ok
08:03:46.0083 10216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:03:46.0091 10216 LSI_FC - ok
08:03:46.0232 10216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:03:46.0240 10216 LSI_SAS - ok
08:03:46.0349 10216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:03:46.0357 10216 LSI_SAS2 - ok
08:03:46.0468 10216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:03:46.0476 10216 LSI_SCSI - ok
08:03:46.0569 10216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:03:46.0609 10216 luafv - ok
08:03:46.0718 10216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:03:46.0726 10216 megasas - ok
08:03:46.0832 10216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:03:46.0844 10216 MegaSR - ok
08:03:46.0939 10216 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
08:03:46.0946 10216 MEIx64 - ok
08:03:47.0049 10216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:03:47.0090 10216 Modem - ok
08:03:47.0225 10216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:03:47.0247 10216 monitor - ok
08:03:47.0352 10216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:03:47.0359 10216 mouclass - ok
08:03:47.0466 10216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
08:03:47.0503 10216 mouhid - ok
08:03:47.0606 10216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:03:47.0614 10216 mountmgr - ok
08:03:47.0721 10216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:03:47.0730 10216 mpio - ok
08:03:47.0834 10216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:03:47.0872 10216 mpsdrv - ok
08:03:47.0971 10216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:03:48.0000 10216 MRxDAV - ok
08:03:48.0119 10216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:03:48.0184 10216 mrxsmb - ok
08:03:48.0331 10216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:03:48.0350 10216 mrxsmb10 - ok
08:03:48.0465 10216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:03:48.0476 10216 mrxsmb20 - ok
08:03:48.0616 10216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:03:48.0624 10216 msahci - ok
08:03:48.0870 10216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:03:48.0880 10216 msdsm - ok
08:03:48.0985 10216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:03:49.0011 10216 Msfs - ok
08:03:49.0117 10216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:03:49.0157 10216 mshidkmdf - ok
08:03:49.0297 10216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:03:49.0304 10216 msisadrv - ok
08:03:49.0409 10216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:03:49.0449 10216 MSKSSRV - ok
08:03:49.0554 10216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:03:49.0595 10216 MSPCLOCK - ok
08:03:49.0820 10216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:03:49.0871 10216 MSPQM - ok
08:03:49.0985 10216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:03:49.0998 10216 MsRPC - ok
08:03:50.0099 10216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:03:50.0106 10216 mssmbios - ok
08:03:50.0207 10216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:03:50.0246 10216 MSTEE - ok
08:03:50.0368 10216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:03:50.0389 10216 MTConfig - ok
08:03:50.0495 10216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:03:50.0503 10216 Mup - ok
08:03:50.0613 10216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:03:50.0644 10216 NativeWifiP - ok
08:03:50.0753 10216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:03:50.0776 10216 NDIS - ok
08:03:50.0870 10216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:03:50.0904 10216 NdisCap - ok
08:03:51.0020 10216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:51.0060 10216 NdisTapi - ok
08:03:51.0167 10216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:51.0202 10216 Ndisuio - ok
08:03:51.0348 10216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:51.0391 10216 NdisWan - ok
08:03:51.0495 10216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:03:51.0521 10216 NDProxy - ok
08:03:51.0618 10216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:03:51.0652 10216 NetBIOS - ok
08:03:51.0766 10216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:03:51.0794 10216 NetBT - ok
08:03:51.0910 10216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:03:51.0917 10216 nfrd960 - ok
08:03:52.0024 10216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:03:52.0062 10216 Npfs - ok
08:03:52.0160 10216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:03:52.0196 10216 nsiproxy - ok
08:03:52.0359 10216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:03:52.0394 10216 Ntfs - ok
08:03:52.0499 10216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:03:52.0541 10216 Null - ok
08:03:52.0827 10216 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:03:53.0116 10216 nvlddmkm - ok
08:03:53.0217 10216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:03:53.0226 10216 nvraid - ok
08:03:53.0368 10216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:03:53.0377 10216 nvstor - ok
08:03:53.0479 10216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:03:53.0489 10216 nv_agp - ok
08:03:53.0612 10216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:03:53.0640 10216 ohci1394 - ok
08:03:53.0737 10216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:03:53.0748 10216 Parport - ok
08:03:53.0857 10216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:03:53.0865 10216 partmgr - ok
08:03:53.0964 10216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:03:53.0975 10216 pci - ok
08:03:54.0080 10216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:03:54.0086 10216 pciide - ok
08:03:54.0189 10216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:03:54.0199 10216 pcmcia - ok
08:03:54.0294 10216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:03:54.0309 10216 pcw - ok
08:03:54.0427 10216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:03:54.0478 10216 PEAUTH - ok
08:03:54.0600 10216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:03:54.0646 10216 PptpMiniport - ok
08:03:54.0755 10216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:03:54.0771 10216 Processor - ok
08:03:54.0874 10216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:03:54.0910 10216 Psched - ok
08:03:55.0035 10216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:03:55.0067 10216 ql2300 - ok
08:03:55.0160 10216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:03:55.0169 10216 ql40xx - ok
08:03:55.0278 10216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:03:55.0304 10216 QWAVEdrv - ok
08:03:55.0435 10216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:03:55.0470 10216 RasAcd - ok
08:03:55.0568 10216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:55.0608 10216 RasAgileVpn - ok
08:03:55.0725 10216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:55.0760 10216 Rasl2tp - ok
08:03:55.0865 10216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:55.0902 10216 RasPppoe - ok
08:03:56.0011 10216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:03:56.0046 10216 RasSstp - ok
08:03:56.0154 10216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:03:56.0192 10216 rdbss - ok
08:03:56.0297 10216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:03:56.0324 10216 rdpbus - ok
08:03:56.0456 10216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:56.0490 10216 RDPCDD - ok
08:03:56.0596 10216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:03:56.0630 10216 RDPENCDD - ok
08:03:56.0728 10216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:03:56.0754 10216 RDPREFMP - ok
08:03:56.0862 10216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:03:56.0890 10216 RDPWD - ok
08:03:57.0005 10216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:03:57.0016 10216 rdyboost - ok
08:03:57.0119 10216 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
08:03:57.0126 10216 regi - ok
08:03:57.0252 10216 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
08:03:57.0262 10216 RSPCIESTOR - ok
08:03:57.0398 10216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:03:57.0439 10216 rspndr - ok
08:03:57.0548 10216 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:03:57.0561 10216 RTL8167 - ok
08:03:57.0662 10216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:03:57.0671 10216 sbp2port - ok
08:03:57.0772 10216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:03:57.0813 10216 scfilter - ok
08:03:57.0916 10216 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:03:57.0938 10216 sdbus - ok
08:03:58.0043 10216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:03:58.0081 10216 secdrv - ok
08:03:58.0192 10216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:03:58.0218 10216 Serenum - ok
08:03:58.0326 10216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:03:58.0349 10216 Serial - ok
08:03:58.0481 10216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:03:58.0505 10216 sermouse - ok
08:03:58.0611 10216 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
08:03:58.0636 10216 SFEP - ok
08:03:58.0736 10216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:03:58.0764 10216 sffdisk - ok
08:03:58.0858 10216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:03:58.0887 10216 sffp_mmc - ok
08:03:58.0986 10216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:03:59.0005 10216 sffp_sd - ok
08:03:59.0110 10216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:03:59.0134 10216 sfloppy - ok
08:03:59.0260 10216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:03:59.0268 10216 SiSRaid2 - ok
08:03:59.0362 10216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:03:59.0370 10216 SiSRaid4 - ok
08:03:59.0494 10216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:03:59.0531 10216 Smb - ok
08:03:59.0689 10216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:03:59.0696 10216 spldr - ok
08:03:59.0808 10216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:03:59.0874 10216 srv - ok
08:03:59.0997 10216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:04:00.0021 10216 srv2 - ok
08:04:00.0138 10216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:04:00.0158 10216 srvnet - ok
08:04:00.0266 10216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:04:00.0273 10216 stexstor - ok
08:04:00.0374 10216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:04:00.0381 10216 swenum - ok
08:04:00.0560 10216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:04:00.0599 10216 Tcpip - ok
08:04:00.0738 10216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:04:00.0768 10216 TCPIP6 - ok
08:04:00.0864 10216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:04:00.0900 10216 tcpipreg - ok
08:04:01.0011 10216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:04:01.0076 10216 TDPIPE - ok
08:04:01.0178 10216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:04:01.0220 10216 TDTCP - ok
08:04:01.0327 10216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:04:01.0353 10216 tdx - ok
08:04:01.0493 10216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:04:01.0501 10216 TermDD - ok
08:04:01.0606 10216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:04:01.0644 10216 tssecsrv - ok
08:04:01.0738 10216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:04:01.0776 10216 TsUsbFlt - ok
08:04:01.0868 10216 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:04:01.0892 10216 TsUsbGD - ok
08:04:01.0999 10216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:04:02.0043 10216 tunnel - ok
08:04:02.0136 10216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:04:02.0144 10216 uagp35 - ok
08:04:02.0244 10216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:04:02.0289 10216 udfs - ok
08:04:02.0400 10216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:04:02.0408 10216 uliagpkx - ok
08:04:02.0540 10216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:04:02.0558 10216 umbus - ok
08:04:02.0666 10216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:04:02.0692 10216 UmPass - ok
08:04:02.0800 10216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:04:02.0835 10216 usbccgp - ok
08:04:02.0933 10216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:04:02.0962 10216 usbcir - ok
08:04:03.0062 10216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:04:03.0084 10216 usbehci - ok
08:04:03.0197 10216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
08:04:03.0222 10216 usbhub - ok
08:04:03.0323 10216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:04:03.0346 10216 usbohci - ok
08:04:03.0455 10216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:04:03.0478 10216 usbprint - ok
08:04:03.0608 10216 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:04:03.0630 10216 usbscan - ok
08:04:03.0729 10216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:04:03.0770 10216 USBSTOR - ok
08:04:03.0875 10216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:04:03.0901 10216 usbuhci - ok
08:04:04.0003 10216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:04:04.0016 10216 usbvideo - ok
08:04:04.0135 10216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:04:04.0143 10216 vdrvroot - ok
08:04:04.0267 10216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:04:04.0279 10216 vga - ok
08:04:04.0374 10216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:04:04.0409 10216 VgaSave - ok
08:04:04.0550 10216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:04:04.0561 10216 vhdmp - ok
08:04:04.0665 10216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:04:04.0673 10216 viaide - ok
08:04:04.0779 10216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:04:04.0787 10216 volmgr - ok
08:04:04.0896 10216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:04:04.0909 10216 volmgrx - ok
08:04:05.0013 10216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:04:05.0025 10216 volsnap - ok
08:04:05.0128 10216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:04:05.0137 10216 vsmraid - ok
08:04:05.0246 10216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:04:05.0274 10216 vwifibus - ok
08:04:05.0381 10216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:04:05.0409 10216 vwififlt - ok
08:04:05.0551 10216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:04:05.0577 10216 WacomPen - ok
08:04:05.0681 10216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:04:05.0724 10216 WANARP - ok
08:04:05.0727 10216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:04:05.0752 10216 Wanarpv6 - ok
08:04:05.0860 10216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:04:05.0867 10216 Wd - ok
08:04:05.0969 10216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:04:05.0987 10216 Wdf01000 - ok
08:04:06.0096 10216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:04:06.0121 10216 WfpLwf - ok
08:04:06.0223 10216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:04:06.0231 10216 WIMMount - ok
08:04:06.0363 10216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:04:06.0381 10216 WmiAcpi - ok
08:04:06.0486 10216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:04:06.0512 10216 ws2ifsl - ok
08:04:06.0643 10216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:04:06.0678 10216 WudfPf - ok
08:04:06.0783 10216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:04:06.0824 10216 WUDFRd - ok
08:04:06.0845 10216 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
08:04:06.0891 10216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
08:04:06.0891 10216 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
08:04:06.0945 10216 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:04:06.0945 10216 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:04:06.0978 10216 Boot (0x1200) (9289a90202c94b9e168b3bb7d539e781) \Device\Harddisk0\DR0\Partition0
08:04:06.0980 10216 \Device\Harddisk0\DR0\Partition0 - ok
08:04:06.0984 10216 Boot (0x1200) (852da75b55161930de99998ee06be49a) \Device\Harddisk0\DR0\Partition1
08:04:06.0986 10216 \Device\Harddisk0\DR0\Partition1 - ok
08:04:06.0986 10216 ============================================================
08:04:06.0986 10216 Scan finished
08:04:06.0986 10216 ============================================================
08:04:06.0994 8168 Detected object count: 2
08:04:06.0995 8168 Actual detected object count: 2
08:07:19.0022 8168 \Device\Harddisk0\DR0\# - copied to quarantine
08:07:19.0023 8168 \Device\Harddisk0\DR0 - copied to quarantine
08:07:19.0063 8168 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
08:07:19.0065 8168 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
08:07:19.0069 8168 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:07:19.0074 8168 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:07:19.0086 8168 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
08:07:19.0093 8168 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
08:07:19.0094 8168 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
08:07:19.0095 8168 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
08:07:19.0098 8168 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
08:07:19.0101 8168 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
08:07:19.0104 8168 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
08:07:19.0106 8168 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
08:07:19.0144 8168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
08:07:19.0209 8168 \Device\Harddisk0\DR0 - ok
08:07:19.0761 8168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
08:07:19.0761 8168 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:07:19.0761 8168 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:07:31.0718 11920 Deinitialize success
  • 0

#4
maradei
Posted 15 March 2012 - 10:17 AM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
MAJOR PROBLEM-when i ran the cobo fix and started to post log Im getting a error message "illegl operation attempted on a registry key that has been marked for deletion" Im on a work computer but need my lap asap please help! I cannot open any browser safari-firefox-ie
  • 0

#5
maliprog
Posted 15 March 2012 - 11:03 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Just restart your system and it will be fine. Post Combofix log here for me.
  • 0

#6
maradei
Posted 15 March 2012 - 12:32 PM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
seems to be displaying all google results although I havent clicked into it..



ComboFix 12-03-15.03 - mark 03/15/2012 8:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2277 [GMT -7:00]
Running from: c:\users\mark\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 15:07 . 2012-03-15 15:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 16:53 . 2012-03-14 16:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37C06814-00B0-4455-8E55-71CC90551571}\offreg.dll
2012-03-14 16:51 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37C06814-00B0-4455-8E55-71CC90551571}\mpengine.dll
2012-03-11 01:53 . 2012-03-11 01:53 -------- dc-h--w- c:\programdata\{F974CC36-BF25-4374-A035-B0A9DA79E735}
2012-03-09 15:38 . 2012-03-09 15:38 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\BF1E.tmp
2012-03-09 15:38 . 2012-03-09 15:38 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\BF1D.tmp
2012-03-01 15:55 . 2012-03-01 15:55 -------- d-----w- c:\users\mark\AppData\Local\Diagnostics
2012-02-29 22:34 . 2012-02-29 22:34 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-29 22:34 . 2012-02-29 22:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-02-29 22:34 . 2012-02-29 22:35 -------- d-----w- C:\54c7209a3812255c490a3d01ca
2012-02-29 21:39 . 2012-02-29 21:43 -------- d-----w- c:\users\mark\AppData\Roaming\AusLogics
2012-02-28 16:10 . 2012-02-28 16:10 -------- d-----w- c:\users\mark\AppData\Roaming\Corel
2012-02-28 16:10 . 2012-02-28 16:10 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-28 16:10 . 2012-02-28 16:10 -------- d-----w- c:\users\mark\Corel
2012-02-27 20:07 . 2012-02-27 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-27 20:07 . 2012-02-27 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-27 20:07 . 2012-02-27 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-27 20:07 . 2012-02-27 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-27 20:07 . 2012-02-27 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-27 20:07 . 2012-02-27 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-27 20:07 . 2012-02-27 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-27 20:07 . 2012-02-27 20:07 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-27 20:06 . 2012-02-27 20:06 -------- d-----w- c:\program files (x86)\Safari
2012-02-22 20:37 . 2012-02-22 20:38 -------- d-----w- c:\users\mark\AppData\Roaming\Apple Computer
2012-02-22 20:37 . 2012-02-22 20:37 -------- d-----w- c:\users\mark\AppData\Local\Apple Computer
2012-02-22 20:37 . 2012-02-22 20:37 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-22 20:37 . 2009-05-18 21:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-22 20:37 . 2008-04-17 20:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-02-22 20:37 . 2008-04-17 20:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-02-22 20:36 . 2012-02-22 20:36 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-02-22 20:36 . 2012-02-22 20:36 -------- d-----w- c:\program files\iTunes
2012-02-22 20:36 . 2012-02-22 20:36 -------- d-----w- c:\program files (x86)\iTunes
2012-02-22 20:36 . 2012-02-22 20:36 -------- d-----w- c:\programdata\Apple Computer
2012-02-22 20:36 . 2012-02-22 20:36 -------- d-----w- c:\program files\iPod
2012-02-22 20:36 . 2012-02-22 20:36 -------- d-----w- c:\users\mark\AppData\Local\Apple
2012-02-22 20:36 . 2012-02-22 20:36 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-02-22 20:35 . 2012-02-27 20:06 -------- d-----w- c:\program files\Common Files\Apple
2012-02-22 20:32 . 2012-02-22 20:32 -------- d-----w- c:\program files\Bonjour
2012-02-22 20:32 . 2012-02-22 20:32 -------- d-----w- c:\program files (x86)\Bonjour
2012-02-22 20:31 . 2012-02-27 20:06 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-02-22 20:31 . 2012-02-22 20:35 -------- d-----w- c:\programdata\Apple
2012-02-16 00:04 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 00:04 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 00:03 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 00:03 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 00:03 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 00:02 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 00:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 15:49 . 2012-01-14 03:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-13 00:28 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
S2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe [2008-07-25 1044136]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe [2008-07-25 33448]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-13 971704]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-28 1429608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-08 416024]
"lxdvmon.exe"="c:\program files (x86)\Lexmark X5400 Series\lxdvmon.exe" [2008-08-06 455336]
"lxdvamon"="c:\program files (x86)\Lexmark X5400 Series\lxdvamon.exe" [2008-08-06 25256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\m0kx3xwo.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2012-03-15 08:41:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-15 15:41
.
Pre-Run: 536,729,702,400 bytes free
Post-Run: 536,690,462,720 bytes free
.
- - End Of File - - 75C6701327A10787D31BB166E8638AF9
  • 0

#7
maliprog
Posted 16 March 2012 - 12:13 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi maradei,

Good work. Let's see if it hides anywhere:

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#8
maradei
Posted 16 March 2012 - 09:15 AM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
Not sure I understand what you mean by ZIP?? thank you



Also, ZIP MBR.dat it creates and attach it to your next reply
  • 0

#9
maradei
Posted 16 March 2012 - 10:41 AM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
when I tried to open mbr.dat said windows cant open file:
here is TXT
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-16 09:23:00
-----------------------------
09:23:00.873 OS Version: Windows x64 6.1.7601 Service Pack 1
09:23:00.873 Number of processors: 4 586 0x2A07
09:23:00.874 ComputerName: MARK-VAIO UserName: mark
09:23:02.085 Initialize success
09:24:33.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:24:33.232 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
09:24:33.253 Disk 0 MBR read successfully
09:24:33.255 Disk 0 MBR scan
09:24:33.257 Disk 0 Windows 7 default MBR code
09:24:33.263 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11073 MB offset 2048
09:24:33.276 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 22681600
09:24:33.282 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599304 MB offset 22886400
09:24:33.300 Disk 0 scanning C:\Windows\system32\drivers
09:24:39.137 Service scanning
09:25:04.464 Modules scanning
09:25:04.477 Disk 0 trace - called modules:
09:25:04.510 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:25:04.514 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ed060]
09:25:04.519 3 CLASSPNP.SYS[fffff88001b8b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049f9050]
09:25:04.523 Scan finished successfully
09:25:40.035 Disk 0 MBR has been saved successfully to "C:\Users\mark\Desktop\MBR.dat"
09:25:40.038 The log file has been saved successfully to "C:\Users\mark\Desktop\aswMBR.txt"
  • 0

#10
maradei
Posted 16 March 2012 - 01:02 PM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
Here is virus removal log-did say 7 items infected please advise

Status: Deleted (events: 7)
3/16/2012 9:53:31 AM Deleted Trojan program Trojan.Win32.Genome.aevio C:\Documents and Settings\All Users\Microsoft\Windows\DRM\BF1E.tmp High
3/16/2012 9:53:31 AM Deleted Trojan program Trojan.Win32.Genome.aevin C:\Documents and Settings\All Users\Microsoft\Windows\DRM\BF1D.tmp High
3/16/2012 10:17:57 AM Deleted Trojan program Trojan.Win32.TDSS.iowj C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0000.dta High
3/16/2012 10:17:57 AM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\mbr0000\tsk0000.dta High
3/16/2012 10:17:57 AM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0004.dta High
3/16/2012 10:18:04 AM Deleted Trojan program Rootkit.Win32.TDSS.gq C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0009.dta High
3/16/2012 10:18:04 AM Deleted Trojan program Rootkit.Win64.TDSS.k C:\TDSSKiller_Quarantine\15.03.2012_08.01.46\mbr0000\tdlfs0000\tsk0010.dta High
  • 0

Advertisements

#11
maliprog
Posted 16 March 2012 - 01:26 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. This looks good. Please test your system and come back with results.
  • 0

#12
maradei
Posted 16 March 2012 - 04:47 PM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
Hi-getting the black c/prompt window I believe it is..has uninst_24833939 also when I restarted my computer it asked me if I wanted permission to make the change to harddrive with the Kasersky(virus program) 0899161.exe.

1)What test should I run?
2)What free program or programs do you recommend I use?
Thank you so very much-
Mark

Edited by maradei, 16 March 2012 - 05:05 PM.

  • 0

#13
maliprog
Posted 17 March 2012 - 12:01 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi maradei,

Allow Kaspersky to make changes. There is no specific test. You had redirect problem so test if you still get redirected and let me know.
  • 0

#14
maradei
Posted 17 March 2012 - 11:11 AM

maradei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 145 posts
Ok done looks good..can you suggest both the best free and paid protection I'd appreciate it very much I have no clue. I used avast but this virus got me anyway......In the meantime I went to the" how did I get infected" page and downloaded the spyware blaster-MLWBYTS and Avira free.While installing the avira it said I needed to unistall the spyware blaster? Please advise.
Thank you again you guys are the best!
Mark

Edited by maradei, 17 March 2012 - 11:32 AM.

  • 0

#15
maliprog
Posted 17 March 2012 - 01:52 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi maradei,

Here is my antivirus recomendation:


You can also leave Malwarebytes (free or pain if you like) and scan your system from time to time to keep it clean.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP