Solved Need help getting rid of Hijacker Tubby

October 16, 2012 at 11:13:46
Specs: Windows 7, 6gb
Need help getting rid of Hijacker Tubby off my Windows 7 computer. I tried to complete the steps using ConboFix steps, and apparently I need some expert assistance. Almost made my computer worse and it is still there

See More: Need help getting rid of Hijacker Tubby

Report •

#1
October 16, 2012 at 15:56:50
✔ Best Answer
Hey there robo44,

First of all, Combofix is a very powerful program and running it without expert assistance can result in a computer that is worse off than before or a machine that is even completely un-bootable. That being said, please let me know what program you used to find the infection in the first place and any other cleaning tools that you have run already in an attempt to clean the infection.

Now that we have that out of the way, let's see what the current state of your machine is.

Let me know if you have any questions before beginning the following procedures.

Download and run the following in order:

rkill - Download from http://majorgeeks.com/RKill_d6848.html
Allow it to run completely as it will terminate most malware processes.

TDSS Killer - Download from http://support.kaspersky.com/downlo...
Run the program and click on the "Start Scan" button. Once the scan is run clean anything that is recommended to be cleaned by the program, but do not change any settings.

MalwareBytes- Download from http://www.malwarebytes.org
Run a full scan and clean anything detected by the program. Reboot after the program is done cleaning even if it does not prompt you to do so.

Once you have run those programs and rebooted your machine, please download OTL from here: http://oldtimer.geekstogo.com/OTL.exe and save it to your desktop. Run the program using the quick scan button. Once it is complete, you will have a log on your desktop named OTL.txt.

Reply back and post the contents of the rkill log (which is typically saved at the root of the C Drive), the TDSSKiller log (also saved at the root of the C drive), the malware bytes log (able to be found from within the malwarebytes program), and the OTL log. You may have to reply with multiple posts if the log files are too large to be posted together.

Once I have reviewed the logs, I can let you know what the next steps are.

-----
IT Desktop & Network Consultant - MOS Master Certified, MCP, MCSA, MCITP - Windows 7, CCNA Certificate Pending, A+, Network +

::geek::


Report •

#2
October 16, 2012 at 22:08:19
Thanks SongCloud appreciate your help. So I did what you asked ans will attach the log files. Note the following programs I used to scan, The only one that finds it is Super AntiSpyware and it does not clean it. Super AntiSpyware 4.56.1000, Advanced SystemCare v5.4.0 Pro, AVG Anti Virus Free Edition 2012

I will post a log at a time

RKILL LOG
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 10/16/2012 07:01:42 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Robo\Desktop\rkill\rkill-10-16-2012-07-01-46.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 activate.adobe.com

Program finished at: 10/16/2012 07:01:55 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)


Report •

#3
October 16, 2012 at 22:12:01
TDSS PART 1

TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:03:00.0364 7944 ============================================================
19:03:00.0364 7944 Current date / time: 2012/10/16 19:03:00.0364
19:03:00.0364 7944 SystemInfo:
19:03:00.0364 7944
19:03:00.0364 7944 OS Version: 6.1.7601 ServicePack: 1.0
19:03:00.0364 7944 Product type: Workstation
19:03:00.0364 7944 ComputerName: ROBO-PC
19:03:00.0364 7944 UserName: Robo
19:03:00.0364 7944 Windows directory: C:\Windows
19:03:00.0364 7944 System windows directory: C:\Windows
19:03:00.0364 7944 Running under WOW64
19:03:00.0364 7944 Processor architecture: Intel x64
19:03:00.0364 7944 Number of processors: 4
19:03:00.0364 7944 Page size: 0x1000
19:03:00.0364 7944 Boot type: Normal boot
19:03:00.0364 7944 ============================================================
19:03:00.0942 7944 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:03:00.0957 7944 ============================================================
19:03:00.0957 7944 \Device\Harddisk0\DR0:
19:03:00.0957 7944 MBR partitions:
19:03:00.0957 7944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
19:03:00.0957 7944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
19:03:00.0957 7944 ============================================================
19:03:00.0988 7944 C: <-> \Device\Harddisk0\DR0\Partition2
19:03:00.0988 7944 ============================================================
19:03:00.0988 7944 Initialize success
19:03:00.0988 7944 ============================================================
19:03:17.0246 7892 ============================================================
19:03:17.0246 7892 Scan started
19:03:17.0246 7892 Mode: Manual;
19:03:17.0246 7892 ============================================================
19:03:17.0854 7892 ================ Scan system memory ========================
19:03:17.0854 7892 System memory - ok
19:03:17.0854 7892 ================ Scan services =============================
19:03:18.0072 7892 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:03:18.0072 7892 1394ohci - ok
19:03:18.0104 7892 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:03:18.0119 7892 ACPI - ok
19:03:18.0150 7892 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:03:18.0150 7892 AcpiPmi - ok
19:03:18.0275 7892 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:18.0291 7892 AdobeARMservice - ok
19:03:18.0416 7892 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:18.0416 7892 AdobeFlashPlayerUpdateSvc - ok
19:03:18.0478 7892 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:18.0494 7892 adp94xx - ok
19:03:18.0525 7892 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:03:18.0525 7892 adpahci - ok
19:03:18.0556 7892 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:03:18.0556 7892 adpu320 - ok
19:03:18.0603 7892 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
19:03:18.0618 7892 AdvancedSystemCareService5 - ok
19:03:18.0634 7892 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:18.0634 7892 AeLookupSvc - ok
19:03:18.0681 7892 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:03:18.0681 7892 AERTFilters - ok
19:03:18.0728 7892 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:03:18.0743 7892 AFD - ok
19:03:18.0821 7892 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:03:18.0821 7892 agp440 - ok
19:03:18.0852 7892 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:03:18.0852 7892 ALG - ok
19:03:18.0868 7892 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:03:18.0868 7892 aliide - ok
19:03:18.0884 7892 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:03:18.0899 7892 amdide - ok
19:03:18.0930 7892 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:03:18.0930 7892 AmdK8 - ok
19:03:18.0962 7892 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:03:18.0977 7892 AmdPPM - ok
19:03:19.0008 7892 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:03:19.0008 7892 amdsata - ok
19:03:19.0040 7892 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:19.0040 7892 amdsbs - ok
19:03:19.0055 7892 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:03:19.0055 7892 amdxata - ok
19:03:19.0102 7892 [ 7380B9072EBC65A54DA3074E14BF34B9 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:03:19.0102 7892 ApfiltrService - ok
19:03:19.0133 7892 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:19.0133 7892 AppID - ok
19:03:19.0180 7892 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:19.0180 7892 AppIDSvc - ok
19:03:19.0227 7892 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:03:19.0227 7892 Appinfo - ok
19:03:19.0305 7892 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:19.0305 7892 Apple Mobile Device - ok
19:03:19.0414 7892 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:03:19.0414 7892 arc - ok
19:03:19.0445 7892 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:03:19.0445 7892 arcsas - ok
19:03:19.0461 7892 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:19.0476 7892 AsyncMac - ok
19:03:19.0508 7892 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:03:19.0508 7892 atapi - ok
19:03:19.0586 7892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:19.0601 7892 AudioEndpointBuilder - ok
19:03:19.0648 7892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:03:19.0648 7892 AudioSrv - ok
19:03:19.0882 7892 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
19:03:20.0038 7892 AVGIDSAgent - ok
19:03:20.0132 7892 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:03:20.0132 7892 AVGIDSDriver - ok
19:03:20.0178 7892 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:03:20.0178 7892 AVGIDSHA - ok
19:03:20.0210 7892 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:03:20.0210 7892 Avgldx64 - ok
19:03:20.0303 7892 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
19:03:20.0303 7892 Avgloga - ok
19:03:20.0334 7892 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:03:20.0334 7892 Avgmfx64 - ok
19:03:20.0412 7892 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:03:20.0412 7892 Avgrkx64 - ok
19:03:20.0475 7892 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:03:20.0475 7892 Avgtdia - ok
19:03:20.0506 7892 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
19:03:20.0506 7892 avgwd - ok
19:03:20.0537 7892 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:20.0537 7892 AxInstSV - ok
19:03:20.0584 7892 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:20.0600 7892 b06bdrv - ok
19:03:20.0693 7892 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:20.0693 7892 b57nd60a - ok
19:03:20.0724 7892 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:20.0724 7892 BDESVC - ok
19:03:20.0740 7892 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:20.0740 7892 Beep - ok
19:03:20.0802 7892 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:03:20.0818 7892 BFE - ok
19:03:20.0880 7892 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:03:20.0896 7892 BITS - ok
19:03:20.0912 7892 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:20.0912 7892 blbdrive - ok
19:03:21.0021 7892 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:03:21.0052 7892 Bluetooth Device Monitor - ok
19:03:21.0099 7892 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:03:21.0114 7892 Bluetooth Media Service - ok
19:03:21.0146 7892 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:03:21.0146 7892 Bluetooth OBEX Service - ok
19:03:21.0224 7892 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:03:21.0224 7892 Bonjour Service - ok
19:03:21.0255 7892 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:21.0255 7892 bowser - ok
19:03:21.0302 7892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:21.0302 7892 BrFiltLo - ok
19:03:21.0317 7892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:21.0317 7892 BrFiltUp - ok
19:03:21.0380 7892 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:03:21.0380 7892 BridgeMP - ok
19:03:21.0426 7892 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:03:21.0426 7892 Browser - ok
19:03:21.0458 7892 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:21.0458 7892 Brserid - ok
19:03:21.0489 7892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:21.0489 7892 BrSerWdm - ok
19:03:21.0504 7892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:21.0504 7892 BrUsbMdm - ok
19:03:21.0520 7892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:21.0520 7892 BrUsbSer - ok
19:03:21.0567 7892 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:03:21.0567 7892 BthEnum - ok
19:03:21.0582 7892 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:21.0582 7892 BTHMODEM - ok
19:03:21.0598 7892 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:03:21.0598 7892 BthPan - ok
19:03:21.0614 7892 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:03:21.0629 7892 BTHPORT - ok
19:03:21.0645 7892 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:03:21.0645 7892 bthserv - ok
19:03:21.0660 7892 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:03:21.0660 7892 BTHUSB - ok
19:03:21.0692 7892 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
19:03:21.0692 7892 btmaux - ok
19:03:21.0738 7892 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
19:03:21.0754 7892 btmhsf - ok



Report •

Related Solutions

#4
October 16, 2012 at 22:12:55
TDSS Part 2

[ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:21.0832 7892 cdfs - ok
19:03:21.0863 7892 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:03:21.0879 7892 cdrom - ok
19:03:21.0926 7892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:21.0926 7892 CertPropSvc - ok
19:03:21.0957 7892 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:03:21.0957 7892 circlass - ok
19:03:22.0004 7892 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:03:22.0019 7892 CLFS - ok
19:03:22.0082 7892 [ 730BF325E4CC1E3935B81943AC6DA216 ] CLKMSVC10_9EC60124 c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
19:03:22.0082 7892 CLKMSVC10_9EC60124 - ok
19:03:22.0160 7892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:22.0160 7892 clr_optimization_v2.0.50727_32 - ok
19:03:22.0222 7892 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:22.0238 7892 clr_optimization_v2.0.50727_64 - ok
19:03:22.0284 7892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:22.0284 7892 clr_optimization_v4.0.30319_32 - ok
19:03:22.0316 7892 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:22.0331 7892 clr_optimization_v4.0.30319_64 - ok
19:03:22.0347 7892 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:22.0347 7892 CmBatt - ok
19:03:22.0378 7892 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:03:22.0378 7892 cmdide - ok
19:03:22.0425 7892 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:22.0440 7892 CNG - ok
19:03:22.0440 7892 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:03:22.0440 7892 Compbatt - ok
19:03:22.0472 7892 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:03:22.0472 7892 CompositeBus - ok
19:03:22.0487 7892 COMSysApp - ok
19:03:22.0503 7892 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:22.0503 7892 crcdisk - ok
19:03:22.0534 7892 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:22.0550 7892 CryptSvc - ok
19:03:22.0628 7892 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:03:22.0643 7892 CtClsFlt - ok
19:03:22.0690 7892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:22.0706 7892 DcomLaunch - ok
19:03:22.0737 7892 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:22.0737 7892 defragsvc - ok
19:03:22.0768 7892 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:22.0768 7892 DfsC - ok
19:03:22.0815 7892 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:22.0815 7892 Dhcp - ok
19:03:22.0846 7892 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:03:22.0846 7892 discache - ok
19:03:22.0862 7892 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:03:22.0877 7892 Disk - ok
19:03:22.0908 7892 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:22.0908 7892 Dnscache - ok
19:03:22.0955 7892 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:22.0971 7892 dot3svc - ok
19:03:23.0018 7892 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:03:23.0018 7892 DPS - ok
19:03:23.0033 7892 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:23.0033 7892 drmkaud - ok
19:03:23.0080 7892 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
19:03:23.0096 7892 dsNcAdpt - ok
19:03:23.0158 7892 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:23.0174 7892 DXGKrnl - ok
19:03:23.0220 7892 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:03:23.0220 7892 EapHost - ok
19:03:23.0345 7892 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:03:23.0439 7892 ebdrv - ok
19:03:23.0486 7892 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:03:23.0486 7892 EFS - ok
19:03:23.0548 7892 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:23.0564 7892 ehRecvr - ok
19:03:23.0642 7892 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:03:23.0642 7892 ehSched - ok
19:03:23.0673 7892 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:03:23.0704 7892 elxstor - ok
19:03:23.0720 7892 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:03:23.0720 7892 ErrDev - ok
19:03:23.0751 7892 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:03:23.0751 7892 EventSystem - ok
19:03:23.0844 7892 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:03:23.0860 7892 EvtEng - ok
19:03:23.0891 7892 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:23.0891 7892 exfat - ok
19:03:23.0922 7892 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:23.0922 7892 fastfat - ok
19:03:23.0985 7892 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:03:24.0016 7892 Fax - ok
19:03:24.0032 7892 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:03:24.0032 7892 fdc - ok
19:03:24.0063 7892 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:24.0063 7892 fdPHost - ok
19:03:24.0078 7892 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:24.0094 7892 FDResPub - ok
19:03:24.0094 7892 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:24.0094 7892 FileInfo - ok
19:03:24.0110 7892 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:24.0110 7892 Filetrace - ok
19:03:24.0141 7892 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:24.0141 7892 flpydisk - ok
19:03:24.0172 7892 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:24.0188 7892 FltMgr - ok
19:03:24.0266 7892 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:03:24.0281 7892 FontCache - ok
19:03:24.0328 7892 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:24.0328 7892 FontCache3.0.0.0 - ok
19:03:24.0359 7892 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:24.0359 7892 FsDepends - ok
19:03:24.0406 7892 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:24.0406 7892 Fs_Rec - ok
19:03:24.0437 7892 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:24.0453 7892 fvevol - ok
19:03:24.0468 7892 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:24.0468 7892 gagp30kx - ok
19:03:24.0515 7892 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:24.0515 7892 GEARAspiWDM - ok
19:03:24.0562 7892 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:03:24.0562 7892 GoToAssist - ok
19:03:24.0624 7892 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:24.0640 7892 gpsvc - ok
19:03:24.0812 7892 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:03:24.0812 7892 gupdate - ok
19:03:24.0858 7892 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:03:24.0858 7892 gupdatem - ok


Report •

#5
October 16, 2012 at 22:13:49
TDSS PART 3

[ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:24.0905 7892 hcw85cir - ok
19:03:24.0952 7892 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:24.0952 7892 HDAudBus - ok
19:03:24.0968 7892 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:24.0968 7892 HidBatt - ok
19:03:24.0983 7892 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:03:24.0999 7892 HidBth - ok
19:03:24.0999 7892 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:03:25.0014 7892 HidIr - ok
19:03:25.0046 7892 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:03:25.0061 7892 hidserv - ok
19:03:25.0077 7892 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:03:25.0077 7892 HidUsb - ok
19:03:25.0124 7892 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:03:25.0139 7892 hkmsvc - ok
19:03:25.0186 7892 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:25.0202 7892 HomeGroupListener - ok
19:03:25.0248 7892 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:25.0248 7892 HomeGroupProvider - ok
19:03:25.0295 7892 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:03:25.0295 7892 HpSAMD - ok
19:03:25.0342 7892 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:03:25.0358 7892 HTTP - ok
19:03:25.0389 7892 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:03:25.0389 7892 hwpolicy - ok
19:03:25.0436 7892 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:03:25.0451 7892 i8042prt - ok
19:03:25.0498 7892 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:03:25.0498 7892 iaStor - ok
19:03:25.0545 7892 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:03:25.0545 7892 iaStorV - ok
19:03:25.0607 7892 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:03:25.0623 7892 iBtFltCoex - ok
19:03:25.0685 7892 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:25.0716 7892 idsvc - ok
19:03:26.0028 7892 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:03:26.0325 7892 igfx - ok
19:03:26.0356 7892 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:03:26.0356 7892 iirsp - ok
19:03:26.0418 7892 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:03:26.0450 7892 IKEEXT - ok
19:03:26.0496 7892 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:03:26.0496 7892 Impcd - ok
19:03:26.0559 7892 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
19:03:26.0574 7892 intaud_WaveExtensible - ok
19:03:26.0715 7892 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:03:26.0746 7892 IntcAzAudAddService - ok
19:03:26.0746 7892 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:03:26.0746 7892 intelide - ok
19:03:26.0777 7892 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:03:26.0777 7892 intelppm - ok
19:03:26.0824 7892 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:03:26.0824 7892 IntuitUpdateServiceV4 - ok
19:03:26.0855 7892 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:03:26.0871 7892 IPBusEnum - ok
19:03:26.0902 7892 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:26.0902 7892 IpFilterDriver - ok
19:03:26.0964 7892 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:03:26.0964 7892 iphlpsvc - ok
19:03:27.0011 7892 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:03:27.0011 7892 IPMIDRV - ok
19:03:27.0042 7892 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:03:27.0042 7892 IPNAT - ok
19:03:27.0136 7892 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:03:27.0152 7892 iPod Service - ok
19:03:27.0152 7892 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:03:27.0152 7892 IRENUM - ok
19:03:27.0198 7892 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:03:27.0198 7892 isapnp - ok
19:03:27.0230 7892 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:03:27.0245 7892 iScsiPrt - ok
19:03:27.0292 7892 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
19:03:27.0323 7892 iwdbus - ok
19:03:27.0339 7892 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:03:27.0339 7892 kbdclass - ok
19:03:27.0370 7892 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:03:27.0386 7892 kbdhid - ok
19:03:27.0401 7892 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:03:27.0401 7892 KeyIso - ok
19:03:27.0432 7892 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:03:27.0448 7892 KSecDD - ok
19:03:27.0479 7892 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:03:27.0479 7892 KSecPkg - ok
19:03:27.0510 7892 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:03:27.0510 7892 ksthunk - ok
19:03:27.0542 7892 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:03:27.0557 7892 KtmRm - ok
19:03:27.0620 7892 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:03:27.0635 7892 LanmanServer - ok
19:03:27.0666 7892 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:27.0666 7892 LanmanWorkstation - ok
19:03:27.0698 7892 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:03:27.0698 7892 lltdio - ok
19:03:27.0776 7892 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:03:27.0776 7892 lltdsvc - ok
19:03:27.0791 7892 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:03:27.0791 7892 lmhosts - ok
19:03:27.0838 7892 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:03:27.0838 7892 LMS - ok
19:03:27.0854 7892 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:27.0869 7892 LSI_FC - ok
19:03:27.0900 7892 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:27.0900 7892 LSI_SAS - ok
19:03:27.0932 7892 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:27.0932 7892 LSI_SAS2 - ok
19:03:27.0963 7892 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:27.0963 7892 LSI_SCSI - ok
19:03:27.0978 7892 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:03:27.0978 7892 luafv - ok
19:03:28.0010 7892 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
19:03:28.0010 7892 ManyCam - ok
19:03:28.0025 7892 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
19:03:28.0025 7892 mcaudrv_simple - ok
19:03:28.0088 7892 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:03:28.0088 7892 Mcx2Svc - ok
19:03:28.0119 7892 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:03:28.0119 7892 megasas - ok
19:03:28.0134 7892 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:28.0150 7892 MegaSR - ok
19:03:28.0166 7892 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:03:28.0166 7892 MEIx64 - ok
19:03:28.0275 7892 Microsoft SharePoint Workspace Audit Service - ok
19:03:28.0322 7892 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:03:28.0322 7892 MMCSS - ok
19:03:28.0353 7892 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:03:28.0368 7892 Modem - ok
19:03:28.0368 7892 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:03:28.0368 7892 monitor - ok
19:03:28.0462 7892 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
19:03:28.0462 7892 MotoHelper - ok
19:03:28.0509 7892 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:03:28.0509 7892 mouclass - ok
19:03:28.0524 7892 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:03:28.0540 7892 mouhid - ok
19:03:28.0571 7892 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:03:28.0571 7892 mountmgr - ok
19:03:28.0602 7892 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:03:28.0602 7892 mpio - ok
19:03:28.0602 7892 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:03:28.0602 7892 mpsdrv - ok
19:03:28.0680 7892 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:03:28.0696 7892 MpsSvc - ok
19:03:28.0774 7892 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:03:28.0774 7892 MRxDAV - ok
19:03:28.0805 7892 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:28.0805 7892 mrxsmb - ok
19:03:28.0836 7892 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:28.0852 7892 mrxsmb10 - ok
19:03:28.0868 7892 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:28.0868 7892 mrxsmb20 - ok
19:03:28.0899 7892 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:03:28.0899 7892 msahci - ok
19:03:28.0946 7892 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:03:28.0946 7892 msdsm - ok
19:03:28.0961 7892 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:03:28.0977 7892 MSDTC - ok
19:03:29.0008 7892 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:03:29.0008 7892 Msfs - ok
19:03:29.0024 7892 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:03:29.0024 7892 mshidkmdf - ok
19:03:29.0024 7892 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:03:29.0039 7892 msisadrv - ok
19:03:29.0070 7892 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:03:29.0070 7892 MSiSCSI - ok
19:03:29.0086 7892 msiserver - ok
19:03:29.0102 7892 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:03:29.0102 7892 MSKSSRV - ok
19:03:29.0117 7892 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:29.0133 7892 MSPCLOCK - ok
19:03:29.0133 7892 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:03:29.0133 7892 MSPQM - ok
19:03:29.0180 7892 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:03:29.0195 7892 MsRPC - ok
19:03:29.0258 7892 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:03:29.0258 7892 mssmbios - ok
19:03:29.0289 7892 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:03:29.0289 7892 MSTEE - ok
19:03:29.0320 7892 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:29.0320 7892 MTConfig - ok
19:03:29.0336 7892 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:03:29.0336 7892 Mup - ok
19:03:29.0367 7892 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:03:29.0367 7892 MyWiFiDHCPDNS - ok
19:03:29.0429 7892 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll


Report •

#6
October 16, 2012 at 22:14:38
TDSS PART 4

napagent - ok
19:03:29.0476 7892 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:03:29.0476 7892 NativeWifiP - ok
19:03:29.0538 7892 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:03:29.0554 7892 NDIS - ok
19:03:29.0585 7892 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:29.0585 7892 NdisCap - ok
19:03:29.0601 7892 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:29.0601 7892 NdisTapi - ok
19:03:29.0632 7892 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:29.0648 7892 Ndisuio - ok
19:03:29.0679 7892 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:29.0694 7892 NdisWan - ok
19:03:29.0726 7892 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:03:29.0726 7892 NDProxy - ok
19:03:29.0772 7892 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:03:29.0772 7892 NetBIOS - ok
19:03:29.0819 7892 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:03:29.0835 7892 NetBT - ok
19:03:29.0850 7892 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:03:29.0850 7892 Netlogon - ok
19:03:29.0897 7892 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:03:29.0913 7892 Netman - ok
19:03:29.0928 7892 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:03:29.0944 7892 netprofm - ok
19:03:29.0975 7892 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:29.0975 7892 NetTcpPortSharing - ok
19:03:30.0240 7892 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
19:03:30.0459 7892 NETwNs64 - ok
19:03:30.0490 7892 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:30.0490 7892 nfrd960 - ok
19:03:30.0521 7892 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:03:30.0521 7892 NlaSvc - ok
19:03:30.0537 7892 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:03:30.0537 7892 Npfs - ok
19:03:30.0599 7892 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:03:30.0599 7892 nsi - ok
19:03:30.0615 7892 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:03:30.0630 7892 nsiproxy - ok
19:03:30.0724 7892 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:03:30.0755 7892 Ntfs - ok
19:03:30.0802 7892 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:03:30.0802 7892 Null - ok
19:03:30.0833 7892 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:03:30.0833 7892 nusb3hub - ok
19:03:30.0864 7892 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:03:30.0864 7892 nusb3xhc - ok
19:03:30.0942 7892 [ 65E6BB06A644533118BE007E9601B2C2 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
19:03:30.0942 7892 nvkflt - ok
19:03:31.0301 7892 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:03:31.0426 7892 nvlddmkm - ok
19:03:31.0442 7892 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:03:31.0442 7892 nvpciflt - ok
19:03:31.0473 7892 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:03:31.0473 7892 nvraid - ok
19:03:31.0504 7892 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:03:31.0504 7892 nvstor - ok
19:03:31.0582 7892 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
19:03:31.0598 7892 NVSvc - ok
19:03:31.0707 7892 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:03:31.0754 7892 nvUpdatusService - ok
19:03:31.0800 7892 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:03:31.0800 7892 nv_agp - ok
19:03:31.0847 7892 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:03:31.0847 7892 ohci1394 - ok
19:03:31.0894 7892 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:03:31.0894 7892 ose - ok
19:03:32.0112 7892 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:03:32.0268 7892 osppsvc - ok
19:03:32.0300 7892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:03:32.0300 7892 p2pimsvc - ok
19:03:32.0346 7892 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:03:32.0362 7892 p2psvc - ok
19:03:32.0393 7892 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:03:32.0393 7892 Parport - ok
19:03:32.0424 7892 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:03:32.0424 7892 partmgr - ok
19:03:32.0440 7892 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:03:32.0440 7892 PcaSvc - ok
19:03:32.0456 7892 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
19:03:32.0487 7892 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:03:32.0487 7892 pci - ok
19:03:32.0534 7892 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:03:32.0534 7892 pciide - ok
19:03:32.0580 7892 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:32.0596 7892 pcmcia - ok
19:03:32.0612 7892 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:03:32.0612 7892 pcw - ok
19:03:32.0643 7892 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:03:32.0674 7892 PEAUTH - ok
19:03:32.0783 7892 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:03:32.0783 7892 PerfHost - ok
19:03:32.0799 7892 pfc - ok
19:03:32.0877 7892 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:03:32.0892 7892 pla - ok
19:03:32.0924 7892 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:03:32.0924 7892 PlugPlay - ok
19:03:32.0955 7892 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:03:32.0955 7892 PNRPAutoReg - ok
19:03:32.0970 7892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:03:32.0970 7892 PNRPsvc - ok
19:03:33.0017 7892 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:03:33.0017 7892 PolicyAgent - ok
19:03:33.0064 7892 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:03:33.0064 7892 Power - ok
19:03:33.0095 7892 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:03:33.0095 7892 PptpMiniport - ok
19:03:33.0126 7892 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:03:33.0126 7892 Processor - ok
19:03:33.0173 7892 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:03:33.0173 7892 ProfSvc - ok
19:03:33.0189 7892 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:33.0189 7892 ProtectedStorage - ok
19:03:33.0220 7892 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:03:33.0236 7892 Psched - ok
19:03:33.0267 7892 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:03:33.0267 7892 PxHlpa64 - ok
19:03:33.0345 7892 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:03:33.0407 7892 ql2300 - ok
19:03:33.0454 7892 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:33.0470 7892 ql40xx - ok
19:03:33.0516 7892 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:03:33.0532 7892 QWAVE - ok
19:03:33.0563 7892 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:03:33.0563 7892 QWAVEdrv - ok
19:03:33.0579 7892 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:03:33.0594 7892 RasAcd - ok
19:03:33.0626 7892 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:33.0626 7892 RasAgileVpn - ok
19:03:33.0657 7892 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:03:33.0657 7892 RasAuto - ok
19:03:33.0719 7892 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:33.0735 7892 Rasl2tp - ok
19:03:33.0782 7892 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:03:33.0797 7892 RasMan - ok
19:03:33.0844 7892 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:33.0844 7892 RasPppoe - ok
19:03:33.0906 7892 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:03:33.0922 7892 RasSstp - ok
19:03:33.0969 7892 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:03:33.0969 7892 rdbss - ok
19:03:34.0016 7892 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:34.0016 7892 rdpbus - ok
19:03:34.0031 7892 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:34.0031 7892 RDPCDD - ok
19:03:34.0062 7892 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:03:34.0062 7892 RDPENCDD - ok
19:03:34.0078 7892 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:03:34.0078 7892 RDPREFMP - ok
19:03:34.0125 7892 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:03:34.0140 7892 RDPWD - ok
19:03:34.0187 7892 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:03:34.0187 7892 rdyboost - ok
19:03:34.0296 7892 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:03:34.0312 7892 RegSrvc - ok
19:03:34.0374 7892 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:03:34.0374 7892 RemoteAccess - ok
19:03:34.0421 7892 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:03:34.0421 7892 RemoteRegistry - ok
19:03:34.0468 7892 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:03:34.0468 7892 RFCOMM - ok
19:03:34.0577 7892 [ BDDC447AB46625A54619808575D5CB46 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:03:34.0593 7892 RoxMediaDB12OEM - ok
19:03:34.0655 7892 [ CE203243ADF512540249DF9C264F12DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:03:34.0655 7892 RoxWatch12 - ok
19:03:34.0702 7892 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:03:34.0702 7892 RpcEptMapper - ok
19:03:34.0780 7892 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:03:34.0780 7892 RpcLocator - ok
19:03:34.0842 7892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:03:34.0858 7892 RpcSs - ok
19:03:34.0889 7892 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:03:34.0889 7892 rspndr - ok
19:03:34.0952 7892 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:03:34.0952 7892 RSUSBSTOR - ok
19:03:34.0998 7892 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:34.0998 7892 RTL8167 - ok
19:03:35.0014 7892 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:03:35.0014 7892 SamSs - ok
19:03:35.0045 7892 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
19:03:35.0045 7892 SASDIFSV - ok
19:03:35.0061 7892 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
19:03:35.0061 7892 SASENUM - ok
19:03:35.0092 7892 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
19:03:35.0092 7892 SASKUTIL - ok
19:03:35.0123 7892 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:03:35.0139 7892 sbp2port - ok
19:03:35.0170 7892 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:03:35.0170 7892 SCardSvr - ok
19:03:35.0232 7892 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:03:35.0232 7892 scfilter - ok
19:03:35.0326 7892 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:03:35.0342 7892 Schedule - ok
19:03:35.0388 7892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:03:35.0388 7892 SCPolicySvc - ok
19:03:35.0435 7892 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:03:35.0435 7892 SDRSVC - ok
19:03:35.0466 7892 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:03:35.0466 7892 secdrv - ok
19:03:35.0498 7892 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:03:35.0513 7892 seclogon - ok
19:03:35.0576 7892 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:03:35.0591 7892 SENS - ok
19:03:35.0607 7892 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:03:35.0607 7892 SensrSvc - ok
19:03:35.0638 7892 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:03:35.0638 7892 Serenum - ok
19:03:35.0654 7892 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:03:35.0654 7892 Serial - ok
19:03:35.0700 7892 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:03:35.0700 7892 sermouse - ok
19:03:35.0763 7892 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:03:35.0778 7892 SessionEnv - ok
19:03:35.0825 7892 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:03:35.0825 7892 sffdisk - ok
19:03:35.0841 7892 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:03:35.0841 7892 sffp_mmc - ok
19:03:35.0856 7892 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:03:35.0856 7892 sffp_sd - ok
19:03:35.0888 7892 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:35.0888 7892 sfloppy - ok
19:03:35.0997 7892 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:03:36.0012 7892 SftService - ok
19:03:36.0059 7892 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:03:36.0059 7892 SharedAccess - ok
19:03:36.0137 7892 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:03:36.0137 7892 ShellHWDetection - ok
19:03:36.0184 7892 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:36.0184 7892 SiSRaid2 - ok
19:03:36.0215 7892 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:36.0215 7892 SiSRaid4 - ok
19:03:36.0231 7892 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:03:36.0231 7892 Smb - ok
19:03:36.0262 7892 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:03:36.0278 7892 SNMPTRAP - ok
19:03:36.0293 7892 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:03:36.0293 7892 spldr - ok
19:03:36.0340 7892 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:03:36.0356 7892 Spooler - ok
19:03:36.0480 7892 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:03:36.0496 7892 sppsvc - ok
19:03:36.0558 7892 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:03:36.0574 7892 sppuinotify - ok
19:03:36.0605 7892 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:03:36.0605 7892 srv - ok
19:03:36.0683 7892 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:03:36.0683 7892 srv2 - ok
19:03:36.0714 7892 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:03:36.0714 7892 srvnet - ok
19:03:36.0746 7892 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:03:36.0746 7892 SSDPSRV - ok
19:03:36.0761 7892 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:03:36.0761 7892 SstpSvc - ok
19:03:36.0855 7892 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:03:36.0870 7892 Stereo Service - ok
19:03:36.0902 7892 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:03:36.0902 7892 stexstor - ok
19:03:37.0011 7892 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:03:37.0011 7892 stisvc - ok
19:03:37.0058 7892 [ 9E182DD94496550A22A392CC1A8E0F52 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:03:37.0058 7892 stllssvr - ok
19:03:37.0104 7892 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:03:37.0104 7892 swenum - ok
19:03:37.0245 7892 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:03:37.0245 7892 SwitchBoard - ok
19:03:37.0307 7892 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:03:37.0307 7892 swprv - ok
19:03:37.0401 7892 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:03:37.0416 7892 SysMain - ok
19:03:37.0463 7892 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:37.0463 7892 TabletInputService - ok
19:03:37.0697 7892 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
19:03:37.0744 7892 TabletServicePen - ok
19:03:37.0775 7892 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:03:37.0775 7892 TapiSrv - ok
19:03:37.0838 7892 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:03:37.0838 7892 TBS - ok
19:03:37.0931 7892 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:03:37.0931 7892 Tcpip - ok
19:03:37.0978 7892 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:03:37.0994 7892 TCPIP6 - ok
19:03:38.0025 7892 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:03:38.0025 7892 tcpipreg - ok
19:03:38.0087 7892 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:03:38.0087 7892 TDPIPE - ok
19:03:38.0118 7892 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:03:38.0134 7892 TDTCP - ok
19:03:38.0165 7892 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:03:38.0165 7892 tdx - ok
19:03:38.0212 7892 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:03:38.0212 7892 TermDD - ok
19:03:38.0274 7892 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:03:38.0290 7892 TermService - ok
19:03:38.0321 7892 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:03:38.0321 7892 Themes - ok
19:03:38.0368 7892 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:03:38.0368 7892 THREADORDER - ok
19:03:38.0446 7892 [ 4DE3FAEE834E9EF5151A71866F6DB55D ] TivoBeacon2 C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
19:03:38.0477 7892 TivoBeacon2 - ok
19:03:38.0540 7892 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
19:03:38.0555 7892 TouchServicePen - ok
19:03:38.0633 7892 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:03:38.0633 7892 TrkWks - ok
19:03:38.0711 7892 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:38.0711 7892 TrustedInstaller - ok
19:03:38.0774 7892 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:38.0774 7892 tssecsrv - ok
19:03:38.0820 7892 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:03:38.0820 7892 TsUsbFlt - ok
19:03:38.0867 7892 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:03:38.0867 7892 tunnel - ok
19:03:38.0914 7892 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:03:38.0914 7892 TurboB - ok
19:03:38.0945 7892 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:03:38.0945 7892 TurboBoost - ok
19:03:38.0992 7892 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:03:38.0992 7892 uagp35 - ok
19:03:39.0039 7892 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:03:39.0039 7892 udfs - ok
19:03:39.0070 7892 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:03:39.0070 7892 UI0Detect - ok
19:03:39.0101 7892 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:03:39.0101 7892 uliagpkx - ok
19:03:39.0164 7892 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:03:39.0164 7892 umbus - ok
19:03:39.0195 7892 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:03:39.0210 7892 UmPass - ok
19:03:39.0398 7892 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:03:39.0413 7892 UNS - ok
19:03:39.0460 7892 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:03:39.0476 7892 upnphost - ok
19:03:39.0507 7892 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:03:39.0507 7892 USBAAPL64 - ok
19:03:39.0522 7892 usbbus - ok
19:03:39.0554 7892 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:39.0554 7892 usbccgp - ok
19:03:39.0616 7892 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:03:39.0616 7892 usbcir - ok
19:03:39.0616 7892 UsbDiag - ok
19:03:39.0632 7892 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:03:39.0632 7892 usbehci - ok
19:03:39.0663 7892 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:03:39.0663 7892 usbhub - ok
19:03:39.0663 7892 USBModem - ok
19:03:39.0679 7892 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:03:39.0679 7892 usbohci - ok
19:03:39.0726 7892 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:03:39.0726 7892 usbprint - ok
19:03:39.0773 7892 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:03:39.0773 7892 usbscan - ok
19:03:39.0820 7892 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:39.0820 7892 USBSTOR - ok
19:03:39.0898 7892 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:03:39.0898 7892 usbuhci - ok
19:03:39.0945 7892 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:03:39.0960 7892 usbvideo - ok
19:03:40.0007 7892 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:03:40.0023 7892 UxSms - ok
19:03:40.0054 7892 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:03:40.0054 7892 VaultSvc - ok
19:03:40.0085 7892 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:03:40.0085 7892 vdrvroot - ok
19:03:40.0303 7892 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:03:40.0319 7892 vds - ok
19:03:40.0350 7892 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:40.0350 7892 vga - ok
19:03:40.0428 7892 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:03:40.0428 7892 VgaSave - ok
19:03:40.0475 7892 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:03:40.0491 7892 vhdmp - ok
19:03:40.0522 7892 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:03:40.0537 7892 viaide - ok
19:03:40.0584 7892 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:03:40.0584 7892 volmgr - ok
19:03:40.0631 7892 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:03:40.0647 7892 volmgrx - ok
19:03:40.0662 7892 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:03:40.0662 7892 volsnap - ok
19:03:40.0709 7892 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:40.0725 7892 vsmraid - ok
19:03:40.0803 7892 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:03:40.0834 7892 VSS - ok
19:03:40.0849 7892 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:40.0849 7892 vwifibus - ok
19:03:40.0865 7892 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:40.0865 7892 vwififlt - ok
19:03:40.0881 7892 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:03:40.0881 7892 vwifimp - ok
19:03:40.0912 7892 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:03:40.0912 7892 W32Time - ok
19:03:40.0959 7892 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:03:40.0959 7892 wacmoumonitor - ok
19:03:41.0005 7892 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:03:41.0021 7892 wacommousefilter - ok
19:03:41.0052 7892 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:03:41.0052 7892 WacomPen - ok
19:03:41.0083 7892 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
19:03:41.0099 7892 wacomvhid - ok
19:03:41.0146 7892 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:03:41.0146 7892 WANARP - ok
19:03:41.0208 7892 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:03:41.0208 7892 Wanarpv6 - ok
19:03:41.0271 7892 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:41.0286 7892 WatAdminSvc - ok
19:03:41.0364 7892 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:03:41.0380 7892 wbengine - ok
19:03:41.0411 7892 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:03:41.0427 7892 WbioSrvc - ok
19:03:41.0473 7892 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:03:41.0473 7892 wcncsvc - ok
19:03:41.0505 7892 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:41.0505 7892 WcsPlugInService - ok
19:03:41.0536 7892 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:03:41.0536 7892 Wd - ok
19:03:41.0567 7892 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:03:41.0567 7892 Wdf01000 - ok
19:03:41.0629 7892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:03:41.0629 7892 WdiServiceHost - ok
19:03:41.0645 7892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:03:41.0645 7892 WdiSystemHost - ok
19:03:41.0692 7892 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
19:03:41.0692 7892 wdkmd - ok
19:03:41.0739 7892 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:03:41.0754 7892 WebClient - ok
19:03:41.0785 7892 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:03:41.0801 7892 Wecsvc - ok
19:03:41.0832 7892 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:03:41.0832 7892 wercplsupport - ok
19:03:41.0863 7892 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:03:41.0863 7892 WerSvc - ok
19:03:41.0863 7892 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:41.0863 7892 WfpLwf - ok
19:03:41.0895 7892 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:03:41.0895 7892 WimFltr - ok
19:03:41.0910 7892 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:03:41.0910 7892 WIMMount - ok
19:03:41.0941 7892 WinDefend - ok
19:03:41.0973 7892 WinHttpAutoProxySvc - ok
19:03:42.0035 7892 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:03:42.0051 7892 Winmgmt - ok
19:03:42.0160 7892 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:03:42.0175 7892 WinRM - ok
19:03:42.0238 7892 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:42.0238 7892 WinUsb - ok
19:03:42.0316 7892 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:03:42.0331 7892 Wlansvc - ok
19:03:42.0363 7892 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:03:42.0378 7892 wlcrasvc - ok
19:03:42.0487 7892 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:42.0519 7892 wlidsvc - ok
19:03:42.0581 7892 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:03:42.0581 7892 WmiAcpi - ok
19:03:42.0628 7892 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:03:42.0628 7892 wmiApSrv - ok
19:03:42.0690 7892 WMPNetworkSvc - ok
19:03:42.0721 7892 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:03:42.0721 7892 WPCSvc - ok
19:03:42.0768 7892 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:03:42.0768 7892 WPDBusEnum - ok
19:03:42.0799 7892 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:03:42.0799 7892 ws2ifsl - ok
19:03:42.0862 7892 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:03:42.0862 7892 wscsvc - ok
19:03:42.0893 7892 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:03:42.0893 7892 WSDPrintDevice - ok
19:03:42.0909 7892 WSearch - ok
19:03:42.0987 7892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:03:43.0018 7892 wuauserv - ok
19:03:43.0033 7892 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:03:43.0033 7892 WudfPf - ok
19:03:43.0065 7892 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:43.0065 7892 WUDFRd - ok
19:03:43.0111 7892 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:03:43.0111 7892 wudfsvc - ok
19:03:43.0158 7892 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:03:43.0158 7892 WwanSvc - ok
19:03:43.0221 7892 ================ Scan global ===============================
19:03:43.0267 7892 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:43.0314 7892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:03:43.0330 7892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:03:43.0361 7892 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:43.0392 7892 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:43.0408 7892 [Global] - ok
19:03:43.0408 7892 ================ Scan MBR ==================================
19:03:43.0423 7892 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:03:43.0782 7892 \Device\Harddisk0\DR0 - ok
19:03:43.0782 7892 ================ Scan VBR ==================================
19:03:43.0782 7892 [ 51D3153E11BAB844D2C883EE971944F1 ] \Device\Harddisk0\DR0\Partition1
19:03:43.0798 7892 \Device\Harddisk0\DR0\Partition1 - ok
19:03:43.0813 7892 [ 683C52AD82086AEDC39384B3D0160F54 ] \Device\Harddisk0\DR0\Partition2
19:03:43.0813 7892 \Device\Harddisk0\DR0\Partition2 - ok
19:03:43.0813 7892 ============================================================
19:03:43.0813 7892 Scan finished
19:03:43.0813 7892 ============================================================
19:03:43.0829 7556 Detected object count: 0
19:03:43.0829 7556 Actual detected object count: 0
19:05:21.0626 2112 Deinitialize success


Report •

#7
October 16, 2012 at 22:15:58
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robo :: ROBO-PC [administrator]

Protection: Enabled

10/16/2012 7:07:55 PM
mbam-log-2012-10-16 (19-07-55).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 464257
Time elapsed: 1 hour(s), 58 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#8
October 16, 2012 at 22:18:14
OTL LOG See Next

Report •

#9
October 16, 2012 at 22:20:01
OLT Log See Next

Report •

#10
October 16, 2012 at 22:50:50
trying to post OTL \

Report •

#11
October 16, 2012 at 23:00:36
OLT Log See Next

Report •

#12
October 16, 2012 at 23:03:49

Having site problems posting rest of OLT keeps kicking me out. I will continue to try

Report •

#13
October 17, 2012 at 00:01:47
OLT Log See Next

Report •

#14
October 17, 2012 at 00:18:55
Cant seem to paste the datae so try this link for the entire OLT file

http://tinyurl.com/94mg53q


Report •

#15
October 18, 2012 at 18:47:26
Any News yet?

Report •

#16
October 18, 2012 at 21:51:49
Your logs look pretty good, but there are some things we can clean up.

O1 - Hosts: 127.0.0.1 activate.adobe.com

Do you know why you have an entry in your hosts file that prevents you from reaching activate.adobe.com? if not, please include that line in the custom fix below under the :OTL line.

Please run OTL.exe and copy & paste the following into the Custom scans section at the bottom of the OTL window.

*** WARNING *** This fix is for this system only and no other. Use of this fix on another computer will cause problems!

:OTL
[2012/09/21 17:56:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Robo\AppData\Roaming\Mozilla\Firefox\Profiles\3vgbcarl.default\extensions\searchtoolbar@zugo.com
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O33 - MountPoints2\{2cc8c724-495c-11e1-a2f8-bc77371544a0}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc8c724-495c-11e1-a2f8-bc77371544a0}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{750a639d-b989-11e0-9023-bc77371544a0}\Shell - "" = AutoRun
O33 - MountPoints2\{750a639d-b989-11e0-9023-bc77371544a0}\Shell\AutoRun\command - "" = I:\ONSPCLCK.exe
O33 - MountPoints2\{8bceed21-cf07-11e1-94ef-bc77371544a0}\Shell - "" = AutoRun
O33 - MountPoints2\{8bceed21-cf07-11e1-94ef-bc77371544a0}\Shell\AutoRun\command - "" = E:\setup.exe -a
:COMMANDS
[EMPTYTEMP]
[CREATERESTOREPOINT]

Once this has been pasted into the Custom Scans area the bottom of the OTL main window, click on the Run Fix button. When it finishes running it will prompt for a reboot, please do so. Once the machine has restarted and you have logged back on, a new OTL log will be displayed. Please save this log to your desktop.

Why do you think you are infected with Hijacker.Tubby? Did you get an alert from AVG? What happened when you ran combofix last time?

Please re-post the new OTL log as well as the combofix log from when you ran it before. The combofix log should be located at C:\combofix.txt. If AVG detected the infection, please also provide the AVG logs. Thanks!

-----
IT Desktop & Network Consultant - MOS Master Certified, MCP, MCSA, MCITP - Windows 7, CCNA Certificate Pending, A+, Network +

::geek::


Report •

#17
October 20, 2012 at 09:36:59
SongCloud
Thanks for your help let me start off by saying SUCCESS, the 2 issues, Browser Hijacker Tubby and Adware Zugo are gone!

I was able to remove them by your suggestions and removing Bing settings. Bing for whatever reason what a culprit of a lot of the mess.

Just to let you know I found both those using SuperAntiSpyware, but that program would not remove them.

As for the Adobe issue, no clue, but I ran the script like you said, did a rerun of all my spyware, and anti virus programs and they report back 100% clean no more Tubby or Zugo

Consider this a success! Thank you so much!!!


Report •

#18
October 20, 2012 at 10:44:59
No problem. I'm glad that I could help!

Now a good technician always cleans up after himself, so let's do some cleaning of the removal tools that we used.

Clean out possibly infected restore points

Run OTL and copy and paste the following into the Custom Scans area:

:COMMANDS
[EMPTYTEMP]
[CLEARALLRESTOREPOINTS]

Once you have pasted the above commands into OTL, click on the Run Fix button.

OTL may ask for a reboot. If so, please proceed with the reboot so that it can finish clearing any infected files that were backed up by the normal system restore point creation process.

Tool & Quarantine Removal

Run OTL again and click on the button labeled CleanUp. This will remove the tools that were downloaded to clean the infection and the quarantine folders from them as well as the OTL program itself. This will require a reboot to remove the main OTL program.

Also remember to mark an answer so that it is easier for others who are having the same problems can find a solution easier.

Enjoy your clean computer and stay safe out there!

-----
IT Desktop & Network Consultant - MOS Master Certified, MCP, MCSA, MCITP - Windows 7, CCNA Certificate Pending, A+, Network +

::geek::


Report •

#19
October 20, 2012 at 10:48:20
In that case robo44, be sure to mark his answer as best answer....that will show that the problem is resolved and other people can benefit from it...thanks

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

Ask Question