Attached Files
-
DDS.txt 16.91KB
383 downloads
-
mbam_log_2011_12_13__19_36_07_.txt 1.07KB
323 downloads
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Ping.exe virus problems [Solved]
Started by
catherine_d
, Dec 13 2011 09:56 PM
-
This topic is locked
88 replies to this topic
#1
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 13 December 2011 - 09:56 PM
Register to Remove
#2
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 December 2011 - 10:38 AM
Hi and Welcome!! 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
----------
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
----------
GMER
Download GMER Rootkit Scanner from here or here.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download TDSSKiller.zip
If you have chosen to attempt to clean your system please post the logs created by GMER and TDSSKiller into your next reply.
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
----------
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
----------
GMER
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download TDSSKiller.zip
- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
If you have chosen to attempt to clean your system please post the logs created by GMER and TDSSKiller into your next reply.
#3
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 15 December 2011 - 12:51 PM
i've downloaded and opened gmer as an administrator, which it wasn't letting me do earlier. the only boxes that have checks when it comes up (and aren't grayed out) are services, registry, files, and ADS.
also on the reinstall, when i bought this computer they never gave me a windows reinstall disc so i can't do that. so do you have any advice beyond that since this is my only computer?
#4
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 December 2011 - 01:02 PM
Hi catherine,
Don't worry about running GMER. Go to My Computer and see if you have a D:\ folder that is could be your backup folder.
Go ahead and run TDSSKiller. Post the log created into your next reply and let me know if you have that backup folder.
Don't worry about running GMER.
Go to My Computer and see if you have a D:\ folder that is could be your backup folder.Go ahead and run TDSSKiller. Post the log created into your next reply and let me know if you have that backup folder.
#5
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 15 December 2011 - 01:06 PM
gmer is already running. no d drive on this compy, but i have something that looks like a microsoft screwed up thing called 'Microsoft Office Click-to-Run 2010 (Protected) Q:'
13:55:15.0936 6484 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:55:16.0339 6484 ============================================================
13:55:16.0339 6484 Current date / time: 2011/12/15 13:55:16.0339
13:55:16.0339 6484 SystemInfo:
13:55:16.0339 6484
13:55:16.0339 6484 OS Version: 6.1.7601 ServicePack: 1.0
13:55:16.0339 6484 Product type: Workstation
13:55:16.0339 6484 ComputerName: LAPTOP-PC
13:55:16.0339 6484 UserName: laptop
13:55:16.0339 6484 Windows directory: C:\windows
13:55:16.0339 6484 System windows directory: C:\windows
13:55:16.0339 6484 Running under WOW64
13:55:16.0339 6484 Processor architecture: Intel x64
13:55:16.0339 6484 Number of processors: 2
13:55:16.0339 6484 Page size: 0x1000
13:55:16.0339 6484 Boot type: Normal boot
13:55:16.0339 6484 ============================================================
13:55:17.0921 6484 Initialize success
13:57:01.0833 6792 ============================================================
13:57:01.0833 6792 Scan started
13:57:01.0833 6792 Mode: Manual;
13:57:01.0833 6792 ============================================================
13:57:02.0375 6792 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:57:02.0378 6792 1394ohci - ok
13:57:02.0619 6792 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:57:02.0624 6792 ACPI - ok
13:57:02.0892 6792 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:57:02.0893 6792 AcpiPmi - ok
13:57:03.0239 6792 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
13:57:03.0245 6792 adp94xx - ok
13:57:03.0478 6792 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
13:57:03.0484 6792 adpahci - ok
13:57:03.0771 6792 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
13:57:03.0774 6792 adpu320 - ok
13:57:04.0010 6792 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\windows\system32\drivers\afd.sys
13:57:04.0016 6792 AFD - ok
13:57:04.0260 6792 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:57:04.0262 6792 agp440 - ok
13:57:04.0516 6792 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:57:04.0517 6792 aliide - ok
13:57:04.0749 6792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:57:04.0751 6792 amdide - ok
13:57:05.0017 6792 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
13:57:05.0019 6792 AmdK8 - ok
13:57:06.0044 6792 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
13:57:06.0277 6792 amdkmdag - ok
13:57:06.0508 6792 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
13:57:06.0513 6792 amdkmdap - ok
13:57:06.0745 6792 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
13:57:06.0747 6792 AmdPPM - ok
13:57:07.0010 6792 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\windows\system32\drivers\amdsata.sys
13:57:07.0012 6792 amdsata - ok
13:57:07.0281 6792 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
13:57:07.0284 6792 amdsbs - ok
13:57:07.0489 6792 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\windows\system32\drivers\amdxata.sys
13:57:07.0490 6792 amdxata - ok
13:57:07.0728 6792 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:57:07.0730 6792 AppID - ok
13:57:08.0019 6792 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
13:57:08.0020 6792 arc - ok
13:57:08.0480 6792 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
13:57:08.0486 6792 arcsas - ok
13:57:08.0732 6792 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:57:08.0733 6792 AsyncMac - ok
13:57:09.0017 6792 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:57:09.0018 6792 atapi - ok
13:57:09.0510 6792 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
13:57:09.0573 6792 athr - ok
13:57:09.0913 6792 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
13:57:09.0915 6792 AtiHDAudioService - ok
13:57:10.0220 6792 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
13:57:10.0231 6792 b06bdrv - ok
13:57:10.0511 6792 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:57:10.0516 6792 b57nd60a - ok
13:57:10.0750 6792 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:57:10.0752 6792 Beep - ok
13:57:11.0212 6792 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:57:11.0213 6792 blbdrive - ok
13:57:11.0425 6792 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:57:11.0427 6792 bowser - ok
13:57:11.0633 6792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
13:57:11.0637 6792 BrFiltLo - ok
13:57:11.0955 6792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
13:57:11.0956 6792 BrFiltUp - ok
13:57:12.0154 6792 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:57:12.0159 6792 Brserid - ok
13:57:12.0354 6792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:57:12.0356 6792 BrSerWdm - ok
13:57:12.0576 6792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:57:12.0577 6792 BrUsbMdm - ok
13:57:12.0865 6792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:57:12.0867 6792 BrUsbSer - ok
13:57:13.0101 6792 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
13:57:13.0103 6792 BtFilter - ok
13:57:13.0389 6792 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
13:57:13.0391 6792 BTHMODEM - ok
13:57:13.0679 6792 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:57:13.0681 6792 cdfs - ok
13:57:13.0922 6792 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
13:57:13.0925 6792 cdrom - ok
13:57:14.0182 6792 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
13:57:14.0184 6792 circlass - ok
13:57:14.0413 6792 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:57:14.0418 6792 CLFS - ok
13:57:14.0734 6792 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:57:14.0735 6792 CmBatt - ok
13:57:14.0973 6792 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:57:14.0974 6792 cmdide - ok
13:57:15.0216 6792 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
13:57:15.0223 6792 CNG - ok
13:57:15.0446 6792 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
13:57:15.0447 6792 Compbatt - ok
13:57:15.0635 6792 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
13:57:15.0637 6792 CompositeBus - ok
13:57:15.0896 6792 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
13:57:15.0899 6792 crcdisk - ok
13:57:16.0410 6792 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:57:16.0443 6792 DfsC - ok
13:57:16.0692 6792 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:57:16.0693 6792 discache - ok
13:57:16.0988 6792 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
13:57:16.0990 6792 Disk - ok
13:57:17.0227 6792 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:57:17.0228 6792 drmkaud - ok
13:57:17.0484 6792 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:57:17.0557 6792 DXGKrnl - ok
13:57:17.0855 6792 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
13:57:17.0966 6792 ebdrv - ok
13:57:18.0158 6792 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
13:57:18.0165 6792 elxstor - ok
13:57:18.0355 6792 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:57:18.0356 6792 ErrDev - ok
13:57:18.0559 6792 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:57:18.0563 6792 exfat - ok
13:57:18.0753 6792 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:57:18.0756 6792 fastfat - ok
13:57:18.0986 6792 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
13:57:18.0987 6792 fdc - ok
13:57:19.0143 6792 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:57:19.0145 6792 FileInfo - ok
13:57:19.0337 6792 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:57:19.0338 6792 Filetrace - ok
13:57:19.0510 6792 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
13:57:19.0511 6792 flpydisk - ok
13:57:19.0758 6792 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:57:19.0763 6792 FltMgr - ok
13:57:19.0945 6792 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:57:19.0946 6792 FsDepends - ok
13:57:20.0066 6792 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
13:57:20.0067 6792 Fs_Rec - ok
13:57:20.0319 6792 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:57:20.0323 6792 fvevol - ok
13:57:20.0461 6792 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
13:57:20.0462 6792 gagp30kx - ok
13:57:20.0644 6792 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:57:20.0646 6792 hcw85cir - ok
13:57:20.0846 6792 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:57:20.0851 6792 HdAudAddService - ok
13:57:21.0042 6792 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
13:57:21.0044 6792 HDAudBus - ok
13:57:21.0200 6792 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
13:57:21.0201 6792 HidBatt - ok
13:57:21.0346 6792 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
13:57:21.0348 6792 HidBth - ok
13:57:21.0482 6792 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
13:57:21.0483 6792 HidIr - ok
13:57:21.0708 6792 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
13:57:21.0709 6792 HidUsb - ok
13:57:21.0962 6792 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:57:21.0964 6792 HpSAMD - ok
13:57:22.0133 6792 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:57:22.0143 6792 HTTP - ok
13:57:22.0262 6792 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:57:22.0263 6792 hwpolicy - ok
13:57:22.0493 6792 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
13:57:22.0495 6792 i8042prt - ok
13:57:22.0817 6792 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\windows\system32\drivers\iaStorV.sys
13:57:22.0823 6792 iaStorV - ok
13:57:23.0027 6792 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
13:57:23.0028 6792 iirsp - ok
13:57:23.0632 6792 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\windows\system32\drivers\RTKVHD64.sys
13:57:23.0717 6792 IntcAzAudAddService - ok
13:57:23.0873 6792 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:57:23.0874 6792 intelide - ok
13:57:24.0052 6792 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
13:57:24.0054 6792 intelppm - ok
13:57:24.0275 6792 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:57:24.0277 6792 IpFilterDriver - ok
13:57:24.0488 6792 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:57:24.0490 6792 IPMIDRV - ok
13:57:24.0744 6792 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:57:24.0747 6792 IPNAT - ok
13:57:24.0966 6792 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:57:24.0967 6792 IRENUM - ok
13:57:25.0281 6792 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:57:25.0282 6792 isapnp - ok
13:57:25.0543 6792 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:57:25.0547 6792 iScsiPrt - ok
13:57:25.0711 6792 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
13:57:25.0712 6792 kbdclass - ok
13:57:25.0891 6792 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
13:57:25.0892 6792 kbdhid - ok
13:57:26.0060 6792 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
13:57:26.0062 6792 KSecDD - ok
13:57:26.0238 6792 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
13:57:26.0240 6792 KSecPkg - ok
13:57:26.0469 6792 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:57:26.0470 6792 ksthunk - ok
13:57:26.0771 6792 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:57:26.0773 6792 lltdio - ok
13:57:27.0130 6792 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
13:57:27.0132 6792 LSI_FC - ok
13:57:27.0354 6792 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
13:57:27.0356 6792 LSI_SAS - ok
13:57:27.0588 6792 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
13:57:27.0590 6792 LSI_SAS2 - ok
13:57:27.0813 6792 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
13:57:27.0815 6792 LSI_SCSI - ok
13:57:28.0028 6792 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:57:28.0030 6792 luafv - ok
13:57:28.0263 6792 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\windows\system32\drivers\mbam.sys
13:57:28.0265 6792 MBAMProtector - ok
13:57:28.0417 6792 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
13:57:28.0419 6792 megasas - ok
13:57:28.0591 6792 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
13:57:28.0595 6792 MegaSR - ok
13:57:28.0790 6792 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:57:28.0791 6792 Modem - ok
13:57:29.0002 6792 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:57:29.0004 6792 monitor - ok
13:57:29.0254 6792 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
13:57:29.0255 6792 mouclass - ok
13:57:29.0443 6792 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:57:29.0444 6792 mouhid - ok
13:57:29.0588 6792 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:57:29.0590 6792 mountmgr - ok
13:57:29.0821 6792 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:57:29.0824 6792 mpio - ok
13:57:30.0005 6792 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:57:30.0007 6792 mpsdrv - ok
13:57:30.0212 6792 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:57:30.0215 6792 MRxDAV - ok
13:57:30.0352 6792 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\windows\system32\DRIVERS\mrxsmb.sys
13:57:30.0354 6792 mrxsmb - ok
13:57:30.0522 6792 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:57:30.0526 6792 mrxsmb10 - ok
13:57:30.0654 6792 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:57:30.0656 6792 mrxsmb20 - ok
13:57:30.0792 6792 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
13:57:30.0793 6792 msahci - ok
13:57:31.0069 6792 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:57:31.0071 6792 msdsm - ok
13:57:31.0293 6792 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:57:31.0295 6792 Msfs - ok
13:57:31.0492 6792 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:57:31.0493 6792 mshidkmdf - ok
13:57:31.0690 6792 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:57:31.0691 6792 msisadrv - ok
13:57:31.0963 6792 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:57:31.0964 6792 MSKSSRV - ok
13:57:32.0174 6792 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:57:32.0175 6792 MSPCLOCK - ok
13:57:32.0352 6792 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:57:32.0353 6792 MSPQM - ok
13:57:32.0534 6792 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:57:32.0538 6792 MsRPC - ok
13:57:32.0663 6792 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
13:57:32.0665 6792 mssmbios - ok
13:57:32.0883 6792 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:57:32.0885 6792 MSTEE - ok
13:57:33.0083 6792 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
13:57:33.0085 6792 MTConfig - ok
13:57:33.0339 6792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:57:33.0341 6792 Mup - ok
13:57:33.0675 6792 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:57:33.0680 6792 NativeWifiP - ok
13:57:33.0873 6792 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:57:33.0885 6792 NDIS - ok
13:57:34.0076 6792 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:57:34.0077 6792 NdisCap - ok
13:57:34.0303 6792 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:57:34.0304 6792 NdisTapi - ok
13:57:34.0518 6792 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:57:34.0520 6792 Ndisuio - ok
13:57:34.0715 6792 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:57:34.0718 6792 NdisWan - ok
13:57:34.0850 6792 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:57:34.0851 6792 NDProxy - ok
13:57:35.0174 6792 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:57:35.0176 6792 NetBIOS - ok
13:57:35.0351 6792 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:57:35.0356 6792 NetBT - ok
13:57:35.0620 6792 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
13:57:35.0623 6792 nfrd960 - ok
13:57:35.0832 6792 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:57:35.0834 6792 Npfs - ok
13:57:36.0017 6792 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:57:36.0018 6792 nsiproxy - ok
13:57:36.0352 6792 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\windows\system32\drivers\Ntfs.sys
13:57:36.0411 6792 Ntfs - ok
13:57:36.0556 6792 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:57:36.0557 6792 Null - ok
13:57:36.0805 6792 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\windows\system32\drivers\nvraid.sys
13:57:36.0808 6792 nvraid - ok
13:57:37.0041 6792 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\windows\system32\drivers\nvstor.sys
13:57:37.0044 6792 nvstor - ok
13:57:37.0198 6792 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:57:37.0201 6792 nv_agp - ok
13:57:37.0404 6792 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:57:37.0406 6792 ohci1394 - ok
13:57:37.0639 6792 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
13:57:37.0643 6792 Parport - ok
13:57:37.0788 6792 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
13:57:37.0790 6792 partmgr - ok
13:57:37.0935 6792 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:57:37.0937 6792 pci - ok
13:57:38.0079 6792 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
13:57:38.0080 6792 pciide - ok
13:57:38.0243 6792 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
13:57:38.0247 6792 pcmcia - ok
13:57:38.0424 6792 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:57:38.0426 6792 pcw - ok
13:57:38.0651 6792 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:57:38.0683 6792 PEAUTH - ok
13:57:38.0930 6792 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
13:57:38.0931 6792 PGEffect - ok
13:57:39.0241 6792 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:57:39.0243 6792 PptpMiniport - ok
13:57:39.0378 6792 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
13:57:39.0380 6792 Processor - ok
13:57:39.0633 6792 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:57:39.0635 6792 Psched - ok
13:57:39.0851 6792 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
13:57:39.0871 6792 ql2300 - ok
13:57:40.0024 6792 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
13:57:40.0027 6792 ql40xx - ok
13:57:40.0213 6792 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:57:40.0215 6792 QWAVEdrv - ok
13:57:40.0402 6792 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:57:40.0403 6792 RasAcd - ok
13:57:40.0573 6792 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:57:40.0574 6792 RasAgileVpn - ok
13:57:40.0819 6792 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:57:40.0821 6792 Rasl2tp - ok
13:57:41.0007 6792 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:57:41.0008 6792 RasPppoe - ok
13:57:41.0211 6792 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:57:41.0213 6792 RasSstp - ok
13:57:41.0371 6792 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:57:41.0375 6792 rdbss - ok
13:57:41.0585 6792 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
13:57:41.0586 6792 rdpbus - ok
13:57:41.0751 6792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:57:41.0752 6792 RDPCDD - ok
13:57:41.0960 6792 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:57:41.0961 6792 RDPENCDD - ok
13:57:42.0146 6792 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:57:42.0147 6792 RDPREFMP - ok
13:57:42.0333 6792 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
13:57:42.0336 6792 RDPWD - ok
13:57:42.0583 6792 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:57:42.0586 6792 rdyboost - ok
13:57:42.0894 6792 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:57:42.0896 6792 rspndr - ok
13:57:43.0198 6792 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
13:57:43.0201 6792 RSUSBSTOR - ok
13:57:43.0351 6792 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
13:57:43.0357 6792 RTL8167 - ok
13:57:43.0552 6792 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:57:43.0554 6792 sbp2port - ok
13:57:43.0696 6792 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:57:43.0697 6792 scfilter - ok
13:57:43.0887 6792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:57:43.0889 6792 secdrv - ok
13:57:44.0045 6792 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
13:57:44.0047 6792 Serenum - ok
13:57:44.0303 6792 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
13:57:44.0305 6792 Serial - ok
13:57:44.0459 6792 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
13:57:44.0460 6792 sermouse - ok
13:57:44.0637 6792 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:57:44.0638 6792 sffdisk - ok
13:57:44.0848 6792 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:57:44.0850 6792 sffp_mmc - ok
13:57:44.0993 6792 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:57:44.0995 6792 sffp_sd - ok
13:57:45.0117 6792 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
13:57:45.0118 6792 sfloppy - ok
13:57:45.0301 6792 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\windows\system32\DRIVERS\Sftfslh.sys
13:57:45.0311 6792 Sftfs - ok
13:57:45.0471 6792 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\windows\system32\DRIVERS\Sftplaylh.sys
13:57:45.0475 6792 Sftplay - ok
13:57:45.0682 6792 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\windows\system32\DRIVERS\Sftredirlh.sys
13:57:45.0683 6792 Sftredir - ok
13:57:45.0862 6792 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\windows\system32\DRIVERS\Sftvollh.sys
13:57:45.0863 6792 Sftvol - ok
13:57:46.0130 6792 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
13:57:46.0132 6792 SiSRaid2 - ok
13:57:46.0286 6792 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
13:57:46.0288 6792 SiSRaid4 - ok
13:57:46.0588 6792 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:57:46.0590 6792 Smb - ok
13:57:46.0942 6792 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:57:46.0944 6792 spldr - ok
13:57:47.0183 6792 srv (65bbf4920148c2ee279055da7228fc7b) C:\windows\system32\DRIVERS\srv.sys
13:57:47.0189 6792 srv - ok
13:57:47.0387 6792 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\windows\system32\DRIVERS\srv2.sys
13:57:47.0393 6792 srv2 - ok
13:57:47.0564 6792 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\windows\system32\DRIVERS\srvnet.sys
13:57:47.0568 6792 srvnet - ok
13:57:47.0976 6792 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
13:57:47.0977 6792 stexstor - ok
13:57:48.0240 6792 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
13:57:48.0242 6792 StillCam - ok
13:57:48.0509 6792 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
13:57:48.0510 6792 swenum - ok
13:57:48.0858 6792 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
13:57:48.0911 6792 SynTP - ok
13:57:49.0286 6792 Tcpip (dc08410db2d0cc542dacac7a90e6cb7a) C:\windows\system32\drivers\tcpip.sys
13:57:49.0359 6792 Tcpip - ok
13:57:49.0663 6792 TCPIP6 (dc08410db2d0cc542dacac7a90e6cb7a) C:\windows\system32\DRIVERS\tcpip.sys
13:57:49.0679 6792 TCPIP6 - ok
13:57:49.0807 6792 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:57:49.0808 6792 tcpipreg - ok
13:57:49.0952 6792 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:57:49.0953 6792 tdcmdpst - ok
13:57:50.0165 6792 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:57:50.0166 6792 TDPIPE - ok
13:57:50.0287 6792 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
13:57:50.0289 6792 TDTCP - ok
13:57:50.0642 6792 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:57:50.0644 6792 tdx - ok
13:57:50.0828 6792 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
13:57:50.0830 6792 TermDD - ok
13:57:51.0669 6792 Tosrfcom - ok
13:57:51.0924 6792 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
13:57:51.0925 6792 tosrfec - ok
13:57:52.0141 6792 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
13:57:52.0143 6792 Tosrfusb - ok
13:57:52.0492 6792 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:57:52.0494 6792 tssecsrv - ok
13:57:52.0736 6792 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:57:52.0737 6792 TsUsbFlt - ok
13:57:52.0883 6792 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
13:57:52.0884 6792 TsUsbGD - ok
13:57:53.0110 6792 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:57:53.0113 6792 tunnel - ok
13:57:53.0335 6792 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:57:53.0336 6792 TVALZ - ok
13:57:53.0595 6792 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
13:57:53.0596 6792 TVALZFL - ok
13:57:53.0775 6792 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
13:57:53.0777 6792 uagp35 - ok
13:57:53.0993 6792 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:57:53.0998 6792 udfs - ok
13:57:54.0151 6792 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:57:54.0152 6792 uliagpkx - ok
13:57:54.0366 6792 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
13:57:54.0367 6792 umbus - ok
13:57:54.0518 6792 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
13:57:54.0520 6792 UmPass - ok
13:57:54.0671 6792 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\windows\system32\DRIVERS\usbccgp.sys
13:57:54.0673 6792 usbccgp - ok
13:57:54.0878 6792 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:57:54.0881 6792 usbcir - ok
13:57:55.0010 6792 usbehci (74ee782b1d9c241efe425565854c661c) C:\windows\system32\DRIVERS\usbehci.sys
13:57:55.0012 6792 usbehci - ok
13:57:55.0211 6792 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\windows\system32\DRIVERS\usbhub.sys
13:57:55.0216 6792 usbhub - ok
13:57:55.0358 6792 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
13:57:55.0359 6792 usbohci - ok
13:57:55.0543 6792 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
13:57:55.0545 6792 usbprint - ok
13:57:55.0710 6792 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:57:55.0712 6792 USBSTOR - ok
13:57:55.0868 6792 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
13:57:55.0871 6792 usbuhci - ok
13:57:56.0093 6792 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
13:57:56.0095 6792 usbvideo - ok
13:57:56.0358 6792 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:57:56.0360 6792 vdrvroot - ok
13:57:56.0729 6792 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:57:56.0730 6792 vga - ok
13:57:56.0936 6792 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:57:56.0971 6792 VgaSave - ok
13:57:57.0125 6792 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:57:57.0128 6792 vhdmp - ok
13:57:57.0279 6792 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:57:57.0281 6792 viaide - ok
13:57:57.0560 6792 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:57:57.0590 6792 volmgr - ok
13:57:57.0713 6792 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:57:57.0719 6792 volmgrx - ok
13:57:57.0872 6792 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
13:57:57.0876 6792 volsnap - ok
13:57:58.0111 6792 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
13:57:58.0114 6792 vsmraid - ok
13:57:58.0236 6792 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:57:58.0237 6792 vwifibus - ok
13:57:58.0530 6792 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:57:58.0532 6792 vwififlt - ok
13:57:58.0774 6792 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:57:58.0775 6792 vwifimp - ok
13:57:59.0035 6792 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
13:57:59.0050 6792 WacomPen - ok
13:57:59.0316 6792 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:57:59.0318 6792 WANARP - ok
13:57:59.0347 6792 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:57:59.0349 6792 Wanarpv6 - ok
13:57:59.0540 6792 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
13:57:59.0541 6792 Wd - ok
13:57:59.0839 6792 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:57:59.0848 6792 Wdf01000 - ok
13:58:00.0156 6792 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:58:00.0157 6792 WfpLwf - ok
13:58:00.0324 6792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:58:00.0325 6792 WIMMount - ok
13:58:00.0674 6792 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
13:58:00.0676 6792 WinUsb - ok
13:58:00.0886 6792 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
13:58:00.0887 6792 WmiAcpi - ok
13:58:01.0148 6792 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:58:01.0150 6792 ws2ifsl - ok
13:58:01.0322 6792 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
13:58:01.0324 6792 WSDPrintDevice - ok
13:58:01.0593 6792 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:58:01.0595 6792 WudfPf - ok
13:58:02.0130 6792 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:58:02.0133 6792 WUDFRd - ok
13:58:02.0184 6792 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:58:02.0197 6792 \Device\Harddisk0\DR0 - ok
13:58:02.0229 6792 Boot (0x1200) (cbf87cf696aedd2a137cfa9ce4d041d6) \Device\Harddisk0\DR0\Partition0
13:58:02.0230 6792 \Device\Harddisk0\DR0\Partition0 - ok
13:58:02.0231 6792 ============================================================
13:58:02.0231 6792 Scan finished
13:58:02.0231 6792 ============================================================
13:58:02.0246 4364 Detected object count: 0
13:58:02.0246 4364 Actual detected object count: 0
#6
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 December 2011 - 01:11 PM
Hi catherine,
Don't worry about that Microsoft Office Click-to-Run. It isn't what I was looking for.
When that is done post the log and we will go from there.gmer is already running
Don't worry about that Microsoft Office Click-to-Run. It isn't what I was looking for.
#7
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 15 December 2011 - 01:52 PM
i should mention, re: the backup harddrive, i do have a 500G external hard drive (no operating system on it) if we need one. right now it's got some stories and music on it. i have another one but i'm not sure if it's running 98 or XP. it's from an older computer but it has a lot of stuff on it that i can't afford to lose.
i ended up running gmer twice because i accidentally hit a key while watching it run and the 'ok' button shut it down.
this came off the first:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-15 14:22:28
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Files - GMER 1.0.15 ----
File C:\TDSSKiller.2.6.23.0_15.12.2011_13.55.15_log.txt 76108 bytes
---- EOF - GMER 1.0.15 ----
and this came off the second:
GMER found no system modifications. the log is empty.
i ended up running gmer twice because i accidentally hit a key while watching it run and the 'ok' button shut it down.
this came off the first:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-15 14:22:28
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Files - GMER 1.0.15 ----
File C:\TDSSKiller.2.6.23.0_15.12.2011_13.55.15_log.txt 76108 bytes
---- EOF - GMER 1.0.15 ----
and this came off the second:
GMER found no system modifications. the log is empty.
#8
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 December 2011 - 02:09 PM
Hi catherine,
Thanks for that additional info about the ext hard drive.
------------
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
Thanks for that additional info about the ext hard drive.
------------
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt for further review.
#9
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 15 December 2011 - 02:57 PM
after running it, and it restarting the computer, it froze when the log came up so i had to restart the computer again. don't know if that matters at all.
ComboFix 11-12-15.02 - laptop 12/15/2011 15:14:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.1151 [GMT -5:00]
Running from: c:\users\laptop\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 20:27 . 2011-12-15 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 23:01 . 2011-12-14 05:58 -------- d-----w- c:\programdata\AVG2012
2011-12-13 23:00 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\AVG
2011-12-13 22:50 . 2011-12-13 22:50 -------- d--h--w- c:\programdata\Common Files
2011-12-13 22:49 . 2011-12-14 05:54 -------- d-----w- c:\programdata\MFAData
2011-12-13 19:45 . 2011-12-13 19:45 -------- d-----w- c:\users\laptop\AppData\Roaming\Malwarebytes
2011-12-13 19:44 . 2011-12-14 05:54 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 19:44 . 2011-12-14 05:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-13 19:44 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 04:36 . 2011-12-04 04:38 -------- d-----w- c:\program files (x86)\Dark Parables - Rise of the Snow Queen Collector's Edition
2011-12-03 23:49 . 2011-12-07 16:15 -------- d-----w- c:\programdata\Playrix Entertainment
2011-12-03 22:21 . 2011-12-03 22:21 -------- d-----w- c:\programdata\TERMINAL Studio
2011-12-03 17:45 . 2011-12-03 17:46 -------- d-----w- c:\users\laptop\AppData\Local\Tific
2011-12-03 16:17 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Luxor Adventures
2011-12-03 16:17 . 2009-08-19 01:26 57344 ----a-w- c:\windows\SysWow64\Big Kahuna Reef.scr
2011-12-03 16:17 . 2011-12-12 00:23 -------- d-----w- c:\program files (x86)\Big Kahuna Reef
2011-12-03 16:02 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Double Play Jewel Quest 2 and 3
2011-12-03 15:55 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Royal Envoy
2011-12-03 15:42 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Samantha Swift and the Mystery from Atlantis
2011-12-03 15:26 . 2011-12-04 02:31 -------- d-----w- c:\program files (x86)\Big Kahuna Reef 2
2011-12-03 15:25 . 2011-12-11 23:32 -------- d-----w- c:\program files (x86)\The Rise Of Atlantis
2011-12-03 15:23 . 2011-12-03 22:42 -------- d-----w- c:\program files (x86)\Sky Kingdoms
2011-12-03 15:20 . 2011-12-11 21:22 -------- d-----w- c:\program files (x86)\Heroes Of Hellas
2011-12-03 15:19 . 2011-12-04 02:38 -------- d-----w- c:\program files (x86)\Call Of Atlantis
2011-12-03 15:13 . 2011-12-04 06:42 -------- d-----w- c:\program files (x86)\Atlantis Quest
2011-12-03 15:11 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Luxor HD
2011-12-03 15:10 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Samantha Swift Fountains of Fate
2011-12-03 14:52 . 2011-12-03 14:52 -------- d-----w- c:\programdata\Amazon
2011-12-03 14:52 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Amazon
2011-12-03 04:34 . 2011-12-03 04:34 -------- d-----w- c:\programdata\Fugazo
2011-12-02 21:57 . 2011-12-02 21:57 -------- d-----w- c:\program files (x86)\Mythic Pearls - The Legend of Tirnanog
2011-12-02 21:53 . 2011-12-02 21:53 -------- d-----w- c:\programdata\Intenium
2011-12-02 21:45 . 2011-12-02 21:45 -------- d-----w- c:\program files (x86)\Luxor - 5th Passage
2011-11-30 17:10 . 2011-11-30 17:10 -------- d-----w- c:\users\laptop\AppData\Roaming\OpenOffice.org
2011-11-30 17:08 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-11-30 17:08 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-30 17:08 . 2011-11-30 17:08 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-30 17:08 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Java
2011-11-30 16:31 . 2011-12-14 05:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-11-28 00:04 . 2011-11-30 05:03 -------- d-----w- c:\users\laptop\AppData\Roaming\Oberon Games
2011-11-20 03:42 . 2011-11-20 03:42 -------- d-----w- c:\users\laptop\AppData\Roaming\Fuzzy Games
2011-11-16 20:23 . 2011-11-16 20:23 -------- d-----w- c:\users\laptop\AppData\Roaming\HdO Adventure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 17:08 . 2011-04-28 03:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-07 01:29 . 2011-09-13 23:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-12-03 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"combofix"="c:\combofix\CF20352.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\i1p7oxmi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Desktop Software - c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 15:50:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 20:50
.
Pre-Run: 517,595,598,848 bytes free
Post-Run: 517,074,563,072 bytes free
.
- - End Of File - - B5F6F1F98893DA0F79591BD12BB8FD68
#10
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 December 2011 - 03:02 PM
Hi catherine,
Looks like it ran just fine. Good job.
----------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Looks like it ran just fine. Good job.
----------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Right-click and Run as Administrator SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind consrv.dll
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Register to Remove
#11
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 15 December 2011 - 03:10 PM
SystemLook 30.07.11 by jpshortstuff
Log created at 16:07 on 15/12/2011 by laptop
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "consrv.dll"
No files found.
-= EOF =-
#12
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 15 December 2011 - 04:11 PM
i just went looking and realized i had to reinstall my avg antivirus. i've downloaded a new copy. i know the free one isn't as good but i need free right now for at least another three months. is zone alarm going to help? i used to have it on an older computer and i'm not sure if it's still a free firewall that works or not? thank you for the advice and the help with all this stuff.
#13
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 December 2011 - 06:34 PM
Hi catherine,
You can use AVG free and that will be fine. I prefer either Microsoft Security Essentials or
Avast
Were you able to get SystemLook run yet? If so please post the log that was created.
You can use AVG free and that will be fine. I prefer either Microsoft Security Essentials or
Avast
Were you able to get SystemLook run yet? If so please post the log that was created.
#14
catherine_d
-
- Authentic Member
-
- 48 posts
Authentic Member
Posted 15 December 2011 - 06:37 PM
i posted it above but i'll repost it.
SystemLook 30.07.11 by jpshortstuff
Log created at 17:16 on 15/12/2011 by laptop
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "consrv.dll"
No files found.
-= EOF =-
also, i checked, ping.exe is still on the computer but it's not running. is that normal? and thank you for that rec on the firewall.
#15
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 December 2011 - 07:47 PM
Hi catherine,
Ok...please delete your copy of ComboFix using right click >> delete and then download a fresh copy. Then run a new scan with ComboFix and post the new log into your next reply.
Ok...please delete your copy of ComboFix using right click >> delete and then download a fresh copy. Then run a new scan with ComboFix and post the new log into your next reply.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
