TechSpot

[A] Sirefef.Y issues.

By Nicolu
Jul 20, 2012
  1. Typical situation with this, on the internet, doing what I do best. Things start acting up and I get the same crap as everyone else with the same problem. We're now at the point that it's restarting every min or so after boot up.

    Computer is running Windows 7, 64 bit.

    After reading all the posts I could get my hands on I start to run the programs that everyone asks for the logs of. So I ran farbar64 bit and this is the first log (FRST.txt, When you run the program the first time via the flash drive)

    Edit: Apparently it's too many char, going to post it as a reply.
     
  2. Nicolu

    Nicolu TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 20-07-2012 16:07:03
    Running from I:\
    Windows 7 Home Premium N Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry ==========================

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-09-11] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-09-11] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [363544 2009-09-11] (Intel Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
    HKU\The Awesome\...\Run: [Spotify Web Helper] "C:\Users\The Awesome\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-06-30] ()
    HKU\The Awesome\...\Run: [uiloer] rundll32.exe "C:\Users\The Awesome\AppData\Roaming\uiloer.dll",PszScanToWhiteA [139264 2012-07-20] (DT Soft Ltd)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
    HKLM-x32\...\Winlogon: [Userinit] userinit.exe [26624 2010-11-20] (Microsoft Corporation)
    HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
    HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-24] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
    Lsa: [Authentication Packages] msv1_0
    Lsa: [Notification Packages] scecli

    ==================== Services ====================

    2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [63928 2012-01-03] (Adobe Systems Incorporated)
    3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-07-11] (Adobe Systems Incorporated)
    3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
    3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
    2 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [65536 2010-11-20] (Microsoft Corporation)
    2 AppHostSvc; C:\Windows\SysWow64\inetsrv\apphostsvc.dll [61440 2010-11-20] (Microsoft Corporation)
    3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
    3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2010-11-20] (Microsoft Corporation)
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-18] (Microsoft Corporation)
    2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
    2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
    3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
    3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
    2 Browser; C:\Windows\System32\browser.dll [136192 2010-11-20] (Microsoft Corporation)
    3 bthserv; C:\Windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
    3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
    2 CISVC; C:\Windows\System32\CISVC.EXE [19456 2009-07-13] (Microsoft Corporation)
    4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
    4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
    2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
    2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
    3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation)
    3 COMSysApp; C:\Windows\SysWow64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2009-07-13] (Microsoft Corporation)
    2 CryptSvc; C:\Windows\System32\cryptsvc.dll [184320 2012-04-23] (Microsoft Corporation)
    2 CryptSvc; C:\Windows\SysWow64\cryptsvc.dll [140288 2012-04-23] (Microsoft Corporation)
    2 DcomLaunch; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
    3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
    2 Dhcp; C:\Windows\System32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
    2 Dhcp; C:\Windows\SysWow64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
    2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-02] (Microsoft Corporation)
    3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
    2 DPS; C:\Windows\System32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
    3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
    2 EFS; C:\Windows\System32\lsass.exe [31232 2011-11-16] (Microsoft Corporation)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
    2 eventlog; C:\Windows\SysWow64\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 EventSystem; C:\Windows\System32\es.dll [402944 2009-07-13] (Microsoft Corporation)
    2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
    3 Fax; C:\Windows\System32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
    3 fdPHost; C:\Windows\System32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
    3 FDResPub; C:\Windows\System32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
    2 FontCache; C:\Windows\System32\FntCache.dll [1139200 2011-02-19] (Microsoft Corporation)
    3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
    2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
    3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
    3 hidserv; C:\Windows\SysWow64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
    3 hkmsvc; C:\Windows\System32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
    3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
    3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
    3 HomeGroupProvider; C:\Windows\SysWow64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
    2 HsfXAudioService; C:\Windows\SysWOW64\XAudio64.dll [436736 2009-04-28] (Conexant Systems, Inc.)
    3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-20] (Microsoft Corporation)
    2 IKEEXT; C:\Windows\System32\ikeext.dll [853504 2010-11-20] (Microsoft Corporation)
    3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
    3 KeyIso; C:\Windows\System32\lsass.exe [31232 2011-11-16] (Microsoft Corporation)
    3 KtmRm; C:\Windows\System32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
    2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
    2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
    3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
    2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
    2 MMCSS; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
    3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [113120 2012-07-18] (Mozilla Foundation)
    3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
    3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
    3 msiserver; C:\Windows\System32\msiexec.exe /V [128000 2010-11-20] (Microsoft Corporation)
    3 msiserver; C:\Windows\SysWow64\msiexec.exe /V [73216 2010-11-20] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [58345832 2011-09-22] (Microsoft Corporation)
    4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [61976 2009-07-22] (Microsoft Corporation)
    3 napagent; C:\Windows\System32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
    3 Netlogon; C:\Windows\System32\lsass.exe [31232 2011-11-16] (Microsoft Corporation)
    3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
    4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
    4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
    3 netprofm; C:\Windows\SysWow64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
    4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2010-11-20] (Microsoft Corporation)
    2 nsi; C:\Windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
    2 nvsvc; C:\Windows\system32\nvvsvc.exe [1016936 2011-05-21] (NVIDIA Corporation)
    3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
    3 p2psvc; C:\Windows\System32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
    2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
    3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
    3 pla; C:\Windows\System32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
    3 pla; C:\Windows\SysWow64\pla.dll [1508864 2010-11-20] (Microsoft Corporation)
    2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation)
    3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
    3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
    2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
    2 Power; C:\Windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
    2 ProfSvc; C:\Windows\System32\profsvc.dll [209920 2012-04-30] (Microsoft Corporation)
    3 ProtectedStorage; C:\Windows\System32\lsass.exe [31232 2011-11-16] (Microsoft Corporation)
    3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
    3 QWAVE; C:\Windows\SysWow64\qwave.dll [210944 2009-07-13] (Microsoft Corporation)
    3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
    3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
    4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
    4 RemoteAccess; C:\Windows\SysWow64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
    3 RemoteRegistry; C:\Windows\System32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
    2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
    3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
    2 RpcSs; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
    2 SamSs; C:\Windows\System32\lsass.exe [31232 2011-11-16] (Microsoft Corporation)
    3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
    2 Schedule; C:\Windows\System32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation)
    3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
    3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
    3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
    2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
    2 SENS; C:\Windows\SysWow64\sens.dll [49664 2009-07-13] (Microsoft Corporation)
    3 SensrSvc; C:\Windows\System32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
    3 SessionEnv; C:\Windows\System32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
    3 SessionEnv; C:\Windows\SysWow64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
    2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
    2 ShellHWDetection; C:\Windows\SysWow64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
    2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
    3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
    2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2010-11-20] (Microsoft Corporation)
    2 sppsvc; C:\Windows\System32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
    3 sppuinotify; C:\Windows\System32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
    4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [431464 2011-09-22] (Microsoft Corporation)
    4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [255336 2011-09-22] (Microsoft Corporation)
    2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [154984 2011-09-22] (Microsoft Corporation)
    3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
    3 SstpSvc; C:\Windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
    3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [529232 2012-06-20] (Valve Corporation)
    2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
    3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
    2 SysMain; C:\Windows\System32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation)
    3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
    3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
    3 TapiSrv; C:\Windows\SysWow64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
    3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
    3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation)
    2 Themes; C:\Windows\System32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
    3 THREADORDER; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
    2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
    3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
    3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
    2 UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
    3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
    3 upnphost; C:\Windows\SysWow64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
    2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
    3 VaultSvc; C:\Windows\System32\lsass.exe [31232 2011-11-16] (Microsoft Corporation)
    3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
    3 VSS; C:\Windows\System32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
    3 W32Time; C:\Windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
    3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    3 WAS; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
    3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2011-08-19] (Microsoft Corporation)
    3 wbengine; "C:\Windows\system32\wbengine.exe" [1504256 2010-11-20] (Microsoft Corporation)
    3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
    3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
    3 wcncsvc; C:\Windows\SysWow64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
    3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
    3 WcsPlugInService; C:\Windows\SysWow64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)
    3 WdiServiceHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
    3 WdiServiceHost; C:\Windows\SysWow64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
    3 WdiSystemHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
    3 WdiSystemHost; C:\Windows\SysWow64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
    3 WebClient; C:\Windows\System32\webclnt.dll [258560 2010-11-20] (Microsoft Corporation)
    3 WebClient; C:\Windows\SysWow64\webclnt.dll [204800 2010-11-20] (Microsoft Corporation)
    3 Wecsvc; C:\Windows\System32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
    3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
    3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
    3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
    3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-20] (Microsoft Corporation)
    2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
    3 WinRM; C:\Windows\System32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation)
    3 WinRM; C:\Windows\SysWow64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation)
    3 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
    2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2292096 2011-03-28] (Microsoft Corp.)
    3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
    3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
    3 WPCSvc; C:\Windows\SysWow64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
    2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [591872 2011-05-03] (Microsoft Corporation)
    2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe /Embedding [427520 2011-05-03] (Microsoft Corporation)
    3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [78848 2010-11-20] (Microsoft Corporation)
    3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-13] (Microsoft Corporation)

    ========================== Drivers ===========================

    3 1394ohci; C:\Windows\System32\Drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
    0 ACPI; C:\Windows\System32\Drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
    3 AcpiPmi; C:\Windows\System32\Drivers\AcpiPmi.sys [12800 2010-11-20] (Microsoft Corporation)
    3 adp94xx; C:\Windows\System32\Drivers\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
    3 adpahci; C:\Windows\System32\Drivers\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
    3 adpu320; C:\Windows\System32\Drivers\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
    1 AFD; C:\Windows\System32\Drivers\AFD.sys [498688 2011-12-27] (Microsoft Corporation)
    3 agp440; C:\Windows\System32\Drivers\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
    3 aliide; C:\Windows\System32\Drivers\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
    3 amdide; C:\Windows\System32\Drivers\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
    3 AmdK8; C:\Windows\System32\Drivers\AmdK8.sys [64512 2009-07-13] (Microsoft Corporation)
    3 AmdPPM; C:\Windows\System32\Drivers\AmdPPM.sys [60928 2009-07-13] (Microsoft Corporation)
    3 amdsata; C:\Windows\System32\Drivers\amdsata.sys [107904 2011-03-10] (Advanced Micro Devices)
    3 amdsbs; C:\Windows\System32\Drivers\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
    0 amdxata; C:\Windows\System32\Drivers\amdxata.sys [27008 2011-03-10] (Advanced Micro Devices)
    3 AppID; C:\Windows\System32\Drivers\AppID.sys [61440 2010-11-20] (Microsoft Corporation)
    3 arc; C:\Windows\System32\Drivers\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
    3 arcsas; C:\Windows\System32\Drivers\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
    3 AsyncMac; C:\Windows\System32\Drivers\AsyncMac.sys [23040 2009-07-13] (Microsoft Corporation)
    0 atapi; C:\Windows\System32\Drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
    3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
    3 b57nd60a; C:\Windows\System32\Drivers\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
    1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
    1 blbdrive; C:\Windows\System32\Drivers\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
    3 bowser; C:\Windows\System32\Drivers\bowser.sys [90624 2011-02-22] (Microsoft Corporation)
    3 BrFiltLo; C:\Windows\System32\Drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
    3 BrFiltUp; C:\Windows\System32\Drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
    3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
    3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
    3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
    3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
    3 BTHMODEM; C:\Windows\System32\Drivers\BTHMODEM.sys [72192 2009-07-13] (Microsoft Corporation)
    3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [411136 2009-02-13] (Conexant Systems, Inc.)
    4 cdfs; C:\Windows\System32\Drivers\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
    1 cdrom; C:\Windows\System32\Drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
    3 circlass; C:\Windows\System32\Drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
    0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
    3 CmBatt; C:\Windows\System32\Drivers\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
    3 cmdide; C:\Windows\System32\Drivers\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
    0 CNG; C:\Windows\System32\Drivers\CNG.sys [458704 2012-06-01] (Microsoft Corporation)
    3 Compbatt; C:\Windows\System32\Drivers\Compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
    3 CompositeBus; C:\Windows\System32\Drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
    4 crcdisk; C:\Windows\System32\Drivers\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
    1 DfsC; C:\Windows\System32\Drivers\DfsC.sys [102400 2010-11-20] (Microsoft Corporation)
    1 discache; C:\Windows\System32\Drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
    0 Disk; C:\Windows\System32\Drivers\Disk.sys [73280 2009-07-13] (Microsoft Corporation)
    3 drmkaud; C:\Windows\System32\Drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
    3 DXGKrnl; C:\Windows\System32\Drivers\DXGKrnl.sys [982912 2010-11-20] (Microsoft Corporation)
    3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
    3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    3 elxstor; C:\Windows\System32\Drivers\elxstor.sys [530496 2009-07-13] (Emulex)
    3 ErrDev; C:\Windows\System32\Drivers\ErrDev.sys [9728 2009-07-13] (Microsoft Corporation)
    3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
    3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
    3 fdc; C:\Windows\System32\Drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
    0 FileInfo; C:\Windows\System32\Drivers\FileInfo.sys [70224 2009-07-13] (Microsoft Corporation)
    3 Filetrace; C:\Windows\System32\Drivers\Filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
    3 flpydisk; C:\Windows\System32\Drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
    0 FltMgr; C:\Windows\System32\Drivers\FltMgr.sys [289664 2010-11-20] (Microsoft Corporation)
    3 FsDepends; C:\Windows\System32\Drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
    0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-02-29] (Microsoft Corporation)
    0 fvevol; C:\Windows\System32\Drivers\fvevol.sys [223248 2010-11-20] (Microsoft Corporation)
    3 gagp30kx; C:\Windows\System32\Drivers\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hcw18bda; C:\Windows\System32\Drivers\hcw18bda.sys [509056 2009-05-28] (Hauppauge Computer Works, Inc)
    3 hcw85cir; C:\Windows\System32\Drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
    3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation)
    3 HDAudBus; C:\Windows\System32\Drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
    3 HidBatt; C:\Windows\System32\Drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
    3 HidBth; C:\Windows\System32\Drivers\HidBth.sys [100864 2009-07-13] (Microsoft Corporation)
    3 HidIr; C:\Windows\System32\Drivers\HidIr.sys [46592 2009-07-13] (Microsoft Corporation)
    3 HidUsb; C:\Windows\System32\Drivers\HidUsb.sys [30208 2010-11-20] (Microsoft Corporation)
    3 HpSAMD; C:\Windows\System32\Drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
    3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
    3 HTTP; C:\Windows\System32\Drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation)
    0 hwpolicy; C:\Windows\System32\Drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
    3 i8042prt; C:\Windows\System32\Drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
    3 iaStorV; C:\Windows\System32\Drivers\iaStorV.sys [410496 2011-03-10] (Intel Corporation)
    3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6177472 2009-09-11] (Intel Corporation)
    3 iirsp; C:\Windows\System32\Drivers\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
    3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [4718952 2011-12-13] (Realtek Semiconductor Corp.)
    0 intelide; C:\Windows\System32\Drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
    3 intelppm; C:\Windows\System32\Drivers\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
    3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
    3 IPMIDRV; C:\Windows\System32\Drivers\IPMIDRV.sys [78848 2010-11-20] (Microsoft Corporation)
    3 IPNAT; C:\Windows\System32\Drivers\IPNAT.sys [116224 2009-07-13] (Microsoft Corporation)
    3 IRENUM; C:\Windows\System32\Drivers\IRENUM.sys [17920 2009-07-13] (Microsoft Corporation)
    3 isapnp; C:\Windows\System32\Drivers\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
    3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
    3 kbdclass; C:\Windows\System32\Drivers\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
    3 kbdhid; C:\Windows\System32\Drivers\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
    0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [95600 2012-06-01] (Microsoft Corporation)
    0 KSecPkg; C:\Windows\System32\Drivers\KSecPkg.sys [151920 2012-06-01] (Microsoft Corporation)
    3 ksthunk; C:\Windows\System32\Drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
    2 lltdio; C:\Windows\System32\Drivers\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
    3 LSI_FC; C:\Windows\System32\Drivers\LSI_FC.sys [114752 2009-07-13] (LSI Corporation)
    3 LSI_SAS; C:\Windows\System32\Drivers\LSI_SAS.sys [106560 2009-07-13] (LSI Corporation)
    3 LSI_SAS2; C:\Windows\System32\Drivers\LSI_SAS2.sys [65600 2009-07-13] (LSI Corporation)
    3 LSI_SCSI; C:\Windows\System32\Drivers\LSI_SCSI.sys [115776 2009-07-13] (LSI Corporation)
    2 luafv; C:\Windows\System32\Drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
    3 LVRS64; C:\Windows\System32\Drivers\LVRS64.sys [351136 2012-01-18] (Logitech Inc.)
    3 LVUVC64; C:\Windows\System32\Drivers\LVUVC64.sys [4865568 2012-01-18] (Logitech Inc.)
    2 mdmxsdk; C:\Windows\System32\Drivers\mdmxsdk.sys [17024 2006-06-17] (Conexant)
    3 megasas; C:\Windows\System32\Drivers\megasas.sys [35392 2009-07-13] (LSI Corporation)
    3 MegaSR; C:\Windows\System32\Drivers\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
    3 Modem; C:\Windows\System32\Drivers\Modem.sys [40448 2009-07-13] (Microsoft Corporation)
    3 monitor; C:\Windows\System32\Drivers\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
    3 mouclass; C:\Windows\System32\Drivers\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
    3 mouhid; C:\Windows\System32\Drivers\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
    0 mountmgr; C:\Windows\System32\Drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
    3 mpio; C:\Windows\System32\Drivers\mpio.sys [155008 2010-11-20] (Microsoft Corporation)
    3 mpsdrv; C:\Windows\System32\Drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
    3 MRxDAV; C:\Windows\System32\Drivers\MRxDAV.sys [140800 2010-11-20] (Microsoft Corporation)
    3 mrxsmb; C:\Windows\System32\Drivers\mrxsmb.sys [158208 2011-04-26] (Microsoft Corporation)
    3 mrxsmb10; C:\Windows\System32\Drivers\mrxsmb10.sys [288768 2011-07-08] (Microsoft Corporation)
    3 mrxsmb20; C:\Windows\System32\Drivers\mrxsmb20.sys [128000 2011-04-26] (Microsoft Corporation)
    0 msahci; C:\Windows\System32\Drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
    3 msdsm; C:\Windows\System32\Drivers\msdsm.sys [140672 2010-11-20] (Microsoft Corporation)
    1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
    3 mshidkmdf; C:\Windows\System32\Drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
    0 msisadrv; C:\Windows\System32\Drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
    3 MSKSSRV; C:\Windows\System32\Drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
    3 MSPCLOCK; C:\Windows\System32\Drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
    3 MSPQM; C:\Windows\System32\Drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
    3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] (Microsoft Corporation)
    1 mssmbios; C:\Windows\System32\Drivers\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
    3 MSTEE; C:\Windows\System32\Drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
    3 MTConfig; C:\Windows\System32\Drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
    0 Mup; C:\Windows\System32\Drivers\Mup.sys [60496 2009-07-13] (Microsoft Corporation)
    3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
    0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [951680 2010-11-20] (Microsoft Corporation)
    3 NdisCap; C:\Windows\System32\Drivers\NdisCap.sys [35328 2009-07-13] (Microsoft Corporation)
    3 NdisTapi; C:\Windows\System32\Drivers\NdisTapi.sys [24064 2009-07-13] (Microsoft Corporation)
    3 Ndisuio; C:\Windows\System32\Drivers\Ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
    3 NdisWan; C:\Windows\System32\Drivers\NdisWan.sys [164352 2010-11-20] (Microsoft Corporation)
    3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
    1 NetBIOS; C:\Windows\System32\Drivers\NetBIOS.sys [44544 2009-07-13] (Microsoft Corporation)
    1 NetBT; C:\Windows\System32\Drivers\NetBT.sys [261632 2010-11-20] (Microsoft Corporation)
    3 nfrd960; C:\Windows\System32\Drivers\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
    1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
    1 nsiproxy; C:\Windows\System32\Drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
    3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659776 2011-03-10] (Microsoft Corporation)
    1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
    3 nvlddmkm; C:\Windows\System32\Drivers\nvlddmkm.sys [13206120 2011-05-21] (NVIDIA Corporation)
    3 nvraid; C:\Windows\System32\Drivers\nvraid.sys [148352 2011-03-10] (NVIDIA Corporation)
    3 nvstor; C:\Windows\System32\Drivers\nvstor.sys [166272 2011-03-10] (NVIDIA Corporation)
    3 nv_agp; C:\Windows\System32\Drivers\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
    3 ohci1394; C:\Windows\System32\Drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
    3 Parport; C:\Windows\System32\Drivers\Parport.sys [97280 2009-07-13] (Microsoft Corporation)
    0 partmgr; C:\Windows\System32\Drivers\partmgr.sys [75120 2012-03-16] (Microsoft Corporation)
    0 pci; C:\Windows\System32\Drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
    3 pciide; C:\Windows\System32\Drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
    3 pcmcia; C:\Windows\System32\Drivers\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
    0 pcw; C:\Windows\System32\Drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
    2 PEAUTH; C:\Windows\System32\Drivers\PEAUTH.sys [651264 2009-07-13] (Microsoft Corporation)
    3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
    3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation)
    1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation)
    3 ql2300; C:\Windows\System32\Drivers\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
    3 ql40xx; C:\Windows\System32\Drivers\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
    3 QWAVEdrv; C:\Windows\System32\Drivers\QWAVEdrv.sys [46592 2009-07-13] (Microsoft Corporation)
    3 RasAcd; C:\Windows\System32\Drivers\RasAcd.sys [14848 2009-07-13] (Microsoft Corporation)
    3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
    3 Rasl2tp; C:\Windows\System32\Drivers\Rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
    3 RasPppoe; C:\Windows\System32\Drivers\RasPppoe.sys [92672 2009-07-13] (Microsoft Corporation)
    3 RasSstp; C:\Windows\System32\Drivers\RasSstp.sys [83968 2009-07-13] (Microsoft Corporation)
    1 rdbss; C:\Windows\System32\Drivers\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
    3 rdpbus; C:\Windows\System32\Drivers\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
    1 RDPCDD; C:\Windows\System32\Drivers\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
    1 RDPENCDD; C:\Windows\System32\Drivers\RDPENCDD.sys [7680 2009-07-13] (Microsoft Corporation)
    1 RDPREFMP; C:\Windows\System32\Drivers\RDPREFMP.sys [8192 2009-07-13] (Microsoft Corporation)
    3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-27] (Microsoft Corporation)
    0 rdyboost; C:\Windows\System32\Drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
    4 RsFx0105; C:\Windows\System32\Drivers\RsFx0105.sys [311144 2011-09-22] (Microsoft Corporation)
    2 rspndr; C:\Windows\System32\Drivers\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
    3 sbp2port; C:\Windows\System32\Drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
    3 scfilter; C:\Windows\System32\Drivers\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
    2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    3 Serenum; C:\Windows\System32\Drivers\Serenum.sys [23552 2009-07-13] (Microsoft Corporation)
    3 Serial; C:\Windows\System32\Drivers\Serial.sys [94208 2009-07-13] (Microsoft Corporation)
    3 sermouse; C:\Windows\System32\Drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
    3 sffdisk; C:\Windows\System32\Drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
    3 sffp_mmc; C:\Windows\System32\Drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
    3 sffp_sd; C:\Windows\System32\Drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
    3 sfloppy; C:\Windows\System32\Drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
    3 SiSRaid2; C:\Windows\System32\Drivers\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
    3 SiSRaid4; C:\Windows\System32\Drivers\SiSRaid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
    3 Smb; C:\Windows\System32\Drivers\Smb.sys [93184 2009-07-13] (Microsoft Corporation)
    0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
    3 srv; C:\Windows\System32\Drivers\srv.sys [467456 2011-04-28] (Microsoft Corporation)
    3 srv2; C:\Windows\System32\Drivers\srv2.sys [410112 2011-04-28] (Microsoft Corporation)
    3 srvnet; C:\Windows\System32\Drivers\srvnet.sys [168448 2011-04-28] (Microsoft Corporation)
    3 stexstor; C:\Windows\System32\Drivers\stexstor.sys [24656 2009-07-13] (Promise Technology)
    3 swenum; C:\Windows\System32\Drivers\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
    0 Tcpip; C:\Windows\System32\Drivers\Tcpip.sys [1918320 2012-03-30] (Microsoft Corporation)
    3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1918320 2012-03-30] (Microsoft Corporation)
    2 tcpipreg; C:\Windows\System32\Drivers\tcpipreg.sys [45056 2010-11-20] (Microsoft Corporation)
    3 TDPIPE; C:\Windows\System32\Drivers\TDPIPE.sys [15872 2009-07-13] (Microsoft Corporation)
    3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [23552 2012-02-16] (Microsoft Corporation)
    1 tdx; C:\Windows\System32\Drivers\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
    1 TermDD; C:\Windows\System32\Drivers\TermDD.sys [63360 2010-11-20] (Microsoft Corporation)
    3 tssecsrv; C:\Windows\System32\Drivers\tssecsrv.sys [39424 2010-11-20] (Microsoft Corporation)
    3 TsUsbFlt; C:\Windows\System32\Drivers\TsUsbFlt.sys [59392 2010-11-20] (Microsoft Corporation)
    3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
    3 tunnel; C:\Windows\System32\Drivers\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
    3 uagp35; C:\Windows\System32\Drivers\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
    4 udfs; C:\Windows\System32\Drivers\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
    3 uliagpkx; C:\Windows\System32\Drivers\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
    3 umbus; C:\Windows\System32\Drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
    3 UmPass; C:\Windows\System32\Drivers\UmPass.sys [9728 2009-07-13] (Microsoft Corporation)
    3 usbaudio; C:\Windows\System32\Drivers\usbaudio.sys [109696 2010-11-20] (Microsoft Corporation)
    3 usbccgp; C:\Windows\System32\Drivers\usbccgp.sys [98816 2011-03-24] (Microsoft Corporation)
    3 usbcir; C:\Windows\System32\Drivers\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
    3 usbehci; C:\Windows\System32\Drivers\usbehci.sys [52736 2011-03-24] (Microsoft Corporation)
    3 usbhub; C:\Windows\System32\Drivers\usbhub.sys [343040 2011-03-24] (Microsoft Corporation)
    3 usbohci; C:\Windows\System32\Drivers\usbohci.sys [25600 2011-03-24] (Microsoft Corporation)
    3 usbprint; C:\Windows\System32\Drivers\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
    3 usbscan; C:\Windows\System32\Drivers\usbscan.sys [41984 2009-07-13] (Microsoft Corporation)
    3 USBSTOR; C:\Windows\System32\Drivers\USBSTOR.sys [91648 2011-03-10] (Microsoft Corporation)
    3 usbuhci; C:\Windows\System32\Drivers\usbuhci.sys [30720 2011-03-24] (Microsoft Corporation)
    0 vdrvroot; C:\Windows\System32\Drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
    3 vga; C:\Windows\System32\Drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
    1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
    3 vhdmp; C:\Windows\System32\Drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
    3 viaide; C:\Windows\System32\Drivers\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
    1 vmm; C:\Windows\System32\Drivers\vmm.sys [295272 2010-09-08] (Microsoft Corporation)
    0 volmgr; C:\Windows\System32\Drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
    0 volmgrx; C:\Windows\System32\Drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
    0 volsnap; C:\Windows\System32\Drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
    3 vsmraid; C:\Windows\System32\Drivers\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
    3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
    3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
    3 vwifibus; C:\Windows\System32\Drivers\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
    3 WacomPen; C:\Windows\System32\Drivers\WacomPen.sys [27776 2009-07-13] (Microsoft Corporation)
    3 WANARP; C:\Windows\System32\Drivers\WANARP.sys [88576 2010-11-20] (Microsoft Corporation)
    1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
    3 Wd; C:\Windows\System32\Drivers\Wd.sys [21056 2009-07-13] (Microsoft Corporation)
    0 Wdf01000; C:\Windows\System32\Drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
    1 WfpLwf; C:\Windows\System32\Drivers\WfpLwf.sys [12800 2009-07-13] (Microsoft Corporation)
    3 WIMMount; C:\Windows\System32\Drivers\WIMMount.sys [22096 2009-07-13] (Microsoft Corporation)
    3 WIMMount; C:\Windows\SysWow64\Drivers\WIMMount.sys [19008 2009-07-13] (Microsoft Corporation)
    3 winachsf; C:\Windows\System32\DRIVERS\CAX_CNXT.sys [740864 2009-02-13] (Conexant Systems, Inc.)
    3 WmiAcpi; C:\Windows\System32\Drivers\WmiAcpi.sys [14336 2009-07-13] (Microsoft Corporation)
    4 ws2ifsl; C:\Windows\System32\Drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
    3 WudfPf; C:\Windows\System32\Drivers\WudfPf.sys [112128 2010-11-20] (Microsoft Corporation)
    2 XAudio; C:\Windows\System32\DRIVERS\XAudio64.sys [10240 2009-04-28] (Conexant Systems, Inc.)
    4 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [x]
     
  3. Nicolu

    Nicolu TS Rookie Topic Starter

    ========================== Drivers MD5 =======================

    C:\Windows\System32\Drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\AcpiPmi.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\AFD.sys 1C7857B62DE5994A75B054A9FD4C3825
    C:\Windows\System32\Drivers\agp440.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\aliide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\amdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\AmdK8.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\AmdPPM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\System32\Drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Windows\System32\Drivers\AppID.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\arc.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\AsyncMac.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\atapi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\bowser.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys 8A7557968192E7E3EABDE0200A576131
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BTHMODEM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\CAXHWBS2.sys 46F088D1247E825B313200254EDD9E5B
    C:\Windows\System32\Drivers\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cdrom.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\CmBatt.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\CNG.sys 9AC4F97C2D3E93367E2148EA940CD2CD
    C:\Windows\System32\Drivers\Compbatt.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\CompositeBus.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\DfsC.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Disk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\DXGKrnl.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\efe5b32e.sys A6DB3A7828B456A574243066E2E77D8C
    C:\Windows\system32\drivers\evbda.sys 1AB264B72E7871121131A2C51017DE5E
    C:\Windows\System32\Drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ErrDev.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fdc.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\FileInfo.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Filetrace.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\FltMgr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\Drivers\fvevol.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
    C:\Windows\System32\Drivers\hcw18bda.sys EEE3CE595373BA78E19A3039E5346CE4
    C:\Windows\System32\Drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\System32\Drivers\HDAudBus.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\HidBatt.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\HidBth.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\HidIr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\HidUsb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CAX_DP.sys 64667D9808FD09FABEDCCF62E8F52662
    C:\Windows\System32\Drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\i8042prt.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\Windows\System32\DRIVERS\igdkmd64.sys 89B99E3E988DFA20ABB58FF1930ADD21
    C:\Windows\System32\Drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHD64.sys 150AC23F21DBDBF8488408BA944B0D65
    C:\Windows\System32\Drivers\intelide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\IPMIDRV.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\IPNAT.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\IRENUM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\KSecDD.sys 97A7070AEA4C058B6418519E869A63B4
    C:\Windows\System32\Drivers\KSecPkg.sys 26C43A7C2862447EC59DEDA188D1DA07
    C:\Windows\System32\Drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\lltdio.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\LSI_FC.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\LSI_SAS.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\LSI_SAS2.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\LSI_SCSI.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\luafv.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\LVRS64.sys 0C85B2B6FB74B36A251792D45E0EF860
    C:\Windows\System32\Drivers\LVUVC64.sys FF3A488924B0032B1A9CA6948C1FA9E8
    C:\Windows\System32\Drivers\mdmxsdk.sys E4F44EC214B3E381E1FC844A02926666
    C:\Windows\System32\Drivers\megasas.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Modem.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\monitor.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MpFilter.sys 94C66EDEDCDB6A126880472F9A704D8E
    C:\Windows\System32\Drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MRxDAV.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
    C:\Windows\System32\Drivers\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
    C:\Windows\System32\Drivers\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
    C:\Windows\System32\Drivers\msahci.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDIS.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NdisCap.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NdisTapi.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NdisWan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NetBIOS.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NetBT.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\NisDrvWFP.sys 91B4E0273D2F6C24EF845F2B41311289
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\nvlddmkm.sys B34E9BFBD9C61048EF6281C3E7EC210A
    C:\Windows\System32\Drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\System32\Drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Windows\System32\Drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Parport.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
    C:\Windows\System32\Drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\pciide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\PEAUTH.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\QWAVEdrv.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RasAcd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RasPppoe.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RasSstp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPENCDD.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPREFMP.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
    C:\Windows\System32\Drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RsFx0105.sys C9FE05A63C500ABE3AFA5786504C4D36
    C:\Windows\System32\Drivers\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Serenum.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Serial.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\SiSRaid4.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Smb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
    C:\Windows\System32\Drivers\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
    C:\Windows\System32\Drivers\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
    C:\Windows\System32\Drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\swenum.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
    C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
    C:\Windows\System32\Drivers\tcpipreg.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\TDPIPE.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\TDTCP.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\Drivers\tdx.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\TermDD.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\tssecsrv.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\TsUsbFlt.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
    C:\Windows\System32\Drivers\tunnel.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\udfs.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\umbus.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\UmPass.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
    C:\Windows\System32\Drivers\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
    C:\Windows\System32\Drivers\usbcir.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
    C:\Windows\System32\Drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
    C:\Windows\System32\Drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
    C:\Windows\System32\Drivers\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\usbscan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\USBSTOR.sys FED648B01349A3C8395A5169DB5FB7D6
    C:\Windows\System32\Drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
    C:\Windows\System32\Drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\vga.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\viaide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\vmm.sys 21C96AA588D3993191761A08DBAABB15
    C:\Windows\System32\Drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\VSTBS26.SYS 93132C69394A99D992095D8CFE464801
    C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
    C:\Windows\System32\Drivers\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\WacomPen.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\WANARP.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Wd.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Wdf01000.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\WfpLwf.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\WIMMount.sys ==> MD5 is legit
    C:\Windows\SysWow64\Drivers\WIMMount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CAX_CNXT.sys A6EA7A3FC4B00F48535B506DB1E86EFD
    C:\Windows\System32\Drivers\WmiAcpi.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\WudfPf.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\XAudio64.sys E8F3FA126A06F8E7088F63757112A186

    ========================== NetSvcs (Whitelisted) ===========


    ========================= Known DLLs =========================

    [2009-07-13 16:00] - [2009-07-13 17:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
    [2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 2086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 1414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    [2009-07-13 16:41] - [2009-07-13 17:40] - 0877056 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0594432 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0403968 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0311296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    [2012-07-10 23:01] - [2012-06-02 03:59] - 2144768 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
    [2012-07-10 23:01] - [2012-06-02 00:19] - 1793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
    [2012-04-10 23:00] - [2012-02-29 22:33] - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
    [2012-04-10 23:00] - [2012-02-29 21:33] - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
    [2009-07-13 15:38] - [2009-07-13 17:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
    [2011-08-19 16:57] - [2011-07-15 21:37] - 1162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    [2011-08-19 16:57] - [2011-07-15 20:24] - 1114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    [2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
    [2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
    [2009-07-13 15:40] - [2009-07-13 17:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
    [2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
    [2012-02-15 02:28] - [2011-12-16 00:46] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
    [2012-02-15 02:28] - [2011-12-15 23:52] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
    [2009-07-13 15:26] - [2009-07-13 17:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
    [2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
    [2009-07-13 15:21] - [2009-07-13 17:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
    [2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
    [2011-10-11 12:57] - [2011-08-26 21:37] - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
    [2011-10-11 12:57] - [2011-08-26 20:26] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OLEAUT32.dll
    [2009-07-13 15:26] - [2009-07-13 17:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
    [2009-07-13 15:15] - [2009-07-13 17:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 1219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0663040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    [2009-07-13 15:20] - [2009-07-13 17:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
    [2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 1900544 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 1667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
    [2012-07-11 03:22] - [2012-06-08 21:43] - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
    [2012-07-11 03:22] - [2012-06-08 20:41] - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHELL32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
    [2012-07-10 23:01] - [2012-06-02 04:05] - 1346048 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
    [2012-07-10 23:01] - [2012-06-02 00:26] - 1103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\URLMON.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0800256 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
    [2012-07-10 23:01] - [2012-06-02 04:05] - 1392128 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
    [2012-07-10 23:01] - [2012-06-02 00:25] - 1129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WININET.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0312832 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WLDAP32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0297984 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll
    [2009-07-13 15:27] - [2009-07-13 17:40] - 0504320 ____A (Microsoft Corporation) C:\Windows\System32\DifxApi.dll
    [2009-07-13 15:16] - [2009-07-13 17:15] - 0315904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DifxApi.dll

    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 20%
    Total physical RAM: 3454.49 MB
    Available physical RAM: 2755.19 MB
    Total Pagefile: 3452.69 MB
    Available Pagefile: 2862.54 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:298.09 GB) (Free:118.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    7 Drive I: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 3824 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 31 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 298 GB Healthy

    ==================================================================================

    Partitions of Disk 5:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3820 MB 4032 KB

    ==================================================================================

    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT32 Removable 3820 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 01:19

    ======================= End Of Log ==========================
     
  4. Nicolu

    Nicolu TS Rookie Topic Starter

    And this is the service.exe file after the search:

    Farbar Recovery Scan Tool Version: 20-07-2012
    Ran by SYSTEM at 2012-07-20 16:15:19
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-07-20 11:44] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  6. Nicolu

    Nicolu TS Rookie Topic Starter

    First log you asked for, the Fixlog:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
    Ran by SYSTEM at 2012-07-22 01:26:25 Run:2
    Running from E:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_USERS\The Awesome\Software\Microsoft\Windows\CurrentVersion\Run\\uiloer Value not found.
    C:\Users\The Awesome\AppData\Roaming\uiloer.dll not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    ComboFix 12-07-21.01 - The Awesome 07/22/2012 1:48.1.2 - x64
    Microsoft Windows 7 Home Premium N 6.1.7601.1.1252.1.1033.18.3454.2331 [GMT -4:00]
    Running from: c:\users\The Awesome\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\0C1CFAC3B1A891EA994F79B2F875F002
    c:\programdata\0C1CFAC3B1A891EA994F79B2F875F002\0C1CFAC3B1A891EA994F79B2F875F002
    c:\programdata\0C1CFAC3B1A891EA994F79B2F875F002\0C1CFAC3B1A891EA994F79B2F875F002.exe
    c:\programdata\0C1CFAC3B1A891EA994F79B2F875F002\0C1CFAC3B1A891EA994F79B2F875F002.ico
    c:\users\The Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
    c:\users\The Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
    c:\windows\Installer\{997356ad-b2de-dc34-5a70-4513dfd6d4e6}\@
    c:\windows\Installer\{997356ad-b2de-dc34-5a70-4513dfd6d4e6}\L\00000004.@
    c:\windows\Installer\{997356ad-b2de-dc34-5a70-4513dfd6d4e6}\L\1afb2d56
    c:\windows\Installer\{997356ad-b2de-dc34-5a70-4513dfd6d4e6}\L\201d3dde
    c:\windows\Installer\{997356ad-b2de-dc34-5a70-4513dfd6d4e6}\n
    c:\windows\Installer\{997356ad-b2de-dc34-5a70-4513dfd6d4e6}\U\00000001.@
    c:\windows\Installer\{997356ad-b2de-dc34-5a70-4513dfd6d4e6}\U\00000008.@
    .
    c:\windows\explorer.exe . . . is infected!!
    .
    Infected copy of c:\windows\SysWOW64\InfDefaultInstall.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!InfDefaultInstall.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-22 06:04 . 2012-07-22 06:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D99C1AF8-DD87-44DC-B5B7-532D4ADD98AF}\offreg.dll
    2012-07-22 06:01 . 2012-07-22 06:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-20 19:44 . 2012-07-20 19:44 -------- d-----w- C:\FRST
    2012-07-20 18:58 . 2012-07-20 18:58 328704 ----a-w- c:\windows\system32\services.exe.F6029AB9F3F92074
    2012-07-20 18:57 . 2012-07-20 19:01 -------- d-----w- c:\users\The Awesome\AppData\Local\NPE
    2012-07-20 18:57 . 2012-07-20 18:58 -------- d-----w- c:\programdata\Norton
    2012-07-20 18:52 . 2012-07-20 18:52 328704 ----a-w- c:\windows\system32\services.exe.768827E1AFCE316B
    2012-07-20 18:24 . 2012-07-20 18:24 328704 ----a-w- c:\windows\system32\services.exe.F36226865702788C
    2012-07-20 18:15 . 2012-07-20 18:15 328704 ----a-w- c:\windows\system32\services.exe.35F9CCA361F400C7
    2012-07-20 17:58 . 2012-07-20 17:58 328704 ----a-w- c:\windows\system32\services.exe.7C127BCE10CC43A5
    2012-07-20 17:38 . 2012-07-20 17:38 328704 ----a-w- c:\windows\system32\services.exe.7C680A368D3A3968
    2012-07-20 17:33 . 2012-07-20 17:33 50392 ----a-w- c:\windows\system32\drivers\wfvnjtfa.sys
    2012-07-20 17:33 . 2012-07-20 17:33 328704 ----a-w- c:\windows\system32\services.exe.C303FA22E94EE7C6
    2012-07-20 17:29 . 2012-07-20 17:29 328704 ----a-w- c:\windows\system32\services.exe.630019E3442F1DE0
    2012-07-20 17:16 . 2012-07-20 17:16 328704 ----a-w- c:\windows\system32\services.exe.A1993B781330BEDC
    2012-07-20 17:05 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7C2C1E1-4302-4F65-9859-84515FE06517}\gapaengine.dll
    2012-07-20 17:05 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D99C1AF8-DD87-44DC-B5B7-532D4ADD98AF}\mpengine.dll
    2012-07-20 17:04 . 2012-07-20 17:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-20 17:04 . 2012-07-20 17:04 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-20 16:50 . 2012-07-20 16:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-20 16:47 . 2012-07-20 16:47 -------- d-----w- c:\users\The Awesome\AppData\Local\{AAE9E88B-D28A-11E1-8270-B8AC6F996F26}
    2012-07-11 11:57 . 2012-07-11 11:57 328704 ----a-w- c:\windows\system32\services.exe.62411C176AFD501A
    2012-07-11 11:53 . 2012-07-11 11:53 328704 ----a-w- c:\windows\system32\services.exe.E56E21D21EC10796
    2012-07-11 11:49 . 2012-07-11 11:49 328704 ----a-w- c:\windows\system32\services.exe.9D1DFA340A3A9A4D
    2012-07-11 11:45 . 2012-07-11 11:45 328704 ----a-w- c:\windows\system32\services.exe.9F74A98FB5A4567F
    2012-07-11 11:22 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-11 07:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-10 22:07 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
    2012-07-10 03:45 . 2012-07-10 03:45 -------- d-----w- c:\users\The Awesome\riotsGamesLogs
    2012-07-08 19:17 . 2012-07-08 19:17 -------- d-----w- c:\users\The Awesome\AppData\Local\Macromedia
    2012-07-08 04:23 . 2012-07-08 04:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-08 04:14 . 2012-07-12 02:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 03:33 . 2012-07-03 03:33 -------- d-----w- c:\users\The Awesome\AppData\Roaming\Unity
    2012-07-03 03:20 . 2012-07-03 03:20 -------- d-----w- c:\users\The Awesome\AppData\Local\Unity
    2012-06-27 01:00 . 2012-07-19 22:56 -------- d-----w- c:\users\The Awesome\AppData\Roaming\.techniclauncher
    2012-06-26 05:01 . 2012-06-26 05:02 -------- d-----w- c:\users\The Awesome\AppData\Roaming\.spoutcraft
    2012-06-25 01:30 . 2012-07-12 19:04 -------- d-----w- c:\program files (x86)\Diablo III
    2012-06-25 01:29 . 2012-06-25 01:29 -------- d-----w- c:\programdata\Battle.net
    2012-06-22 18:06 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-22 18:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 02:31 . 2011-09-01 00:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 07:02 . 2011-08-20 01:00 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-22 00:55 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 00:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 00:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 00:55 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 00:55 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 00:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 00:55 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-22 00:54 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-22 00:54 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-04 11:06 . 2012-06-13 13:22 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 13:22 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 13:22 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-13 13:22 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-13 13:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-13 13:23 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-13 13:23 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-13 13:23 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-13 13:22 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-13 13:22 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-13 13:22 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 13:22 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-13 13:22 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 13:22 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [-] 2011-02-25 . 2083F2CD7EDBC1303691E9F7AA3EDBAA . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
    [-] 2011-02-25 . 2083F2CD7EDBC1303691E9F7AA3EDBAA . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\The Awesome\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 1192664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-20 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-02-13 411136]
    S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 509056]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 02:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 363544]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
    FF - ProfilePath - c:\users\The Awesome\AppData\Roaming\Mozilla\Firefox\Profiles\vikv2rgb.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
    AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files (x86)\DivX\DivXWebPlayerUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2522482784-293274688-2484484802-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:cc,3a,bc,f5,83,e8,bd,f9,4e,7d,3a,3b,d1,92,25,b3,89,ef,ae,4f,a1,51,d7,
    39,66,f2,3b,1e,99,4c,a1,d2,c6,8f,95,9e,91,c5,34,f0,65,8e,59,88,c2,8d,78,72,\
    "??"=hex:f5,83,26,4b,de,8d,fb,33,33,ac,84,20,14,50,07,90
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-22 02:11:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-22 06:11
    .
    Pre-Run: 126,472,089,600 bytes free
    Post-Run: 133,654,650,880 bytes free
    .
    - - End Of File - - A339428704E2E6D7A48E8843667EE121
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\services.exe.F6029AB9F3F92074
    c:\windows\system32\services.exe.A1993B781330BEDC
    c:\windows\system32\services.exe.630019E3442F1DE0
    c:\windows\system32\services.exe.C303FA22E94EE7C6
    c:\windows\system32\drivers\wfvnjtfa.sys
    c:\windows\system32\services.exe.7C680A368D3A3968
    c:\windows\system32\services.exe.7C127BCE10CC43A5
    c:\windows\system32\services.exe.35F9CCA361F400C7
    c:\windows\system32\services.exe.F36226865702788C
    c:\windows\system32\services.exe.768827E1AFCE316B
    c:\windows\system32\services.exe.9F74A98FB5A4567F
    c:\windows\system32\services.exe.9D1DFA340A3A9A4D
    c:\windows\system32\services.exe.E56E21D21EC10796
    c:\windows\system32\services.exe.62411C176AFD501A
    
    FCopy::
    c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe | c:\windows\explorer.exe
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...