Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-C Removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 ElRunner

ElRunner

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 September 2012 - 03:23 PM

Hello,

After encountering a few blue screen restarts I began to suspect my computer was infected with something. Ran Spybot S&D and found smitfraud-c generic and have been trying to remove it since without success. Any help would be greatly appreciated.

Thanks

E

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 11 September 2012 - 06:05 PM

what operating system are you using?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ElRunner

ElRunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 September 2012 - 06:28 PM

windows 7, some other information.....I have tried smitfraudfix but it says it cannot delete the file in question i believe its svchost.exe. Have also run malwarebytes no to avail.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 11 September 2012 - 07:02 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ElRunner

ElRunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 September 2012 - 08:19 PM

Ran both and here they are

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2012 01
Ran by SYSTEM at 11-09-2012 20:51:37
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2011-08-17] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-01-19] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-04] (Intel® Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2185032 2009-10-18] (CANON INC.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-06-23] (Logitech, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [234792 2011-05-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [712104 2012-09-11] (Webroot)
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1770400 2011-02-24] (Affinegy, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Erik\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Erik\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Erik\...\Policies\system: [DisableCMD] 0
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services ====================

2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [566688 2011-02-24] (Affinegy, Inc.)
2 Belkin Local Backup Service; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe" /service [181760 2010-02-17] ()
2 Belkin Network USB Helper; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe" /service [55296 2010-02-09] ()
2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-05-18] ()
2 CLKMSVC10_C6F09094; "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe" /svc [245232 2010-06-29] (CyberLink)
2 CyberLink PowerDVD 11.0 Monitor Service; "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe" [70952 2011-05-12] (CyberLink)
2 CyberLink PowerDVD 11.0 Service; "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe" [312616 2011-05-12] (CyberLink)
3 GSService; "C:\Windows\SysWOW64\GSService.exe" [385024 2010-12-23] ()
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
3 SMServer; "C:\Windows\SysWOW64\snmvtsvc.exe" [245760 2010-12-23] (SMServer)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [712104 2012-09-11] (Webroot)

==================== Drivers =================================

2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [110160 2012-09-11] (Webroot)
2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-05-20] (CyberLink Corp.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-11 16:22 - 2012-09-11 16:22 - 00000000 ____D C:\Users\All Users\Belkin
2012-09-11 16:22 - 2012-09-11 16:22 - 00000000 ____D C:\Program Files\Belkin
2012-09-11 16:21 - 2009-06-22 12:50 - 00291352 ____A (silex technology, Inc.) C:\Windows\System32\Drivers\sxuptp.sys
2012-09-11 16:20 - 2012-09-11 16:20 - 00000000 ____D C:\Users\All Users\Affinegy
2012-09-11 16:20 - 2012-09-11 16:20 - 00000000 ____D C:\Program Files (x86)\Belkin
2012-09-11 12:21 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-09-11 11:56 - 2012-09-11 11:56 - 00149752 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-09-11 11:56 - 2012-09-11 11:56 - 00110160 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-09-11 11:56 - 2012-09-11 11:56 - 00102896 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-09-11 11:50 - 2012-09-11 12:43 - 00000000 ____A C:\Windows\System32\tmp.txt
2012-09-11 11:50 - 2009-06-02 07:17 - 00075776 ____A C:\Windows\System32\WS2Fix.exe
2012-09-11 11:50 - 2008-12-11 22:57 - 00078336 ____A (S!Ri.URZ) C:\Windows\System32\Agent.OMZ.Fix.exe
2012-09-11 11:50 - 2008-11-29 15:58 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.C.exe
2012-09-11 11:50 - 2008-10-01 11:51 - 00087552 ____A (S!Ri.URZ) C:\Windows\System32\VACFix.exe
2012-09-11 11:50 - 2008-09-20 08:45 - 00080384 ____A (S!Ri.URZ) C:\Windows\System32\o4Patch.exe
2012-09-11 11:50 - 2008-08-18 08:19 - 00082432 ____A (S!Ri.URZ) C:\Windows\System32\404Fix.exe
2012-09-11 11:50 - 2008-05-18 17:40 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.exe
2012-09-11 11:50 - 2007-09-05 20:22 - 00289144 ____A (S!Ri) C:\Windows\System32\VCCLSID.exe
2012-09-11 11:50 - 2006-12-01 03:20 - 00079360 ____A (SteelWerX) C:\Windows\System32\swxcacls.exe
2012-09-11 11:50 - 2006-08-29 15:43 - 00135168 ____A (SteelWerX) C:\Windows\System32\swreg.exe
2012-09-11 11:50 - 2006-04-27 13:49 - 00288417 ____A (S!Ri) C:\Windows\System32\SrchSTS.exe
2012-09-11 11:50 - 2006-01-09 07:36 - 00040960 ____A C:\Windows\System32\swsc.exe
2012-09-11 11:50 - 2004-07-31 14:50 - 00051200 ____A C:\Windows\System32\dumphive.exe
2012-09-11 11:50 - 2003-06-05 17:13 - 00053248 ____A (http://www.beyondlogic.org) C:\Windows\System32\Process.exe
2012-09-11 03:09 - 2012-09-11 16:23 - 00000000 ____D C:\Users\All Users\WRData
2012-09-11 03:09 - 2012-09-11 03:09 - 00000000 ____D C:\Program Files\Webroot
2012-09-10 20:51 - 2012-09-11 13:55 - 00002422 ____A C:\rapport.txt
2012-09-10 20:51 - 2012-09-11 12:43 - 00002186 ____A C:\Windows\SysWOW64\tmp.reg
2012-09-10 20:51 - 2012-09-11 12:43 - 00000691 ____A C:\Users\Erik\AppData\Roaming\GetValue.vbs
2012-09-10 20:51 - 2012-09-11 12:43 - 00000035 ____A C:\Users\Erik\AppData\Roaming\SetValue.bat
2012-09-10 20:51 - 2012-09-11 09:44 - 00000000 ____A C:\Windows\SysWOW64\tmp.txt
2012-09-10 20:50 - 2012-09-11 13:55 - 00000000 ____D C:\Users\Erik\Desktop\SmitfraudFix
2012-09-10 20:50 - 2009-06-02 07:17 - 00075776 ____A C:\Windows\SysWOW64\WS2Fix.exe
2012-09-10 20:50 - 2008-12-11 21:57 - 00078336 ____A (S!Ri.URZ) C:\Windows\SysWOW64\Agent.OMZ.Fix.exe
2012-09-10 20:50 - 2008-11-29 14:58 - 00082944 ____A (S!Ri.URZ) C:\Windows\SysWOW64\IEDFix.C.exe
2012-09-10 20:50 - 2008-10-01 11:51 - 00087552 ____A (S!Ri.URZ) C:\Windows\SysWOW64\VACFix.exe
2012-09-10 20:50 - 2008-09-20 08:45 - 00080384 ____A (S!Ri.URZ) C:\Windows\SysWOW64\o4Patch.exe
2012-09-10 20:50 - 2008-08-18 08:19 - 00082432 ____A (S!Ri.URZ) C:\Windows\SysWOW64\404Fix.exe
2012-09-10 20:50 - 2008-05-18 17:40 - 00082944 ____A (S!Ri.URZ) C:\Windows\SysWOW64\IEDFix.exe
2012-09-10 20:50 - 2007-09-05 20:22 - 00289144 ____A (S!Ri) C:\Windows\SysWOW64\VCCLSID.exe
2012-09-10 20:50 - 2006-12-01 02:20 - 00079360 ____A (SteelWerX) C:\Windows\SysWOW64\swxcacls.exe
2012-09-10 20:50 - 2006-08-29 15:43 - 00135168 ____A (SteelWerX) C:\Windows\SysWOW64\swreg.exe
2012-09-10 20:50 - 2006-04-27 13:49 - 00288417 ____A (S!Ri) C:\Windows\SysWOW64\SrchSTS.exe
2012-09-10 20:50 - 2006-01-09 06:36 - 00040960 ____A C:\Windows\SysWOW64\swsc.exe
2012-09-10 20:50 - 2004-07-31 14:50 - 00051200 ____A C:\Windows\SysWOW64\dumphive.exe
2012-09-10 20:50 - 2003-06-05 17:13 - 00053248 ____A (http://www.beyondlogic.org) C:\Windows\SysWOW64\Process.exe
2012-09-10 20:44 - 2012-09-10 20:44 - 01872472 ____A C:\Users\Erik\Desktop\SmitfraudFix.exe
2012-09-10 19:59 - 2012-09-10 20:25 - 00000000 ____D C:\ComboFix
2012-09-10 19:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-10 19:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-10 19:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-10 19:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-10 19:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-10 19:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-10 19:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-10 19:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-10 19:34 - 2012-09-10 20:25 - 00000000 ____D C:\Qoobox
2012-09-10 19:34 - 2012-09-10 20:21 - 00000000 ____D C:\Windows\erdnt
2012-09-10 19:33 - 2012-09-10 19:33 - 04748983 ____R (Swearware) C:\Users\Erik\Desktop\ComboFix.exe
2012-09-10 18:55 - 2012-09-10 18:58 - 00000000 ____D C:\Users\All Users\MFAData
2012-09-10 18:55 - 2012-09-10 18:55 - 00000000 ____D C:\Users\Erik\AppData\Local\MFAData
2012-09-10 18:55 - 2012-09-10 18:55 - 00000000 ____D C:\Users\Erik\AppData\Local\Avg2013
2012-09-10 18:20 - 2011-05-25 17:52 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120910-222020.backup
2012-09-10 16:12 - 2012-09-11 12:17 - 00000980 ____A C:\Windows\wininit.ini
2012-09-10 15:47 - 2012-09-11 14:04 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-09-10 15:47 - 2012-09-10 15:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-10 15:02 - 2012-09-10 15:02 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Malwarebytes
2012-09-10 15:02 - 2012-09-10 15:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-10 15:02 - 2012-09-10 15:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-10 15:02 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-09 21:32 - 2012-09-09 21:32 - 00003544 ____N C:\bootsqm.dat
2012-09-08 18:00 - 2012-09-08 18:00 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-09-08 17:52 - 2012-09-08 17:52 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-08 17:52 - 2012-09-08 17:52 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-08 17:52 - 2012-09-08 17:52 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-08 17:52 - 2012-09-08 17:52 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-08 17:46 - 2012-09-08 17:47 - 1286264604 ____A C:\Users\Erik\Desktop\E2 - Dinosaurs On a Spaceship.mpg
2012-09-08 17:44 - 2012-09-08 17:44 - 00010211 ____A C:\Users\Erik\Documents\Uninstall Dragon Age Origins.log
2012-09-08 17:34 - 2012-09-08 17:34 - 00000000 ____D C:\Program Files\Common Files\Little Registry Cleaner
2012-09-08 17:33 - 2012-09-08 17:33 - 00000000 ____D C:\Program Files (x86)\Little Registry Cleaner
2012-09-07 21:28 - 2012-09-07 22:57 - 893141346 ____A C:\Users\Erik\Desktop\E1.mp4
2012-09-05 12:06 - 2012-09-05 12:06 - 00007605 ____A C:\Users\Erik\AppData\Local\Resmon.ResmonCfg
2012-09-04 17:51 - 2012-09-05 07:31 - 00000000 ____D C:\Users\Erik\Desktop\Physics
2012-09-04 17:51 - 2012-09-04 17:51 - 00000000 ____D C:\Users\Erik\Desktop\Organic Chemistry
2012-08-14 22:08 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-14 22:08 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-14 22:08 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-14 22:08 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-14 22:08 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-14 22:08 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-14 22:08 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-14 22:08 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-14 22:08 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-14 22:08 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-14 22:08 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-14 22:08 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-14 22:08 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-14 22:08 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 22:08 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-14 22:08 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-14 22:08 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-14 22:08 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-14 22:08 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-14 22:08 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-14 22:08 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-14 22:08 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-14 22:08 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-14 22:08 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-14 22:08 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-14 22:08 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-14 22:08 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-14 22:08 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-14 15:59 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 15:59 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 15:59 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 15:59 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 15:59 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-14 15:59 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-14 15:59 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 15:59 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 15:59 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-14 15:59 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 15:59 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 15:59 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-14 15:59 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll


==================== 3 Months Modified Files ================================

2012-09-11 16:46 - 2011-11-19 10:19 - 01419763 ____A C:\Windows\WindowsUpdate.log
2012-09-11 16:46 - 2009-07-13 21:13 - 00814058 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-11 16:39 - 2011-01-10 11:13 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1579550983-178001793-171058814-1001UA.job
2012-09-11 16:03 - 2012-04-04 20:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-11 15:42 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-11 15:42 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-11 15:34 - 2012-05-25 12:56 - 00034776 ____A C:\Windows\setupact.log
2012-09-11 15:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-11 13:55 - 2012-09-10 20:51 - 00002422 ____A C:\rapport.txt
2012-09-11 12:43 - 2012-09-11 11:50 - 00000000 ____A C:\Windows\System32\tmp.txt
2012-09-11 12:43 - 2012-09-10 20:51 - 00002186 ____A C:\Windows\SysWOW64\tmp.reg
2012-09-11 12:43 - 2012-09-10 20:51 - 00000691 ____A C:\Users\Erik\AppData\Roaming\GetValue.vbs
2012-09-11 12:43 - 2012-09-10 20:51 - 00000035 ____A C:\Users\Erik\AppData\Roaming\SetValue.bat
2012-09-11 12:17 - 2012-09-10 16:12 - 00000980 ____A C:\Windows\wininit.ini
2012-09-11 12:09 - 2012-06-07 08:55 - 01851370 ____A C:\Windows\PFRO.log
2012-09-11 11:56 - 2012-09-11 11:56 - 00149752 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-09-11 11:56 - 2012-09-11 11:56 - 00110160 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-09-11 11:56 - 2012-09-11 11:56 - 00102896 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-09-11 09:44 - 2012-09-10 20:51 - 00000000 ____A C:\Windows\SysWOW64\tmp.txt
2012-09-11 06:03 - 2009-07-13 15:19 - 00020992 ____N (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2012-09-10 21:30 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-10 20:44 - 2012-09-10 20:44 - 01872472 ____A C:\Users\Erik\Desktop\SmitfraudFix.exe
2012-09-10 20:16 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-10 19:33 - 2012-09-10 19:33 - 04748983 ____R (Swearware) C:\Users\Erik\Desktop\ComboFix.exe
2012-09-10 17:39 - 2011-01-10 11:13 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1579550983-178001793-171058814-1001Core.job
2012-09-09 21:32 - 2012-09-09 21:32 - 00003544 ____N C:\bootsqm.dat
2012-09-08 18:00 - 2012-09-08 18:00 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-09-08 17:52 - 2012-09-08 17:52 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-08 17:52 - 2012-09-08 17:52 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-08 17:52 - 2012-09-08 17:52 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-08 17:52 - 2012-09-08 17:52 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-08 17:52 - 2012-07-10 10:28 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-09-08 17:52 - 2010-07-20 06:49 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-08 17:47 - 2012-09-08 17:46 - 1286264604 ____A C:\Users\Erik\Desktop\E2 - Dinosaurs On a Spaceship.mpg
2012-09-08 17:44 - 2012-09-08 17:44 - 00010211 ____A C:\Users\Erik\Documents\Uninstall Dragon Age Origins.log
2012-09-07 22:57 - 2012-09-07 21:28 - 893141346 ____A C:\Users\Erik\Desktop\E1.mp4
2012-09-07 13:04 - 2012-09-10 15:02 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 06:22 - 2011-08-03 16:52 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForErik.job
2012-09-06 22:31 - 2011-01-12 09:33 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-09-05 12:06 - 2012-09-05 12:06 - 00007605 ____A C:\Users\Erik\AppData\Local\Resmon.ResmonCfg
2012-08-26 20:45 - 2011-04-05 16:33 - 00006144 ____A C:\Users\Erik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-21 21:30 - 2011-02-08 18:14 - 00003125 ____A C:\Users\Erik\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-08-15 09:46 - 2009-07-13 20:45 - 00316984 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 22:06 - 2011-01-11 09:02 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 11:03 - 2012-04-04 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 11:03 - 2011-09-18 10:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 22:33 - 2012-08-02 22:33 - 00000000 ____A C:\Users\Erik\Downloads\B04F.tmp
2012-08-02 22:31 - 2012-08-02 22:31 - 00000000 ____A C:\Users\Erik\Downloads\6D7.tmp
2012-07-25 15:31 - 2011-10-26 15:12 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-18 10:15 - 2012-08-14 15:59 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:16 - 2012-08-14 15:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-14 15:59 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-14 15:59 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 15:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-14 15:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-14 22:08 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-14 22:08 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-14 22:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-14 22:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-14 22:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-14 22:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-14 22:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-14 22:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-14 22:08 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-14 22:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-14 22:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-14 22:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-14 22:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-14 22:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-14 22:08 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-14 22:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-14 22:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-14 22:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-14 22:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-14 22:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-14 22:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-14 22:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-14 22:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-14 22:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-14 22:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-14 22:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-14 22:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-14 22:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-20 21:07 - 2011-01-10 11:06 - 00072960 ____A C:\Users\Erik\AppData\Local\GDIPFONTCACHEV1.DAT


ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-11 16:21:44

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 7989.86 MB
Available physical RAM: 7087.69 MB
Total Pagefile: 7988.01 MB
Available Pagefile: 7085.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:575.26 GB) (Free:346.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:20.61 GB) (Free:3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (Belkin Setup CD) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF
4 Drive g: (FLASH) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 103 MB
Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 575 GB 200 MB
Partition 3 Primary 20 GB 575 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 575 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 20 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7644 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FLASH FAT32 Removable 7644 MB Healthy

==================================================================================

Last Boot: 2012-08-27 11:24

==================== End Of Log =============================


Farbar Recovery Scan Tool (x64) Version: 11-09-2012 01
Ran by SYSTEM at 2012-09-11 20:53:50
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-09-10 20:22] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 11 September 2012 - 08:27 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ElRunner

ElRunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 September 2012 - 08:36 PM

Two threats detected only 1 of which was curable, there were two logs in the C: they are below

Thanks


21:30:51.0418 6516 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:30:51.0665 6516 ============================================================
21:30:51.0665 6516 Current date / time: 2012/09/11 21:30:51.0665
21:30:51.0665 6516 SystemInfo:
21:30:51.0665 6516
21:30:51.0665 6516 OS Version: 6.1.7601 ServicePack: 1.0
21:30:51.0665 6516 Product type: Workstation
21:30:51.0665 6516 ComputerName: ERIK-LAPTOP
21:30:51.0665 6516 UserName: Erik
21:30:51.0665 6516 Windows directory: C:\Windows
21:30:51.0665 6516 System windows directory: C:\Windows
21:30:51.0666 6516 Running under WOW64
21:30:51.0666 6516 Processor architecture: Intel x64
21:30:51.0666 6516 Number of processors: 4
21:30:51.0666 6516 Page size: 0x1000
21:30:51.0666 6516 Boot type: Normal boot
21:30:51.0666 6516 ============================================================
21:30:52.0186 6516 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:30:52.0191 6516 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:30:52.0193 6516 ============================================================
21:30:52.0193 6516 \Device\Harddisk0\DR0:
21:30:52.0193 6516 MBR partitions:
21:30:52.0193 6516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:30:52.0193 6516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x47E87800
21:30:52.0193 6516 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47EEB800, BlocksNum 0x2938800
21:30:52.0193 6516 \Device\Harddisk1\DR1:
21:30:52.0194 6516 MBR partitions:
21:30:52.0194 6516 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEE080
21:30:52.0194 6516 ============================================================
21:30:52.0222 6516 C: <-> \Device\Harddisk0\DR0\Partition2
21:30:52.0257 6516 D: <-> \Device\Harddisk0\DR0\Partition3
21:30:52.0257 6516 ============================================================
21:30:52.0257 6516 Initialize success
21:30:52.0257 6516 ============================================================
21:31:25.0677 6484 ============================================================
21:31:25.0677 6484 Scan started
21:31:25.0677 6484 Mode: Manual; TDLFS;
21:31:25.0677 6484 ============================================================
21:31:33.0098 6484 ================ Scan system memory ========================
21:31:33.0098 6484 System memory - ok
21:31:33.0099 6484 ================ Scan services =============================
21:31:33.0339 6484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:31:33.0343 6484 1394ohci - ok
21:31:33.0392 6484 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
21:31:33.0392 6484 Accelerometer - ok
21:31:33.0446 6484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:31:33.0450 6484 ACPI - ok
21:31:33.0491 6484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:31:33.0494 6484 AcpiPmi - ok
21:31:33.0614 6484 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:31:33.0616 6484 AdobeARMservice - ok
21:31:33.0770 6484 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:33.0773 6484 AdobeFlashPlayerUpdateSvc - ok
21:31:33.0834 6484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:31:33.0840 6484 adp94xx - ok
21:31:33.0894 6484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:31:33.0899 6484 adpahci - ok
21:31:33.0945 6484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:31:33.0948 6484 adpu320 - ok
21:31:35.0221 6484 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
21:31:35.0222 6484 ADVService - ok
21:31:35.0287 6484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:31:35.0288 6484 AeLookupSvc - ok
21:31:35.0397 6484 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
21:31:35.0400 6484 AESTFilters - ok
21:31:35.0477 6484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:31:35.0480 6484 AFD - ok
21:31:35.0629 6484 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
21:31:35.0637 6484 AffinegyService - ok
21:31:35.0673 6484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:31:35.0674 6484 agp440 - ok
21:31:35.0722 6484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:31:35.0724 6484 ALG - ok
21:31:35.0778 6484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:31:35.0780 6484 aliide - ok
21:31:35.0826 6484 [ 48619A29F9C9C3CFEB66718DD03D8057 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:31:35.0829 6484 AMD External Events Utility - ok
21:31:35.0858 6484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:31:35.0859 6484 amdide - ok
21:31:35.0912 6484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:31:35.0914 6484 AmdK8 - ok
21:31:36.0115 6484 [ 06BF0785DE714637EBA9BB1084B28626 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:31:36.0194 6484 amdkmdag - ok
21:31:36.0246 6484 [ 2DEC3274589FF6889AB05ADCEEB0F642 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:31:36.0248 6484 amdkmdap - ok
21:31:36.0275 6484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:31:36.0277 6484 AmdPPM - ok
21:31:36.0327 6484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:31:36.0329 6484 amdsata - ok
21:31:36.0359 6484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:31:36.0362 6484 amdsbs - ok
21:31:36.0379 6484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:31:36.0380 6484 amdxata - ok
21:31:36.0428 6484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:31:36.0430 6484 AppID - ok
21:31:36.0459 6484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:31:36.0460 6484 AppIDSvc - ok
21:31:36.0517 6484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:31:36.0518 6484 Appinfo - ok
21:31:36.0603 6484 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:31:36.0604 6484 Apple Mobile Device - ok
21:31:37.0869 6484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:31:37.0870 6484 arc - ok
21:31:37.0896 6484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:31:37.0898 6484 arcsas - ok
21:31:38.0009 6484 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:31:38.0010 6484 aspnet_state - ok
21:31:38.0050 6484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:38.0052 6484 AsyncMac - ok
21:31:38.0097 6484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:31:38.0098 6484 atapi - ok
21:31:38.0147 6484 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:31:38.0148 6484 AtiHdmiService - ok
21:31:38.0229 6484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:31:38.0237 6484 AudioEndpointBuilder - ok
21:31:38.0249 6484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:31:38.0253 6484 AudioSrv - ok
21:31:38.0308 6484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:31:38.0311 6484 AxInstSV - ok
21:31:38.0358 6484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:31:38.0365 6484 b06bdrv - ok
21:31:38.0401 6484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:31:38.0404 6484 b57nd60a - ok
21:31:38.0455 6484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:31:38.0457 6484 BDESVC - ok
21:31:38.0473 6484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:31:38.0474 6484 Beep - ok
21:31:38.0571 6484 [ 299E54DB3638A18E47BD3A2D2EF499F7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
21:31:38.0573 6484 Belkin Local Backup Service - ok
21:31:38.0613 6484 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
21:31:38.0615 6484 Belkin Network USB Helper - ok
21:31:38.0680 6484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:31:38.0688 6484 BFE - ok
21:31:38.0741 6484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:31:38.0752 6484 BITS - ok
21:31:38.0803 6484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:31:38.0804 6484 blbdrive - ok
21:31:38.0912 6484 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:31:38.0915 6484 Bonjour Service - ok
21:31:38.0958 6484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:31:38.0960 6484 bowser - ok
21:31:38.0989 6484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:31:38.0990 6484 BrFiltLo - ok
21:31:39.0006 6484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:31:39.0007 6484 BrFiltUp - ok
21:31:39.0063 6484 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:31:39.0064 6484 BridgeMP - ok
21:31:39.0105 6484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:31:39.0107 6484 Browser - ok
21:31:39.0125 6484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:31:39.0129 6484 Brserid - ok
21:31:39.0144 6484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:31:39.0145 6484 BrSerWdm - ok
21:31:39.0157 6484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:31:39.0159 6484 BrUsbMdm - ok
21:31:39.0179 6484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:31:39.0180 6484 BrUsbSer - ok
21:31:39.0217 6484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:31:39.0219 6484 BTHMODEM - ok
21:31:39.0260 6484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:31:39.0262 6484 bthserv - ok
21:31:39.0411 6484 catchme - ok
21:31:39.0431 6484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:31:39.0433 6484 cdfs - ok
21:31:39.0493 6484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:31:39.0495 6484 cdrom - ok
21:31:39.0551 6484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:31:39.0553 6484 CertPropSvc - ok
21:31:39.0597 6484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:31:39.0598 6484 circlass - ok
21:31:39.0620 6484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:31:39.0625 6484 CLFS - ok
21:31:39.0810 6484 [ 9F7DBE12A2B5BE09F9C9E3BE20D81E38 ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:31:39.0811 6484 CLHNServiceForPowerDVD - ok
21:31:39.0906 6484 [ DEDE5EC7DC09D840D5D74E06FF4DE127 ] CLKMSVC10_C6F09094 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
21:31:39.0909 6484 CLKMSVC10_C6F09094 - ok
21:31:41.0244 6484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:41.0246 6484 clr_optimization_v2.0.50727_32 - ok
21:31:41.0290 6484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:41.0292 6484 clr_optimization_v2.0.50727_64 - ok
21:31:41.0399 6484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:41.0401 6484 clr_optimization_v4.0.30319_32 - ok
21:31:41.0416 6484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:31:41.0419 6484 clr_optimization_v4.0.30319_64 - ok
21:31:41.0469 6484 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
21:31:41.0470 6484 clwvd - ok
21:31:41.0517 6484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:41.0518 6484 CmBatt - ok
21:31:41.0534 6484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:31:41.0535 6484 cmdide - ok
21:31:41.0577 6484 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:31:41.0583 6484 CNG - ok
21:31:41.0618 6484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:31:41.0619 6484 Compbatt - ok
21:31:41.0667 6484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:31:41.0668 6484 CompositeBus - ok
21:31:41.0685 6484 COMSysApp - ok
21:31:41.0717 6484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:31:41.0719 6484 crcdisk - ok
21:31:41.0780 6484 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:31:41.0783 6484 CryptSvc - ok
21:31:41.0905 6484 [ 9DEEDBD844F84E3B7BC163974E3FDCAD ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:31:41.0906 6484 CyberLink PowerDVD 11.0 Monitor Service - ok
21:31:41.0954 6484 [ E2A1450811017E781A1F886DCA52EC23 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
21:31:41.0957 6484 CyberLink PowerDVD 11.0 Service - ok
21:31:42.0017 6484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:31:42.0024 6484 DcomLaunch - ok
21:31:42.0055 6484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:31:42.0060 6484 defragsvc - ok
21:31:42.0142 6484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:31:42.0144 6484 DfsC - ok
21:31:42.0291 6484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:31:42.0297 6484 Dhcp - ok
21:31:42.0332 6484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:31:42.0333 6484 discache - ok
21:31:42.0384 6484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:31:42.0386 6484 Disk - ok
21:31:42.0426 6484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:31:42.0429 6484 Dnscache - ok
21:31:42.0472 6484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:31:42.0476 6484 dot3svc - ok
21:31:42.0538 6484 [ 3E6B2753A09D46958F5D0DF8E1B650CA ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
21:31:42.0541 6484 DpHost - ok
21:31:42.0601 6484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:31:42.0606 6484 DPS - ok
21:31:42.0661 6484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:31:42.0663 6484 drmkaud - ok
21:31:42.0721 6484 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
21:31:42.0723 6484 dsNcAdpt - ok
21:31:42.0795 6484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:31:42.0801 6484 DXGKrnl - ok
21:31:42.0851 6484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:31:42.0854 6484 EapHost - ok
21:31:42.0946 6484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:31:42.0981 6484 ebdrv - ok
21:31:43.0021 6484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:31:43.0023 6484 EFS - ok
21:31:43.0127 6484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:31:43.0134 6484 ehRecvr - ok
21:31:43.0203 6484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:31:43.0205 6484 ehSched - ok
21:31:43.0277 6484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:31:43.0285 6484 elxstor - ok
21:31:43.0301 6484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:31:43.0302 6484 ErrDev - ok
21:31:43.0376 6484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:31:43.0382 6484 EventSystem - ok
21:31:43.0490 6484 [ 1DB6BEC3D57C289F0107D7A34D5EF8F9 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:31:43.0498 6484 EvtEng - ok
21:31:43.0523 6484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:31:43.0527 6484 exfat - ok
21:31:43.0551 6484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:31:43.0555 6484 fastfat - ok
21:31:43.0620 6484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:31:43.0628 6484 Fax - ok
21:31:43.0674 6484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:31:43.0675 6484 fdc - ok
21:31:43.0722 6484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:31:43.0723 6484 fdPHost - ok
21:31:43.0743 6484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:31:43.0745 6484 FDResPub - ok
21:31:43.0761 6484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:31:43.0763 6484 FileInfo - ok
21:31:43.0783 6484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:31:43.0785 6484 Filetrace - ok
21:31:43.0815 6484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:43.0817 6484 flpydisk - ok
21:31:43.0879 6484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:31:43.0883 6484 FltMgr - ok
21:31:43.0967 6484 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:31:43.0980 6484 FontCache - ok
21:31:44.0053 6484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:31:44.0055 6484 FontCache3.0.0.0 - ok
21:31:44.0134 6484 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
21:31:44.0135 6484 FreeAgentGoNext Service - ok
21:31:44.0160 6484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:31:44.0162 6484 FsDepends - ok
21:31:44.0207 6484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:31:44.0208 6484 Fs_Rec - ok
21:31:44.0257 6484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:31:44.0260 6484 fvevol - ok
21:31:44.0295 6484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:31:44.0297 6484 gagp30kx - ok
21:31:44.0330 6484 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:31:44.0331 6484 GEARAspiWDM - ok
21:31:44.0390 6484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:31:44.0400 6484 gpsvc - ok
21:31:44.0520 6484 [ 4CA6B974710E9D34B0757BBFA32EB98D ] GSService C:\Windows\SysWOW64\GSService.exe
21:31:44.0524 6484 GSService - ok
21:31:44.0904 6484 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:31:44.0907 6484 gusvc - ok
21:31:44.0932 6484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:31:44.0934 6484 hcw85cir - ok
21:31:44.0995 6484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:31:45.0000 6484 HdAudAddService - ok
21:31:45.0026 6484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:31:45.0028 6484 HDAudBus - ok
21:31:45.0077 6484 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:31:45.0077 6484 HECIx64 - ok
21:31:45.0097 6484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:31:45.0099 6484 HidBatt - ok
21:31:45.0119 6484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:31:45.0123 6484 HidBth - ok
21:31:45.0151 6484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:31:45.0152 6484 HidIr - ok
21:31:45.0190 6484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:31:45.0192 6484 hidserv - ok
21:31:45.0249 6484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:31:45.0251 6484 HidUsb - ok
21:31:45.0290 6484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:31:45.0293 6484 hkmsvc - ok
21:31:45.0342 6484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:31:45.0346 6484 HomeGroupListener - ok
21:31:45.0390 6484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:31:45.0394 6484 HomeGroupProvider - ok
21:31:45.0503 6484 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:31:45.0505 6484 HP Support Assistant Service - ok
21:31:45.0583 6484 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
21:31:45.0584 6484 HP Wireless Assistant Service - ok
21:31:45.0638 6484 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:31:45.0640 6484 HPDrvMntSvc.exe - ok
21:31:45.0692 6484 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
21:31:45.0692 6484 hpdskflt - ok
21:31:45.0746 6484 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:31:45.0751 6484 hpqwmiex - ok
21:31:45.0824 6484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:31:45.0825 6484 HpSAMD - ok
21:31:45.0830 6484 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
21:31:45.0832 6484 hpsrv - ok
21:31:45.0909 6484 [ 171000873EB522E5EA3DD4C4E0B689B2 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:31:45.0909 6484 HPWMISVC - ok
21:31:45.0955 6484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:31:45.0960 6484 HTTP - ok
21:31:45.0999 6484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:31:46.0000 6484 hwpolicy - ok
21:31:46.0043 6484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:31:46.0045 6484 i8042prt - ok
21:31:46.0078 6484 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:31:46.0081 6484 iaStor - ok
21:31:46.0142 6484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:31:46.0147 6484 iaStorV - ok
21:31:46.0265 6484 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:31:46.0267 6484 IDriverT - ok
21:31:46.0344 6484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:31:46.0355 6484 idsvc - ok
21:31:46.0617 6484 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:31:46.0814 6484 igfx - ok
21:31:46.0867 6484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:31:46.0869 6484 iirsp - ok
21:31:46.0917 6484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:31:46.0926 6484 IKEEXT - ok
21:31:46.0972 6484 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:31:46.0975 6484 Impcd - ok
21:31:47.0014 6484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:31:47.0016 6484 intelide - ok
21:31:47.0258 6484 [ 1BE8D9CA4F2363B8E8015621878E0043 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
21:31:47.0372 6484 intelkmd - ok
21:31:47.0428 6484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:31:47.0429 6484 intelppm - ok
21:31:47.0474 6484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:31:47.0477 6484 IPBusEnum - ok
21:31:47.0509 6484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:47.0511 6484 IpFilterDriver - ok
21:31:47.0559 6484 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:31:47.0567 6484 iphlpsvc - ok
21:31:47.0611 6484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:31:47.0612 6484 IPMIDRV - ok
21:31:47.0658 6484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:31:47.0660 6484 IPNAT - ok
21:31:47.0741 6484 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:31:47.0747 6484 iPod Service - ok
21:31:47.0790 6484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:31:47.0791 6484 IRENUM - ok
21:31:47.0829 6484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:31:47.0831 6484 isapnp - ok
21:31:47.0867 6484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:31:47.0871 6484 iScsiPrt - ok
21:31:47.0910 6484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:47.0911 6484 kbdclass - ok
21:31:47.0962 6484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:47.0963 6484 kbdhid - ok
21:31:47.0980 6484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:31:47.0981 6484 KeyIso - ok
21:31:48.0024 6484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:31:48.0025 6484 KSecDD - ok
21:31:48.0038 6484 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:31:48.0040 6484 KSecPkg - ok
21:31:48.0068 6484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:31:48.0070 6484 ksthunk - ok
21:31:48.0116 6484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:31:48.0122 6484 KtmRm - ok
21:31:48.0187 6484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:31:48.0192 6484 LanmanServer - ok
21:31:48.0254 6484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:31:48.0258 6484 LanmanWorkstation - ok
21:31:48.0347 6484 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:31:48.0351 6484 LBTServ - ok
21:31:48.0371 6484 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:31:48.0372 6484 LHidFilt - ok
21:31:48.0423 6484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:31:48.0424 6484 lltdio - ok
21:31:48.0454 6484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:31:48.0459 6484 lltdsvc - ok
21:31:48.0477 6484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:31:48.0479 6484 lmhosts - ok
21:31:48.0494 6484 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:31:48.0495 6484 LMouFilt - ok
21:31:48.0587 6484 [ 6D515466AB8BFE61184092B635AE6EB4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:31:48.0590 6484 LMS - ok
21:31:48.0648 6484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:31:48.0650 6484 LSI_FC - ok
21:31:48.0678 6484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:31:48.0681 6484 LSI_SAS - ok
21:31:48.0702 6484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:31:48.0704 6484 LSI_SAS2 - ok
21:31:48.0737 6484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:31:48.0740 6484 LSI_SCSI - ok
21:31:48.0784 6484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:31:48.0786 6484 luafv - ok
21:31:48.0830 6484 [ 11DDB1D900078FBE3691DF7B878AEC28 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
21:31:48.0832 6484 LUsbFilt - ok
21:31:48.0892 6484 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] Magic Tune C:\Windows\system32\Drivers\MtiCtwl.sys
21:31:48.0893 6484 Magic Tune - ok
21:31:48.0938 6484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:31:48.0941 6484 Mcx2Svc - ok
21:31:48.0993 6484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:31:48.0995 6484 megasas - ok
21:31:49.0034 6484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:31:49.0039 6484 MegaSR - ok
21:31:49.0077 6484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:31:49.0079 6484 MMCSS - ok
21:31:49.0110 6484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:31:49.0111 6484 Modem - ok
21:31:49.0149 6484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:31:49.0150 6484 monitor - ok
21:31:49.0187 6484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:31:49.0188 6484 mouclass - ok
21:31:49.0245 6484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:31:49.0246 6484 mouhid - ok
21:31:49.0293 6484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:31:49.0295 6484 mountmgr - ok
21:31:49.0338 6484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:31:49.0341 6484 mpio - ok
21:31:49.0359 6484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:31:49.0361 6484 mpsdrv - ok
21:31:49.0407 6484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:31:49.0417 6484 MpsSvc - ok
21:31:49.0461 6484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:31:49.0463 6484 MRxDAV - ok
21:31:49.0511 6484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:49.0513 6484 mrxsmb - ok
21:31:49.0556 6484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:49.0559 6484 mrxsmb10 - ok
21:31:49.0589 6484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:49.0591 6484 mrxsmb20 - ok
21:31:49.0632 6484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:31:49.0633 6484 msahci - ok
21:31:49.0650 6484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:31:49.0652 6484 msdsm - ok
21:31:49.0685 6484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:31:49.0689 6484 MSDTC - ok
21:31:49.0732 6484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:31:49.0733 6484 Msfs - ok
21:31:49.0748 6484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:31:49.0749 6484 mshidkmdf - ok
21:31:49.0785 6484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:31:49.0786 6484 msisadrv - ok
21:31:49.0846 6484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:31:49.0849 6484 MSiSCSI - ok
21:31:49.0854 6484 msiserver - ok
21:31:49.0907 6484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:31:49.0908 6484 MSKSSRV - ok
21:31:49.0922 6484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:49.0923 6484 MSPCLOCK - ok
21:31:49.0942 6484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:31:49.0943 6484 MSPQM - ok
21:31:49.0986 6484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:31:49.0990 6484 MsRPC - ok
21:31:50.0034 6484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:31:50.0035 6484 mssmbios - ok
21:31:50.0053 6484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:31:50.0054 6484 MSTEE - ok
21:31:50.0073 6484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:31:50.0074 6484 MTConfig - ok
21:31:50.0104 6484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:31:50.0105 6484 Mup - ok
21:31:50.0177 6484 [ 400E39127AED6AED73E564C7AAEDD14A ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:31:50.0182 6484 MyWiFiDHCPDNS - ok
21:31:50.0228 6484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:31:50.0235 6484 napagent - ok
21:31:50.0277 6484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:31:50.0281 6484 NativeWifiP - ok
21:31:50.0334 6484 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:31:50.0339 6484 NDIS - ok
21:31:50.0366 6484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:50.0368 6484 NdisCap - ok
21:31:50.0386 6484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:50.0387 6484 NdisTapi - ok
21:31:50.0427 6484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:50.0428 6484 Ndisuio - ok
21:31:50.0473 6484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:50.0476 6484 NdisWan - ok
21:31:50.0517 6484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:31:50.0519 6484 NDProxy - ok
21:31:50.0552 6484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:31:50.0554 6484 NetBIOS - ok
21:31:50.0599 6484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:31:50.0601 6484 NetBT - ok
21:31:50.0621 6484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:31:50.0623 6484 Netlogon - ok
21:31:50.0682 6484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:31:50.0687 6484 Netman - ok
21:31:50.0788 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:50.0791 6484 NetMsmqActivator - ok
21:31:50.0796 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:50.0797 6484 NetPipeActivator - ok
21:31:50.0829 6484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:31:50.0835 6484 netprofm - ok
21:31:50.0840 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:50.0842 6484 NetTcpActivator - ok
21:31:50.0847 6484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:50.0849 6484 NetTcpPortSharing - ok
21:31:51.0056 6484 [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
21:31:51.0134 6484 NETw5s64 - ok
21:31:51.0269 6484 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
21:31:51.0324 6484 netw5v64 - ok
21:31:51.0487 6484 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
21:31:51.0570 6484 NETwNs64 - ok
21:31:51.0602 6484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:31:51.0604 6484 nfrd960 - ok
21:31:51.0663 6484 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:31:51.0669 6484 NlaSvc - ok
21:31:51.0703 6484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:31:51.0704 6484 Npfs - ok
21:31:51.0729 6484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:31:51.0731 6484 nsi - ok
21:31:51.0743 6484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:31:51.0743 6484 nsiproxy - ok
21:31:51.0813 6484 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:31:51.0830 6484 Ntfs - ok
21:31:52.0012 6484 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:31:52.0013 6484 ntk_PowerDVD - ok
21:31:52.0040 6484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:31:52.0041 6484 Null - ok
21:31:52.0066 6484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:31:52.0069 6484 nvraid - ok
21:31:52.0111 6484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:31:52.0113 6484 nvstor - ok
21:31:52.0144 6484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:31:52.0147 6484 nv_agp - ok
21:31:52.0274 6484 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:31:52.0279 6484 odserv - ok
21:31:52.0304 6484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:31:52.0305 6484 ohci1394 - ok
21:31:52.0359 6484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:31:52.0361 6484 ose - ok
21:31:52.0401 6484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:31:52.0406 6484 p2pimsvc - ok
21:31:52.0447 6484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:31:52.0454 6484 p2psvc - ok
21:31:52.0504 6484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:31:52.0506 6484 Parport - ok
21:31:52.0558 6484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:31:52.0559 6484 partmgr - ok
21:31:52.0608 6484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:31:52.0613 6484 PcaSvc - ok
21:31:52.0652 6484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:31:52.0654 6484 pci - ok
21:31:52.0687 6484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:31:52.0688 6484 pciide - ok
21:31:52.0720 6484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:31:52.0724 6484 pcmcia - ok
21:31:52.0755 6484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:31:52.0756 6484 pcw - ok
21:31:52.0796 6484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:31:52.0805 6484 PEAUTH - ok
21:31:52.0908 6484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:31:52.0910 6484 PerfHost - ok
21:31:52.0980 6484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:31:52.0996 6484 pla - ok
21:31:53.0058 6484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:31:53.0065 6484 PlugPlay - ok
21:31:53.0092 6484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:31:53.0094 6484 PNRPAutoReg - ok
21:31:53.0109 6484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:31:53.0113 6484 PNRPsvc - ok
21:31:53.0157 6484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:31:53.0164 6484 PolicyAgent - ok
21:31:53.0200 6484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:31:53.0204 6484 Power - ok
21:31:53.0249 6484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:31:53.0252 6484 PptpMiniport - ok
21:31:53.0274 6484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:31:53.0275 6484 Processor - ok
21:31:53.0320 6484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:31:53.0324 6484 ProfSvc - ok
21:31:53.0338 6484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:31:53.0339 6484 ProtectedStorage - ok
21:31:53.0401 6484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:31:53.0403 6484 Psched - ok
21:31:53.0444 6484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:31:53.0460 6484 ql2300 - ok
21:31:53.0489 6484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:31:53.0492 6484 ql40xx - ok
21:31:53.0521 6484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:31:53.0527 6484 QWAVE - ok
21:31:53.0571 6484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:31:53.0572 6484 QWAVEdrv - ok
21:31:53.0606 6484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:31:53.0607 6484 RasAcd - ok
21:31:53.0623 6484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:31:53.0624 6484 RasAgileVpn - ok
21:31:53.0656 6484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:31:53.0659 6484 RasAuto - ok
21:31:53.0697 6484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:53.0699 6484 Rasl2tp - ok
21:31:53.0783 6484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:31:53.0789 6484 RasMan - ok
21:31:53.0819 6484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:53.0821 6484 RasPppoe - ok
21:31:53.0833 6484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:31:53.0834 6484 RasSstp - ok
21:31:53.0880 6484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:31:53.0884 6484 rdbss - ok
21:31:53.0902 6484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:31:53.0903 6484 rdpbus - ok
21:31:53.0923 6484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:53.0923 6484 RDPCDD - ok
21:31:53.0994 6484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:31:53.0994 6484 RDPENCDD - ok
21:31:54.0007 6484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:31:54.0007 6484 RDPREFMP - ok
21:31:54.0047 6484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:31:54.0050 6484 RDPWD - ok
21:31:54.0103 6484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:31:54.0106 6484 rdyboost - ok
21:31:54.0197 6484 [ C8A442E4DCF89D03C4D7C7616CE293AE ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:31:54.0202 6484 RegSrvc - ok
21:31:54.0236 6484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:31:54.0238 6484 RemoteAccess - ok
21:31:54.0265 6484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:31:54.0269 6484 RemoteRegistry - ok
21:31:54.0289 6484 RimUsb - ok
21:31:54.0313 6484 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
21:31:54.0314 6484 RimVSerPort - ok
21:31:54.0352 6484 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
21:31:54.0353 6484 ROOTMODEM - ok
21:31:54.0365 6484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:31:54.0367 6484 RpcEptMapper - ok
21:31:54.0396 6484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:31:54.0398 6484 RpcLocator - ok
21:31:54.0449 6484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:31:54.0454 6484 RpcSs - ok
21:31:54.0488 6484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:31:54.0489 6484 rspndr - ok
21:31:54.0522 6484 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:31:54.0525 6484 RSUSBSTOR - ok
21:31:54.0556 6484 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:31:54.0558 6484 RTL8167 - ok
21:31:54.0571 6484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:31:54.0573 6484 SamSs - ok
21:31:54.0639 6484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:31:54.0642 6484 sbp2port - ok
21:31:54.0733 6484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:31:54.0737 6484 SCardSvr - ok
21:31:54.0784 6484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:31:54.0786 6484 scfilter - ok
21:31:54.0847 6484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:31:54.0860 6484 Schedule - ok
21:31:54.0909 6484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:31:54.0910 6484 SCPolicySvc - ok
21:31:54.0969 6484 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:31:54.0972 6484 sdbus - ok
21:31:54.0993 6484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:31:54.0997 6484 SDRSVC - ok
21:31:55.0045 6484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:31:55.0046 6484 secdrv - ok
21:31:55.0094 6484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:31:55.0096 6484 seclogon - ok
21:31:55.0125 6484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:31:55.0127 6484 SENS - ok
21:31:55.0168 6484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:31:55.0171 6484 SensrSvc - ok
21:31:55.0206 6484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:31:55.0208 6484 Serenum - ok
21:31:55.0238 6484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:31:55.0241 6484 Serial - ok
21:31:55.0283 6484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:31:55.0284 6484 sermouse - ok
21:31:55.0337 6484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:31:55.0341 6484 SessionEnv - ok
21:31:55.0382 6484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:31:55.0383 6484 sffdisk - ok
21:31:55.0403 6484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:31:55.0404 6484 sffp_mmc - ok
21:31:55.0432 6484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:31:55.0433 6484 sffp_sd - ok
21:31:55.0456 6484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:31:55.0457 6484 sfloppy - ok
21:31:55.0516 6484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:31:55.0522 6484 SharedAccess - ok
21:31:55.0575 6484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:31:55.0582 6484 ShellHWDetection - ok
21:31:55.0642 6484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:31:55.0644 6484 SiSRaid2 - ok
21:31:55.0669 6484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:31:55.0671 6484 SiSRaid4 - ok
21:31:55.0715 6484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:31:55.0718 6484 Smb - ok
21:31:55.0783 6484 [ A247EF7B238795EBBC33744221A391DE ] SMServer C:\Windows\SysWOW64\snmvtsvc.exe
21:31:55.0786 6484 SMServer - ok
21:31:55.0840 6484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:31:55.0843 6484 SNMPTRAP - ok
21:31:55.0870 6484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:31:55.0871 6484 spldr - ok
21:31:55.0923 6484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:31:55.0929 6484 Spooler - ok
21:31:56.0033 6484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:31:56.0054 6484 sppsvc - ok
21:31:56.0078 6484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:31:56.0081 6484 sppuinotify - ok
21:31:56.0134 6484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:31:56.0140 6484 srv - ok
21:31:56.0184 6484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:31:56.0190 6484 srv2 - ok
21:31:56.0253 6484 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:31:56.0258 6484 SrvHsfHDA - ok
21:31:56.0315 6484 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:31:56.0331 6484 SrvHsfV92 - ok
21:31:56.0357 6484 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:31:56.0366 6484 SrvHsfWinac - ok
21:31:56.0385 6484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:31:56.0388 6484 srvnet - ok
21:31:56.0444 6484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:31:56.0449 6484 SSDPSRV - ok
21:31:56.0477 6484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:31:56.0481 6484 SstpSvc - ok
21:31:56.0556 6484 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
21:31:56.0558 6484 STacSV - ok
21:31:56.0896 6484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:31:56.0898 6484 stexstor - ok
21:31:56.0947 6484 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:31:56.0954 6484 STHDA - ok
21:31:57.0005 6484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:31:57.0013 6484 stisvc - ok
21:31:57.0062 6484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:31:57.0063 6484 swenum - ok
21:31:57.0100 6484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:31:57.0107 6484 swprv - ok
21:31:57.0175 6484 [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp C:\Windows\system32\DRIVERS\sxuptp.sys
21:31:57.0177 6484 sxuptp - ok
21:31:57.0250 6484 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:31:57.0259 6484 SynTP - ok
21:31:57.0338 6484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:31:57.0358 6484 SysMain - ok
21:31:57.0409 6484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:31:57.0412 6484 TabletInputService - ok
21:31:57.0461 6484 [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
21:31:57.0463 6484 tap0901 - ok
21:31:57.0508 6484 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
21:31:57.0510 6484 taphss - ok
21:31:57.0530 6484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:31:57.0535 6484 TapiSrv - ok
21:31:57.0554 6484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:31:57.0557 6484 TBS - ok
21:31:57.0635 6484 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:31:57.0654 6484 Tcpip - ok
21:31:57.0697 6484 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:31:57.0709 6484 TCPIP6 - ok
21:31:57.0747 6484 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:31:57.0748 6484 tcpipreg - ok
21:31:57.0778 6484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:31:57.0779 6484 TDPIPE - ok
21:31:57.0818 6484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:31:57.0819 6484 TDTCP - ok
21:31:57.0851 6484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:31:57.0853 6484 tdx - ok
21:31:57.0896 6484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:31:57.0897 6484 TermDD - ok
21:31:57.0945 6484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:31:57.0955 6484 TermService - ok
21:31:57.0983 6484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:31:57.0985 6484 Themes - ok
21:31:58.0011 6484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:31:58.0013 6484 THREADORDER - ok
21:31:58.0031 6484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:31:58.0035 6484 TrkWks - ok
21:31:58.0090 6484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:31:58.0093 6484 TrustedInstaller - ok
21:31:58.0139 6484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:58.0140 6484 tssecsrv - ok
21:31:58.0195 6484 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:31:58.0197 6484 TsUsbFlt - ok
21:31:58.0259 6484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:31:58.0261 6484 tunnel - ok
21:31:58.0281 6484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:31:58.0283 6484 uagp35 - ok
21:31:58.0332 6484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:31:58.0337 6484 udfs - ok
21:31:58.0378 6484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:31:58.0381 6484 UI0Detect - ok
21:31:58.0396 6484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:31:58.0398 6484 uliagpkx - ok
21:31:58.0453 6484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:31:58.0454 6484 umbus - ok
21:31:58.0473 6484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:31:58.0475 6484 UmPass - ok
21:31:58.0645 6484 [ 0FADD949576A164B4E51E716F46B6C33 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:31:58.0661 6484 UNS - ok
21:31:58.0703 6484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:31:58.0710 6484 upnphost - ok
21:31:58.0763 6484 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:31:58.0765 6484 USBAAPL64 - ok
21:31:58.0804 6484 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:31:58.0807 6484 usbaudio - ok
21:31:58.0844 6484 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:58.0846 6484 usbccgp - ok
21:31:58.0900 6484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:31:58.0902 6484 usbcir - ok
21:31:58.0938 6484 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:31:58.0940 6484 usbehci - ok
21:31:58.0980 6484 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:31:58.0985 6484 usbhub - ok
21:31:59.0010 6484 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:31:59.0012 6484 usbohci - ok
21:31:59.0077 6484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:31:59.0078 6484 usbprint - ok
21:31:59.0126 6484 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:31:59.0128 6484 usbscan - ok
21:31:59.0161 6484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:59.0163 6484 USBSTOR - ok
21:31:59.0180 6484 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:31:59.0182 6484 usbuhci - ok
21:31:59.0239 6484 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:31:59.0242 6484 usbvideo - ok
21:31:59.0271 6484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:31:59.0274 6484 UxSms - ok
21:31:59.0297 6484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:31:59.0300 6484 VaultSvc - ok
21:31:59.0386 6484 [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService C:\Windows\system32\vcsFPService.exe
21:31:59.0402 6484 vcsFPService - ok
21:31:59.0462 6484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:31:59.0462 6484 vdrvroot - ok
21:31:59.0514 6484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:31:59.0522 6484 vds - ok
21:31:59.0555 6484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:59.0557 6484 vga - ok
21:31:59.0571 6484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:31:59.0572 6484 VgaSave - ok
21:31:59.0621 6484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:31:59.0624 6484 vhdmp - ok
21:31:59.0662 6484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:31:59.0663 6484 viaide - ok
21:31:59.0700 6484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:31:59.0701 6484 volmgr - ok
21:31:59.0758 6484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:31:59.0762 6484 volmgrx - ok
21:31:59.0801 6484 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:31:59.0805 6484 volsnap - ok
21:31:59.0875 6484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:31:59.0878 6484 vsmraid - ok
21:31:59.0939 6484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:31:59.0956 6484 VSS - ok
21:31:59.0969 6484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:31:59.0970 6484 vwifibus - ok
21:32:00.0002 6484 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:32:00.0004 6484 vwififlt - ok
21:32:00.0012 6484 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:32:00.0013 6484 vwifimp - ok
21:32:00.0048 6484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:32:00.0054 6484 W32Time - ok
21:32:00.0083 6484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:32:00.0084 6484 WacomPen - ok
21:32:00.0133 6484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:32:00.0135 6484 WANARP - ok
21:32:00.0156 6484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:32:00.0157 6484 Wanarpv6 - ok
21:32:00.0219 6484 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:32:00.0233 6484 WatAdminSvc - ok
21:32:00.0288 6484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:32:00.0305 6484 wbengine - ok
21:32:00.0335 6484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:32:00.0340 6484 WbioSrvc - ok
21:32:00.0383 6484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:32:00.0389 6484 wcncsvc - ok
21:32:00.0402 6484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:32:00.0405 6484 WcsPlugInService - ok
21:32:00.0435 6484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:32:00.0436 6484 Wd - ok
21:32:00.0462 6484 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:32:00.0469 6484 Wdf01000 - ok
21:32:00.0520 6484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:32:00.0523 6484 WdiServiceHost - ok
21:32:00.0527 6484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:32:00.0530 6484 WdiSystemHost - ok
21:32:00.0598 6484 [ 5B34E5938B9E76798977725E3F7847C4 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
21:32:00.0599 6484 wdkmd - ok
21:32:00.0644 6484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:32:00.0650 6484 WebClient - ok
21:32:00.0681 6484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:32:00.0687 6484 Wecsvc - ok
21:32:00.0714 6484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:32:00.0717 6484 wercplsupport - ok
21:32:00.0761 6484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:32:00.0764 6484 WerSvc - ok
21:32:00.0820 6484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:32:00.0821 6484 WfpLwf - ok
21:32:00.0838 6484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:32:00.0839 6484 WIMMount - ok
21:32:00.0875 6484 WinDefend - ok
21:32:00.0903 6484 WinHttpAutoProxySvc - ok
21:32:00.0971 6484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:32:00.0974 6484 Winmgmt - ok
21:32:01.0072 6484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:32:01.0095 6484 WinRM - ok
21:32:01.0141 6484 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
21:32:01.0142 6484 WinUSB - ok
21:32:01.0177 6484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:32:01.0188 6484 Wlansvc - ok
21:32:01.0202 6484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:32:01.0203 6484 WmiAcpi - ok
21:32:01.0226 6484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:32:01.0229 6484 wmiApSrv - ok
21:32:01.0279 6484 WMPNetworkSvc - ok
21:32:01.0301 6484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:32:01.0304 6484 WPCSvc - ok
21:32:01.0353 6484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:32:01.0357 6484 WPDBusEnum - ok
21:32:01.0416 6484 [ D0BA650BD00C346B0B860F6CEC275296 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys
21:32:01.0418 6484 WRkrn - ok
21:32:01.0498 6484 [ 198434E71A01A170EDA6C73A812B540D ] WRSVC C:\Program Files\Webroot\WRSA.exe
21:32:01.0502 6484 WRSVC - ok
21:32:01.0526 6484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:32:01.0527 6484 ws2ifsl - ok
21:32:01.0572 6484 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
21:32:01.0573 6484 WsAudio_DeviceS(1) - ok
21:32:01.0609 6484 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
21:32:01.0610 6484 WsAudio_DeviceS(2) - ok
21:32:01.0646 6484 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
21:32:01.0647 6484 WsAudio_DeviceS(3) - ok
21:32:01.0662 6484 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
21:32:01.0663 6484 WsAudio_DeviceS(4) - ok
21:32:01.0675 6484 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
21:32:01.0676 6484 WsAudio_DeviceS(5) - ok
21:32:01.0720 6484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:32:01.0724 6484 wscsvc - ok
21:32:01.0759 6484 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:32:01.0760 6484 WSDPrintDevice - ok
21:32:01.0796 6484 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:32:01.0797 6484 WSDScan - ok
21:32:01.0802 6484 WSearch - ok
21:32:01.0884 6484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:32:01.0903 6484 wuauserv - ok
21:32:01.0944 6484 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:32:01.0946 6484 WudfPf - ok
21:32:01.0987 6484 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:32:01.0990 6484 wudfsvc - ok
21:32:02.0025 6484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:32:02.0030 6484 WwanSvc - ok
21:32:02.0092 6484 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:32:02.0093 6484 xusb21 - ok
21:32:02.0153 6484 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
21:32:02.0158 6484 yukonw7 - ok
21:32:02.0335 6484 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:32:02.0337 6484 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:32:02.0350 6484 ================ Scan global ===============================
21:32:02.0374 6484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:32:02.0413 6484 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:32:02.0422 6484 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:32:02.0439 6484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:32:02.0472 6484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:32:02.0476 6484 [Global] - ok
21:32:02.0476 6484 ================ Scan MBR ==================================
21:32:02.0490 6484 [ E64EC407F3F823494CD1671F4BB1DAC9 ] \Device\Harddisk0\DR0
21:32:02.0491 6484 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:32:02.0540 6484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:32:02.0540 6484 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:32:02.0873 6484 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:32:02.0873 6484 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:32:02.0878 6484 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
21:32:03.0695 6484 \Device\Harddisk1\DR1 - ok
21:32:03.0696 6484 ================ Scan VBR ==================================
21:32:03.0848 6484 [ A8F3D34BEE3A61F40B7E0BEDFD022865 ] \Device\Harddisk0\DR0\Partition1
21:32:03.0849 6484 \Device\Harddisk0\DR0\Partition1 - ok
21:32:03.0860 6484 [ B902B1D2908471C800D3FDED67EF7359 ] \Device\Harddisk0\DR0\Partition2
21:32:03.0861 6484 \Device\Harddisk0\DR0\Partition2 - ok
21:32:03.0888 6484 [ 5E549464C783D64F81D1E8BF508F1A0C ] \Device\Harddisk0\DR0\Partition3
21:32:03.0890 6484 \Device\Harddisk0\DR0\Partition3 - ok
21:32:03.0897 6484 [ A0A3AA8C57D64F52D4A8797F6CFF8295 ] \Device\Harddisk1\DR1\Partition1
21:32:03.0899 6484 \Device\Harddisk1\DR1\Partition1 - ok
21:32:03.0900 6484 ============================================================
21:32:03.0900 6484 Scan finished
21:32:03.0900 6484 ============================================================
21:32:03.0913 3856 Detected object count: 2
21:32:03.0913 3856 Actual detected object count: 2
21:32:28.0301 3856 \Device\Harddisk0\DR0\# - copied to quarantine
21:32:28.0303 3856 \Device\Harddisk0\DR0 - copied to quarantine
21:32:28.0338 3856 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:32:28.0341 3856 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:32:28.0354 3856 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:32:28.0361 3856 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:32:28.0363 3856 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:32:28.0365 3856 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:32:28.0367 3856 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:32:28.0369 3856 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:32:28.0372 3856 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:32:28.0374 3856 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:32:28.0377 3856 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:32:28.0378 3856 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:32:28.0407 3856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:32:28.0417 3856 \Device\Harddisk0\DR0 - ok
21:32:29.0146 3856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:32:29.0147 3856 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:32:29.0147 3856 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:32:32.0194 4720 Deinitialize success








21:33:42.0963 2752 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:33:42.0979 2752 ============================================================
21:33:42.0979 2752 Current date / time: 2012/09/11 21:33:42.0979
21:33:42.0979 2752 SystemInfo:
21:33:42.0979 2752
21:33:42.0979 2752 OS Version: 6.1.7601 ServicePack: 1.0
21:33:42.0979 2752 Product type: Workstation
21:33:42.0994 2752 ComputerName: ERIK-LAPTOP
21:33:42.0994 2752 UserName: Erik
21:33:42.0994 2752 Windows directory: C:\Windows
21:33:42.0994 2752 System windows directory: C:\Windows
21:33:42.0994 2752 Running under WOW64
21:33:42.0994 2752 Processor architecture: Intel x64
21:33:42.0994 2752 Number of processors: 4
21:33:42.0994 2752 Page size: 0x1000
21:33:42.0994 2752 Boot type: Normal boot
21:33:42.0994 2752 ============================================================
21:33:43.0899 2752 BG loaded
21:33:44.0398 2752 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:33:44.0398 2752 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:33:44.0414 2752 ============================================================
21:33:44.0414 2752 \Device\Harddisk0\DR0:
21:33:44.0414 2752 MBR partitions:
21:33:44.0414 2752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:33:44.0414 2752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x47E87800
21:33:44.0414 2752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47EEB800, BlocksNum 0x2938800
21:33:44.0414 2752 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
21:33:44.0414 2752 \Device\Harddisk1\DR1:
21:33:44.0414 2752 MBR partitions:
21:33:44.0414 2752 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEE080
21:33:44.0414 2752 ============================================================
21:33:44.0461 2752 C: <-> \Device\Harddisk0\DR0\Partition2
21:33:44.0648 2752 D: <-> \Device\Harddisk0\DR0\Partition3
21:33:44.0664 2752 F: <-> \Device\Harddisk0\DR0\Partition4
21:33:44.0664 2752 ============================================================
21:33:44.0664 2752 Initialize success
21:33:44.0664 2752 ============================================================

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 11 September 2012 - 08:51 PM

ok, very good,

now that the pihar rootkit has been cured, re-run TDSSKiller with the same parameters and this time choose to "delete" the TDSS file system

NEXT


  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ElRunner

ElRunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 September 2012 - 09:02 PM

Three Rkreports were created, they are below.



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Erik [Admin rights]
Mode : Scan -- Date : 09/11/2012 21:55:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6461GSYN +++++
--- User ---
[MBR] a8ab64f50104918164a8108e03a764e4
[BSP] 1979092f9fc0b5022bf14f9c5c70a24c : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589071 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1206827008 | Size: 21105 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Geek Squad USB Device +++++
--- User ---
[MBR] b85f5c48ca9c6f29e7ffd4f184627fc1
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 7644 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Erik [Admin rights]
Mode : Scan -- Date : 09/11/2012 21:55:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6461GSYN +++++
--- User ---
[MBR] a8ab64f50104918164a8108e03a764e4
[BSP] 1979092f9fc0b5022bf14f9c5c70a24c : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589071 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1206827008 | Size: 21105 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Geek Squad USB Device +++++
--- User ---
[MBR] b85f5c48ca9c6f29e7ffd4f184627fc1
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 7644 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt




RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Erik [Admin rights]
Mode : Remove -- Date : 09/11/2012 21:58:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6461GSYN +++++
--- User ---
[MBR] a8ab64f50104918164a8108e03a764e4
[BSP] 1979092f9fc0b5022bf14f9c5c70a24c : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589071 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1206827008 | Size: 21105 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Geek Squad USB Device +++++
--- User ---
[MBR] b85f5c48ca9c6f29e7ffd4f184627fc1
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 7644 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Erik [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/11/2012 21:59:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 19 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 68 / Fail 0
My documents: Success 7 / Fail 7
My favorites: Success 0 / Fail 0
My pictures: Success 1 / Fail 0
My music: Success 5485 / Fail 0
My videos: Success 1 / Fail 0
Local drives: Success 124 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 11 September 2012 - 09:11 PM

Please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ElRunner

ElRunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 September 2012 - 09:45 PM

ran into some trouble here...combofix ran and completed without a hitch but i can no longer seem to connect to the internet on the effected PC. Below you'll find the report.



ComboFix 12-09-11.02 - Erik 09/11/2012 22:18:13.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.5989 [GMT -4:00]
Running from: c:\users\Erik\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Erik\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\svchost.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
c:\windows\TEMP\WRusr.dll-2640769-1.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-12 04:51 . 2012-09-12 04:51 -------- d-----w- C:\FRST
2012-09-12 02:27 . 2012-09-12 02:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 01:32 . 2012-09-12 01:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-12 00:22 . 2012-09-12 01:13 -------- d-----w- c:\programdata\Belkin
2012-09-12 00:22 . 2012-09-12 00:22 -------- d-----w- c:\program files\Belkin
2012-09-12 00:21 . 2009-06-22 20:50 291352 ----a-w- c:\windows\system32\drivers\sxuptp.sys
2012-09-12 00:20 . 2012-09-12 00:20 -------- d-----w- c:\programdata\Affinegy
2012-09-12 00:20 . 2012-09-12 00:20 -------- d-----w- c:\program files (x86)\Belkin
2012-09-11 04:51 . 2012-09-11 20:43 691 ----a-w- c:\users\Erik\AppData\Roaming\GetValue.vbs
2012-09-11 04:51 . 2012-09-11 20:43 35 ----a-w- c:\users\Erik\AppData\Roaming\SetValue.bat
2012-09-11 02:55 . 2012-09-11 02:58 -------- d-----w- c:\programdata\MFAData
2012-09-11 02:55 . 2012-09-11 02:55 -------- d-----w- c:\users\Erik\AppData\Local\MFAData
2012-09-11 02:55 . 2012-09-11 02:55 -------- d-----w- c:\users\Erik\AppData\Local\Avg2013
2012-09-11 02:55 . 2012-09-11 02:55 -------- d-----w- c:\programdata\Common Files
2012-09-10 23:47 . 2012-09-11 22:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-10 23:47 . 2012-09-10 23:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-10 23:02 . 2012-09-10 23:02 -------- d-----w- c:\users\Erik\AppData\Roaming\Malwarebytes
2012-09-10 23:02 . 2012-09-10 23:02 -------- d-----w- c:\programdata\Malwarebytes
2012-09-10 23:02 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 23:02 . 2012-09-10 23:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-09 01:52 . 2012-09-09 01:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-09 01:52 . 2012-09-09 01:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 01:36 . 2012-09-09 01:36 -------- d-----w- c:\users\Erik\AppData\Local\Little_Apps
2012-09-09 01:34 . 2012-09-09 01:34 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2012-09-09 01:33 . 2012-09-09 01:33 -------- d-----w- c:\program files (x86)\Little Registry Cleaner
2012-09-07 14:50 . 2012-09-07 15:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-14 23:59 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 23:59 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 23:59 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:59 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 23:59 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 23:59 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 23:59 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 23:59 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 23:59 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 23:59 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 23:59 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 23:59 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-11 14:03 . 2009-07-13 23:19 20992 ------w- c:\windows\SysWow64\svchost.exe
2012-09-09 01:52 . 2012-07-10 18:28 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-09 01:52 . 2010-07-20 14:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 06:06 . 2011-01-11 17:02 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 19:03 . 2012-04-05 04:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 19:03 . 2011-09-18 18:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-11_04.16.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-09-11 04:15 . 2012-09-11 04:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-12 02:28 . 2012-09-12 02:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-11 04:15 . 2012-09-11 04:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-12 02:28 . 2012-09-12 02:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-09-12 02:27 281192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-11 04:15 281192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-09-16 09:26 . 2012-09-07 06:33 3918488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-16 09:26 . 2012-09-12 02:27 3918488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-11 06:20 . 2012-09-12 02:27 4080769 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1579550983-178001793-171058814-1001-12288.dat
- 2011-01-11 06:20 . 2012-09-11 04:15 4080769 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1579550983-178001793-171058814-1001-12288.dat
+ 2012-09-05 05:58 . 2012-09-12 01:32 7447896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 16:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-05-19 234792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/16 01:56;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2010-12-23 385024]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-04 340240]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2010-12-23 245760]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 Magic Tune;MagicTune;c:\windows\system32\Drivers\MtiCtwl.sys [2008-11-04 23096]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-19 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-19 203264]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-19 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-19 279040]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-25 32880]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-19 10610400]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-14 8593920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-19 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-19 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-19 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-19 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-19 29288]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:03]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1579550983-178001793-171058814-1001Core.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 19:13]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1579550983-178001793-171058814-1001UA.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 19:13]
.
2012-09-07 c:\windows\Tasks\HPCeeScheduleForErik.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-19 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-19 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-19 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-19 415256]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-04 1933584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"combofix"="c:\combofix\CF7209.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
Trusted Zone: corcoran.com\12st-f
Trusted Zone: hp.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.2.1
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
SafeBoot-93635600.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}"=hex:51,66,7a,6c,4c,1d,38,12,72,c0,6c,
d6,0f,20,6b,06,f2,45,ef,9a,ea,fb,bc,76
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{E36C55EE-D0FF-4DC4-A017-E0B8C539867A}"=hex:51,66,7a,6c,4c,1d,38,12,80,56,7f,
e7,cd,9e,aa,08,df,01,a3,f8,c0,67,c2,6e
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3f,a8,a9,a3,b0,8e,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-11 22:35:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-12 02:35
.
Pre-Run: 372,406,968,320 bytes free
Post-Run: 371,936,223,232 bytes free
.
- - End Of File - - 9818D84F17085616F2EA1FFB67E686FB

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 11 September 2012 - 09:54 PM

ok

we can restore the computer to before you ran ComboFix, we need to run a FRST fix


Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
RestoreErunt: cf
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


let me know if that restores your connection

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 ElRunner

ElRunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 September 2012 - 10:08 PM

OK that restored connnectivity, thanks. Below is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2012 01
Ran by SYSTEM at 2012-09-11 23:04:24 Run:1
Running from H:\

==============================================

BCD restored successfuly.
BCD restored successfuly.
DEFAULT restored successfuly.
SAM restored successfuly.
SECURITY restored successfuly.
SOFTWARE restored successfuly.
SYSTEM restored successfuly.

==== End of Fixlog ====

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 11 September 2012 - 11:12 PM

before you follow these next directions, please create a restore point.

Also can you give a brief run down on your connection set up

thanks

here are step by step instructions on how to set a new restore point
http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/

please don't make any other changes to your machine prior to running these instructions, thanks


Download Total Uninstaller (no need to purchase the program, it has a 30 day Free Trial).

Install the program.

In the upper area, click Monitor Programs, then a bit to the right, click Install.

In the box that appears, ensure there is a tick mark next to ''Create a new system snapshot' and click Next.

It will take a few minutes for it to complete that phase. When it has completed, you'll be presented with another window.
Click the Browse button and browse to where ComboFix.exe is located. Double click combofix.exe in the browse window and you will see the full path appear in the open field.

Click Launch Setup Program and ComboFix.exe will begin to run. Follow all prompts given by ComboFix and allow it to complete its run.

When it has completed, you should still see the Total Uninstaller window open. Click 'Program is Installed'. It will take a few minutes to log the changes. When it has completed, look to the top right and click File>Export>Changes. Save it to your desktop, then please attach the combofix.exe - Changes.txt file.

If the machine was rebooted after ComboFix ran, please re-launch Total Uninstaller and it will open where it left off. Click 'Program is Installed' and follow the instructions as given above for exporting the file.

Edited by CatByte, 11 September 2012 - 11:12 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:18 AM

Posted 20 September 2012 - 05:55 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users