Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan not removed in svchost.exe


  • This topic is locked This topic is locked
26 replies to this topic

#1 Shqdowolves

Shqdowolves

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 20 March 2013 - 08:46 PM

Okay, I have a Trojan that I can't get removed from my computer. I can not run ComboFix has my computer always shuts down part of the way though and Malwarebytes can not delete it and Rougekiller doesn't seem to kill it either. Here are two logs and the DDS logs. Thank you! ( I'm making a new topic because I was asked to do so, so I hope I'm doing this right..)
 
Here is the DDS
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/20/2010 4:48:10 PM
System Uptime: 3/20/2013 9:20:20 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 146A
Processor: Intel® Core™ i5 CPU       M 430  @ 2.27GHz | CPU | 2267/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 324.177 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 2.673 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP114: 1/27/2013 6:10:29 PM - HPSF Restore Point
RP115: 2/27/2013 6:11:12 PM - HPSF Restore Point
RP116: 3/4/2013 11:24:48 AM - Removed Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
RP117: 3/19/2013 11:56:13 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.2 MUI
Adobe Shockwave Player
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Bar
BioExcess
Blackhawk Striker 2
Blasterball 3
Bonjour
Broadcom 2070 Bluetooth 2.1 + EDR
Broadcom 802.11 Wireless LAN Adapter
Build-a-lot 2
Cake Mania
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Curse Client
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Google Chrome
Google Update Helper
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Movies and TV
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Quick Launch
HP QuickWeb Installer
HP Setup
 
Part 2:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Becca at 21:30:35 on 2013-03-20
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.1972 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Becca\AppData\Local\Apps\2.0\EE0CJ5MH.J2Z\22DWCEWP.X73\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\CurseClient.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.etoolkit.com/start-MDI2
uProxyOverride = <local>;*.local
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ipsbho.dll
BHO: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
TB: eToolKit Toolbar: {D3B22A92-87A2-47B6-B3E6-A64877B5C242} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
TB: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} -
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [tktray] C:\Program Files (x86)\ToolKitService\tktray.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 74.128.19.102 74.128.17.114
TCP: Interfaces\{AA16A83B-A6C9-4F57-BFF7-EAFD39CBCE50} : DHCPNameServer = 74.128.19.102 74.128.17.114
TCP: Interfaces\{AA16A83B-A6C9-4F57-BFF7-EAFD39CBCE50}\055736B6564747 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AA16A83B-A6C9-4F57-BFF7-EAFD39CBCE50}\1446279616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AA16A83B-A6C9-4F57-BFF7-EAFD39CBCE50}\1646279616723702E6564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AA16A83B-A6C9-4F57-BFF7-EAFD39CBCE50}\2456C6B696E6F5E4B2F57457563747 : DHCPNameServer = 192.168.2.1 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Becca\AppData\Roaming\Mozilla\Firefox\Profiles\kaqfmude.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt\components\EgisPBFF.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\fftoolbar.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\fftoolbar_v10.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\fftoolbar_v2.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\fftoolbar_v6.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\fftoolbar_v7.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\fftoolbar_v8.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\fftoolbar_v9.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mBmp3.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mBmp3_v10.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mBmp3_v2.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mBmp3_v6.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mBmp3_v7.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mBmp3_v8.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mBmp3_v9.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mcrazy.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mcrazy_v10.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mcrazy_v2.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mcrazy_v6.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mcrazy_v7.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mcrazy_v9.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mFaceBook.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mFaceBook_v10.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mFaceBook_v2.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mFaceBook_v6.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mFaceBook_v7.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mFaceBook_v8.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mRadio.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mRadio_v10.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mRadio_v2.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mRadio_v6.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mRadio_v7.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mRadio_v8.dll
FF - component: C:\Program Files (x86)\ToolKitService\ffext\components\mRadio_v9.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-1-16 1150936]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-1-16 257232]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-1-16 452872]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-1-16 816016]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-11 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-11 221304]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-11 593544]
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130320.001\IDSviA64.sys [2013-3-20 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-11 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-11 451704]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-31 338168]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-2-4 689008]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-23 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-9 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-9 682344]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2011-10-11 126400]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-1-16 366840]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-23 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-23 35104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-12 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-3-26 158720]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-3-26 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-9 24176]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-17 40448]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 346144]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ToolkitDisk;ToolkitDisk;C:\Windows\System32\drivers\toolkitdisk.sys [2012-2-13 62552]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-21 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-03-21 01:24:01    20480    ------w-    C:\Windows\svchost.exe
2013-03-21 00:42:16    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-21 00:25:45    --------    d-s---w-    C:\scvhost
2013-03-20 17:11:49    274432    ----a-w-    C:\Windows\SysWow64\ssleay32.dll
2013-03-20 17:11:48    81920    ----a-w-    C:\Windows\eSellerateControl350.dll
2013-03-20 17:11:48    356352    ----a-w-    C:\Windows\eSellerateEngine.dll
2013-03-20 17:11:48    1122304    ----a-w-    C:\Windows\SysWow64\libeay32.dll
2013-03-20 17:11:47    --------    d-----w-    C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
2013-03-20 16:57:18    --------    d-----w-    C:\Users\Becca\AppData\Roaming\TestApp
2013-03-20 15:48:06    --------    d-----w-    C:\Users\Becca\AppData\Roaming\DriverCure
2013-03-20 15:48:03    --------    d-----w-    C:\Users\Becca\AppData\Roaming\SpeedyPC Software
2013-03-20 15:46:21    --------    d-----w-    C:\Program Files (x86)\Common Files\SpeedyPC Software
2013-03-20 15:46:18    --------    d-----w-    C:\ProgramData\SpeedyPC Software
2013-03-20 03:56:02    208896    ----a-w-    C:\Windows\MBR.exe
2013-03-20 03:56:01    98816    ----a-w-    C:\Windows\sed.exe
2013-03-20 03:56:01    256000    ----a-w-    C:\Windows\PEV.exe
2013-02-28 15:44:18    69000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38FE1D93-8D9B-4C8D-BC26-40F580E501DF}\offreg.dll
2013-02-25 02:40:00    7168    ----a-w-    C:\ProgramData\Microsoft\Windows\DRM\4F19.tmp
2013-02-25 02:40:00    7168    ----a-w-    C:\ProgramData\Microsoft\Windows\DRM\4F08.tmp
2013-02-19 04:41:05    --------    d-----w-    C:\Users\Becca\AppData\Roaming\WindowsDatabase
.
==================== Find3M  ====================
.
.
============= FINISH: 21:32:35.36 ===============


Here is the log from the last time I ran rougekiller
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Becca [Admin rights]
Mode : Scan -- Date : 03/20/2013 20:16:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 4 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc]
[SUSP PATH] CurseClient.exe -- C:\Users\Becca\AppData\Local\Apps\2.0\EE0CJ5MH.J2Z\22DWCEWP.X73\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\CurseClient.exe [-] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_124a28e3 [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_pctsSvc.exe_8c1cd2a35fc239a942f2a3a47941e596da88f144_1ae2b7d9 [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] f2b33db980d4c98fe3098b61c7853f38
[BSP] 049f5f9581af124a161436e2dc1a8e91 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457747 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937875456 | Size: 18889 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] e279ad569e6411627b5242db6ac79729
[BSP] 049f5f9581af124a161436e2dc1a8e91 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457747 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937875456 | Size: 18889 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] e279ad569e6411627b5242db6ac79729
[BSP] 049f5f9581af124a161436e2dc1a8e91 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457747 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937875456 | Size: 18889 Mo

Finished : << RKreport[3]_S_03202013_02d2016.txt >>
RKreport[1]_S_03202013_02d1127.txt ; RKreport[2]_D_03202013_02d1132.txt ; RKreport[3]_S_03202013_02d2016.txt
 
Also here is the malwarebytes log but it does not remove the Trojan even though it says it did.
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.16.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Becca :: BECCA-PC [administrator]

3/20/2013 8:54:41 PM
mbam-log-2013-03-20 (20-54-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212927
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 6528 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Edited by bloopie, 20 March 2013 - 09:56 PM.
Topic has been moved to the MRL forum, due to the DDS log being posted. ~bloopie


BC AdBot (Login to Remove)

 


#2 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 20 March 2013 - 09:29 PM

I'm trying to run ComboFix again and it has gotten further than ever before but it seems to have stopped after it completed stage 48...

Edited by bloopie, 20 March 2013 - 09:58 PM.
Please do not run CF again. Only post the log created at C:\Combofix.txt if present. ~bloopie


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 20 March 2013 - 11:23 PM


Hello Shqdowolves

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2013 - 09:57 AM

I'm going to post them separately if that is okay with you incase my computer decides to shut down I don't want to lose the logs.

 

Results of screen317's Security Check version 0.99.61  
 Windows 7  x64 (UAC is enabled)  
 [/b]
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Doctor 8.0   
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java™ 6 Update 31  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (19.0.2)
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
 



#5 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2013 - 10:12 AM

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 11:13:52
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Becca - BECCA-PC
# Boot Mode : Normal
# Running from : C:\Users\Becca\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Becca\AppData\Roaming\Mozilla\Firefox\Profiles\kaqfmude.default\searchplugins\Askcom.xml
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Becca\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Becca\AppData\Roaming\Mozilla\Firefox\Profiles\kaqfmude.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Becca\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2602 octets] - [21/03/2013 10:59:30]
AdwCleaner[R2].txt - [2662 octets] - [21/03/2013 11:13:32]
AdwCleaner[S1].txt - [2489 octets] - [21/03/2013 11:13:52]

########## EOF - C:\AdwCleaner[S1].txt - [2549 octets] ##########
 


Edited by Shqdowolves, 21 March 2013 - 10:24 AM.


#6 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2013 - 10:38 AM

And last here is the Roguekiller log. My computer seems to be normal and didn't try to shut down while doing any of these scans.

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Becca [Admin rights]
Mode : Remove -- Date : 03/21/2013 11:36:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc]
[SUSP PATH] CurseClient.exe -- C:\Users\Becca\AppData\Local\Apps\2.0\EE0CJ5MH.J2Z\22DWCEWP.X73\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\CurseClient.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] f2b33db980d4c98fe3098b61c7853f38
[BSP] 049f5f9581af124a161436e2dc1a8e91 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457747 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937875456 | Size: 18889 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] e279ad569e6411627b5242db6ac79729
[BSP] 049f5f9581af124a161436e2dc1a8e91 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457747 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937875456 | Size: 18889 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] e279ad569e6411627b5242db6ac79729
[BSP] 049f5f9581af124a161436e2dc1a8e91 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457747 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937875456 | Size: 18889 Mo

Finished : << RKreport[5]_D_03212013_02d1136.txt >>
RKreport[4]_S_03212013_02d1132.txt ; RKreport[5]_D_03212013_02d1136.txt


 



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 21 March 2013 - 12:37 PM


Hello Shqdowolves

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2013 - 02:03 PM

Here is the ComboFix log. It took about 20 mins to run but I tried running it before I first posted and it would always cause my computer to shut down and not finish the scan before but this time it actually finish!

 

ComboFix 13-03-21.01 - Becca 03/21/2013  14:39:09.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.2099 [GMT -4:00]
Running from: c:\users\Becca\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ae068361
c:\programdata\Microsoft\Windows\DRM\4F08.tmp
c:\programdata\Microsoft\Windows\DRM\4F19.tmp
c:\users\Becca\AppData\Roaming\7554790b
c:\users\Becca\AppData\Roaming\skype.ini
c:\users\Becca\Taskmgr.exe
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-21 to 2013-03-21  )))))))))))))))))))))))))))))))
.
.
2013-03-21 18:53 . 2013-03-21 18:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-20 17:11 . 2009-07-23 21:32    274432    ----a-w-    c:\windows\SysWow64\ssleay32.dll
2013-03-20 17:11 . 2012-12-10 14:04    81920    ----a-w-    c:\windows\eSellerateControl350.dll
2013-03-20 17:11 . 2012-12-10 14:04    356352    ----a-w-    c:\windows\eSellerateEngine.dll
2013-03-20 17:11 . 2009-07-23 21:32    1122304    ----a-w-    c:\windows\SysWow64\libeay32.dll
2013-03-20 17:11 . 2013-03-20 23:38    --------    d-----w-    c:\program files (x86)\Trojan SVCHOSTRemoval Tool
2013-03-20 16:57 . 2013-03-20 16:57    --------    d-----w-    c:\users\Becca\AppData\Roaming\TestApp
2013-03-20 15:48 . 2013-03-20 15:48    --------    d-----w-    c:\users\Becca\AppData\Roaming\DriverCure
2013-03-20 15:48 . 2013-03-20 15:48    --------    d-----w-    c:\users\Becca\AppData\Roaming\SpeedyPC Software
2013-03-20 15:46 . 2013-03-20 15:46    --------    d-----w-    c:\program files (x86)\Common Files\SpeedyPC Software
2013-03-20 15:46 . 2013-03-20 15:46    --------    d-----w-    c:\programdata\SpeedyPC Software
2013-02-28 15:44 . 2013-03-21 15:34    69000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{38FE1D93-8D9B-4C8D-BC26-40F580E501DF}\offreg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-09 401192]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-09 201512]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-02-04 379248]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2010-12-01 1589208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-13 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-17 40448]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [2011-09-12 62552]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-22 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-11-25 257232]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 20056]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130320.001\IDSvia64.sys [2013-02-27 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-03-03 89600]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-04-01 338168]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-02-04 689008]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-03-27 158720]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-27 271872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-17 23:49    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 03:04]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 03:04]
.
2013-03-20 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-03-21 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-01-02 22:59]
.
2013-03-20 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-01-02 22:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.etoolkit.com/start-MDI2
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
FF - ProfilePath - c:\users\Becca\AppData\Roaming\Mozilla\Firefox\Profiles\kaqfmude.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{70EA269E-56DF-49C2-86B2-1A1924ED88B4} - c:\program files (x86)\ToolKitService\splash.dll
Toolbar-{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - c:\program files (x86)\ToolKitService\toolbar.dll
Wow6432Node-HKCU-Run-tktray - c:\program files (x86)\ToolKitService\tktray.exe
WebBrowser-{D3B22A92-87A2-47B6-B3E6-A64877B5C242} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{D3B22A92-87A2-47B6-B3E6-A64877B5C242}"=hex:51,66,7a,6c,4c,1d,38,12,fc,29,a1,
   d7,90,c9,d8,02,cc,f0,e5,08,72,eb,86,56
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
   0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{70EA269E-56DF-49C2-86B2-1A1924ED88B4}"=hex:51,66,7a,6c,4c,1d,38,12,f0,25,f9,
   74,ed,18,ac,0c,f9,a4,59,59,21,b3,cc,a0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}"=hex:51,66,7a,6c,4c,1d,38,12,d0,cf,42,
   7f,cb,04,c8,01,c2,bd,94,b7,e1,9a,a2,ed
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:58,fb,78,8a,78,23,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-21  14:59:18
ComboFix-quarantined-files.txt  2013-03-21 18:59
.
Pre-Run: 347,672,784,896 bytes free
Post-Run: 354,240,253,952 bytes free
.
- - End Of File - - 0C1BA4C63D293BC3A472DC61BB4022FB
 



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 21 March 2013 - 09:22 PM



Hello Shqdowolves


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2013 - 10:19 PM

23:00:16.0940 5268  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:00:17.0465 5268  ============================================================
23:00:17.0465 5268  Current date / time: 2013/03/21 23:00:17.0465
23:00:17.0465 5268  SystemInfo:
23:00:17.0465 5268  
23:00:17.0465 5268  OS Version: 6.1.7600 ServicePack: 0.0
23:00:17.0465 5268  Product type: Workstation
23:00:17.0466 5268  ComputerName: BECCA-PC
23:00:17.0466 5268  UserName: Becca
23:00:17.0466 5268  Windows directory: C:\Windows
23:00:17.0466 5268  System windows directory: C:\Windows
23:00:17.0466 5268  Running under WOW64
23:00:17.0466 5268  Processor architecture: Intel x64
23:00:17.0466 5268  Number of processors: 4
23:00:17.0466 5268  Page size: 0x1000
23:00:17.0466 5268  Boot type: Normal boot
23:00:17.0466 5268  ============================================================
23:00:17.0772 5268  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:00:17.0778 5268  ============================================================
23:00:17.0778 5268  \Device\Harddisk0\DR0:
23:00:17.0779 5268  MBR partitions:
23:00:17.0779 5268  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:00:17.0779 5268  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37E09800
23:00:17.0779 5268  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37E6D800, BlocksNum 0x24E4800
23:00:17.0779 5268  ============================================================
23:00:17.0800 5268  C: <-> \Device\Harddisk0\DR0\Partition2
23:00:17.0850 5268  D: <-> \Device\Harddisk0\DR0\Partition3
23:00:17.0851 5268  ============================================================
23:00:17.0851 5268  Initialize success
23:00:17.0851 5268  ============================================================
23:01:39.0744 8488  ============================================================
23:01:39.0744 8488  Scan started
23:01:39.0744 8488  Mode: Manual; SigCheck; TDLFS;
23:01:39.0744 8488  ============================================================
23:01:44.0343 8488  ================ Scan system memory ========================
23:01:44.0343 8488  System memory - ok
23:01:44.0343 8488  ================ Scan services =============================
23:01:44.0942 8488  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:01:45.0351 8488  1394ohci - ok
23:01:45.0426 8488  [ F146E2BA475893DD77B2370DC1211FC6 ] 53976942        C:\Windows\system32\drivers\49644182.sys
23:01:45.0469 8488  [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
23:01:45.0587 8488  Accelerometer - ok
23:01:45.0616 8488  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:01:45.0676 8488  ACPI - ok
23:01:45.0705 8488  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:01:45.0802 8488  AcpiPmi - ok
23:01:45.0851 8488  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:01:45.0920 8488  adp94xx - ok
23:01:45.0961 8488  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:01:46.0033 8488  adpahci - ok
23:01:46.0076 8488  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:01:46.0106 8488  adpu320 - ok
23:01:46.0151 8488  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:01:46.0325 8488  AeLookupSvc - ok
23:01:46.0430 8488  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
23:01:46.0526 8488  AESTFilters - ok
23:01:46.0590 8488  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
23:01:46.0677 8488  AFD - ok
23:01:46.0712 8488  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:01:46.0751 8488  agp440 - ok
23:01:46.0794 8488  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:01:46.0898 8488  ALG - ok
23:01:46.0937 8488  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:01:46.0962 8488  aliide - ok
23:01:46.0990 8488  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:01:47.0020 8488  amdide - ok
23:01:47.0055 8488  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:01:47.0130 8488  AmdK8 - ok
23:01:47.0158 8488  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:01:47.0226 8488  AmdPPM - ok
23:01:47.0256 8488  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:01:47.0325 8488  amdsata - ok
23:01:47.0348 8488  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:01:47.0379 8488  amdsbs - ok
23:01:47.0429 8488  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:01:47.0465 8488  amdxata - ok
23:01:47.0495 8488  [ 37EA167782AF19301AF9C05804948BB2 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
23:01:47.0594 8488  AmUStor - ok
23:01:47.0638 8488  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
23:01:47.0746 8488  AppID - ok
23:01:47.0770 8488  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:01:47.0865 8488  AppIDSvc - ok
23:01:47.0892 8488  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
23:01:47.0985 8488  Appinfo - ok
23:01:48.0105 8488  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:01:48.0142 8488  Apple Mobile Device - ok
23:01:48.0208 8488  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:01:48.0242 8488  arc - ok
23:01:48.0273 8488  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:01:48.0309 8488  arcsas - ok
23:01:48.0338 8488  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:48.0407 8488  AsyncMac - ok
23:01:48.0469 8488  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:01:48.0497 8488  atapi - ok
23:01:48.0576 8488  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:01:48.0847 8488  AudioEndpointBuilder - ok
23:01:48.0899 8488  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:01:48.0973 8488  AudioSrv - ok
23:01:49.0011 8488  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:01:49.0114 8488  AxInstSV - ok
23:01:49.0157 8488  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:01:49.0249 8488  b06bdrv - ok
23:01:49.0280 8488  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:01:49.0349 8488  b57nd60a - ok
23:01:49.0424 8488  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:01:49.0490 8488  BBSvc - ok
23:01:49.0577 8488  [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
23:01:49.0723 8488  BCM43XX - ok
23:01:49.0750 8488  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:01:49.0817 8488  BDESVC - ok
23:01:49.0847 8488  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:01:49.0941 8488  Beep - ok
23:01:49.0983 8488  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
23:01:50.0083 8488  BFE - ok
23:01:50.0307 8488  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
23:01:50.0360 8488  BHDrvx64 - ok
23:01:50.0395 8488  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
23:01:50.0498 8488  BITS - ok
23:01:50.0538 8488  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:01:50.0600 8488  blbdrive - ok
23:01:50.0707 8488  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:01:50.0745 8488  Bonjour Service - ok
23:01:50.0785 8488  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:01:50.0887 8488  bowser - ok
23:01:50.0926 8488  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:01:50.0989 8488  BrFiltLo - ok
23:01:51.0000 8488  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:01:51.0043 8488  BrFiltUp - ok
23:01:51.0116 8488  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:01:51.0188 8488  BridgeMP - ok
23:01:51.0209 8488  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
23:01:51.0271 8488  Browser - ok
23:01:51.0297 8488  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:01:51.0403 8488  Brserid - ok
23:01:51.0434 8488  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:01:51.0533 8488  BrSerWdm - ok
23:01:51.0588 8488  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:01:51.0634 8488  BrUsbMdm - ok
23:01:51.0662 8488  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:01:51.0717 8488  BrUsbSer - ok
23:01:51.0770 8488  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:01:51.0838 8488  BthEnum - ok
23:01:51.0869 8488  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:01:51.0942 8488  BTHMODEM - ok
23:01:51.0967 8488  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:01:52.0022 8488  BthPan - ok
23:01:52.0062 8488  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:01:52.0146 8488  BTHPORT - ok
23:01:52.0182 8488  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:01:52.0248 8488  bthserv - ok
23:01:52.0263 8488  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:01:52.0317 8488  BTHUSB - ok
23:01:52.0338 8488  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
23:01:52.0363 8488  btwaudio - ok
23:01:52.0405 8488  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
23:01:52.0430 8488  btwavdt - ok
23:01:52.0522 8488  [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:01:52.0589 8488  btwdins - ok
23:01:52.0613 8488  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
23:01:52.0636 8488  btwl2cap - ok
23:01:52.0669 8488  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
23:01:52.0714 8488  btwrchid - ok
23:01:52.0759 8488  catchme - ok
23:01:52.0851 8488  [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP            C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
23:01:52.0908 8488  ccHP - ok
23:01:52.0940 8488  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:01:53.0015 8488  cdfs - ok
23:01:53.0046 8488  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:01:53.0091 8488  cdrom - ok
23:01:53.0136 8488  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:01:53.0226 8488  CertPropSvc - ok
23:01:53.0271 8488  [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
23:01:53.0340 8488  CinemaNow Service - ok
23:01:53.0384 8488  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:01:53.0423 8488  circlass - ok
23:01:53.0442 8488  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:01:53.0493 8488  CLFS - ok
23:01:53.0563 8488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:01:53.0621 8488  clr_optimization_v2.0.50727_32 - ok
23:01:53.0685 8488  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:01:53.0726 8488  clr_optimization_v2.0.50727_64 - ok
23:01:53.0855 8488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:01:53.0894 8488  clr_optimization_v4.0.30319_32 - ok
23:01:53.0934 8488  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:01:53.0980 8488  clr_optimization_v4.0.30319_64 - ok
23:01:54.0017 8488  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:01:54.0054 8488  CmBatt - ok
23:01:54.0072 8488  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:01:54.0100 8488  cmdide - ok
23:01:54.0171 8488  [ 937BEB186A735ACA91D717044A49D17E ] CNG             C:\Windows\system32\Drivers\cng.sys
23:01:54.0247 8488  CNG - ok
23:01:54.0303 8488  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:01:54.0335 8488  Compbatt - ok
23:01:54.0379 8488  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:01:54.0423 8488  CompositeBus - ok
23:01:54.0435 8488  COMSysApp - ok
23:01:54.0462 8488  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:01:54.0500 8488  crcdisk - ok
23:01:54.0537 8488  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:01:54.0608 8488  CryptSvc - ok
23:01:54.0701 8488  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:01:54.0775 8488  cvhsvc - ok
23:01:54.0807 8488  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:01:54.0895 8488  DcomLaunch - ok
23:01:54.0932 8488  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:01:55.0018 8488  defragsvc - ok
23:01:55.0045 8488  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:01:55.0122 8488  DfsC - ok
23:01:55.0158 8488  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:01:55.0246 8488  Dhcp - ok
23:01:55.0268 8488  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:01:55.0370 8488  discache - ok
23:01:55.0425 8488  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:01:55.0467 8488  Disk - ok
23:01:55.0490 8488  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:01:55.0532 8488  Dnscache - ok
23:01:55.0549 8488  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
23:01:55.0666 8488  dot3svc - ok
23:01:55.0685 8488  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
23:01:55.0769 8488  DPS - ok
23:01:55.0797 8488  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:01:55.0832 8488  drmkaud - ok
23:01:55.0867 8488  [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO           C:\Windows\system32\DRIVERS\dvmio.sys
23:01:55.0898 8488  DVMIO - ok
23:01:56.0062 8488  [ B66B5B27C8C9881F90435A1F7FE370C3 ] DvmMDES         C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
23:01:56.0136 8488  DvmMDES - ok
23:01:56.0179 8488  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:01:56.0257 8488  DXGKrnl - ok
23:01:56.0283 8488  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:01:56.0371 8488  EapHost - ok
23:01:56.0440 8488  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:01:56.0577 8488  ebdrv - ok
23:01:56.0663 8488  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:01:56.0723 8488  eeCtrl - ok
23:01:56.0747 8488  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
23:01:56.0817 8488  EFS - ok
23:01:56.0877 8488  [ B15B00955C4A4413B1CB3F056D65148D ] EgisTec Service C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
23:01:56.0947 8488  EgisTec Service - ok
23:01:57.0037 8488  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:01:57.0132 8488  ehRecvr - ok
23:01:57.0159 8488  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:01:57.0225 8488  ehSched - ok
23:01:57.0269 8488  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:01:57.0332 8488  elxstor - ok
23:01:57.0371 8488  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:01:57.0417 8488  EraserUtilRebootDrv - ok
23:01:57.0436 8488  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:01:57.0489 8488  ErrDev - ok
23:01:57.0534 8488  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:01:57.0611 8488  EventSystem - ok
23:01:57.0627 8488  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:01:57.0709 8488  exfat - ok
23:01:57.0742 8488  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:01:57.0834 8488  fastfat - ok
23:01:57.0870 8488  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
23:01:57.0946 8488  Fax - ok
23:01:57.0974 8488  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:01:58.0009 8488  fdc - ok
23:01:58.0035 8488  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:01:58.0116 8488  fdPHost - ok
23:01:58.0130 8488  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:01:58.0217 8488  FDResPub - ok
23:01:58.0240 8488  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:01:58.0272 8488  FileInfo - ok
23:01:58.0284 8488  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:01:58.0371 8488  Filetrace - ok
23:01:58.0391 8488  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:01:58.0429 8488  flpydisk - ok
23:01:58.0446 8488  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:01:58.0487 8488  FltMgr - ok
23:01:58.0531 8488  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
23:01:58.0611 8488  FontCache - ok
23:01:58.0648 8488  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:01:58.0677 8488  FontCache3.0.0.0 - ok
23:01:58.0687 8488  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:01:58.0712 8488  FsDepends - ok
23:01:58.0738 8488  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:01:58.0784 8488  Fs_Rec - ok
23:01:58.0819 8488  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:01:58.0857 8488  fvevol - ok
23:01:58.0875 8488  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:01:58.0904 8488  gagp30kx - ok
23:01:58.0955 8488  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:01:59.0005 8488  GameConsoleService - ok
23:01:59.0060 8488  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:01:59.0087 8488  GEARAspiWDM - ok
23:01:59.0121 8488  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
23:01:59.0233 8488  gpsvc - ok
23:01:59.0325 8488  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:01:59.0367 8488  gupdate - ok
23:01:59.0402 8488  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:01:59.0436 8488  gupdatem - ok
23:01:59.0474 8488  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:01:59.0537 8488  hcw85cir - ok
23:01:59.0571 8488  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:01:59.0620 8488  HdAudAddService - ok
23:01:59.0637 8488  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:01:59.0681 8488  HDAudBus - ok
23:01:59.0717 8488  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:01:59.0744 8488  HECIx64 - ok
23:01:59.0760 8488  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:01:59.0798 8488  HidBatt - ok
23:01:59.0811 8488  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:01:59.0857 8488  HidBth - ok
23:01:59.0873 8488  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:01:59.0909 8488  HidIr - ok
23:01:59.0926 8488  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
23:02:00.0006 8488  hidserv - ok
23:02:00.0035 8488  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:02:00.0061 8488  HidUsb - ok
23:02:00.0084 8488  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:02:00.0154 8488  hkmsvc - ok
23:02:00.0175 8488  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:02:00.0238 8488  HomeGroupListener - ok
23:02:00.0263 8488  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:02:00.0305 8488  HomeGroupProvider - ok
23:02:00.0351 8488  [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:02:00.0370 8488  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
23:02:00.0370 8488  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
23:02:00.0439 8488  [ A2DE0A67C77EBC6DFAD3D55232790ADD ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
23:02:00.0471 8488  HP Wireless Assistant Service - ok
23:02:00.0504 8488  [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
23:02:00.0540 8488  hpdskflt - ok
23:02:00.0565 8488  [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:02:00.0605 8488  hpqwmiex - ok
23:02:00.0647 8488  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:02:00.0689 8488  HpSAMD - ok
23:02:00.0702 8488  [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv           C:\Windows\system32\Hpservice.exe
23:02:00.0726 8488  hpsrv - ok
23:02:00.0762 8488  [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC        C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:02:00.0792 8488  HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
23:02:00.0792 8488  HPWMISVC - detected UnsignedFile.Multi.Generic (1)
23:02:00.0833 8488  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:02:00.0949 8488  HTTP - ok
23:02:00.0966 8488  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:02:00.0989 8488  hwpolicy - ok
23:02:01.0008 8488  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:02:01.0036 8488  i8042prt - ok
23:02:01.0083 8488  [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:02:01.0135 8488  iaStor - ok
23:02:01.0214 8488  [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:02:01.0237 8488  IAStorDataMgrSvc - ok
23:02:01.0269 8488  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:02:01.0307 8488  iaStorV - ok
23:02:01.0347 8488  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:02:01.0412 8488  idsvc - ok
23:02:01.0537 8488  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130321.001\IDSvia64.sys
23:02:01.0582 8488  IDSVia64 - ok
23:02:01.0764 8488  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:02:02.0077 8488  igfx - ok
23:02:02.0108 8488  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:02:02.0135 8488  iirsp - ok
23:02:02.0174 8488  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:02:02.0269 8488  IKEEXT - ok
23:02:02.0316 8488  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:02:02.0363 8488  Impcd - ok
23:02:02.0390 8488  [ DA24C1F66EE1B5A92E045376D7A44B58 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:02:02.0445 8488  IntcDAud - ok
23:02:02.0491 8488  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:02:02.0519 8488  intelide - ok
23:02:02.0547 8488  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:02:02.0587 8488  intelppm - ok
23:02:02.0634 8488  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:02:02.0707 8488  IPBusEnum - ok
23:02:02.0723 8488  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:02:02.0775 8488  IpFilterDriver - ok
23:02:02.0801 8488  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:02:02.0887 8488  iphlpsvc - ok
23:02:02.0908 8488  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:02:02.0948 8488  IPMIDRV - ok
23:02:02.0962 8488  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:02:03.0024 8488  IPNAT - ok
23:02:03.0066 8488  [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:02:03.0128 8488  iPod Service - ok
23:02:03.0146 8488  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:02:03.0180 8488  IRENUM - ok
23:02:03.0200 8488  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:02:03.0226 8488  isapnp - ok
23:02:03.0255 8488  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:02:03.0300 8488  iScsiPrt - ok
23:02:03.0342 8488  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:02:03.0368 8488  kbdclass - ok
23:02:03.0393 8488  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:02:03.0435 8488  kbdhid - ok
23:02:03.0447 8488  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
23:02:03.0473 8488  KeyIso - ok
23:02:03.0485 8488  [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:02:03.0515 8488  KSecDD - ok
23:02:03.0552 8488  [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:02:03.0614 8488  KSecPkg - ok
23:02:03.0627 8488  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:02:03.0698 8488  ksthunk - ok
23:02:03.0741 8488  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:02:03.0852 8488  KtmRm - ok
23:02:03.0892 8488  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:02:03.0937 8488  LanmanServer - ok
23:02:03.0959 8488  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:02:04.0034 8488  LanmanWorkstation - ok
23:02:04.0069 8488  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:02:04.0134 8488  lltdio - ok
23:02:04.0156 8488  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:02:04.0223 8488  lltdsvc - ok
23:02:04.0251 8488  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:02:04.0307 8488  lmhosts - ok
23:02:04.0374 8488  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:02:04.0408 8488  LMS - ok
23:02:04.0454 8488  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:02:04.0485 8488  LSI_FC - ok
23:02:04.0514 8488  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:02:04.0546 8488  LSI_SAS - ok
23:02:04.0573 8488  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:02:04.0597 8488  LSI_SAS2 - ok
23:02:04.0607 8488  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:02:04.0636 8488  LSI_SCSI - ok
23:02:04.0657 8488  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:02:04.0725 8488  luafv - ok
23:02:04.0772 8488  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:02:04.0811 8488  MBAMProtector - ok
23:02:04.0871 8488  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:02:04.0920 8488  MBAMScheduler - ok
23:02:04.0966 8488  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:02:05.0029 8488  MBAMService - ok
23:02:05.0129 8488  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
23:02:05.0190 8488  McComponentHostService - ok
23:02:05.0225 8488  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:02:05.0262 8488  Mcx2Svc - ok
23:02:05.0286 8488  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:02:05.0315 8488  megasas - ok
23:02:05.0345 8488  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:02:05.0377 8488  MegaSR - ok
23:02:05.0409 8488  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:02:05.0487 8488  MMCSS - ok
23:02:05.0507 8488  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:02:05.0584 8488  Modem - ok
23:02:05.0611 8488  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:02:05.0653 8488  monitor - ok
23:02:05.0669 8488  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:02:05.0701 8488  mouclass - ok
23:02:05.0718 8488  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:02:05.0755 8488  mouhid - ok
23:02:05.0775 8488  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:02:05.0805 8488  mountmgr - ok
23:02:05.0870 8488  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:02:05.0922 8488  MozillaMaintenance - ok
23:02:05.0941 8488  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:02:05.0976 8488  mpio - ok
23:02:05.0989 8488  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:02:06.0060 8488  mpsdrv - ok
23:02:06.0092 8488  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:02:06.0192 8488  MpsSvc - ok
23:02:06.0209 8488  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:02:06.0257 8488  MRxDAV - ok
23:02:06.0290 8488  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:02:06.0327 8488  mrxsmb - ok
23:02:06.0352 8488  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:02:06.0412 8488  mrxsmb10 - ok
23:02:06.0431 8488  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:02:06.0470 8488  mrxsmb20 - ok
23:02:06.0489 8488  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:02:06.0517 8488  msahci - ok
23:02:06.0572 8488  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:02:06.0598 8488  msdsm - ok
23:02:06.0610 8488  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:02:06.0640 8488  MSDTC - ok
23:02:06.0669 8488  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:02:06.0734 8488  Msfs - ok
23:02:06.0745 8488  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:02:06.0809 8488  mshidkmdf - ok
23:02:06.0837 8488  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:02:06.0864 8488  msisadrv - ok
23:02:06.0891 8488  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:02:07.0005 8488  MSiSCSI - ok
23:02:07.0009 8488  msiserver - ok
23:02:07.0033 8488  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:02:07.0089 8488  MSKSSRV - ok
23:02:07.0094 8488  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:02:07.0163 8488  MSPCLOCK - ok
23:02:07.0177 8488  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:02:07.0243 8488  MSPQM - ok
23:02:07.0257 8488  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:02:07.0305 8488  MsRPC - ok
23:02:07.0315 8488  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:02:07.0341 8488  mssmbios - ok
23:02:07.0346 8488  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:02:07.0428 8488  MSTEE - ok
23:02:07.0442 8488  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:02:07.0470 8488  MTConfig - ok
23:02:07.0488 8488  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:02:07.0526 8488  Mup - ok
23:02:07.0618 8488  [ B4187346F54E362DAFFE647B25A58D50 ] N360            C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
23:02:07.0660 8488  N360 - ok
23:02:07.0701 8488  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
23:02:07.0784 8488  napagent - ok
23:02:07.0816 8488  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:02:07.0874 8488  NativeWifiP - ok
23:02:07.0968 8488  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130321.017\ENG64.SYS
23:02:08.0007 8488  NAVENG - ok
23:02:08.0078 8488  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130321.017\EX64.SYS
23:02:08.0158 8488  NAVEX15 - ok
23:02:08.0199 8488  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:02:08.0287 8488  NDIS - ok
23:02:08.0302 8488  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:02:08.0358 8488  NdisCap - ok
23:02:08.0379 8488  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:02:08.0453 8488  NdisTapi - ok
23:02:08.0476 8488  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:02:08.0545 8488  Ndisuio - ok
23:02:08.0562 8488  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:02:08.0620 8488  NdisWan - ok
23:02:08.0635 8488  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:02:08.0712 8488  NDProxy - ok
23:02:08.0726 8488  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:02:08.0809 8488  NetBIOS - ok
23:02:08.0827 8488  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:02:08.0906 8488  NetBT - ok
23:02:08.0925 8488  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
23:02:08.0951 8488  Netlogon - ok
23:02:08.0987 8488  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:02:09.0062 8488  Netman - ok
23:02:09.0083 8488  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:02:09.0172 8488  netprofm - ok
23:02:09.0194 8488  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:02:09.0235 8488  NetTcpPortSharing - ok
23:02:09.0357 8488  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
23:02:09.0547 8488  netw5v64 - ok
23:02:09.0601 8488  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:02:09.0628 8488  nfrd960 - ok
23:02:09.0654 8488  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:02:09.0718 8488  NlaSvc - ok
23:02:09.0731 8488  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:02:09.0806 8488  Npfs - ok
23:02:09.0822 8488  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:02:09.0902 8488  nsi - ok
23:02:09.0914 8488  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:02:09.0974 8488  nsiproxy - ok
23:02:10.0021 8488  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:02:10.0110 8488  Ntfs - ok
23:02:10.0119 8488  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:02:10.0196 8488  Null - ok
23:02:10.0234 8488  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:02:10.0275 8488  nvraid - ok
23:02:10.0306 8488  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:02:10.0336 8488  nvstor - ok
23:02:10.0349 8488  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:02:10.0377 8488  nv_agp - ok
23:02:10.0436 8488  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:02:10.0495 8488  odserv - ok
23:02:10.0520 8488  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:02:10.0554 8488  ohci1394 - ok
23:02:10.0589 8488  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:02:10.0646 8488  ose - ok
23:02:10.0744 8488  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:02:10.0904 8488  osppsvc - ok
23:02:10.0931 8488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:02:10.0981 8488  p2pimsvc - ok
23:02:11.0004 8488  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:02:11.0058 8488  p2psvc - ok
23:02:11.0070 8488  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:02:11.0101 8488  Parport - ok
23:02:11.0129 8488  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:02:11.0160 8488  partmgr - ok
23:02:11.0173 8488  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:02:11.0215 8488  PcaSvc - ok
23:02:11.0233 8488  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:02:11.0264 8488  pci - ok
23:02:11.0290 8488  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:02:11.0317 8488  pciide - ok
23:02:11.0341 8488  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:02:11.0378 8488  pcmcia - ok
23:02:11.0422 8488  [ 8F38FFFA9E7B9D547B7921EFA8EDFF3C ] PCTCore         C:\Windows\system32\drivers\PCTCore64.sys
23:02:11.0457 8488  PCTCore - ok
23:02:11.0480 8488  [ FF43E3B1687E4E2140DE6349EA5C7372 ] pctDS           C:\Windows\system32\drivers\pctDS64.sys
23:02:11.0519 8488  pctDS - ok
23:02:11.0543 8488  [ 60E9A05852AF7E9CB11237C00AEE4CCF ] pctEFA          C:\Windows\system32\drivers\pctEFA64.sys
23:02:11.0593 8488  pctEFA - ok
23:02:11.0609 8488  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:02:11.0639 8488  pcw - ok
23:02:11.0661 8488  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:02:11.0754 8488  PEAUTH - ok
23:02:11.0823 8488  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:02:11.0889 8488  PerfHost - ok
23:02:11.0944 8488  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
23:02:12.0071 8488  pla - ok
23:02:12.0108 8488  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:02:12.0159 8488  PlugPlay - ok
23:02:12.0171 8488  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:02:12.0209 8488  PNRPAutoReg - ok
23:02:12.0226 8488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:02:12.0251 8488  PNRPsvc - ok
23:02:12.0280 8488  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:02:12.0385 8488  PolicyAgent - ok
23:02:12.0414 8488  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:02:12.0489 8488  Power - ok
23:02:12.0518 8488  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:02:12.0593 8488  PptpMiniport - ok
23:02:12.0626 8488  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:02:12.0659 8488  Processor - ok
23:02:12.0700 8488  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
23:02:12.0773 8488  ProfSvc - ok
23:02:12.0786 8488  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:02:12.0813 8488  ProtectedStorage - ok
23:02:12.0836 8488  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:02:12.0891 8488  Psched - ok
23:02:12.0936 8488  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:02:13.0006 8488  ql2300 - ok
23:02:13.0023 8488  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:02:13.0055 8488  ql40xx - ok
23:02:13.0075 8488  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:02:13.0140 8488  QWAVE - ok
23:02:13.0169 8488  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:02:13.0215 8488  QWAVEdrv - ok
23:02:13.0229 8488  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:02:13.0294 8488  RasAcd - ok
23:02:13.0314 8488  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:02:13.0369 8488  RasAgileVpn - ok
23:02:13.0379 8488  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:02:13.0457 8488  RasAuto - ok
23:02:13.0476 8488  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:02:13.0556 8488  Rasl2tp - ok
23:02:13.0586 8488  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
23:02:13.0709 8488  RasMan - ok
23:02:13.0729 8488  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:02:13.0813 8488  RasPppoe - ok
23:02:13.0830 8488  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:02:13.0896 8488  RasSstp - ok
23:02:13.0912 8488  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:02:13.0983 8488  rdbss - ok
23:02:14.0011 8488  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:02:14.0053 8488  rdpbus - ok
23:02:14.0075 8488  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:02:14.0145 8488  RDPCDD - ok
23:02:14.0162 8488  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:02:14.0231 8488  RDPENCDD - ok
23:02:14.0237 8488  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:02:14.0295 8488  RDPREFMP - ok
23:02:14.0326 8488  [ 074AC702D8B8B660B0E1371555995386 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:02:14.0402 8488  RDPWD - ok
23:02:14.0431 8488  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:02:14.0468 8488  rdyboost - ok
23:02:14.0490 8488  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:02:14.0563 8488  RemoteAccess - ok
23:02:14.0589 8488  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:02:14.0662 8488  RemoteRegistry - ok
23:02:14.0699 8488  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:02:14.0741 8488  RFCOMM - ok
23:02:14.0765 8488  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:02:14.0832 8488  RpcEptMapper - ok
23:02:14.0856 8488  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:02:14.0909 8488  RpcLocator - ok
23:02:14.0929 8488  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
23:02:15.0000 8488  RpcSs - ok
23:02:15.0026 8488  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:02:15.0080 8488  rspndr - ok
23:02:15.0109 8488  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:02:15.0156 8488  RTL8167 - ok
23:02:15.0178 8488  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
23:02:15.0202 8488  SamSs - ok
23:02:15.0220 8488  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:02:15.0250 8488  sbp2port - ok
23:02:15.0304 8488  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:02:16.0125 8488  SCardSvr - ok
23:02:16.0142 8488  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:02:16.0258 8488  scfilter - ok
23:02:16.0352 8488  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
23:02:16.0487 8488  Schedule - ok
23:02:16.0534 8488  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:02:16.0600 8488  SCPolicySvc - ok
23:02:16.0674 8488  [ A1089AC7683826E6C7C9FAB9723DD80F ] sdAuxService    C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
23:02:16.0730 8488  sdAuxService - ok
23:02:16.0780 8488  [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:02:16.0827 8488  sdbus - ok
23:02:16.0881 8488  [ ED6C2EFEB47524BFF4D5E5109FB1A2BB ] sdCoreService   C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
23:02:16.0949 8488  sdCoreService - ok
23:02:17.0002 8488  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:02:17.0065 8488  SDRSVC - ok
23:02:17.0114 8488  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:02:17.0171 8488  SeaPort - ok
23:02:17.0197 8488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:02:17.0303 8488  secdrv - ok
23:02:17.0347 8488  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
23:02:17.0470 8488  seclogon - ok
23:02:17.0513 8488  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
23:02:17.0590 8488  SENS - ok
23:02:17.0607 8488  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:02:17.0676 8488  SensrSvc - ok
23:02:17.0698 8488  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:02:17.0760 8488  Serenum - ok
23:02:17.0786 8488  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:02:17.0824 8488  Serial - ok
23:02:17.0840 8488  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:02:17.0914 8488  sermouse - ok
23:02:17.0940 8488  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
23:02:18.0011 8488  SessionEnv - ok
23:02:18.0041 8488  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:02:18.0106 8488  sffdisk - ok
23:02:18.0118 8488  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:02:18.0162 8488  sffp_mmc - ok
23:02:18.0190 8488  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:02:18.0230 8488  sffp_sd - ok
23:02:18.0252 8488  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:02:18.0280 8488  sfloppy - ok
23:02:18.0333 8488  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:02:18.0409 8488  Sftfs - ok
23:02:18.0470 8488  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:02:18.0526 8488  sftlist - ok
23:02:18.0541 8488  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:02:18.0586 8488  Sftplay - ok
23:02:18.0602 8488  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:02:18.0636 8488  Sftredir - ok
23:02:18.0648 8488  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:02:18.0682 8488  Sftvol - ok
23:02:18.0700 8488  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:02:18.0753 8488  sftvsa - ok
23:02:18.0794 8488  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:02:18.0890 8488  SharedAccess - ok
23:02:18.0925 8488  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:02:18.0978 8488  ShellHWDetection - ok
23:02:19.0008 8488  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:02:19.0042 8488  SiSRaid2 - ok
23:02:19.0073 8488  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:02:19.0122 8488  SiSRaid4 - ok
23:02:19.0240 8488  [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:02:19.0377 8488  Skype C2C Service - ok
23:02:19.0426 8488  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:02:19.0607 8488  SkypeUpdate - ok
23:02:19.0643 8488  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:02:19.0703 8488  Smb - ok
23:02:19.0753 8488  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:02:19.0797 8488  SNMPTRAP - ok
23:02:19.0811 8488  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:02:19.0847 8488  spldr - ok
23:02:19.0879 8488  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
23:02:19.0937 8488  Spooler - ok
23:02:20.0001 8488  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:02:20.0196 8488  sppsvc - ok
23:02:20.0213 8488  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:02:20.0290 8488  sppuinotify - ok
23:02:20.0371 8488  [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP           C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
23:02:20.0444 8488  SRTSP - ok
23:02:20.0468 8488  [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX          C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
23:02:20.0491 8488  SRTSPX - ok
23:02:20.0520 8488  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:02:20.0599 8488  srv - ok
23:02:20.0615 8488  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:02:20.0708 8488  srv2 - ok
23:02:20.0758 8488  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:02:20.0806 8488  SrvHsfHDA - ok
23:02:20.0838 8488  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:02:20.0904 8488  SrvHsfV92 - ok
23:02:20.0928 8488  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:02:20.0987 8488  SrvHsfWinac - ok
23:02:21.0007 8488  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:02:21.0081 8488  srvnet - ok
23:02:21.0121 8488  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:02:21.0175 8488  SSDPSRV - ok
23:02:21.0188 8488  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:02:21.0259 8488  SstpSvc - ok
23:02:21.0335 8488  [ 7F30633A5AEC81140DBC6DAAAEBD0CBE ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
23:02:21.0373 8488  STacSV - ok
23:02:21.0402 8488  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:02:21.0439 8488  stexstor - ok
23:02:21.0483 8488  [ F991751C2477257BBCEDB364A0F449B4 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
23:02:21.0538 8488  STHDA - ok
23:02:21.0578 8488  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
23:02:21.0685 8488  stisvc - ok
23:02:21.0715 8488  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:02:21.0764 8488  swenum - ok
23:02:21.0818 8488  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:02:21.0940 8488  swprv - ok
23:02:21.0989 8488  [ 659B227A72B76115975A6A9491B2FE1F ] SymDS           C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
23:02:22.0047 8488  SymDS - ok
23:02:22.0097 8488  [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA          C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
23:02:22.0156 8488  SymEFA - ok
23:02:22.0189 8488  [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:02:22.0232 8488  SymEvent - ok
23:02:22.0258 8488  [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON         C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
23:02:22.0290 8488  SymIRON - ok
23:02:22.0308 8488  [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv         C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
23:02:22.0364 8488  SYMTDIv - ok
23:02:22.0408 8488  [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:02:22.0467 8488  SynTP - ok
23:02:22.0530 8488  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
23:02:22.0645 8488  SysMain - ok
23:02:22.0663 8488  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:02:22.0739 8488  TabletInputService - ok
23:02:22.0755 8488  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:02:22.0839 8488  TapiSrv - ok
23:02:22.0857 8488  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:02:22.0944 8488  TBS - ok
23:02:23.0007 8488  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:02:23.0111 8488  Tcpip - ok
23:02:23.0156 8488  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:02:23.0234 8488  TCPIP6 - ok
23:02:23.0260 8488  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:02:23.0334 8488  tcpipreg - ok
23:02:23.0357 8488  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:02:23.0406 8488  TDPIPE - ok
23:02:23.0438 8488  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:02:23.0499 8488  TDTCP - ok
23:02:23.0524 8488  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:02:23.0607 8488  tdx - ok
23:02:23.0626 8488  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:02:23.0658 8488  TermDD - ok
23:02:23.0691 8488  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
23:02:23.0790 8488  TermService - ok
23:02:23.0806 8488  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:02:23.0866 8488  Themes - ok
23:02:23.0878 8488  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:02:23.0957 8488  THREADORDER - ok
23:02:23.0997 8488  [ 5C248E03921137E131AC5F1459FD42C9 ] ToolkitDisk     C:\Windows\system32\Drivers\toolkitdisk.sys
23:02:24.0044 8488  ToolkitDisk - ok
23:02:24.0080 8488  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:02:24.0176 8488  TrkWks - ok
23:02:24.0223 8488  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:02:24.0277 8488  TrustedInstaller - ok
23:02:24.0310 8488  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:02:24.0387 8488  tssecsrv - ok
23:02:24.0413 8488  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:02:24.0492 8488  tunnel - ok
23:02:24.0520 8488  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:02:24.0552 8488  uagp35 - ok
23:02:24.0577 8488  [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:02:24.0641 8488  udfs - ok
23:02:24.0656 8488  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:02:24.0690 8488  UI0Detect - ok
23:02:24.0702 8488  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:02:24.0735 8488  uliagpkx - ok
23:02:24.0755 8488  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:02:24.0801 8488  umbus - ok
23:02:24.0826 8488  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:02:24.0868 8488  UmPass - ok
23:02:24.0985 8488  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:02:25.0108 8488  UNS - ok
23:02:25.0127 8488  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:02:25.0224 8488  upnphost - ok
23:02:25.0269 8488  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:02:25.0340 8488  USBAAPL64 - ok
23:02:25.0366 8488  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:02:25.0445 8488  usbccgp - ok
23:02:25.0513 8488  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:02:25.0605 8488  usbcir - ok
23:02:25.0653 8488  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:02:25.0734 8488  usbehci - ok
23:02:25.0833 8488  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:02:25.0898 8488  usbhub - ok
23:02:25.0911 8488  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:02:25.0973 8488  usbohci - ok
23:02:25.0998 8488  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:02:26.0049 8488  usbprint - ok
23:02:26.0076 8488  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:02:26.0154 8488  USBSTOR - ok
23:02:26.0171 8488  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:02:26.0216 8488  usbuhci - ok
23:02:26.0259 8488  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:02:26.0329 8488  usbvideo - ok
23:02:26.0351 8488  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:02:26.0429 8488  UxSms - ok
23:02:26.0449 8488  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
23:02:26.0476 8488  VaultSvc - ok
23:02:26.0544 8488  [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService    C:\Windows\system32\vcsFPService.exe
23:02:26.0651 8488  vcsFPService - ok
23:02:26.0690 8488  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:02:26.0732 8488  vdrvroot - ok
23:02:26.0751 8488  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
23:02:26.0808 8488  vds - ok
23:02:26.0823 8488  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:02:26.0860 8488  vga - ok
23:02:26.0875 8488  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:02:26.0945 8488  VgaSave - ok
23:02:26.0975 8488  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:02:27.0007 8488  vhdmp - ok
23:02:27.0022 8488  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:02:27.0048 8488  viaide - ok
23:02:27.0060 8488  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:02:27.0090 8488  volmgr - ok
23:02:27.0108 8488  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:02:27.0147 8488  volmgrx - ok
23:02:27.0165 8488  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
23:02:27.0200 8488  volsnap - ok
23:02:27.0221 8488  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:02:27.0251 8488  vsmraid - ok
23:02:27.0289 8488  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
23:02:27.0367 8488  VSS - ok
23:02:27.0381 8488  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:02:27.0426 8488  vwifibus - ok
23:02:27.0438 8488  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:02:27.0489 8488  vwififlt - ok
23:02:27.0515 8488  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:02:27.0610 8488  W32Time - ok
23:02:27.0638 8488  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:02:27.0682 8488  WacomPen - ok
23:02:27.0705 8488  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:02:27.0794 8488  WANARP - ok
23:02:27.0812 8488  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:02:27.0888 8488  Wanarpv6 - ok
23:02:27.0955 8488  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:02:28.0046 8488  WatAdminSvc - ok
23:02:28.0096 8488  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
23:02:28.0211 8488  wbengine - ok
23:02:28.0229 8488  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:02:28.0285 8488  WbioSrvc - ok
23:02:28.0347 8488  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:02:28.0473 8488  wcncsvc - ok
23:02:28.0484 8488  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:02:28.0532 8488  WcsPlugInService - ok
23:02:28.0566 8488  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:02:28.0617 8488  Wd - ok
23:02:28.0654 8488  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:02:28.0710 8488  Wdf01000 - ok
23:02:28.0745 8488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:02:28.0789 8488  WdiServiceHost - ok
23:02:28.0794 8488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:02:28.0835 8488  WdiSystemHost - ok
23:02:28.0870 8488  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
23:02:28.0961 8488  WebClient - ok
23:02:28.0978 8488  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:02:29.0089 8488  Wecsvc - ok
23:02:29.0118 8488  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:02:29.0171 8488  wercplsupport - ok
23:02:29.0193 8488  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:02:29.0245 8488  WerSvc - ok
23:02:29.0259 8488  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:02:29.0325 8488  WfpLwf - ok
23:02:29.0357 8488  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:02:29.0400 8488  WIMMount - ok
23:02:29.0429 8488  WinDefend - ok
23:02:29.0435 8488  WinHttpAutoProxySvc - ok
23:02:29.0474 8488  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:02:29.0549 8488  Winmgmt - ok
23:02:29.0595 8488  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:02:29.0715 8488  WinRM - ok
23:02:29.0766 8488  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
23:02:29.0804 8488  WinUSB - ok
23:02:29.0831 8488  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:02:29.0888 8488  Wlansvc - ok
23:02:29.0983 8488  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:02:30.0078 8488  wlidsvc - ok
23:02:30.0104 8488  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:02:30.0130 8488  WmiAcpi - ok
23:02:30.0157 8488  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:02:30.0237 8488  wmiApSrv - ok
23:02:30.0274 8488  WMPNetworkSvc - ok
23:02:30.0297 8488  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:02:30.0353 8488  WPCSvc - ok
23:02:30.0368 8488  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:02:30.0425 8488  WPDBusEnum - ok
23:02:30.0436 8488  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:02:30.0535 8488  ws2ifsl - ok
23:02:30.0580 8488  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
23:02:30.0658 8488  wscsvc - ok
23:02:30.0662 8488  WSearch - ok
23:02:30.0717 8488  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:02:30.0876 8488  wuauserv - ok
23:02:30.0888 8488  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:02:30.0976 8488  WudfPf - ok
23:02:31.0030 8488  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:02:31.0106 8488  WUDFRd - ok
23:02:31.0126 8488  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:02:31.0188 8488  wudfsvc - ok
23:02:31.0212 8488  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:02:31.0279 8488  WwanSvc - ok
23:02:31.0318 8488  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
23:02:31.0361 8488  yukonw7 - ok
23:02:31.0380 8488  ================ Scan global ===============================
23:02:31.0405 8488  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:02:31.0437 8488  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:02:31.0450 8488  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:02:31.0463 8488  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:02:31.0493 8488  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:02:31.0500 8488  [Global] - ok
23:02:31.0501 8488  ================ Scan MBR ==================================
23:02:31.0511 8488  [ 14F805A6A3C9F9682974EEC8426E7418 ] \Device\Harddisk0\DR0
23:02:31.0512 8488  Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:02:31.0577 8488  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:02:31.0578 8488  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:02:31.0667 8488  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:02:31.0667 8488  \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:02:31.0667 8488  ================ Scan VBR ==================================
23:02:31.0670 8488  [ 410E9F6C61FD7420D124E4128B2C5B42 ] \Device\Harddisk0\DR0\Partition1
23:02:31.0672 8488  \Device\Harddisk0\DR0\Partition1 - ok
23:02:31.0707 8488  [ 02FE196921A42CBF066530155025DC49 ] \Device\Harddisk0\DR0\Partition2
23:02:31.0710 8488  \Device\Harddisk0\DR0\Partition2 - ok
23:02:31.0743 8488  [ F90B9ECBDCC53DA4110955A9A011E7DD ] \Device\Harddisk0\DR0\Partition3
23:02:31.0746 8488  \Device\Harddisk0\DR0\Partition3 - ok
23:02:31.0746 8488  ============================================================
23:02:31.0746 8488  Scan finished
23:02:31.0746 8488  ============================================================
23:02:31.0801 9212  Detected object count: 4
23:02:31.0801 9212  Actual detected object count: 4
23:03:09.0278 9212  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:03:09.0278 9212  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:03:09.0280 9212  HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:03:09.0280 9212  HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:03:09.0975 9212  \Device\Harddisk0\DR0\# - copied to quarantine
23:03:09.0982 9212  \Device\Harddisk0\DR0 - copied to quarantine
23:03:10.0077 9212  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:03:10.0098 9212  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:03:10.0138 9212  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:03:10.0174 9212  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:03:10.0186 9212  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:03:10.0193 9212  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:03:10.0200 9212  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:03:10.0212 9212  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:03:10.0231 9212  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:03:10.0244 9212  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:03:10.0251 9212  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:03:10.0259 9212  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:03:10.0299 9212  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:03:10.0308 9212  \Device\Harddisk0\DR0 - ok
23:03:10.0647 9212  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:03:10.0648 9212  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:03:10.0648 9212  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:03:38.0255 8632  Deinitialize success
 

My computer seems to be restarted faster now.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 21 March 2013 - 10:40 PM


Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2013 - 10:58 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4083007488, free: 2092613632

------------ Kernel report ------------
     03/21/2013 23:22:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\99936475.sys
\SystemRoot\system32\drivers\49644182.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\PCTCore64.sys
\SystemRoot\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
\SystemRoot\system32\drivers\pctDS64.sys
\SystemRoot\system32\drivers\pctEFA64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
\SystemRoot\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130321.017\EX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130321.017\ENG64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130321.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005299790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004f9c050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005299790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005138b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005299790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005137b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8005133b30, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xfffffa8004f9c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01491a880, 0xfffffa8005299790, 0xfffffa80045dd790
Lower DeviceData: 0xfffff8a012c78590, 0xfffffa8004f9c050, 0xfffffa800c93e920
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D702A12F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 937465856

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 937875456  Numsec = 38684672

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\windows\temp\tmp00000477ef78463e936efd00" is compressed (flags = 1)
Infected: c:\Windows\svchost.exe --> [Trojan.Agent]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4083007488, free: 2691792896

Removal queue found; removal started
Removing c:\Windows\svchost.exe...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4083007488, free: 2516590592

------------ Kernel report ------------
     03/21/2013 23:43:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\PCTCore64.sys
\SystemRoot\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
\SystemRoot\system32\drivers\pctDS64.sys
\SystemRoot\system32\drivers\pctEFA64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
\SystemRoot\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130321.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006ff5790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800501f050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006ff5790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006e94b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ff5790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006e93b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006e8fb30, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xfffffa800501f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00bb679b0, 0xfffffa8006ff5790, 0xfffffa80091a3090
Lower DeviceData: 0xfffff8a00ba057b0, 0xfffffa800501f050, 0xfffffa80091a39b0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D702A12F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 937465856

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 937875456  Numsec = 38684672

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Performing system, memory and registry scan...

 

Did the second scan and no malware was found and my computer seems to be normal with everything working well!



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 21 March 2013 - 11:07 PM

Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Shqdowolves

Shqdowolves
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 21 March 2013 - 11:17 PM

00:14:03.0741 3896  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:14:04.0213 3896  ============================================================
00:14:04.0213 3896  Current date / time: 2013/03/22 00:14:04.0213
00:14:04.0213 3896  SystemInfo:
00:14:04.0213 3896  
00:14:04.0213 3896  OS Version: 6.1.7600 ServicePack: 0.0
00:14:04.0213 3896  Product type: Workstation
00:14:04.0213 3896  ComputerName: BECCA-PC
00:14:04.0213 3896  UserName: Becca
00:14:04.0213 3896  Windows directory: C:\Windows
00:14:04.0213 3896  System windows directory: C:\Windows
00:14:04.0213 3896  Running under WOW64
00:14:04.0213 3896  Processor architecture: Intel x64
00:14:04.0213 3896  Number of processors: 4
00:14:04.0213 3896  Page size: 0x1000
00:14:04.0213 3896  Boot type: Normal boot
00:14:04.0213 3896  ============================================================
00:14:06.0324 3896  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:14:06.0334 3896  ============================================================
00:14:06.0334 3896  \Device\Harddisk0\DR0:
00:14:06.0335 3896  MBR partitions:
00:14:06.0335 3896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:14:06.0335 3896  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37E09800
00:14:06.0335 3896  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37E6D800, BlocksNum 0x24E4800
00:14:06.0335 3896  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
00:14:06.0335 3896  ============================================================
00:14:06.0369 3896  C: <-> \Device\Harddisk0\DR0\Partition2
00:14:06.0446 3896  D: <-> \Device\Harddisk0\DR0\Partition3
00:14:06.0506 3896  E: <-> \Device\Harddisk0\DR0\Partition4
00:14:06.0506 3896  ============================================================
00:14:06.0506 3896  Initialize success
00:14:06.0506 3896  ============================================================
00:14:15.0158 6692  ============================================================
00:14:15.0158 6692  Scan started
00:14:15.0158 6692  Mode: Manual; SigCheck; TDLFS;
00:14:15.0158 6692  ============================================================
00:14:18.0502 6692  ================ Scan system memory ========================
00:14:18.0502 6692  System memory - ok
00:14:18.0505 6692  ================ Scan services =============================
00:14:18.0721 6692  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
00:14:18.0870 6692  1394ohci - ok
00:14:18.0901 6692  [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
00:14:18.0939 6692  Accelerometer - ok
00:14:18.0974 6692  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
00:14:19.0002 6692  ACPI - ok
00:14:19.0030 6692  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
00:14:19.0088 6692  AcpiPmi - ok
00:14:19.0143 6692  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:14:19.0176 6692  adp94xx - ok
00:14:19.0214 6692  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:14:19.0243 6692  adpahci - ok
00:14:19.0287 6692  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:14:19.0310 6692  adpu320 - ok
00:14:19.0360 6692  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:14:19.0520 6692  AeLookupSvc - ok
00:14:19.0615 6692  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
00:14:19.0677 6692  AESTFilters - ok
00:14:19.0726 6692  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
00:14:19.0795 6692  AFD - ok
00:14:19.0839 6692  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
00:14:19.0859 6692  agp440 - ok
00:14:19.0896 6692  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:14:19.0958 6692  ALG - ok
00:14:19.0982 6692  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
00:14:20.0002 6692  aliide - ok
00:14:20.0019 6692  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
00:14:20.0037 6692  amdide - ok
00:14:20.0058 6692  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:14:20.0101 6692  AmdK8 - ok
00:14:20.0112 6692  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:14:20.0138 6692  AmdPPM - ok
00:14:20.0201 6692  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:14:20.0222 6692  amdsata - ok
00:14:20.0285 6692  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:14:20.0309 6692  amdsbs - ok
00:14:20.0334 6692  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:14:20.0354 6692  amdxata - ok
00:14:20.0400 6692  [ 37EA167782AF19301AF9C05804948BB2 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
00:14:20.0469 6692  AmUStor - ok
00:14:20.0518 6692  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
00:14:20.0618 6692  AppID - ok
00:14:20.0641 6692  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:14:20.0723 6692  AppIDSvc - ok
00:14:20.0739 6692  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
00:14:20.0791 6692  Appinfo - ok
00:14:20.0910 6692  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:14:20.0928 6692  Apple Mobile Device - ok
00:14:20.0981 6692  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:14:21.0003 6692  arc - ok
00:14:21.0037 6692  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:14:21.0057 6692  arcsas - ok
00:14:21.0102 6692  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:14:21.0175 6692  AsyncMac - ok
00:14:21.0217 6692  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
00:14:21.0236 6692  atapi - ok
00:14:21.0275 6692  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:14:21.0373 6692  AudioEndpointBuilder - ok
00:14:21.0441 6692  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:14:21.0508 6692  AudioSrv - ok
00:14:21.0552 6692  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:14:21.0627 6692  AxInstSV - ok
00:14:21.0674 6692  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:14:21.0724 6692  b06bdrv - ok
00:14:21.0748 6692  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:14:21.0781 6692  b57nd60a - ok
00:14:21.0859 6692  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:14:21.0883 6692  BBSvc - ok
00:14:21.0987 6692  [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
00:14:22.0127 6692  BCM43XX - ok
00:14:22.0168 6692  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:14:22.0218 6692  BDESVC - ok
00:14:22.0257 6692  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:14:22.0335 6692  Beep - ok
00:14:22.0393 6692  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
00:14:22.0475 6692  BFE - ok
00:14:22.0692 6692  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
00:14:22.0756 6692  BHDrvx64 - ok
00:14:22.0788 6692  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
00:14:22.0893 6692  BITS - ok
00:14:22.0931 6692  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:14:22.0970 6692  blbdrive - ok
00:14:23.0051 6692  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:14:23.0075 6692  Bonjour Service - ok
00:14:23.0128 6692  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:14:23.0170 6692  bowser - ok
00:14:23.0212 6692  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:14:23.0237 6692  BrFiltLo - ok
00:14:23.0286 6692  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:14:23.0305 6692  BrFiltUp - ok
00:14:23.0386 6692  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
00:14:23.0443 6692  BridgeMP - ok
00:14:23.0495 6692  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
00:14:23.0542 6692  Browser - ok
00:14:23.0563 6692  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:14:23.0602 6692  Brserid - ok
00:14:23.0621 6692  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:14:23.0653 6692  BrSerWdm - ok
00:14:23.0709 6692  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:14:23.0744 6692  BrUsbMdm - ok
00:14:23.0782 6692  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:14:23.0828 6692  BrUsbSer - ok
00:14:23.0882 6692  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
00:14:23.0940 6692  BthEnum - ok
00:14:23.0965 6692  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:14:24.0035 6692  BTHMODEM - ok
00:14:24.0063 6692  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
00:14:24.0098 6692  BthPan - ok
00:14:24.0150 6692  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
00:14:24.0192 6692  BTHPORT - ok
00:14:24.0229 6692  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:14:24.0292 6692  bthserv - ok
00:14:24.0318 6692  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
00:14:24.0346 6692  BTHUSB - ok
00:14:24.0377 6692  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
00:14:24.0393 6692  btwaudio - ok
00:14:24.0435 6692  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
00:14:24.0454 6692  btwavdt - ok
00:14:24.0523 6692  [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
00:14:24.0563 6692  btwdins - ok
00:14:24.0577 6692  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
00:14:24.0591 6692  btwl2cap - ok
00:14:24.0609 6692  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
00:14:24.0625 6692  btwrchid - ok
00:14:24.0642 6692  catchme - ok
00:14:24.0732 6692  [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP            C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
00:14:24.0769 6692  ccHP - ok
00:14:24.0796 6692  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:14:24.0872 6692  cdfs - ok
00:14:24.0894 6692  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:14:24.0925 6692  cdrom - ok
00:14:24.0952 6692  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:14:25.0013 6692  CertPropSvc - ok
00:14:25.0046 6692  [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
00:14:25.0058 6692  CinemaNow Service - ok
00:14:25.0076 6692  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:14:25.0098 6692  circlass - ok
00:14:25.0117 6692  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:14:25.0139 6692  CLFS - ok
00:14:25.0197 6692  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:14:25.0210 6692  clr_optimization_v2.0.50727_32 - ok
00:14:25.0253 6692  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:14:25.0266 6692  clr_optimization_v2.0.50727_64 - ok
00:14:25.0357 6692  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:14:25.0370 6692  clr_optimization_v4.0.30319_32 - ok
00:14:25.0411 6692  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:14:25.0432 6692  clr_optimization_v4.0.30319_64 - ok
00:14:25.0462 6692  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:14:25.0505 6692  CmBatt - ok
00:14:25.0524 6692  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
00:14:25.0537 6692  cmdide - ok
00:14:25.0583 6692  [ 937BEB186A735ACA91D717044A49D17E ] CNG             C:\Windows\system32\Drivers\cng.sys
00:14:25.0622 6692  CNG - ok
00:14:25.0640 6692  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:14:25.0658 6692  Compbatt - ok
00:14:25.0683 6692  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:14:25.0711 6692  CompositeBus - ok
00:14:25.0723 6692  COMSysApp - ok
00:14:25.0741 6692  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:14:25.0755 6692  crcdisk - ok
00:14:25.0799 6692  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:14:25.0855 6692  CryptSvc - ok
00:14:25.0948 6692  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:14:25.0988 6692  cvhsvc - ok
00:14:26.0053 6692  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:14:26.0118 6692  DcomLaunch - ok
00:14:26.0162 6692  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:14:26.0218 6692  defragsvc - ok
00:14:26.0250 6692  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:14:26.0286 6692  DfsC - ok
00:14:26.0314 6692  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:14:26.0411 6692  Dhcp - ok
00:14:26.0432 6692  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:14:26.0496 6692  discache - ok
00:14:26.0539 6692  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:14:26.0553 6692  Disk - ok
00:14:26.0572 6692  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:14:26.0598 6692  Dnscache - ok
00:14:26.0622 6692  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
00:14:26.0678 6692  dot3svc - ok
00:14:26.0692 6692  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
00:14:26.0746 6692  DPS - ok
00:14:26.0771 6692  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:14:26.0789 6692  drmkaud - ok
00:14:26.0808 6692  [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO           C:\Windows\system32\DRIVERS\dvmio.sys
00:14:26.0823 6692  DVMIO - ok
00:14:26.0970 6692  [ B66B5B27C8C9881F90435A1F7FE370C3 ] DvmMDES         C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
00:14:26.0988 6692  DvmMDES - ok
00:14:27.0037 6692  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:14:27.0083 6692  DXGKrnl - ok
00:14:27.0109 6692  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:14:27.0169 6692  EapHost - ok
00:14:27.0241 6692  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:14:27.0339 6692  ebdrv - ok
00:14:27.0406 6692  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:14:27.0430 6692  eeCtrl - ok
00:14:27.0465 6692  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
00:14:27.0495 6692  EFS - ok
00:14:27.0563 6692  [ B15B00955C4A4413B1CB3F056D65148D ] EgisTec Service C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
00:14:27.0582 6692  EgisTec Service - ok
00:14:27.0648 6692  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:14:27.0701 6692  ehRecvr - ok
00:14:27.0729 6692  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:14:27.0756 6692  ehSched - ok
00:14:27.0797 6692  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:14:27.0821 6692  elxstor - ok
00:14:27.0866 6692  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:14:27.0879 6692  EraserUtilRebootDrv - ok
00:14:27.0899 6692  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
00:14:27.0913 6692  ErrDev - ok
00:14:27.0963 6692  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:14:28.0017 6692  EventSystem - ok
00:14:28.0032 6692  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:14:28.0084 6692  exfat - ok
00:14:28.0114 6692  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:14:28.0159 6692  fastfat - ok
00:14:28.0192 6692  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
00:14:28.0244 6692  Fax - ok
00:14:28.0271 6692  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:14:28.0295 6692  fdc - ok
00:14:28.0308 6692  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:14:28.0348 6692  fdPHost - ok
00:14:28.0361 6692  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:14:28.0404 6692  FDResPub - ok
00:14:28.0422 6692  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:14:28.0436 6692  FileInfo - ok
00:14:28.0450 6692  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:14:28.0506 6692  Filetrace - ok
00:14:28.0524 6692  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:14:28.0539 6692  flpydisk - ok
00:14:28.0570 6692  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:14:28.0589 6692  FltMgr - ok
00:14:28.0647 6692  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
00:14:28.0717 6692  FontCache - ok
00:14:28.0756 6692  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:14:28.0767 6692  FontCache3.0.0.0 - ok
00:14:28.0787 6692  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:14:28.0801 6692  FsDepends - ok
00:14:28.0837 6692  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:14:28.0852 6692  Fs_Rec - ok
00:14:28.0877 6692  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:14:28.0896 6692  fvevol - ok
00:14:28.0917 6692  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:14:28.0931 6692  gagp30kx - ok
00:14:28.0989 6692  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:14:29.0004 6692  GameConsoleService - ok
00:14:29.0052 6692  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:14:29.0067 6692  GEARAspiWDM - ok
00:14:29.0105 6692  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
00:14:29.0171 6692  gpsvc - ok
00:14:29.0259 6692  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:14:29.0277 6692  gupdate - ok
00:14:29.0295 6692  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:14:29.0308 6692  gupdatem - ok
00:14:29.0334 6692  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:14:29.0373 6692  hcw85cir - ok
00:14:29.0398 6692  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:14:29.0441 6692  HdAudAddService - ok
00:14:29.0457 6692  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:14:29.0488 6692  HDAudBus - ok
00:14:29.0519 6692  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
00:14:29.0535 6692  HECIx64 - ok
00:14:29.0574 6692  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:14:29.0602 6692  HidBatt - ok
00:14:29.0622 6692  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:14:29.0661 6692  HidBth - ok
00:14:29.0676 6692  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:14:29.0700 6692  HidIr - ok
00:14:29.0720 6692  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
00:14:29.0791 6692  hidserv - ok
00:14:29.0829 6692  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:14:29.0847 6692  HidUsb - ok
00:14:29.0878 6692  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:14:29.0943 6692  hkmsvc - ok
00:14:30.0002 6692  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:14:30.0050 6692  HomeGroupListener - ok
00:14:30.0073 6692  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:14:30.0109 6692  HomeGroupProvider - ok
00:14:30.0154 6692  [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
00:14:30.0164 6692  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
00:14:30.0164 6692  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
00:14:30.0225 6692  [ A2DE0A67C77EBC6DFAD3D55232790ADD ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:14:30.0237 6692  HP Wireless Assistant Service - ok
00:14:30.0273 6692  [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
00:14:30.0288 6692  hpdskflt - ok
00:14:30.0326 6692  [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:14:30.0345 6692  hpqwmiex - ok
00:14:30.0392 6692  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
00:14:30.0406 6692  HpSAMD - ok
00:14:30.0422 6692  [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv           C:\Windows\system32\Hpservice.exe
00:14:30.0434 6692  hpsrv - ok
00:14:30.0466 6692  [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC        C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:14:30.0486 6692  HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
00:14:30.0486 6692  HPWMISVC - detected UnsignedFile.Multi.Generic (1)
00:14:30.0529 6692  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:14:30.0611 6692  HTTP - ok
00:14:30.0636 6692  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:14:30.0653 6692  hwpolicy - ok
00:14:30.0678 6692  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:14:30.0699 6692  i8042prt - ok
00:14:30.0729 6692  [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
00:14:30.0748 6692  iaStor - ok
00:14:30.0818 6692  [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:14:30.0833 6692  IAStorDataMgrSvc - ok
00:14:30.0866 6692  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:14:30.0888 6692  iaStorV - ok
00:14:30.0927 6692  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:14:30.0975 6692  idsvc - ok
00:14:31.0092 6692  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130321.001\IDSvia64.sys
00:14:31.0122 6692  IDSVia64 - ok
00:14:31.0305 6692  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:14:31.0631 6692  igfx - ok
00:14:31.0646 6692  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:14:31.0663 6692  iirsp - ok
00:14:31.0696 6692  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
00:14:31.0781 6692  IKEEXT - ok
00:14:31.0830 6692  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
00:14:31.0862 6692  Impcd - ok
00:14:31.0887 6692  [ DA24C1F66EE1B5A92E045376D7A44B58 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
00:14:31.0933 6692  IntcDAud - ok
00:14:31.0963 6692  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
00:14:31.0979 6692  intelide - ok
00:14:32.0011 6692  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:14:32.0042 6692  intelppm - ok
00:14:32.0056 6692  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:14:32.0107 6692  IPBusEnum - ok
00:14:32.0120 6692  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:14:32.0174 6692  IpFilterDriver - ok
00:14:32.0207 6692  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:14:32.0286 6692  iphlpsvc - ok
00:14:32.0314 6692  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:14:32.0364 6692  IPMIDRV - ok
00:14:32.0384 6692  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:14:32.0446 6692  IPNAT - ok
00:14:32.0488 6692  [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:14:32.0530 6692  iPod Service - ok
00:14:32.0552 6692  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:14:32.0576 6692  IRENUM - ok
00:14:32.0597 6692  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
00:14:32.0611 6692  isapnp - ok
00:14:32.0644 6692  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
00:14:32.0671 6692  iScsiPrt - ok
00:14:32.0706 6692  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:14:32.0725 6692  kbdclass - ok
00:14:32.0758 6692  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:14:32.0799 6692  kbdhid - ok
00:14:32.0819 6692  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
00:14:32.0838 6692  KeyIso - ok
00:14:32.0849 6692  [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:14:32.0866 6692  KSecDD - ok
00:14:32.0900 6692  [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:14:32.0920 6692  KSecPkg - ok
00:14:32.0934 6692  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:14:32.0993 6692  ksthunk - ok
00:14:33.0039 6692  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:14:33.0097 6692  KtmRm - ok
00:14:33.0125 6692  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:14:33.0174 6692  LanmanServer - ok
00:14:33.0199 6692  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:14:33.0263 6692  LanmanWorkstation - ok
00:14:33.0302 6692  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:14:33.0364 6692  lltdio - ok
00:14:33.0388 6692  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:14:33.0445 6692  lltdsvc - ok
00:14:33.0483 6692  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:14:33.0537 6692  lmhosts - ok
00:14:33.0615 6692  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:14:33.0637 6692  LMS - ok
00:14:33.0703 6692  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:14:33.0727 6692  LSI_FC - ok
00:14:33.0754 6692  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:14:33.0773 6692  LSI_SAS - ok
00:14:33.0813 6692  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:14:33.0832 6692  LSI_SAS2 - ok
00:14:33.0864 6692  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:14:33.0882 6692  LSI_SCSI - ok
00:14:33.0922 6692  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:14:33.0999 6692  luafv - ok
00:14:34.0055 6692  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:14:34.0069 6692  MBAMProtector - ok
00:14:34.0129 6692  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:14:34.0147 6692  MBAMScheduler - ok
00:14:34.0190 6692  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:14:34.0214 6692  MBAMService - ok
00:14:34.0313 6692  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
00:14:34.0331 6692  McComponentHostService - ok
00:14:34.0368 6692  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:14:34.0392 6692  Mcx2Svc - ok
00:14:34.0420 6692  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:14:34.0437 6692  megasas - ok
00:14:34.0471 6692  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:14:34.0496 6692  MegaSR - ok
00:14:34.0527 6692  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:14:34.0604 6692  MMCSS - ok
00:14:34.0617 6692  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:14:34.0680 6692  Modem - ok
00:14:34.0704 6692  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:14:34.0736 6692  monitor - ok
00:14:34.0762 6692  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:14:34.0777 6692  mouclass - ok
00:14:34.0795 6692  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:14:34.0825 6692  mouhid - ok
00:14:34.0843 6692  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:14:34.0859 6692  mountmgr - ok
00:14:34.0921 6692  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:14:34.0939 6692  MozillaMaintenance - ok
00:14:34.0959 6692  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
00:14:34.0979 6692  mpio - ok
00:14:34.0991 6692  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:14:35.0052 6692  mpsdrv - ok
00:14:35.0086 6692  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:14:35.0181 6692  MpsSvc - ok
00:14:35.0202 6692  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:14:35.0240 6692  MRxDAV - ok
00:14:35.0268 6692  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:14:35.0297 6692  mrxsmb - ok
00:14:35.0331 6692  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:14:35.0367 6692  mrxsmb10 - ok
00:14:35.0392 6692  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:14:35.0420 6692  mrxsmb20 - ok
00:14:35.0434 6692  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
00:14:35.0447 6692  msahci - ok
00:14:35.0475 6692  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
00:14:35.0494 6692  msdsm - ok
00:14:35.0513 6692  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:14:35.0537 6692  MSDTC - ok
00:14:35.0564 6692  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:14:35.0625 6692  Msfs - ok
00:14:35.0640 6692  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:14:35.0706 6692  mshidkmdf - ok
00:14:35.0716 6692  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
00:14:35.0730 6692  msisadrv - ok
00:14:35.0753 6692  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:14:35.0809 6692  MSiSCSI - ok
00:14:35.0814 6692  msiserver - ok
00:14:35.0838 6692  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:14:35.0877 6692  MSKSSRV - ok
00:14:35.0882 6692  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:14:35.0936 6692  MSPCLOCK - ok
00:14:35.0941 6692  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:14:35.0995 6692  MSPQM - ok
00:14:36.0012 6692  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:14:36.0036 6692  MsRPC - ok
00:14:36.0053 6692  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:14:36.0067 6692  mssmbios - ok
00:14:36.0072 6692  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:14:36.0123 6692  MSTEE - ok
00:14:36.0139 6692  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:14:36.0158 6692  MTConfig - ok
00:14:36.0177 6692  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:14:36.0190 6692  Mup - ok
00:14:36.0274 6692  [ B4187346F54E362DAFFE647B25A58D50 ] N360            C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
00:14:36.0287 6692  N360 - ok
00:14:36.0316 6692  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
00:14:36.0381 6692  napagent - ok
00:14:36.0406 6692  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:14:36.0445 6692  NativeWifiP - ok
00:14:36.0541 6692  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130321.017\ENG64.SYS
00:14:36.0556 6692  NAVENG - ok
00:14:36.0626 6692  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130321.017\EX64.SYS
00:14:36.0693 6692  NAVEX15 - ok
00:14:36.0731 6692  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:14:36.0767 6692  NDIS - ok
00:14:36.0785 6692  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:14:36.0827 6692  NdisCap - ok
00:14:36.0845 6692  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:14:36.0884 6692  NdisTapi - ok
00:14:36.0900 6692  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:14:36.0959 6692  Ndisuio - ok
00:14:36.0979 6692  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:14:37.0028 6692  NdisWan - ok
00:14:37.0043 6692  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:14:37.0098 6692  NDProxy - ok
00:14:37.0118 6692  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:14:37.0170 6692  NetBIOS - ok
00:14:37.0193 6692  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:14:37.0251 6692  NetBT - ok
00:14:37.0267 6692  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
00:14:37.0281 6692  Netlogon - ok
00:14:37.0313 6692  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:14:37.0366 6692  Netman - ok
00:14:37.0384 6692  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:14:37.0443 6692  netprofm - ok
00:14:37.0470 6692  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:14:37.0486 6692  NetTcpPortSharing - ok
00:14:37.0591 6692  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
00:14:37.0743 6692  netw5v64 - ok
00:14:37.0761 6692  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:14:37.0774 6692  nfrd960 - ok
00:14:37.0798 6692  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:14:37.0852 6692  NlaSvc - ok
00:14:37.0867 6692  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:14:37.0911 6692  Npfs - ok
00:14:37.0925 6692  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:14:37.0981 6692  nsi - ok
00:14:38.0000 6692  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:14:38.0042 6692  nsiproxy - ok
00:14:38.0091 6692  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:14:38.0147 6692  Ntfs - ok
00:14:38.0164 6692  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:14:38.0221 6692  Null - ok
00:14:38.0263 6692  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:14:38.0278 6692  nvraid - ok
00:14:38.0310 6692  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:14:38.0325 6692  nvstor - ok
00:14:38.0336 6692  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
00:14:38.0351 6692  nv_agp - ok
00:14:38.0399 6692  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:14:38.0419 6692  odserv - ok
00:14:38.0442 6692  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
00:14:38.0469 6692  ohci1394 - ok
00:14:38.0503 6692  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:14:38.0516 6692  ose - ok
00:14:38.0656 6692  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:14:38.0845 6692  osppsvc - ok
00:14:38.0869 6692  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:14:38.0910 6692  p2pimsvc - ok
00:14:38.0942 6692  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:14:38.0980 6692  p2psvc - ok
00:14:38.0992 6692  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:14:39.0012 6692  Parport - ok
00:14:39.0042 6692  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:14:39.0060 6692  partmgr - ok
00:14:39.0078 6692  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:14:39.0125 6692  PcaSvc - ok
00:14:39.0146 6692  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
00:14:39.0169 6692  pci - ok
00:14:39.0185 6692  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
00:14:39.0201 6692  pciide - ok
00:14:39.0229 6692  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:14:39.0251 6692  pcmcia - ok
00:14:39.0294 6692  [ 8F38FFFA9E7B9D547B7921EFA8EDFF3C ] PCTCore         C:\Windows\system32\drivers\PCTCore64.sys
00:14:39.0317 6692  PCTCore - ok
00:14:39.0335 6692  [ FF43E3B1687E4E2140DE6349EA5C7372 ] pctDS           C:\Windows\system32\drivers\pctDS64.sys
00:14:39.0362 6692  pctDS - ok
00:14:39.0382 6692  [ 60E9A05852AF7E9CB11237C00AEE4CCF ] pctEFA          C:\Windows\system32\drivers\pctEFA64.sys
00:14:39.0425 6692  pctEFA - ok
00:14:39.0440 6692  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:14:39.0459 6692  pcw - ok
00:14:39.0484 6692  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:14:39.0584 6692  PEAUTH - ok
00:14:39.0654 6692  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:14:39.0687 6692  PerfHost - ok
00:14:39.0741 6692  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
00:14:39.0872 6692  pla - ok
00:14:39.0906 6692  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:14:39.0942 6692  PlugPlay - ok
00:14:39.0952 6692  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:14:39.0974 6692  PNRPAutoReg - ok
00:14:39.0991 6692  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:14:40.0016 6692  PNRPsvc - ok
00:14:40.0045 6692  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:14:40.0143 6692  PolicyAgent - ok
00:14:40.0171 6692  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:14:40.0248 6692  Power - ok
00:14:40.0283 6692  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:14:40.0372 6692  PptpMiniport - ok
00:14:40.0391 6692  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:14:40.0421 6692  Processor - ok
00:14:40.0464 6692  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
00:14:40.0548 6692  ProfSvc - ok
00:14:40.0559 6692  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:14:40.0578 6692  ProtectedStorage - ok
00:14:40.0601 6692  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:14:40.0670 6692  Psched - ok
00:14:40.0761 6692  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:14:40.0843 6692  ql2300 - ok
00:14:40.0862 6692  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:14:40.0882 6692  ql40xx - ok
00:14:40.0914 6692  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:14:40.0946 6692  QWAVE - ok
00:14:40.0975 6692  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:14:41.0020 6692  QWAVEdrv - ok
00:14:41.0035 6692  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:14:41.0111 6692  RasAcd - ok
00:14:41.0137 6692  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:14:41.0206 6692  RasAgileVpn - ok
00:14:41.0218 6692  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:14:41.0299 6692  RasAuto - ok
00:14:41.0315 6692  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:14:41.0415 6692  Rasl2tp - ok
00:14:41.0442 6692  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
00:14:41.0533 6692  RasMan - ok
00:14:41.0543 6692  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:14:41.0611 6692  RasPppoe - ok
00:14:41.0636 6692  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:14:41.0714 6692  RasSstp - ok
00:14:41.0752 6692  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:14:41.0874 6692  rdbss - ok
00:14:41.0900 6692  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:14:41.0936 6692  rdpbus - ok
00:14:41.0964 6692  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:14:42.0037 6692  RDPCDD - ok
00:14:42.0059 6692  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:14:42.0126 6692  RDPENCDD - ok
00:14:42.0139 6692  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:14:42.0226 6692  RDPREFMP - ok
00:14:42.0257 6692  [ 074AC702D8B8B660B0E1371555995386 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:14:42.0307 6692  RDPWD - ok
00:14:42.0328 6692  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:14:42.0352 6692  rdyboost - ok
00:14:42.0387 6692  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:14:42.0468 6692  RemoteAccess - ok
00:14:42.0503 6692  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:14:42.0576 6692  RemoteRegistry - ok
00:14:42.0629 6692  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
00:14:42.0664 6692  RFCOMM - ok
00:14:42.0686 6692  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:14:42.0759 6692  RpcEptMapper - ok
00:14:42.0777 6692  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:14:42.0823 6692  RpcLocator - ok
00:14:42.0859 6692  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
00:14:42.0911 6692  RpcSs - ok
00:14:42.0964 6692  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:14:43.0034 6692  rspndr - ok
00:14:43.0080 6692  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:14:43.0106 6692  RTL8167 - ok
00:14:43.0141 6692  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
00:14:43.0157 6692  SamSs - ok
00:14:43.0191 6692  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
00:14:43.0215 6692  sbp2port - ok
00:14:43.0234 6692  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:14:43.0305 6692  SCardSvr - ok
00:14:43.0338 6692  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:14:43.0418 6692  scfilter - ok
00:14:43.0507 6692  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
00:14:43.0626 6692  Schedule - ok
00:14:43.0664 6692  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:14:43.0732 6692  SCPolicySvc - ok
00:14:43.0812 6692  [ A1089AC7683826E6C7C9FAB9723DD80F ] sdAuxService    C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
00:14:43.0838 6692  sdAuxService - ok
00:14:43.0877 6692  [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
00:14:43.0914 6692  sdbus - ok
00:14:43.0980 6692  [ ED6C2EFEB47524BFF4D5E5109FB1A2BB ] sdCoreService   C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
00:14:44.0025 6692  sdCoreService - ok
00:14:44.0065 6692  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:14:44.0100 6692  SDRSVC - ok
00:14:44.0153 6692  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:14:44.0177 6692  SeaPort - ok
00:14:44.0203 6692  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:14:44.0275 6692  secdrv - ok
00:14:44.0295 6692  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
00:14:44.0365 6692  seclogon - ok
00:14:44.0378 6692  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
00:14:44.0448 6692  SENS - ok
00:14:44.0473 6692  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:14:44.0504 6692  SensrSvc - ok
00:14:44.0522 6692  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:14:44.0549 6692  Serenum - ok
00:14:44.0569 6692  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:14:44.0590 6692  Serial - ok
00:14:44.0615 6692  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:14:44.0646 6692  sermouse - ok
00:14:44.0673 6692  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
00:14:44.0732 6692  SessionEnv - ok
00:14:44.0758 6692  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
00:14:44.0789 6692  sffdisk - ok
00:14:44.0802 6692  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:14:44.0825 6692  sffp_mmc - ok
00:14:44.0858 6692  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
00:14:44.0882 6692  sffp_sd - ok
00:14:44.0911 6692  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:14:44.0927 6692  sfloppy - ok
00:14:44.0984 6692  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
00:14:45.0021 6692  Sftfs - ok
00:14:45.0080 6692  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:14:45.0109 6692  sftlist - ok
00:14:45.0126 6692  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:14:45.0149 6692  Sftplay - ok
00:14:45.0171 6692  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:14:45.0190 6692  Sftredir - ok
00:14:45.0200 6692  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
00:14:45.0219 6692  Sftvol - ok
00:14:45.0236 6692  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:14:45.0260 6692  sftvsa - ok
00:14:45.0288 6692  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:14:45.0362 6692  SharedAccess - ok
00:14:45.0411 6692  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:14:45.0464 6692  ShellHWDetection - ok
00:14:45.0538 6692  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:14:45.0555 6692  SiSRaid2 - ok
00:14:45.0617 6692  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:14:45.0635 6692  SiSRaid4 - ok
00:14:45.0850 6692  [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:14:45.0986 6692  Skype C2C Service - ok
00:14:46.0068 6692  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:14:46.0088 6692  SkypeUpdate - ok
00:14:46.0121 6692  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:14:46.0194 6692  Smb - ok
00:14:46.0264 6692  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:14:46.0295 6692  SNMPTRAP - ok
00:14:46.0313 6692  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:14:46.0332 6692  spldr - ok
00:14:46.0407 6692  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
00:14:46.0462 6692  Spooler - ok
00:14:46.0544 6692  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:14:46.0675 6692  sppsvc - ok
00:14:46.0690 6692  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:14:46.0760 6692  sppuinotify - ok
00:14:46.0847 6692  [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP           C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
00:14:46.0874 6692  SRTSP - ok
00:14:46.0895 6692  [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX          C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
00:14:46.0908 6692  SRTSPX - ok
00:14:46.0939 6692  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:14:46.0984 6692  srv - ok
00:14:47.0001 6692  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:14:47.0041 6692  srv2 - ok
00:14:47.0086 6692  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:14:47.0115 6692  SrvHsfHDA - ok
00:14:47.0150 6692  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:14:47.0207 6692  SrvHsfV92 - ok
00:14:47.0232 6692  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:14:47.0266 6692  SrvHsfWinac - ok
00:14:47.0297 6692  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:14:47.0334 6692  srvnet - ok
00:14:47.0375 6692  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:14:47.0431 6692  SSDPSRV - ok
00:14:47.0450 6692  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:14:47.0531 6692  SstpSvc - ok
00:14:47.0638 6692  [ 7F30633A5AEC81140DBC6DAAAEBD0CBE ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
00:14:47.0676 6692  STacSV - ok
00:14:47.0705 6692  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:14:47.0720 6692  stexstor - ok
00:14:47.0762 6692  [ F991751C2477257BBCEDB364A0F449B4 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
00:14:47.0792 6692  STHDA - ok
00:14:47.0832 6692  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
00:14:47.0878 6692  stisvc - ok
00:14:47.0895 6692  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:14:47.0908 6692  swenum - ok
00:14:47.0934 6692  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:14:48.0006 6692  swprv - ok
00:14:48.0053 6692  [ 659B227A72B76115975A6A9491B2FE1F ] SymDS           C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
00:14:48.0076 6692  SymDS - ok
00:14:48.0112 6692  [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA          C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
00:14:48.0129 6692  SymEFA - ok
00:14:48.0154 6692  [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:14:48.0168 6692  SymEvent - ok
00:14:48.0199 6692  [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON         C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
00:14:48.0213 6692  SymIRON - ok
00:14:48.0232 6692  [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv         C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
00:14:48.0258 6692  SYMTDIv - ok
00:14:48.0291 6692  [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
00:14:48.0312 6692  SynTP - ok
00:14:48.0356 6692  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
00:14:48.0435 6692  SysMain - ok
00:14:48.0447 6692  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:14:48.0476 6692  TabletInputService - ok
00:14:48.0489 6692  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:14:48.0547 6692  TapiSrv - ok
00:14:48.0567 6692  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:14:48.0631 6692  TBS - ok
00:14:48.0707 6692  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:14:48.0802 6692  Tcpip - ok
00:14:48.0865 6692  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:14:48.0925 6692  TCPIP6 - ok
00:14:48.0961 6692  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:14:49.0024 6692  tcpipreg - ok
00:14:49.0050 6692  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:14:49.0086 6692  TDPIPE - ok
00:14:49.0106 6692  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:14:49.0132 6692  TDTCP - ok
00:14:49.0151 6692  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:14:49.0217 6692  tdx - ok
00:14:49.0245 6692  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:14:49.0269 6692  TermDD - ok
00:14:49.0301 6692  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
00:14:49.0388 6692  TermService - ok
00:14:49.0409 6692  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:14:49.0435 6692  Themes - ok
00:14:49.0459 6692  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:14:49.0526 6692  THREADORDER - ok
00:14:49.0567 6692  [ 5C248E03921137E131AC5F1459FD42C9 ] ToolkitDisk     C:\Windows\system32\Drivers\toolkitdisk.sys
00:14:49.0581 6692  ToolkitDisk - ok
00:14:49.0600 6692  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:14:49.0669 6692  TrkWks - ok
00:14:49.0734 6692  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:14:49.0763 6692  TrustedInstaller - ok
00:14:49.0788 6692  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:14:49.0862 6692  tssecsrv - ok
00:14:49.0883 6692  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:14:49.0946 6692  tunnel - ok
00:14:49.0966 6692  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:14:49.0985 6692  uagp35 - ok
00:14:50.0015 6692  [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:14:50.0048 6692  udfs - ok
00:14:50.0077 6692  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:14:50.0099 6692  UI0Detect - ok
00:14:50.0115 6692  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
00:14:50.0131 6692  uliagpkx - ok
00:14:50.0159 6692  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:14:50.0187 6692  umbus - ok
00:14:50.0213 6692  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:14:50.0254 6692  UmPass - ok
00:14:50.0374 6692  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:14:50.0491 6692  UNS - ok
00:14:50.0539 6692  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:14:50.0648 6692  upnphost - ok
00:14:50.0689 6692  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:14:50.0735 6692  USBAAPL64 - ok
00:14:50.0762 6692  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:14:50.0813 6692  usbccgp - ok
00:14:50.0852 6692  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
00:14:50.0888 6692  usbcir - ok
00:14:50.0900 6692  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:14:50.0931 6692  usbehci - ok
00:14:50.0956 6692  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:14:50.0985 6692  usbhub - ok
00:14:51.0002 6692  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:14:51.0034 6692  usbohci - ok
00:14:51.0056 6692  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:14:51.0082 6692  usbprint - ok
00:14:51.0101 6692  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:14:51.0144 6692  USBSTOR - ok
00:14:51.0163 6692  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:14:51.0199 6692  usbuhci - ok
00:14:51.0242 6692  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
00:14:51.0293 6692  usbvideo - ok
00:14:51.0318 6692  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:14:51.0384 6692  UxSms - ok
00:14:51.0399 6692  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
00:14:51.0416 6692  VaultSvc - ok
00:14:51.0488 6692  [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService    C:\Windows\system32\vcsFPService.exe
00:14:51.0574 6692  vcsFPService - ok
00:14:51.0625 6692  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
00:14:51.0642 6692  vdrvroot - ok
00:14:51.0686 6692  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
00:14:51.0724 6692  vds - ok
00:14:51.0742 6692  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:14:51.0769 6692  vga - ok
00:14:51.0785 6692  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:14:51.0855 6692  VgaSave - ok
00:14:51.0885 6692  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
00:14:51.0905 6692  vhdmp - ok
00:14:51.0916 6692  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
00:14:51.0933 6692  viaide - ok
00:14:51.0954 6692  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
00:14:51.0972 6692  volmgr - ok
00:14:51.0993 6692  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:14:52.0014 6692  volmgrx - ok
00:14:52.0034 6692  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
00:14:52.0053 6692  volsnap - ok
00:14:52.0073 6692  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:14:52.0091 6692  vsmraid - ok
00:14:52.0194 6692  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
00:14:52.0274 6692  VSS - ok
00:14:52.0291 6692  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:14:52.0328 6692  vwifibus - ok
00:14:52.0348 6692  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:14:52.0388 6692  vwififlt - ok
00:14:52.0417 6692  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:14:52.0492 6692  W32Time - ok
00:14:52.0523 6692  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:14:52.0540 6692  WacomPen - ok
00:14:52.0566 6692  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:14:52.0648 6692  WANARP - ok
00:14:52.0655 6692  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:14:52.0708 6692  Wanarpv6 - ok
00:14:52.0787 6692  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:14:52.0858 6692  WatAdminSvc - ok
00:14:52.0932 6692  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
00:14:53.0016 6692  wbengine - ok
00:14:53.0032 6692  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:14:53.0068 6692  WbioSrvc - ok
00:14:53.0098 6692  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:14:53.0158 6692  wcncsvc - ok
00:14:53.0172 6692  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:14:53.0208 6692  WcsPlugInService - ok
00:14:53.0229 6692  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:14:53.0249 6692  Wd - ok
00:14:53.0320 6692  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:14:53.0394 6692  Wdf01000 - ok
00:14:53.0416 6692  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:14:53.0459 6692  WdiServiceHost - ok
00:14:53.0468 6692  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:14:53.0509 6692  WdiSystemHost - ok
00:14:53.0566 6692  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
00:14:53.0638 6692  WebClient - ok
00:14:53.0674 6692  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:14:53.0773 6692  Wecsvc - ok
00:14:53.0813 6692  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:14:53.0888 6692  wercplsupport - ok
00:14:53.0922 6692  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:14:53.0994 6692  WerSvc - ok
00:14:54.0047 6692  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:14:54.0119 6692  WfpLwf - ok
00:14:54.0152 6692  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:14:54.0173 6692  WIMMount - ok
00:14:54.0199 6692  WinDefend - ok
00:14:54.0208 6692  WinHttpAutoProxySvc - ok
00:14:54.0269 6692  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:14:54.0348 6692  Winmgmt - ok
00:14:54.0418 6692  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:14:54.0543 6692  WinRM - ok
00:14:54.0618 6692  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
00:14:54.0649 6692  WinUSB - ok
00:14:54.0721 6692  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:14:54.0805 6692  Wlansvc - ok
00:14:54.0936 6692  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:14:55.0018 6692  wlidsvc - ok
00:14:55.0064 6692  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:14:55.0080 6692  WmiAcpi - ok
00:14:55.0117 6692  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:14:55.0149 6692  wmiApSrv - ok
00:14:55.0184 6692  WMPNetworkSvc - ok
00:14:55.0207 6692  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:14:55.0230 6692  WPCSvc - ok
00:14:55.0246 6692  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:14:55.0282 6692  WPDBusEnum - ok
00:14:55.0313 6692  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:14:55.0379 6692  ws2ifsl - ok
00:14:55.0441 6692  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
00:14:55.0507 6692  wscsvc - ok
00:14:55.0514 6692  WSearch - ok
00:14:55.0618 6692  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:14:55.0758 6692  wuauserv - ok
00:14:55.0782 6692  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:14:55.0859 6692  WudfPf - ok
00:14:55.0916 6692  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:14:55.0976 6692  WUDFRd - ok
00:14:56.0011 6692  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:14:56.0087 6692  wudfsvc - ok
00:14:56.0106 6692  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:14:56.0168 6692  WwanSvc - ok
00:14:56.0220 6692  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
00:14:56.0272 6692  yukonw7 - ok
00:14:56.0320 6692  ================ Scan global ===============================
00:14:56.0340 6692  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:14:56.0389 6692  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:14:56.0411 6692  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:14:56.0448 6692  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:14:56.0489 6692  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:14:56.0503 6692  [Global] - ok
00:14:56.0503 6692  ================ Scan MBR ==================================
00:14:56.0520 6692  [ 14F805A6A3C9F9682974EEC8426E7418 ] \Device\Harddisk0\DR0
00:14:57.0050 6692  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:14:57.0050 6692  \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:14:57.0054 6692  ================ Scan VBR ==================================
00:14:57.0065 6692  [ 410E9F6C61FD7420D124E4128B2C5B42 ] \Device\Harddisk0\DR0\Partition1
00:14:57.0068 6692  \Device\Harddisk0\DR0\Partition1 - ok
00:14:57.0080 6692  [ 02FE196921A42CBF066530155025DC49 ] \Device\Harddisk0\DR0\Partition2
00:14:57.0083 6692  \Device\Harddisk0\DR0\Partition2 - ok
00:14:57.0116 6692  [ F90B9ECBDCC53DA4110955A9A011E7DD ] \Device\Harddisk0\DR0\Partition3
00:14:57.0119 6692  \Device\Harddisk0\DR0\Partition3 - ok
00:14:57.0172 6692  [ E4B5B3FC45E957830A1669C261EAB2BE ] \Device\Harddisk0\DR0\Partition4
00:14:57.0174 6692  \Device\Harddisk0\DR0\Partition4 - ok
00:14:57.0175 6692  ============================================================
00:14:57.0175 6692  Scan finished
00:14:57.0175 6692  ============================================================
00:14:57.0214 4780  Detected object count: 3
00:14:57.0215 4780  Actual detected object count: 3
00:15:21.0830 4780  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:15:21.0830 4780  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:15:21.0834 4780  HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:15:21.0834 4780  HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:15:21.0923 4780  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:15:21.0927 4780  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:15:21.0989 4780  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:15:22.0013 4780  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:15:22.0015 4780  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:15:22.0018 4780  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:15:22.0021 4780  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:15:22.0026 4780  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:15:22.0031 4780  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:15:22.0034 4780  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:15:22.0038 4780  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:15:22.0041 4780  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:15:22.0042 4780  \Device\Harddisk0\DR0\TDLFS - deleted
00:15:22.0042 4780  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 22 March 2013 - 12:35 AM


Hello Shqdowolves

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache::

Folder::
c:\users\Becca\AppData\Roaming\DriverCure
c:\users\Becca\AppData\Roaming\SpeedyPC Software
c:\program files (x86)\Common Files\SpeedyPC Software
c:\programdata\SpeedyPC Software

File::
c:\windows\Tasks\SpeedyPC Registration3.job
c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
c:\windows\Tasks\SpeedyPC Update Version3.job 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
      • let me know of any problems you may have had
        • How is the computer doing now after running the script?
      Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users