Need Help.

View previous topic View next topic Go down

Need Help.

Post by OizenX on 21st March 2012, 12:21 am

Recently, my Computer has been going kinda slow, loosing connection to servers a lot.

and when it is connected, It opens random ad pages when I use Google, or any website really, its very annoying. I tried using Combofix on it, but it ended up just botching my computer, making everything un-runable.

I'm Running a dell XPS on Windows 7.

Help?

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 21st March 2012, 3:14 am

A little status update, I tried running Avast antivirus, and it finds some things and I have them removed, but after doing this when I try to reboot my laptop I get

"STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program."

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 21st March 2012, 5:57 am

I think my svchost.exe is infected with a trojan, and when its deleted windows cant start Indifferent or Blank


OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by Gabethebabe on 21st March 2012, 6:38 pm

Hi there OizenX!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Seems you have some serious problems. It would have been a better idea to come here directly for help instead of running combofix, which is an advanced tool.

Can you find me the combofix log, which should be in your root (C:\combofix.txt). If you can find it, please post it here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 23rd March 2012, 9:33 am

Sorry about the delay, and I dont see much harm in testing things out formyself, my entire computer is backed up on my spare drive. I've just been restoring, though I'll wait for instructions from someone who knows this stuff. Please help asap.

ComboFix 12-03-20.02 - Oizen 03/20/2012 19:33:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.5786 [GMT -4]
Running from: c:\users\Oizen\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Oizen\AppData\Local\assembly\tmp
c:\users\Oizen\AppData\Roaming\Love
c:\users\Oizen\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-1.txt
c:\users\Oizen\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-2.txt
c:\users\Oizen\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-3.txt
c:\users\Oizen\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-4.txt
c:\users\Oizen\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\icon.png
c:\users\Oizen\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\settings.txt
c:\users\Oizen\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\version.txt
c:\users\Oizen\AppData\Roaming\Love\mari0\options.txt
c:\users\Oizen\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\Oizen\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\Oizen\AppData\Roaming\Love\not_tetris_2\options.txt
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWow64\dt
c:\windows\SysWow64\dt\2011-08-18_07-27-05-610402662
c:\windows\SysWow64\dt\2011-08-18_07-29-05-610522673
c:\windows\SysWow64\dt\2011-08-18_07-31-05-610642732
c:\windows\SysWow64\dt\2011-08-18_07-33-05-610762759
c:\windows\SysWow64\mc.dat
c:\windows\SysWow64\web.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 23:39 . 2012-03-20 23:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-20 23:39 . 2012-03-20 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 04:33 . 2012-03-19 04:33 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 04:33 . 2012-03-19 04:33 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 13:22 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{206024F5-6EEB-45B6-A143-C896E3439E5F}\mpengine.dll
2012-03-14 07:04 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:04 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:04 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:34 . 2012-03-14 06:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-13 18:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:43 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:43 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:43 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 18:42 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:42 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:42 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:42 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-07 07:09 . 2012-03-20 23:39 -------- d-----w- c:\users\Oizen\AppData\Local\assembly
2012-03-07 07:08 . 2012-03-07 07:09 -------- d-----w- c:\program files (x86)\NCSoft
2012-03-07 07:06 . 2012-03-07 07:06 -------- d-----w- c:\users\Oizen\AppData\Roaming\InstallShield
2012-03-07 07:05 . 2012-03-07 07:06 -------- d-----w- c:\users\Oizen\AppData\Roaming\GetRightToGo
2012-03-05 23:18 . 2012-03-05 23:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-04 08:35 . 2012-03-04 08:35 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2012-03-01 05:16 . 2012-03-01 05:16 -------- d-----w- c:\program files (x86)\Gameforge
2012-02-23 00:23 . 2006-08-15 04:51 65536 ----a-w- c:\windows\system32\dsptool.dll
2012-02-23 00:23 . 2006-08-15 04:50 172032 ----a-w- c:\windows\system32\dsptoolD.dll
2012-02-23 00:13 . 2006-08-15 04:51 65536 ----a-w- c:\windows\system\dsptool.dll
2012-02-23 00:13 . 2006-08-15 04:50 172032 ----a-w- c:\windows\system\dsptoolD.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 20:50 . 2011-05-18 00:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 06:33 . 2011-05-12 23:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2011-06-04 18:24 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 22:07 . 2012-02-08 22:07 53248 ----a-r- c:\users\Oizen\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-02-02 22:50 . 2012-02-16 04:35 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-02-02 22:50 . 2012-02-16 04:35 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-01-26 08:01 . 2011-06-19 23:59 289472 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-01-17 19:35 . 2012-01-17 19:35 108477 ----a-w- c:\windows\Thumbplug TGA Uninstaller.exe
2012-01-15 22:26 . 2012-01-15 22:26 86075 ----a-w- c:\windows\system32\vstdlib.dll
2012-01-04 10:44 . 2012-02-16 06:04 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 06:04 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-16 06:04 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 06:04 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 06:04 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-24 20:24 . 2011-12-24 20:24 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-24 20:24 . 2011-12-24 20:20 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-24 20:20 . 2011-12-24 20:20 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-24 20:20 . 2011-12-24 20:20 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-06-02 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 643856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-08-14 800768]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Oizen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FirstBoot.lnk - c:\program files (x86)\Mabinogi Frontend\Core\FirstBoot.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-12 79360]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-11-28 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-07 1436424]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-05-12 79360]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Oizen\AppData\Local\Temp\00558A3.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 DMAgent;IntelŽ PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-06-15 737016]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 WiMAXAppSrv;IntelŽ PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2412317798-400478716-3976465807-1002Core.job
- c:\users\Oizen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 00:32]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2412317798-400478716-3976465807-1002UA.job
- c:\users\Oizen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 00:32]
.
2012-03-20 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-08 6560360]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"combofix"="c:\combofix\CF13646.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dashsvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Oizen\AppData\Roaming\Mozilla\Firefox\Profiles\0ww3435o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Toolbar-Locked - (no file)
WebBrowser-{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FBX for QuickTime - c:\program files (x86)\Autodesk\FBX\FbxPlugins\2006.11.2\QuickTime7\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Oizen\AppData\Local\Temp\00558A3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-20 19:47:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 23:47
.
Pre-Run: 163,337,367,552 bytes free
Post-Run: 162,967,949,312 bytes free
.
- - End Of File - - 0A2D7B8B51574A3945F288DC8AD9B5D1

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by Gabethebabe on 23rd March 2012, 10:06 am

  • Please create a new text file in Notepad with the following contents:
    Code:
    KILLALL::
    File::
    c:\users\Oizen\AppData\Local\Temp\00558A3.tmp

    Folder::
    C:\combofix

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"=-

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

    Driver::
    X6va005
  • Save that file as CFScript.txt on your desktop
  • Drag and drop the CFScript.txt onto the ComboFix icon, as shown in the animation below.

  • If done correctly, ComboFix will start and perform specific instructions
  • In doing so, ComboFix may request a reboot
  • Please post the contents of Combofix.txt in your next reply

====================

Please download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 23rd March 2012, 12:24 pm

Malwarebytes Anti-Malware 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Oizen :: OIZEN-PC [administrator]

3/23/2012 8:20:05 AM
mbam-log-2012-03-23 (08-20-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211716
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--

Whenever I try to do anytihng, it tells me "Illegal operation on a Registry key that has been marked for deletion"

I had to run FF as admin to post this Indifferent or Blank

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 23rd March 2012, 12:45 pm

Another problem,

whenever I restart my computer after following the steps you provided, I cannot reboot

The error message is
"STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program."

I'm kinda stuck leaving my laptop on indefinitely until you reply

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 23rd March 2012, 6:59 pm

Figured out a way to launch, and I still get random ad pages opening, and things are still slow.

But after Combofix launched my computer things were fast, I didn't get any annoying popups, but I had to reboot, which brought all the crap back.


OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by Gabethebabe on 25th March 2012, 1:38 pm

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 26th March 2012, 6:56 am

02:45:58.0653 7812 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
02:45:59.0911 7812 ============================================================
02:45:59.0911 7812 Current date / time: 2012/03/26 02:45:59.0911
02:45:59.0911 7812 SystemInfo:
02:45:59.0911 7812
02:45:59.0911 7812 OS Version: 6.1.7601 ServicePack: 1.0
02:45:59.0911 7812 Product type: Workstation
02:45:59.0911 7812 ComputerName: OIZEN-PC
02:45:59.0911 7812 UserName: Oizen
02:45:59.0911 7812 Windows directory: C:\Windows
02:45:59.0911 7812 System windows directory: C:\Windows
02:45:59.0911 7812 Running under WOW64
02:45:59.0911 7812 Processor architecture: Intel x64
02:45:59.0911 7812 Number of processors: 4
02:45:59.0911 7812 Page size: 0x1000
02:45:59.0911 7812 Boot type: Normal boot
02:45:59.0911 7812 ============================================================
02:46:01.0633 7812 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:46:01.0634 7812 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:46:01.0639 7812 Drive \Device\Harddisk2\DR2 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:46:01.0644 7812 \Device\Harddisk0\DR0:
02:46:01.0644 7812 MBR used
02:46:01.0645 7812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
02:46:01.0645 7812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
02:46:01.0645 7812 \Device\Harddisk1\DR1:
02:46:01.0645 7812 MBR used
02:46:01.0645 7812 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
02:46:01.0645 7812 \Device\Harddisk2\DR2:
02:46:01.0646 7812 MBR used
02:46:01.0646 7812 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
02:46:01.0681 7812 Initialize success
02:46:01.0681 7812 ============================================================
02:46:06.0597 6868 ============================================================
02:46:06.0597 6868 Scan started
02:46:06.0597 6868 Mode: Manual;
02:46:06.0597 6868 ============================================================
02:46:08.0748 6868 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:46:08.0753 6868 1394ohci - ok
02:46:08.0783 6868 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
02:46:08.0785 6868 Acceler - ok
02:46:08.0831 6868 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:46:08.0837 6868 ACPI - ok
02:46:08.0852 6868 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:46:08.0853 6868 AcpiPmi - ok
02:46:08.0900 6868 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:46:08.0907 6868 adp94xx - ok
02:46:08.0932 6868 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:46:08.0937 6868 adpahci - ok
02:46:08.0952 6868 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:46:08.0973 6868 adpu320 - ok
02:46:09.0005 6868 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:46:09.0007 6868 AeLookupSvc - ok
02:46:09.0056 6868 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
02:46:09.0059 6868 AERTFilters - ok
02:46:09.0129 6868 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:46:09.0136 6868 AFD - ok
02:46:09.0157 6868 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:46:09.0159 6868 agp440 - ok
02:46:09.0179 6868 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:46:09.0181 6868 ALG - ok
02:46:09.0209 6868 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:46:09.0211 6868 aliide - ok
02:46:09.0227 6868 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:46:09.0229 6868 amdide - ok
02:46:09.0263 6868 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:46:09.0266 6868 AmdK8 - ok
02:46:09.0276 6868 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:46:09.0277 6868 AmdPPM - ok
02:46:09.0335 6868 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:46:09.0396 6868 amdsata - ok
02:46:09.0593 6868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:46:09.0597 6868 amdsbs - ok
02:46:09.0656 6868 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:46:09.0657 6868 amdxata - ok
02:46:09.0705 6868 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:46:09.0707 6868 AppID - ok
02:46:09.0729 6868 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:46:09.0731 6868 AppIDSvc - ok
02:46:09.0775 6868 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:46:09.0777 6868 Appinfo - ok
02:46:09.0843 6868 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:46:09.0845 6868 Apple Mobile Device - ok
02:46:09.0884 6868 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:46:09.0886 6868 arc - ok
02:46:09.0908 6868 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:46:09.0910 6868 arcsas - ok
02:46:10.0010 6868 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:46:10.0012 6868 aspnet_state - ok
02:46:10.0058 6868 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
02:46:10.0061 6868 aswFsBlk - ok
02:46:10.0100 6868 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
02:46:10.0102 6868 aswMonFlt - ok
02:46:10.0117 6868 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
02:46:10.0119 6868 aswRdr - ok
02:46:10.0176 6868 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
02:46:10.0196 6868 aswSnx - ok
02:46:10.0238 6868 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
02:46:10.0244 6868 aswSP - ok
02:46:10.0276 6868 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
02:46:10.0278 6868 aswTdi - ok
02:46:10.0313 6868 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:46:10.0315 6868 AsyncMac - ok
02:46:10.0358 6868 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:46:10.0358 6868 atapi - ok
02:46:10.0423 6868 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:46:10.0440 6868 AudioEndpointBuilder - ok
02:46:10.0461 6868 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:46:10.0465 6868 AudioSrv - ok
02:46:10.0615 6868 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:46:10.0618 6868 avast! Antivirus - ok
02:46:10.0669 6868 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:46:10.0672 6868 AxInstSV - ok
02:46:10.0706 6868 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:46:10.0722 6868 b06bdrv - ok
02:46:10.0755 6868 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:46:10.0761 6868 b57nd60a - ok
02:46:10.0786 6868 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:46:10.0789 6868 BDESVC - ok
02:46:10.0803 6868 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:46:10.0805 6868 Beep - ok
02:46:10.0888 6868 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:46:10.0907 6868 BFE - ok
02:46:10.0959 6868 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:46:10.0980 6868 BITS - ok
02:46:11.0012 6868 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:46:11.0014 6868 blbdrive - ok
02:46:11.0060 6868 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:46:11.0064 6868 bowser - ok
02:46:11.0140 6868 bpenum (597fffac47605337b1c719b4975238f0) C:\Windows\system32\DRIVERS\bpenum.sys
02:46:11.0153 6868 bpenum - ok
02:46:11.0176 6868 bpmp (f66c6ad105ef5a899207f4907366e2e2) C:\Windows\system32\DRIVERS\bpmp.sys
02:46:11.0180 6868 bpmp - ok
02:46:11.0205 6868 bpusb (ae6751f004dfebe0a7548265ccf432ce) C:\Windows\system32\Drivers\bpusb.sys
02:46:11.0209 6868 bpusb - ok
02:46:11.0227 6868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:46:11.0229 6868 BrFiltLo - ok
02:46:11.0250 6868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:46:11.0252 6868 BrFiltUp - ok
02:46:11.0287 6868 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:46:11.0290 6868 BridgeMP - ok
02:46:11.0330 6868 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:46:11.0333 6868 Browser - ok
02:46:11.0360 6868 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:46:11.0366 6868 Brserid - ok
02:46:11.0376 6868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:46:11.0377 6868 BrSerWdm - ok
02:46:11.0400 6868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:46:11.0402 6868 BrUsbMdm - ok
02:46:11.0423 6868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:46:11.0426 6868 BrUsbSer - ok
02:46:11.0446 6868 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:46:11.0448 6868 BTHMODEM - ok
02:46:11.0496 6868 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:46:11.0499 6868 bthserv - ok
02:46:11.0521 6868 catchme - ok
02:46:11.0557 6868 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:46:11.0559 6868 cdfs - ok
02:46:11.0648 6868 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:46:11.0655 6868 cdrom - ok
02:46:11.0739 6868 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:46:11.0742 6868 CertPropSvc - ok
02:46:11.0781 6868 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:46:11.0783 6868 circlass - ok
02:46:11.0816 6868 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:46:11.0822 6868 CLFS - ok
02:46:11.0882 6868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:46:11.0884 6868 clr_optimization_v2.0.50727_32 - ok
02:46:11.0914 6868 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:46:11.0916 6868 clr_optimization_v2.0.50727_64 - ok
02:46:11.0996 6868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:46:11.0999 6868 clr_optimization_v4.0.30319_32 - ok
02:46:12.0042 6868 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:46:12.0046 6868 clr_optimization_v4.0.30319_64 - ok
02:46:12.0128 6868 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:46:12.0132 6868 CmBatt - ok
02:46:12.0180 6868 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:46:12.0182 6868 cmdide - ok
02:46:12.0237 6868 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:46:12.0244 6868 CNG - ok
02:46:12.0258 6868 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:46:12.0261 6868 Compbatt - ok
02:46:12.0314 6868 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:46:12.0316 6868 CompositeBus - ok
02:46:12.0328 6868 COMSysApp - ok
02:46:12.0348 6868 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:46:12.0350 6868 crcdisk - ok
02:46:12.0410 6868 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
02:46:12.0414 6868 Creative ALchemy AL6 Licensing Service - ok
02:46:12.0453 6868 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
02:46:12.0455 6868 Creative Audio Engine Licensing Service - ok
02:46:12.0509 6868 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
02:46:12.0513 6868 CryptSvc - ok
02:46:12.0550 6868 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
02:46:12.0556 6868 CTAudSvcService - ok
02:46:12.0582 6868 CtClsFlt (df214bff646880d0eb31bdc86136b29b) C:\Windows\system32\DRIVERS\CtClsFlt.sys
02:46:12.0586 6868 CtClsFlt - ok
02:46:12.0612 6868 dashsvc (a4f18227d12749425928c3ac642e4daa) C:\Windows\system32\nvrd64.dll
02:46:12.0613 6868 dashsvc ( Backdoor.Multi.ZAccess.gen ) - infected
02:46:12.0614 6868 dashsvc - detected Backdoor.Multi.ZAccess.gen (0)
02:46:12.0686 6868 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:46:12.0693 6868 DcomLaunch - ok
02:46:12.0731 6868 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:46:12.0737 6868 defragsvc - ok
02:46:12.0779 6868 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:46:12.0782 6868 DfsC - ok
02:46:12.0809 6868 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:46:12.0814 6868 Dhcp - ok
02:46:12.0849 6868 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:46:12.0851 6868 discache - ok
02:46:12.0882 6868 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:46:12.0884 6868 Disk - ok
02:46:12.0950 6868 DMAgent (fd6780d8e79a4a0037dbcb339582f091) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
02:46:12.0957 6868 DMAgent - ok
02:46:12.0983 6868 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:46:12.0987 6868 Dnscache - ok
02:46:13.0031 6868 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:46:13.0035 6868 dot3svc - ok
02:46:13.0077 6868 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:46:13.0081 6868 DPS - ok
02:46:13.0123 6868 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:46:13.0124 6868 drmkaud - ok
02:46:13.0197 6868 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
02:46:13.0200 6868 DrvAgent64 - ok
02:46:13.0250 6868 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:46:13.0255 6868 dtsoftbus01 - ok
02:46:13.0316 6868 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:46:13.0340 6868 DXGKrnl - ok
02:46:13.0358 6868 EagleX64 - ok
02:46:13.0386 6868 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:46:13.0390 6868 EapHost - ok
02:46:13.0467 6868 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:46:13.0535 6868 ebdrv - ok
02:46:13.0574 6868 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:46:13.0577 6868 EFS - ok
02:46:13.0677 6868 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:46:13.0695 6868 ehRecvr - ok
02:46:13.0717 6868 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:46:13.0720 6868 ehSched - ok
02:46:13.0768 6868 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:46:13.0776 6868 elxstor - ok
02:46:13.0812 6868 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:46:13.0813 6868 ErrDev - ok
02:46:13.0846 6868 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:46:13.0852 6868 EventSystem - ok
02:46:13.0976 6868 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
02:46:14.0001 6868 EvtEng - ok
02:46:14.0050 6868 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:46:14.0055 6868 exfat - ok
02:46:14.0081 6868 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:46:14.0086 6868 fastfat - ok
02:46:14.0141 6868 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:46:14.0158 6868 Fax - ok
02:46:14.0180 6868 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:46:14.0182 6868 fdc - ok
02:46:14.0201 6868 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:46:14.0203 6868 fdPHost - ok
02:46:14.0218 6868 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:46:14.0221 6868 FDResPub - ok
02:46:14.0239 6868 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:46:14.0242 6868 FileInfo - ok
02:46:14.0285 6868 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:46:14.0287 6868 Filetrace - ok
02:46:14.0395 6868 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:46:14.0422 6868 FLEXnet Licensing Service - ok
02:46:14.0500 6868 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:46:14.0514 6868 FLEXnet Licensing Service 64 - ok
02:46:14.0576 6868 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:46:14.0593 6868 flpydisk - ok
02:46:14.0801 6868 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:46:14.0806 6868 FltMgr - ok
02:46:14.0846 6868 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:46:14.0871 6868 FontCache - ok
02:46:14.0935 6868 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:46:14.0937 6868 FontCache3.0.0.0 - ok
02:46:14.0960 6868 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:46:14.0962 6868 FsDepends - ok
02:46:14.0977 6868 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:46:14.0979 6868 Fs_Rec - ok
02:46:15.0037 6868 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:46:15.0041 6868 fvevol - ok
02:46:15.0072 6868 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:46:15.0074 6868 gagp30kx - ok
02:46:15.0123 6868 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:46:15.0125 6868 GEARAspiWDM - ok
02:46:15.0186 6868 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:46:15.0206 6868 gpsvc - ok
02:46:15.0274 6868 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
02:46:15.0277 6868 hamachi - ok
02:46:15.0305 6868 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:46:15.0307 6868 hcw85cir - ok
02:46:15.0375 6868 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:46:15.0378 6868 HDAudBus - ok
02:46:15.0415 6868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:46:15.0418 6868 HidBatt - ok
02:46:15.0449 6868 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:46:15.0451 6868 HidBth - ok
02:46:15.0486 6868 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:46:15.0488 6868 HidIr - ok
02:46:15.0525 6868 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:46:15.0528 6868 hidserv - ok
02:46:15.0576 6868 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:46:15.0578 6868 HidUsb - ok
02:46:15.0631 6868 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:46:15.0635 6868 hkmsvc - ok
02:46:15.0693 6868 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:46:15.0699 6868 HomeGroupListener - ok
02:46:15.0745 6868 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:46:15.0751 6868 HomeGroupProvider - ok
02:46:15.0793 6868 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:46:15.0795 6868 HpSAMD - ok
02:46:15.0856 6868 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:46:15.0875 6868 HTTP - ok
02:46:15.0895 6868 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:46:15.0897 6868 hwpolicy - ok
02:46:15.0944 6868 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:46:15.0946 6868 i8042prt - ok
02:46:15.0999 6868 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:46:16.0005 6868 iaStorV - ok
02:46:16.0098 6868 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:46:16.0122 6868 idsvc - ok
02:46:16.0365 6868 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:46:16.0563 6868 igfx - ok
02:46:16.0619 6868 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:46:16.0621 6868 iirsp - ok
02:46:16.0680 6868 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:46:16.0706 6868 IKEEXT - ok
02:46:16.0742 6868 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
02:46:16.0746 6868 Impcd - ok
02:46:16.0815 6868 IntcAzAudAddService (d492d3b5a8ddde1d6621a8c53855eabf) C:\Windows\system32\drivers\RTKVHD64.sys
02:46:16.0873 6868 IntcAzAudAddService - ok
02:46:16.0906 6868 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:46:16.0912 6868 IntcDAud - ok
02:46:16.0946 6868 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:46:16.0948 6868 intelide - ok
02:46:16.0977 6868 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:46:16.0980 6868 intelppm - ok
02:46:17.0005 6868 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:46:17.0008 6868 IPBusEnum - ok
02:46:17.0038 6868 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:46:17.0041 6868 IpFilterDriver - ok
02:46:17.0110 6868 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:46:17.0119 6868 iphlpsvc - ok
02:46:17.0157 6868 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:46:17.0160 6868 IPMIDRV - ok
02:46:17.0196 6868 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:46:17.0199 6868 IPNAT - ok
02:46:17.0274 6868 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
02:46:17.0302 6868 iPod Service - ok
02:46:17.0330 6868 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:46:17.0332 6868 IRENUM - ok
02:46:17.0377 6868 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:46:17.0379 6868 isapnp - ok
02:46:17.0418 6868 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:46:17.0423 6868 iScsiPrt - ok
02:46:17.0448 6868 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:46:17.0450 6868 kbdclass - ok
02:46:17.0470 6868 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:46:17.0473 6868 kbdhid - ok
02:46:17.0518 6868 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:46:17.0520 6868 KeyIso - ok
02:46:17.0544 6868 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:46:17.0547 6868 KSecDD - ok
02:46:17.0587 6868 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:46:17.0592 6868 KSecPkg - ok
02:46:17.0609 6868 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:46:17.0611 6868 ksthunk - ok
02:46:17.0654 6868 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:46:17.0663 6868 KtmRm - ok
02:46:17.0724 6868 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:46:17.0730 6868 LanmanServer - ok
02:46:17.0777 6868 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:46:17.0780 6868 LanmanWorkstation - ok
02:46:17.0835 6868 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:46:17.0837 6868 lltdio - ok
02:46:17.0870 6868 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:46:17.0876 6868 lltdsvc - ok
02:46:17.0899 6868 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:46:17.0903 6868 lmhosts - ok
02:46:17.0961 6868 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:46:17.0978 6868 LMS - ok
02:46:18.0022 6868 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:46:18.0024 6868 LSI_FC - ok
02:46:18.0065 6868 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:46:18.0068 6868 LSI_SAS - ok
02:46:18.0098 6868 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:46:18.0101 6868 LSI_SAS2 - ok
02:46:18.0135 6868 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:46:18.0139 6868 LSI_SCSI - ok
02:46:18.0159 6868 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:46:18.0162 6868 luafv - ok
02:46:18.0206 6868 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:46:18.0210 6868 Mcx2Svc - ok
02:46:18.0265 6868 megamonitorsrv (a4f18227d12749425928c3ac642e4daa) C:\Windows\system32\rbfilter.dll
02:46:18.0266 6868 megamonitorsrv ( Backdoor.Multi.ZAccess.gen ) - infected
02:46:18.0266 6868 megamonitorsrv - detected Backdoor.Multi.ZAccess.gen (0)
02:46:18.0286 6868 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:46:18.0290 6868 megasas - ok
02:46:18.0319 6868 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:46:18.0324 6868 MegaSR - ok
02:46:18.0406 6868 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
02:46:18.0409 6868 MEIx64 - ok
02:46:18.0549 6868 mi-raysat_3dsmax2011_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
02:46:18.0552 6868 mi-raysat_3dsmax2011_32 - ok
02:46:18.0668 6868 mi-raysat_3dsmax2011_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
02:46:18.0671 6868 mi-raysat_3dsmax2011_64 - ok
02:46:18.0727 6868 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:46:18.0731 6868 MMCSS - ok
02:46:18.0764 6868 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:46:18.0767 6868 Modem - ok
02:46:18.0801 6868 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:46:18.0803 6868 monitor - ok
02:46:18.0853 6868 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
02:46:18.0856 6868 MotioninJoyXFilter - ok
02:46:18.0902 6868 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:46:18.0905 6868 mouclass - ok
02:46:18.0928 6868 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:46:18.0930 6868 mouhid - ok
02:46:18.0969 6868 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:46:18.0971 6868 mountmgr - ok
02:46:19.0010 6868 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:46:19.0014 6868 mpio - ok
02:46:19.0037 6868 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:46:19.0039 6868 mpsdrv - ok
02:46:19.0113 6868 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:46:19.0138 6868 MpsSvc - ok
02:46:19.0180 6868 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:46:19.0184 6868 MRxDAV - ok
02:46:19.0228 6868 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:46:19.0233 6868 mrxsmb - ok
02:46:19.0279 6868 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:46:19.0284 6868 mrxsmb10 - ok
02:46:19.0307 6868 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:46:19.0310 6868 mrxsmb20 - ok
02:46:19.0354 6868 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:46:19.0356 6868 msahci - ok
02:46:19.0377 6868 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:46:19.0381 6868 msdsm - ok
02:46:19.0415 6868 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:46:19.0419 6868 MSDTC - ok
02:46:19.0457 6868 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:46:19.0460 6868 Msfs - ok
02:46:19.0490 6868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:46:19.0492 6868 mshidkmdf - ok
02:46:19.0504 6868 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:46:19.0506 6868 msisadrv - ok
02:46:19.0536 6868 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:46:19.0540 6868 MSiSCSI - ok
02:46:19.0548 6868 msiserver - ok
02:46:19.0641 6868 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:46:19.0643 6868 MSKSSRV - ok
02:46:19.0665 6868 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:46:19.0667 6868 MSPCLOCK - ok
02:46:19.0685 6868 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:46:19.0687 6868 MSPQM - ok
02:46:19.0733 6868 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:46:19.0739 6868 MsRPC - ok
02:46:19.0759 6868 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:46:19.0761 6868 mssmbios - ok
02:46:19.0842 6868 MSSQL$SQLEXPRESS - ok
02:46:19.0915 6868 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
02:46:19.0918 6868 MSSQLServerADHelper100 - ok
02:46:19.0952 6868 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:46:19.0954 6868 MSTEE - ok
02:46:19.0976 6868 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:46:19.0978 6868 MTConfig - ok
02:46:19.0996 6868 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:46:19.0998 6868 Mup - ok
02:46:20.0059 6868 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
02:46:20.0065 6868 MyWiFiDHCPDNS - ok
02:46:20.0111 6868 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:46:20.0119 6868 napagent - ok
02:46:20.0159 6868 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:46:20.0166 6868 NativeWifiP - ok
02:46:20.0210 6868 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
02:46:20.0232 6868 NDIS - ok
02:46:20.0250 6868 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:46:20.0252 6868 NdisCap - ok
02:46:20.0276 6868 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:46:20.0278 6868 NdisTapi - ok
02:46:20.0325 6868 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:46:20.0327 6868 Ndisuio - ok
02:46:20.0375 6868 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:46:20.0379 6868 NdisWan - ok
02:46:20.0414 6868 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:46:20.0417 6868 NDProxy - ok
02:46:20.0435 6868 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:46:20.0438 6868 NetBIOS - ok
02:46:20.0481 6868 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:46:20.0485 6868 NetBT - ok
02:46:20.0522 6868 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:46:20.0523 6868 Netlogon - ok
02:46:20.0564 6868 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:46:20.0572 6868 Netman - ok
02:46:20.0674 6868 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:46:20.0677 6868 NetMsmqActivator - ok
02:46:20.0691 6868 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:46:20.0693 6868 NetPipeActivator - ok
02:46:20.0718 6868 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:46:20.0726 6868 netprofm - ok
02:46:20.0750 6868 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:46:20.0751 6868 NetTcpActivator - ok
02:46:20.0754 6868 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:46:20.0755 6868 NetTcpPortSharing - ok
02:46:20.0909 6868 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
02:46:21.0060 6868 NETwNs64 - ok
02:46:21.0103 6868 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 26th March 2012, 6:57 am

02:46:21.0106 6868 nfrd960 - ok
02:46:21.0162 6868 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:46:21.0169 6868 NlaSvc - ok
02:46:21.0282 6868 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
02:46:21.0342 6868 NOBU - ok
02:46:21.0366 6868 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:46:21.0368 6868 Npfs - ok
02:46:21.0411 6868 npggsvc - ok
02:46:21.0443 6868 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:46:21.0446 6868 nsi - ok
02:46:21.0458 6868 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:46:21.0460 6868 nsiproxy - ok
02:46:21.0532 6868 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:46:21.0578 6868 Ntfs - ok
02:46:21.0592 6868 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:46:21.0594 6868 Null - ok
02:46:21.0628 6868 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
02:46:21.0631 6868 nusb3hub - ok
02:46:21.0662 6868 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
02:46:21.0666 6868 nusb3xhc - ok
02:46:21.0875 6868 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:46:22.0111 6868 nvlddmkm - ok
02:46:22.0140 6868 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
02:46:22.0143 6868 nvpciflt - ok
02:46:22.0190 6868 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:46:22.0194 6868 nvraid - ok
02:46:22.0220 6868 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:46:22.0224 6868 nvstor - ok
02:46:22.0257 6868 NvStUSB (92d06926c5da2a2e62e8fb5104f44d92) C:\Windows\system32\DRIVERS\nvstusb.sys
02:46:22.0260 6868 NvStUSB - ok
02:46:22.0302 6868 NVSvc (5a4af8ea634b4feeaf6f16bb1845715a) C:\Windows\system32\nvvsvc.exe
02:46:22.0328 6868 NVSvc - ok
02:46:22.0411 6868 nvUpdatusService (4b7636c52a359ab0783b350a5fbdbb49) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
02:46:22.0446 6868 nvUpdatusService - ok
02:46:22.0513 6868 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:46:22.0516 6868 nv_agp - ok
02:46:22.0584 6868 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:46:22.0591 6868 odserv - ok
02:46:22.0629 6868 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:46:22.0631 6868 ohci1394 - ok
02:46:22.0731 6868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:46:22.0735 6868 ose - ok
02:46:22.0770 6868 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:46:22.0777 6868 p2pimsvc - ok
02:46:22.0808 6868 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:46:22.0815 6868 p2psvc - ok
02:46:22.0838 6868 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:46:22.0841 6868 Parport - ok
02:46:22.0880 6868 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:46:22.0883 6868 partmgr - ok
02:46:22.0931 6868 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:46:22.0947 6868 PcaSvc - ok
02:46:22.0995 6868 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:46:22.0999 6868 pci - ok
02:46:23.0014 6868 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:46:23.0016 6868 pciide - ok
02:46:23.0040 6868 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:46:23.0044 6868 pcmcia - ok
02:46:23.0063 6868 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:46:23.0065 6868 pcw - ok
02:46:23.0091 6868 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:46:23.0100 6868 PEAUTH - ok
02:46:23.0159 6868 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:46:23.0311 6868 PerfHost - ok
02:46:23.0375 6868 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:46:23.0402 6868 pla - ok
02:46:23.0455 6868 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:46:23.0463 6868 PlugPlay - ok
02:46:23.0499 6868 PnkBstrA - ok
02:46:23.0522 6868 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:46:23.0525 6868 PNRPAutoReg - ok
02:46:23.0590 6868 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:46:23.0593 6868 PNRPsvc - ok
02:46:23.0682 6868 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:46:23.0691 6868 PolicyAgent - ok
02:46:23.0731 6868 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:46:23.0735 6868 Power - ok
02:46:23.0771 6868 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:46:23.0773 6868 PptpMiniport - ok
02:46:23.0823 6868 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:46:23.0826 6868 Processor - ok
02:46:23.0865 6868 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
02:46:23.0870 6868 ProfSvc - ok
02:46:23.0913 6868 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:46:23.0914 6868 ProtectedStorage - ok
02:46:23.0959 6868 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:46:23.0962 6868 Psched - ok
02:46:23.0995 6868 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
02:46:23.0997 6868 qicflt - ok
02:46:24.0043 6868 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:46:24.0076 6868 ql2300 - ok
02:46:24.0098 6868 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:46:24.0101 6868 ql40xx - ok
02:46:24.0131 6868 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:46:24.0137 6868 QWAVE - ok
02:46:24.0153 6868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:46:24.0155 6868 QWAVEdrv - ok
02:46:24.0177 6868 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:46:24.0179 6868 RasAcd - ok
02:46:24.0204 6868 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:46:24.0206 6868 RasAgileVpn - ok
02:46:24.0223 6868 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:46:24.0226 6868 RasAuto - ok
02:46:24.0268 6868 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:46:24.0272 6868 Rasl2tp - ok
02:46:24.0304 6868 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:46:24.0310 6868 RasMan - ok
02:46:24.0328 6868 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:46:24.0331 6868 RasPppoe - ok
02:46:24.0346 6868 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:46:24.0349 6868 RasSstp - ok
02:46:24.0388 6868 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:46:24.0394 6868 rdbss - ok
02:46:24.0415 6868 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:46:24.0417 6868 rdpbus - ok
02:46:24.0464 6868 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:46:24.0467 6868 RDPCDD - ok
02:46:24.0493 6868 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:46:24.0495 6868 RDPENCDD - ok
02:46:24.0510 6868 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:46:24.0511 6868 RDPREFMP - ok
02:46:24.0552 6868 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
02:46:24.0556 6868 RDPWD - ok
02:46:24.0610 6868 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:46:24.0614 6868 rdyboost - ok
02:46:24.0684 6868 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
02:46:24.0702 6868 RegSrvc - ok
02:46:24.0730 6868 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:46:24.0733 6868 RemoteAccess - ok
02:46:24.0766 6868 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:46:24.0771 6868 RemoteRegistry - ok
02:46:24.0797 6868 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:46:24.0800 6868 RpcEptMapper - ok
02:46:24.0813 6868 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:46:24.0816 6868 RpcLocator - ok
02:46:24.0857 6868 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:46:24.0862 6868 RpcSs - ok
02:46:24.0910 6868 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
02:46:24.0916 6868 RsFx0103 - ok
02:46:24.0955 6868 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:46:24.0957 6868 rspndr - ok
02:46:24.0994 6868 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:46:25.0001 6868 RTL8167 - ok
02:46:25.0043 6868 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:46:25.0045 6868 SamSs - ok
02:46:25.0175 6868 SbieDrv (c7e399dbc7b70fda979013389b1a8dab) C:\Program Files\Sandboxie\SbieDrv.sys
02:46:25.0180 6868 SbieDrv - ok
02:46:25.0243 6868 SbieSvc (9f64e814007b5b586c123f3820c104a5) C:\Program Files\Sandboxie\SbieSvc.exe
02:46:25.0246 6868 SbieSvc - ok
02:46:25.0279 6868 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:46:25.0282 6868 sbp2port - ok
02:46:25.0310 6868 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:46:25.0315 6868 SCardSvr - ok
02:46:25.0352 6868 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:46:25.0354 6868 scfilter - ok
02:46:25.0412 6868 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:46:25.0438 6868 Schedule - ok
02:46:25.0477 6868 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:46:25.0478 6868 SCPolicySvc - ok
02:46:25.0524 6868 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:46:25.0531 6868 SDRSVC - ok
02:46:25.0558 6868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:46:25.0561 6868 secdrv - ok
02:46:25.0601 6868 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:46:25.0605 6868 seclogon - ok
02:46:25.0638 6868 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:46:25.0642 6868 SENS - ok
02:46:25.0660 6868 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:46:25.0663 6868 SensrSvc - ok
02:46:25.0686 6868 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:46:25.0688 6868 Serenum - ok
02:46:25.0704 6868 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:46:25.0707 6868 Serial - ok
02:46:25.0744 6868 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:46:25.0746 6868 sermouse - ok
02:46:25.0796 6868 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:46:25.0800 6868 SessionEnv - ok
02:46:25.0819 6868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:46:25.0821 6868 sffdisk - ok
02:46:25.0835 6868 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:46:25.0837 6868 sffp_mmc - ok
02:46:25.0848 6868 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:46:25.0850 6868 sffp_sd - ok
02:46:25.0871 6868 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:46:25.0873 6868 sfloppy - ok
02:46:25.0965 6868 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
02:46:25.0985 6868 SftService - ok
02:46:26.0016 6868 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:46:26.0022 6868 SharedAccess - ok
02:46:26.0064 6868 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:46:26.0071 6868 ShellHWDetection - ok
02:46:26.0086 6868 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:46:26.0088 6868 SiSRaid2 - ok
02:46:26.0130 6868 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:46:26.0133 6868 SiSRaid4 - ok
02:46:26.0173 6868 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:46:26.0176 6868 Smb - ok
02:46:26.0224 6868 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:46:26.0228 6868 SNMPTRAP - ok
02:46:26.0268 6868 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
02:46:26.0271 6868 Sound Blaster X-Fi MB Licensing Service - ok
02:46:26.0289 6868 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:46:26.0291 6868 spldr - ok
02:46:26.0344 6868 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:46:26.0360 6868 Spooler - ok
02:46:26.0479 6868 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:46:26.0554 6868 sppsvc - ok
02:46:26.0595 6868 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:46:26.0598 6868 sppuinotify - ok
02:46:26.0695 6868 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
02:46:26.0701 6868 SQLAgent$SQLEXPRESS - ok
02:46:26.0778 6868 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:46:26.0785 6868 SQLBrowser - ok
02:46:26.0872 6868 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:46:26.0875 6868 SQLWriter - ok
02:46:26.0927 6868 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:46:26.0935 6868 srv - ok
02:46:26.0955 6868 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:46:26.0961 6868 srv2 - ok
02:46:26.0978 6868 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:46:26.0982 6868 srvnet - ok
02:46:27.0023 6868 sscdbus (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
02:46:27.0027 6868 sscdbus - ok
02:46:27.0085 6868 sscdmdfl (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
02:46:27.0088 6868 sscdmdfl - ok
02:46:27.0142 6868 sscdmdm (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
02:46:27.0147 6868 sscdmdm - ok
02:46:27.0245 6868 sscdserd (208731a751357dd71c5a0345c77afd0a) C:\Windows\system32\DRIVERS\sscdserd.sys
02:46:27.0249 6868 sscdserd - ok
02:46:27.0307 6868 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:46:27.0313 6868 SSDPSRV - ok
02:46:27.0330 6868 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:46:27.0333 6868 SstpSvc - ok
02:46:27.0372 6868 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
02:46:27.0374 6868 stdcfltn - ok
02:46:27.0432 6868 Steam Client Service - ok
02:46:27.0486 6868 Stereo Service (79969acaeebeda7dc3673656ab9918fd) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:46:27.0492 6868 Stereo Service - ok
02:46:27.0521 6868 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:46:27.0523 6868 stexstor - ok
02:46:27.0591 6868 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:46:27.0609 6868 stisvc - ok
02:46:27.0649 6868 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:46:27.0651 6868 swenum - ok
02:46:27.0684 6868 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:46:27.0693 6868 swprv - ok
02:46:27.0757 6868 SynTP (5e3b232a614339399acc71fa3aaaaa6b) C:\Windows\system32\DRIVERS\SynTP.sys
02:46:27.0787 6868 SynTP - ok
02:46:27.0852 6868 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:46:27.0903 6868 SysMain - ok
02:46:27.0923 6868 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:46:27.0927 6868 TabletInputService - ok
02:46:27.0978 6868 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
02:46:27.0981 6868 tap0901t - ok
02:46:28.0054 6868 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:46:28.0060 6868 TapiSrv - ok
02:46:28.0146 6868 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:46:28.0149 6868 TBS - ok
02:46:28.0218 6868 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
02:46:28.0290 6868 Tcpip - ok
02:46:28.0341 6868 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
02:46:28.0352 6868 TCPIP6 - ok
02:46:28.0410 6868 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:46:28.0412 6868 tcpipreg - ok
02:46:28.0444 6868 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:46:28.0446 6868 TDPIPE - ok
02:46:28.0481 6868 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:46:28.0483 6868 TDTCP - ok
02:46:28.0524 6868 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:46:28.0533 6868 tdx - ok
02:46:28.0608 6868 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:46:28.0611 6868 TermDD - ok
02:46:28.0660 6868 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:46:28.0684 6868 TermService - ok
02:46:28.0699 6868 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:46:28.0702 6868 Themes - ok
02:46:28.0726 6868 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:46:28.0728 6868 THREADORDER - ok
02:46:28.0755 6868 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:46:28.0759 6868 TrkWks - ok
02:46:28.0804 6868 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:46:28.0809 6868 TrustedInstaller - ok
02:46:28.0846 6868 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:46:28.0848 6868 tssecsrv - ok
02:46:28.0901 6868 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:46:28.0904 6868 TsUsbFlt - ok
02:46:28.0956 6868 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:46:28.0959 6868 tunnel - ok
02:46:29.0035 6868 TunngleService (e7de48979e275ab5e3e3b2489f9c5176) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
02:46:29.0055 6868 TunngleService - ok
02:46:29.0145 6868 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
02:46:29.0153 6868 TurboB - ok
02:46:29.0221 6868 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
02:46:29.0226 6868 TurboBoost - ok
02:46:29.0261 6868 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:46:29.0264 6868 uagp35 - ok
02:46:29.0323 6868 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:46:29.0329 6868 udfs - ok
02:46:29.0372 6868 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:46:29.0375 6868 UI0Detect - ok
02:46:29.0416 6868 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:46:29.0418 6868 uliagpkx - ok
02:46:29.0449 6868 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:46:29.0451 6868 umbus - ok
02:46:29.0471 6868 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:46:29.0474 6868 UmPass - ok
02:46:29.0582 6868 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:46:29.0639 6868 UNS - ok
02:46:29.0672 6868 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:46:29.0679 6868 upnphost - ok
02:46:29.0718 6868 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:46:29.0722 6868 USBAAPL64 - ok
02:46:29.0763 6868 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
02:46:29.0766 6868 usbccgp - ok
02:46:29.0810 6868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:46:29.0814 6868 usbcir - ok
02:46:29.0851 6868 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:46:29.0853 6868 usbehci - ok
02:46:29.0911 6868 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
02:46:29.0917 6868 usbhub - ok
02:46:29.0956 6868 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
02:46:29.0958 6868 usbohci - ok
02:46:29.0984 6868 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:46:29.0987 6868 usbprint - ok
02:46:30.0026 6868 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:46:30.0029 6868 USBSTOR - ok
02:46:30.0076 6868 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
02:46:30.0079 6868 usbuhci - ok
02:46:30.0109 6868 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
02:46:30.0114 6868 usbvideo - ok
02:46:30.0136 6868 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:46:30.0139 6868 UxSms - ok
02:46:30.0175 6868 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:46:30.0177 6868 VaultSvc - ok
02:46:30.0227 6868 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:46:30.0229 6868 vdrvroot - ok
02:46:30.0284 6868 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:46:30.0301 6868 vds - ok
02:46:30.0345 6868 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:46:30.0347 6868 vga - ok
02:46:30.0366 6868 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:46:30.0369 6868 VgaSave - ok
02:46:30.0403 6868 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:46:30.0408 6868 vhdmp - ok
02:46:30.0444 6868 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:46:30.0446 6868 viaide - ok
02:46:30.0466 6868 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:46:30.0468 6868 volmgr - ok
02:46:30.0509 6868 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:46:30.0515 6868 volmgrx - ok
02:46:30.0533 6868 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:46:30.0539 6868 volsnap - ok
02:46:30.0568 6868 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:46:30.0573 6868 vsmraid - ok
02:46:30.0634 6868 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:46:30.0684 6868 VSS - ok
02:46:30.0701 6868 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:46:30.0703 6868 vwifibus - ok
02:46:30.0728 6868 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:46:30.0730 6868 vwififlt - ok
02:46:30.0748 6868 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
02:46:30.0750 6868 vwifimp - ok
02:46:30.0784 6868 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:46:30.0792 6868 W32Time - ok
02:46:30.0809 6868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:46:30.0811 6868 WacomPen - ok
02:46:30.0863 6868 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:46:30.0866 6868 WANARP - ok
02:46:30.0870 6868 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:46:30.0871 6868 Wanarpv6 - ok
02:46:30.0950 6868 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:46:30.0978 6868 WatAdminSvc - ok
02:46:31.0040 6868 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:46:31.0074 6868 wbengine - ok
02:46:31.0138 6868 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:46:31.0147 6868 WbioSrvc - ok
02:46:31.0433 6868 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:46:31.0449 6868 wcncsvc - ok
02:46:31.0476 6868 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:46:31.0479 6868 WcsPlugInService - ok
02:46:31.0513 6868 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:46:31.0515 6868 Wd - ok
02:46:31.0540 6868 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:46:31.0550 6868 Wdf01000 - ok
02:46:31.0567 6868 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:46:31.0570 6868 WdiServiceHost - ok
02:46:31.0573 6868 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:46:31.0576 6868 WdiSystemHost - ok
02:46:31.0610 6868 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
02:46:31.0613 6868 wdkmd - ok
02:46:31.0675 6868 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:46:31.0691 6868 WebClient - ok
02:46:31.0730 6868 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:46:31.0736 6868 Wecsvc - ok
02:46:31.0755 6868 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:46:31.0759 6868 wercplsupport - ok
02:46:31.0784 6868 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:46:31.0788 6868 WerSvc - ok
02:46:31.0820 6868 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:46:31.0823 6868 WfpLwf - ok
02:46:31.0894 6868 WiMAXAppSrv (49f06c7d5517de53d848f38b9ae86a7c) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
02:46:31.0916 6868 WiMAXAppSrv - ok
02:46:31.0963 6868 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
02:46:31.0967 6868 WimFltr - ok
02:46:31.0990 6868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:46:31.0992 6868 WIMMount - ok
02:46:32.0020 6868 WinDefend - ok
02:46:32.0026 6868 WinHttpAutoProxySvc - ok
02:46:32.0074 6868 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:46:32.0079 6868 Winmgmt - ok
02:46:32.0172 6868 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:46:32.0219 6868 WinRM - ok
02:46:32.0280 6868 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:46:32.0282 6868 WinUsb - ok
02:46:32.0318 6868 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:46:32.0346 6868 Wlansvc - ok
02:46:32.0444 6868 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:46:32.0500 6868 wlidsvc - ok
02:46:32.0559 6868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:46:32.0562 6868 WmiAcpi - ok
02:46:32.0626 6868 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:46:32.0631 6868 wmiApSrv - ok
02:46:32.0647 6868 WMPNetworkSvc - ok
02:46:32.0756 6868 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:46:32.0760 6868 WPCSvc - ok
02:46:32.0800 6868 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:46:32.0804 6868 WPDBusEnum - ok
02:46:32.0846 6868 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:46:32.0849 6868 ws2ifsl - ok
02:46:32.0893 6868 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:46:32.0898 6868 wscsvc - ok
02:46:32.0906 6868 WSearch - ok
02:46:33.0011 6868 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
02:46:33.0070 6868 wuauserv - ok
02:46:33.0132 6868 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:46:33.0256 6868 WudfPf - ok
02:46:33.0550 6868 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:46:33.0554 6868 WUDFRd - ok
02:46:33.0610 6868 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:46:33.0615 6868 wudfsvc - ok
02:46:33.0649 6868 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:46:33.0655 6868 WwanSvc - ok
02:46:33.0688 6868 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
02:46:33.0691 6868 xusb21 - ok
02:46:33.0720 6868 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:46:33.0803 6868 \Device\Harddisk0\DR0 - ok
02:46:33.0806 6868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
02:46:33.0808 6868 \Device\Harddisk1\DR1 - ok
02:46:33.0814 6868 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
02:46:33.0819 6868 \Device\Harddisk2\DR2 - ok
02:46:33.0844 6868 Boot (0x1200) (fdc309f6c25f06e6d0fb0ef2a6631c56) \Device\Harddisk0\DR0\Partition0
02:46:33.0847 6868 \Device\Harddisk0\DR0\Partition0 - ok
02:46:33.0857 6868 Boot (0x1200) (683c52ad82086aedc39384b3d0160f54) \Device\Harddisk0\DR0\Partition1
02:46:33.0859 6868 \Device\Harddisk0\DR0\Partition1 - ok
02:46:33.0860 6868 Boot (0x1200) (25107a9463797c95d2d129b56e0b0e7d) \Device\Harddisk1\DR1\Partition0
02:46:33.0862 6868 \Device\Harddisk1\DR1\Partition0 - ok
02:46:33.0865 6868 Boot (0x1200) (67de5a0d38eb6fb85013e03bb77b3e87) \Device\Harddisk2\DR2\Partition0
02:46:33.0866 6868 \Device\Harddisk2\DR2\Partition0 - ok
02:46:33.0867 6868 ============================================================
02:46:33.0867 6868 Scan finished
02:46:33.0867 6868 ============================================================
02:46:33.0873 7948 Detected object count: 2
02:46:33.0873 7948 Actual detected object count: 2
02:46:46.0736 7948 C:\Windows\system32\nvrd64.dll - copied to quarantine
02:46:51.0153 7948 HKLM\SYSTEM\ControlSet001\services\dashsvc - will be deleted on reboot
02:46:51.0182 7948 HKLM\SYSTEM\ControlSet002\services\dashsvc - will be deleted on reboot
02:46:51.0193 7948 C:\Windows\system32\nvrd64.dll - will be deleted on reboot
02:46:51.0193 7948 dashsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
02:46:51.0308 7948 C:\Windows\system32\rbfilter.dll - copied to quarantine
02:46:51.0324 7948 HKLM\SYSTEM\ControlSet001\services\megamonitorsrv - will be deleted on reboot
02:46:51.0342 7948 HKLM\SYSTEM\ControlSet002\services\megamonitorsrv - will be deleted on reboot
02:46:51.0343 7948 C:\Windows\system32\rbfilter.dll - will be deleted on reboot
02:46:51.0343 7948 megamonitorsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
02:47:40.0212 7804 Deinitialize success

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by Gabethebabe on 27th March 2012, 6:45 am

OK, so TDSSKiller found two infected files
C:\Windows\system32\rbfilter.dll
C:\Windows\system32\nvrd64.dll
They are infected with the Zero Access rootkit, which is quite a nasty bugger.

We´re gonna check now if these two files are gone and maybe if clean version exists on your system.

Please download SystemLook by jpshortstuff from one of the locations below and save it to your desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
  • Double-click SystemLook.exe to run it.
  • Copy the following text into the main textfield:

:filefind
rbfilter.dll
nvrd64.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop (SystemLook.txt.)

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by OizenX on 27th March 2012, 11:38 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 19:32 on 27/03/2012 by Oizen
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "rbfilter.dll"
No files found.

Searching for "nvrd64.dll"
No files found.

-= EOF =-

OizenX
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-26
OS OS : Windows XP
Points Points : 25237
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help.

Post by Gabethebabe on 28th March 2012, 7:55 am

OK, we´re getting some improvement here Smile

I´m mildly disappointed in malwarebytes not detecting the infected files, though.

Can you run TDSSKiller again and see if this time it comes up clean? If it finds >0 threads, please post the report here (if it is clean, I don´t need to see the report).

Please download OTL by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32

CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum