Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possable virus infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 mwda

mwda

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 24 March 2013 - 09:19 AM

My sister and I where trying to get a mobel phone to connect with the computer via USB but could not so we called our service provider which finally said it must be a problem with Win 8 so she sent us to another tech support person which said we are infected with a virus that could not be detected with Malwarbytes or Avast two AV programs we use. The tech support person sent us to a higher level person who had us give him remote access to the the computer then he pointed to some items in the "prefetch folder" as proof of a backdoor virus infection. Up shot is we think we may have a virus that is using a backdoor though we have no clear proof of this other then the questionableTech support assertion.

We ran "Malwarebytes",  "Malwarebytes root kit" and "Avast" at boot time twice  with no results.

 

The computer is Asus "SonicMaster" ultrabook laptop.
Operating system is Win 8.

We use Malwarebytes from time to time if we think we may have an infection with Avast free and Windows 8 Firewall as the main protection.  My sister may have given "remote control" to another person though she did not remember.

The tech support person pointed to the prefetch items listed here as Rundll32 as proof of the infection.

"C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf"

After the DDS and Attach.txt files I list the prefetch items that where listed at the time that the "tech support" man claimed we had a backdoor virus.

 

 

The computer is Asus "SonicMaster" ultrabook laptop.
Operating system is Win 8.

 

========================================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
Run by JeanetteN at 13:05:58 on 2013-03-19
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3982.1015 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\splwow64.exe
C:\Windows\syswow64\wwahost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://asus13.msn.com
mURLSearchHooks: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: GetSavin 5.0: {76E7224A-2612-41FD-A504-44AE1EB663F0} - C:\Users\JeanetteN\AppData\Local\getsavin\ie\getsavin_1363531801.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
TB: MixiDJ V8 Toolbar: {E4C3A8B6-7724-45D1-A629-17B69118EBCD} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Amazon Cloud Drive] C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400

Series"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint"

UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go"

UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam"

UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite"

UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
StartupFolder: C:\Users\JEANET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files

(x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files

(x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital

Imaging\bin\hpqtra08.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows

Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} - hxxps://www.backup.com/user/webrestore.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\24F6F63747D4F62696C656023547F627560275966496 : DHCPNameServer =

75.75.75.75 75.75.76.76
TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\C6776796C63756D696075726C69636 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JeanetteN\AppData\Roaming\Mozilla\Firefox\Profiles\nf8bx0p3.default-1363265529755\
FF - prefs.js: browser.search.defaulturl -

hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=3&q={searchTerms}&CUI=UN33930829371937960
FF - prefs.js: browser.startup.homepage - hxxps://news.google.com/
FF - prefs.js: keyword.URL -

hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN33930829371937960&UM=UM_ID&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-07 18:05; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Program Files

(x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: 2013-02-12 14:09; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-14 07:33; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla

Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-17 65336]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-12-6 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-2-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-2-12 377920]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-12-6 23344]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-2-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-2-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-17 45248]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service

Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-9-28 29056]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20

635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-6

129856]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-12-6 193576]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine

Components\DAL\Jhi_service.exe [2012-12-6 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-17 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-17 682344]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine

Components\UNS\UNS.exe [2012-12-6 365376]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-9-28 27792]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-2-7 109064]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-9-28 107328]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-9-28 42816]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-9-28 64832]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-9-28 96064]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-9-28 228672]
R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-9-28 361792]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-28 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-28 342528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-12-6 43800]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-28 110744]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-17 24176]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-9-28 2203792]
S2 DptfPolicyLpmService;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service

Application;C:\Windows\System32\DptfPolicyLpmService.exe [2012-9-28 36224]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe

-service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe

-service [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\Drivers\AmUStor.sys [2012-7-13 101504]
S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-17 178624]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\Drivers\ANDROIDUSB.sys [2013-3-17 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\Drivers\htcnprot.sys [2012-12-7 36928]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-2-12 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-18 19:05:19 388096 ----a-r-

C:\Users\JeanetteN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-18 19:05:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-18 02:36:11 -------- d-----w- C:\ProgramData\COMODO
2013-03-18 02:35:56 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Comodo
2013-03-18 02:35:51 50952 ----a-w- C:\Windows\System32\certsentry.dll
2013-03-18 02:35:45 -------- d-----w- C:\Program Files (x86)\Comodo
2013-03-18 02:35:43 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-03-18 00:50:01 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-18 00:50:01 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-17 22:51:01 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Malwarebytes
2013-03-17 22:50:53 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-17 22:50:53 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-17 22:50:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-17 21:38:54 -------- d-----w- C:\Program Files (x86)\Citrix
2013-03-17 21:38:42 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Citrix
2013-03-17 21:38:41 103832 ----a-w- C:\Users\JeanetteN\GoToAssistDownloadHelper.exe
2013-03-17 21:02:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC Sync
2013-03-17 21:02:01 -------- d-----w- C:\Users\JeanetteN\AppData\Local\HTC MediaHub
2013-03-17 21:00:59 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2013-03-17 19:18:57 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-03-17 17:08:31 -------- d-----w- C:\Program Files\HTC
2013-03-17 16:29:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC
2013-03-17 16:29:13 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apple Computer
2013-03-17 16:29:05 -------- d-----w- C:\ProgramData\Motorola
2013-03-17 16:27:05 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Downloaded Installations
2013-03-17 16:26:07 -------- d-----w- C:\Program Files (x86)\HTC
2013-03-17 16:25:25 33736 ----a-w- C:\Windows\System32\drivers\ANDROIDUSB.sys
2013-03-17 16:25:25 1122664 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2013-03-17 16:25:24 -------- d-----w- C:\ProgramData\HTC
2013-03-17 16:01:23 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Mp3do
2013-03-17 16:01:11 -------- d-----w- C:\Program Files (x86)\mp3do
2013-03-17 15:08:28 -------- d-----w- C:\Program Files (x86)\Free Convert All Music Audio Converter Gold
2013-03-17 15:01:08 -------- d-----w- C:\Program Files (x86)\Conduit
2013-03-17 15:01:06 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Conduit
2013-03-17 15:01:06 -------- d-----w- C:\Program Files (x86)\MixiDJ_V8
2013-03-17 14:51:36 -------- d-----w- C:\Users\JeanetteN\AppData\Local\getsavin
2013-03-15 13:46:55 -------- d-----w- C:\Program Files\Common Files\EPSON
2013-03-15 13:46:48 -------- d-----w- C:\ProgramData\EPSON
2013-03-15 13:46:30 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBE.DLL
2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBA.DLL
2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBE.DLL
2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBA.DLL
2013-03-14 13:04:46 -------- d-----w- C:\Program Files (x86)\NCH Software
2013-03-13 16:44:47 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apps
2013-03-13 02:29:04 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-03-13 02:29:03 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-13 02:29:00 2246656 ----a-w- C:\Windows\System32\wininet.dll
2013-03-11 02:00:08 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-03-10 18:54:14 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-03-10 18:03:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-03 03:55:39 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-03 03:55:39 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-28 15:29:59 -------- d-----w- C:\Users\JeanetteN\dwhelper
2013-02-27 21:08:12 443392 ----a-w- C:\Windows\System32\ReAgent.dll
2013-02-27 21:08:12 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-02-27 21:08:12 1010688 ----a-w- C:\Windows\System32\reseteng.dll
2013-02-25 05:36:51 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Airytec
2013-02-25 05:35:59 -------- d-----w- C:\Program Files\Airytec
2013-02-24 15:16:01 -------- d-----w- C:\Program Files (x86)\FreeAlarmClock
2013-02-21 01:07:20 -------- d-----r- C:\Program Files (x86)\Skype
2013-02-19 19:20:44 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Aimersoft
2013-02-19 19:20:44 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft
2013-02-19 19:20:30 -------- d-----w- C:\Program Files (x86)\Aimersoft
.
==================== Find3M ====================
.
2013-03-19 17:51:02 401 ----a-w- C:\Users\JeanetteN\AppData\Roaming\sp_data.sys
2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 01:44:27 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys
2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll
2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-12 01:02:34 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe
.
============= FINISH: 13:06:34.82 ===============

=======================================

list of prefetch files

"C:\Windows\Prefetch\ReadyBoot\rblayout.xin"
"C:\Windows\Prefetch\ReadyBoot\Trace1.fx"
"C:\Windows\Prefetch\ReadyBoot\Trace2.fx"
"C:\Windows\Prefetch\ReadyBoot\Trace3.fx"
"C:\Windows\Prefetch\ReadyBoot\Trace4.fx"

"C:\Windows\Prefetch\ACMON.EXE-039F45B0.pf"
"C:\Windows\Prefetch\ACOVS.EXE-2C6C215E.pf"
"C:\Windows\Prefetch\ACRORD32.EXE-153662D3.pf"
"C:\Windows\Prefetch\ADB.EXE-67EDDB48.pf"
"C:\Windows\Prefetch\ADOBEARM.EXE-813E932C.pf"
"C:\Windows\Prefetch\ADOBECOLLABSYNC.EXE-3F5B152C.pf"
"C:\Windows\Prefetch\AgAppLaunch.db"
"C:\Windows\Prefetch\AgCx_S2_S-1-5-21-1919060137-1190633048-1460563888-1001.snp.db"
"C:\Windows\Prefetch\AgCx_SC1.db"
"C:\Windows\Prefetch\AgCx_SC1.db.trx"
"C:\Windows\Prefetch\AgCx_SC5.db"
"C:\Windows\Prefetch\AgGlFaultHistory.db"
"C:\Windows\Prefetch\AgGlFgAppHistory.db"
"C:\Windows\Prefetch\AgGlGlobalHistory.db"
"C:\Windows\Prefetch\AgRobust.db"
"C:\Windows\Prefetch\AMAZONCLOUDDRIVE.EXE-17FB41F5.pf"
"C:\Windows\Prefetch\ASUSTPCFG64.EXE-7A0C8A89.pf"
"C:\Windows\Prefetch\ASUSVIBE2.0.EXE-0908717F.pf"
"C:\Windows\Prefetch\ASUSVIBELAUNCHER.EXE-901B0E99.pf"
"C:\Windows\Prefetch\ASUSWSPANEL.EXE-379DF0C0.pf"
"C:\Windows\Prefetch\ATBROKER.EXE-8B8F7F7C.pf"
"C:\Windows\Prefetch\ATKOSD2.EXE-830E1513.pf"
"C:\Windows\Prefetch\AU_.EXE-4EDBB485.pf"
"C:\Windows\Prefetch\AU_.EXE-D53D2755.pf"
"C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf"
"C:\Windows\Prefetch\AUTHHOST.EXE-2D7C3758.pf"
"C:\Windows\Prefetch\AVAST.SETUP-50B30900.pf"
"C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf"
"C:\Windows\Prefetch\AVASTUI.EXE-DC11C262.pf"
"C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf"
"C:\Windows\Prefetch\BITSADMIN.EXE-51D741B1.pf"
"C:\Windows\Prefetch\BU_.EXE-563CB68A.pf"
"C:\Windows\Prefetch\BU_.EXE-CFDB43BA.pf"
"C:\Windows\Prefetch\CAVWP.EXE-3E14ACA0.pf"
"C:\Windows\Prefetch\CCLEANER64.EXE-1137D9AC.pf"
"C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-58FC0582.pf"
"C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-242DE3C4.pf"
"C:\Windows\Prefetch\CFPCONFG.EXE-A9FE19C1.pf"
"C:\Windows\Prefetch\CFW_INSTALLER.EXE-17F59D26.pf"
"C:\Windows\Prefetch\CIS.EXE-7DDE53FE.pf"
"C:\Windows\Prefetch\CISBF.EXE-5C7FFF36.pf"
"C:\Windows\Prefetch\CISTRAY.EXE-D7F757B6.pf"
"C:\Windows\Prefetch\CLTMNG.EXE-B8F0815A.pf"
"C:\Windows\Prefetch\CLTMNG.EXE-E14AC8B0.pf"
"C:\Windows\Prefetch\CMDAGENT.EXE-78C04C12.pf"
"C:\Windows\Prefetch\CMDINSTALL.EXE-0A68BBF9.pf"
"C:\Windows\Prefetch\CMDVIRTH.EXE-D7511A98.pf"
"C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf"
"C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf"
"C:\Windows\Prefetch\CONTROL.EXE-5BCB0217.pf"
"C:\Windows\Prefetch\CSC.EXE-4D47A477.pf"
"C:\Windows\Prefetch\CSC.EXE-064435F2.pf"
"C:\Windows\Prefetch\CSRSS.EXE-A7A2B218.pf"
"C:\Windows\Prefetch\CTFMON.EXE-5E6E7DF5.pf"
"C:\Windows\Prefetch\CVTRES.EXE-84F07AF8.pf"
"C:\Windows\Prefetch\CVTRES.EXE-9077A165.pf"
"C:\Windows\Prefetch\DEFRAG.EXE-22AD8A37.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-50DEE1CF.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-59F5A146.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-461712A4.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-7242160E.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-C7028A70.pf"
"C:\Windows\Prefetch\DMEDIA.EXE-FAA82C3F.pf"
"C:\Windows\Prefetch\DPTFPOLICYLPMSERVICE.EXE-5981626A.pf"
"C:\Windows\Prefetch\DPTFPOLICYLPMSERVICEHELPER.EX-8EC05A62.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903912.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903915.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903916.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903919.pf"
"C:\Windows\Prefetch\DRAGON_UPDATER.EXE-277E571E.pf"
"C:\Windows\Prefetch\DRAGONSETUP.EXE-06668C80.pf"
"C:\Windows\Prefetch\DRVINST.EXE-26FFA444.pf"
"C:\Windows\Prefetch\DSMUSERTASK.EXE-D4A83970.pf"
"C:\Windows\Prefetch\DW20.EXE-DB97FF03.pf"
"C:\Windows\Prefetch\DWM.EXE-F29FE9E2.pf"
"C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf"
"C:\Windows\Prefetch\EXPRESSCACHE.EXE-90CF5D74.pf"
"C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf"
"C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-54979347.pf"
"C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-E0E5E52F.pf"
"C:\Windows\Prefetch\FREEALARMCLOCK.EXE-92BD2D09.pf"
"C:\Windows\Prefetch\GEEKBUDDYRSP.EXE-00F934D5.pf"
"C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf"
"C:\Windows\Prefetch\GRPCONV.EXE-926E9525.pf"
"C:\Windows\Prefetch\GRPCONV.EXE-D0333FE9.pf"
"C:\Windows\Prefetch\HCONTROL.EXE-752ABE5C.pf"
"C:\Windows\Prefetch\HECISERVER.EXE-AD396A6A.pf"
"C:\Windows\Prefetch\HELPER.EXE-FDD78328.pf"
"C:\Windows\Prefetch\HELPPANE.EXE-5A92E3D5.pf"
"C:\Windows\Prefetch\HKCMD.EXE-15DC91D5.pf"
"C:\Windows\Prefetch\HPQTRA08.EXE-97BDFA1A.pf"
"C:\Windows\Prefetch\HSMSERVICEENTRY.EXE-59F1E6CC.pf"
"C:\Windows\Prefetch\HTCSYNCMANAGER.EXE-1F03F570.pf"
"C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf"
"C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf"
"C:\Windows\Prefetch\IGFXEXT.EXE-B04096D5.pf"
"C:\Windows\Prefetch\IGFXSRVC.EXE-F41E6E8E.pf"
"C:\Windows\Prefetch\IGFXTRAY.EXE-21BDFE68.pf"
"C:\Windows\Prefetch\INSONWMI.EXE-D024CEF9.pf"
"C:\Windows\Prefetch\INTELMEFWSERVICE.EXE-265333D9.pf"
"C:\Windows\Prefetch\JAVA.EXE-4EF2C834.pf"
"C:\Windows\Prefetch\JAVAW.EXE-EF2DD849.pf"
"C:\Windows\Prefetch\JUSCHED.EXE-4B303C70.pf"
"C:\Windows\Prefetch\LAUNCHER.EXE-4240042A.pf"
"C:\Windows\Prefetch\LAUNCHER_HELPER.EXE-F206875D.pf"
"C:\Windows\Prefetch\LAUNCHER_SERVICE.EXE-4698DC02.pf"
"C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf"
"C:\Windows\Prefetch\Layout.ini"
"C:\Windows\Prefetch\LIGHTSCRIBECONTROLPANEL.EXE-DCE20B68.pf"
"C:\Windows\Prefetch\LMS.EXE-409EDB07.pf"
"C:\Windows\Prefetch\LOGONUI.EXE-E35F76FB.pf"
"C:\Windows\Prefetch\MBAMGUI.EXE-9FF23AE2.pf"
"C:\Windows\Prefetch\MBAMSCHEDULER.EXE-E0C395DC.pf"
"C:\Windows\Prefetch\MBAMSERVICE.EXE-5C46DB66.pf"
"C:\Windows\Prefetch\MOVIEMAKER.EXE-A6401490.pf"
"C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf"
"C:\Windows\Prefetch\MSDT.EXE-A16F1692.pf"
"C:\Windows\Prefetch\MSFEEDSSYNC.EXE-C2C33DF2.pf"
"C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf"
"C:\Windows\Prefetch\MSIEXEC.EXE-BAE57A74.pf"
"C:\Windows\Prefetch\MSNMSGR.EXE-424B3DE6.pf"
"C:\Windows\Prefetch\MY_INTEL_CPP_X64.EXE-1A95AA96.pf"
"C:\Windows\Prefetch\NETSH.EXE-59756CAC.pf"
"C:\Windows\Prefetch\NETSH.EXE-355423B0.pf"
"C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf"
"C:\Windows\Prefetch\NOTEPAD.EXE-B28CC291.pf"
"C:\Windows\Prefetch\NOTEPAD.EXE-F0516D55.pf"
"C:\Windows\Prefetch\OPENWITH.EXE-BA0DC300.pf"
"C:\Windows\Prefetch\Op-EXPLORER.EXE-03C49D11-000000F5.pf"
"C:\Windows\Prefetch\PASSTHRUSVR.EXE-82F7BBA9.pf"
"C:\Windows\Prefetch\PfSvPerfStats.bin"
"C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-E510713D.pf"
"C:\Windows\Prefetch\POWERCFG.EXE-14BEB11F.pf"
"C:\Windows\Prefetch\REG.EXE-CC1AF0A4.pf"
"C:\Windows\Prefetch\REGSVR32.EXE-3290E8FC.pf"
"C:\Windows\Prefetch\REGSVR32.EXE-E1DBB6D8.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-C9FC3476.pf"
"C:\Windows\Prefetch\RUNONCE.EXE-AAB0060C.pf"
"C:\Windows\Prefetch\RUNONCE.EXE-E874B0D0.pf"
"C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf"
"C:\Windows\Prefetch\SC.EXE-443D0E78.pf"
"C:\Windows\Prefetch\SCALC.EXE-5046D548.pf"
"C:\Windows\Prefetch\SDIAGNHOST.EXE-D8BC1DC6.pf"
"C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf"
"C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf"
"C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf"
"C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf"
"C:\Windows\Prefetch\SETUP_CLPS_BOOT_TIME_MONITOR_-3C5060EF.pf"
"C:\Windows\Prefetch\SETUP_CLPS_BROWSER_ADDONS_MON-BBC42489.pf"
"C:\Windows\Prefetch\SETUP_CLPS_CLIENT_TRANSACTION-992F173E.pf"
"C:\Windows\Prefetch\SETUP_CLPS_WINDOWS_EVENT_MONI-492DC639.pf"
"C:\Windows\Prefetch\SMSS.EXE-81AD91F0.pf"
"C:\Windows\Prefetch\SOFFICE.BIN-72E915F8.pf"
"C:\Windows\Prefetch\SOFFICE.EXE-7F5AFD1D.pf"
"C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf"
"C:\Windows\Prefetch\SSVAGENT.EXE-03CE9021.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-5B401A7E.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-574A519D.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-3395AAB7.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-5511E724.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-B7E95B0C.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-BD1BACA1.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-F76F2CFA.pf"
"C:\Windows\Prefetch\SWRITER.EXE-FDA9E68A.pf"
"C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf"
"C:\Windows\Prefetch\TABTIP.EXE-58E52E53.pf"
"C:\Windows\Prefetch\TABTIP32.EXE-9819DFFF.pf"
"C:\Windows\Prefetch\TASKENG.EXE-23205583.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-D687BE54.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-F2C7AEBC.pf"
"C:\Windows\Prefetch\TASKHOSTEX.EXE-7356AAC0.pf"
"C:\Windows\Prefetch\TASKMGR.EXE-39AABA37.pf"
"C:\Windows\Prefetch\TIWORKER.EXE-D3BFD41F.pf"
"C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-4C83D450.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-8DDEB871.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-641B5087.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-AB0C8B25.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-CF399C92.pf"
"C:\Windows\Prefetch\UNIT.EXE-7102C278.pf"
"C:\Windows\Prefetch\UNIT_MANAGER.EXE-A10E606A.pf"
"C:\Windows\Prefetch\UNS.EXE-9B1279FB.pf"
"C:\Windows\Prefetch\UNSECAPP.EXE-454AB5C0.pf"
"C:\Windows\Prefetch\USERINIT.EXE-7FD17ED1.pf"
"C:\Windows\Prefetch\VDECK.EXE-815C8D0F.pf"
"C:\Windows\Prefetch\VIAAUD.EXE-93054CC8.pf"
"C:\Windows\Prefetch\VIRTKIOSK.EXE-87F784B1.pf"
"C:\Windows\Prefetch\VMMMODESELECTION.EXE-F15CAECD.pf"
"C:\Windows\Prefetch\VSSVC.EXE-206E55B3.pf"
"C:\Windows\Prefetch\WELCOME_SCREEN.EXE-7E1FAA87.pf"
"C:\Windows\Prefetch\WERFAULT.EXE-44194444.pf"
"C:\Windows\Prefetch\WERMGR.EXE-D948C216.pf"
"C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf"
"C:\Windows\Prefetch\WLCOMM.EXE-D12936DC.pf"
"C:\Windows\Prefetch\WLMAIL.EXE-A89F57F3.pf"
"C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf"
"C:\Windows\Prefetch\WMIAPSRV.EXE-CF150EEA.pf"
"C:\Windows\Prefetch\WMIPRVSE.EXE-0C8A533A.pf"
"C:\Windows\Prefetch\WMIPRVSE.EXE-BB49B536.pf"
"C:\Windows\Prefetch\WUAUCLT.EXE-4A7CF88B.pf"

Are we infected or is this all nothing?

Thank you for any help you offer
Marshall D'Arcy

Attached Files


Edited by Orange Blossom, 24 March 2013 - 12:20 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:33 PM

Posted 24 March 2013 - 02:40 PM

Hello mwda,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

3.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Things to include in your next reply::

AdwCleaner log

JRT log

Roguekiller log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 mwda

mwda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 25 March 2013 - 11:06 AM

Thank you very much for your help
Every program worked great!!!
the ADW program found "Conduit" and RK found the "Rans.Gendarm" trojan.

I had a problem with RK for it opened a web page that was in French and I don't speak French.  It indicated on the page a link to "Trojan
removal" but I did not follow the link I just closed the web page and selected delete from the program RK.  

I have reactivated our Avast protection program.
I know we are not done so I am waiting for futher instructions from you but Thank you again.
Marshall D'Arcy

================================================
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : JeanetteN [Admin rights]
Mode : Remove -- Date : 03/25/2013 10:38:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[Services][Rans.Gendarm] HKLM\[...]\ControlSet001\Services\DptfPolicyLpmService (C:\Windows\system32\DptfPolicyLpmService.exe) [x] ->

DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] b150657b3c3fb5fd2141fbae6025b11a
[BSP] 592441b04a9e2c517cbd0e6558221895 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk SSD U100 24GB +++++
--- User ---
[MBR] 7367b47ae23daf6a220461b52d658658
[BSP] 541e4a40d5f27032b2a71f800718bfa7 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03252013_02d1038.txt >>
RKreport[1]_S_03252013_02d1029.txt ; RKreport[2]_D_03252013_02d1038.txt

=========================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 8 x64
Ran by JeanetteN on Mon 03/25/2013 at 10:16:45.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\JeanetteN\AppData\Roaming\mozilla\firefox\profiles\nf8bx0p3.default-1363265529755\extensions

\getsavin@jetpack
Emptied folder: C:\Users\JeanetteN\AppData\Roaming\mozilla\firefox\profiles\nf8bx0p3.default-1363265529755\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/25/2013 at 10:25:19.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=======================================================
# AdwCleaner v2.115 - Logfile created 03/25/2013 at 10:02:07
# Updated 17/03/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : JeanetteN - JEANETTENEAGU
# Boot Mode : Normal
# Running from : C:\util\adw\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\JeanetteN\AppData\Roaming\Mozilla\Firefox\Profiles\nf8bx0p3.default-1363265529755\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MixiDJ_V8
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Users\JeanetteN\AppData\Local\Conduit
Folder Deleted : C:\Users\JeanetteN\AppData\Local\getsavin
Folder Deleted : C:\Users\JeanetteN\AppData\Local\Wajam
Folder Deleted : C:\Users\JeanetteN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JeanetteN\AppData\LocalLow\MixiDJ_V8
Folder Deleted : C:\Users\JeanetteN\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\JeanetteN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\JeanetteN\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V8
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85318F7B-ACB8-4719-A35C-14BF9F7EFBD7}
Key Deleted : HKLM\Software\MixiDJ_V8
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85318F7B-ACB8-4719-A35C-14BF9F7EFBD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{218FA9FD-E396-4853-956D-

83D9A7C05463}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1B3D2A6-17DB-4236-B48A-

BE104F28766F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-

4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4C3A8B6-7724-

45D1-A629-17B69118EBCD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V8 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E4C3A8B6-7724-45D1-A629-17B69118EBCD}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E4C3A8B6-7724-45D1-A629-17B69118EBCD}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E4C3A8B6-7724-45D1-A629-17B69118EBCD}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\JeanetteN\AppData\Roaming\Mozilla\Firefox\Profiles\nf8bx0p3.default-1363265529755\prefs.js

Deleted : user_pref("CT3287822_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287822&octid=CT328782[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287822");
Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V8 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&Sea[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CU[...]

*************************

AdwCleaner[R1].txt - [6205 octets] - [25/03/2013 10:00:37]
AdwCleaner[S1].txt - [6288 octets] - [25/03/2013 10:02:07]

########## EOF - C:\AdwCleaner[S1].txt - [6348 octets] ##########
====================================================================
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:33 PM

Posted 25 March 2013 - 05:56 PM

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

 

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 
 
 
Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?


Edited by fireman4it, 25 March 2013 - 06:03 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 mwda

mwda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 26 March 2013 - 01:22 PM

Thank you very much for your response.

I ran TDSSKiller.exe and it did not find anything, thankfully.  I tried to run Combofix but it does not support Win 8 yet according to the executable file I downloaded from your link.  If their is another link I would like to run it for I know it has solved many problems for people.

You asked about the computer and I must tell you why we started this post.  My sister was trying to link her HTM-DNA phone to her Win8 computer and could not so she called Verizon.  Verizon tech support said the problem was with Win 8 and claimed they had to transfer us to a Microsoft tech support person.  What we thought was a Microsoft tech support person asked and recieved control of the computer and then said the computer was infecting with a backdoor virus that required a higher level of support and he then transfered control of the computer to another person.  The other Tech support person said, because of the entries in the prefetch folder, that my sister's computer was infected with a backdoor virus and that it would take 40 minutes and cost $200 to clean it and that this was the reason for the mobel phone not connecting to the computer.  We asked him if he was connected to Microsoft and he said "no" so we closed the Web site and hung up on the phone call.  We where not sure that he was not right so I posted to this site to find out for sure.

After we disconnected from the support service, what ever that was, my sister, unknow to me, called Verizon again and they where able to get the computer and the phone connected.  The computer always seemed to be working well.

I believe that the trojan you found was effecting the computer though we may not have seen it's effect.  I am very happy you found and removed what you found and that I posted to bleepingcomputer.  I hope I have not wasted your time but I believe the service you have given is great.

I thank you so much for your help which was excellent.

Bellow is the TSK log bellow but I had to remove "Scan visual images" because the post was too long and I could not find a way to attach the file. If you wish this information please tell me how to attach it.

==========================================================

12:08:45.0122 4156  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:08:45.0122 4156  UEFI system
12:08:47.0123 4156  ============================================================
12:08:47.0123 4156  Current date / time: 2013/03/26 12:08:47.0123
12:08:47.0123 4156  SystemInfo:
12:08:47.0123 4156  
12:08:47.0123 4156  OS Version: 6.2.9200 ServicePack: 0.0
12:08:47.0123 4156  Product type: Workstation
12:08:47.0123 4156  ComputerName: JEANETTENEAGU
12:08:47.0123 4156  UserName: JeanetteN
12:08:47.0123 4156  Windows directory: C:\Windows
12:08:47.0123 4156  System windows directory: C:\Windows
12:08:47.0123 4156  Running under WOW64
12:08:47.0123 4156  Processor architecture: Intel x64
12:08:47.0123 4156  Number of processors: 4
12:08:47.0123 4156  Page size: 0x1000
12:08:47.0123 4156  Boot type: Normal boot
12:08:47.0123 4156  ============================================================
12:08:47.0326 4156  BG loaded
12:08:47.0763 4156  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:08:47.0763 4156  Drive \Device\Harddisk1\DR1 - Size: 0x5976F6000 (22.37 Gb), SectorSize: 0x200, Cylinders: 0xB67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:08:47.0763 4156  ============================================================
12:08:47.0763 4156  \Device\Harddisk0\DR0:
12:08:47.0763 4156  GPT partitions:
12:08:47.0763 4156  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ED04135B-BD79-4C7C-B3B5-B0F9C2FE6826}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
12:08:47.0763 4156  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {95A1D2C2-393A-4150-BBD2-D8E7179E7F8A}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x1C2000
12:08:47.0763 4156  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {432A977B-F26D-4E75-B9EE-BF610EE6F4A4}, Name: Microsoft reserved partition, StartLBA 0x258800, BlocksNum 0x40000
12:08:47.0763 4156  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A4B797D9-0868-4BD1-A92D-F244639039F5}, Name: Basic data partition, StartLBA 0x298800, BlocksNum 0x1749C000
12:08:47.0763 4156  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F64F82A7-8F2B-4748-88B1-7B0C61E71C70}, Name: Basic data partition, StartLBA 0x17734800, BlocksNum 0x2044C800
12:08:47.0763 4156  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0AB4D458-CD09-4BFB-A447-5F5FA66332E2}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
12:08:47.0763 4156  MBR partitions:
12:08:47.0763 4156  \Device\Harddisk1\DR1:
12:08:47.0763 4156  GPT partitions:
12:08:47.0763 4156  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {B8CB5058-C187-4719-BAF0-379CA2D4C97E}, UniqueGUID: {4613EE39-4727-4347-8134-173F590F716F}, Name: HFS, StartLBA 0x801000, BlocksNum 0x24BA000
12:08:47.0763 4156  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {65803252-070F-4193-9121-F185EFC03D2C}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x800000
12:08:47.0763 4156  MBR partitions:
12:08:47.0763 4156  ============================================================
12:08:47.0810 4156  C: <-> \Device\Harddisk0\DR0\Partition4
12:08:47.0841 4156  D: <-> \Device\Harddisk0\DR0\Partition5
12:08:47.0841 4156  ============================================================
12:08:47.0841 4156  Initialize success
12:08:47.0841 4156  ============================================================
12:10:44.0517 5244  ============================================================
12:10:44.0517 5244  Scan started
12:10:44.0517 5244  Mode: Manual;
12:10:44.0517 5244  ============================================================
12:10:45.0295 5244  ================ Scan system memory ========================
12:10:45.0295 5244  System memory - ok
12:10:45.0295 5244  ================ Scan services =============================
12:10:45.0482 5244  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
12:10:45.0491 5244  1394ohci - ok
12:10:45.0507 5244  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
12:10:45.0509 5244  3ware - ok
12:10:45.0554 5244  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:10:45.0563 5244  ACPI - ok
12:10:45.0567 5244  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
12:10:45.0575 5244  acpiex - ok
12:10:45.0603 5244  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
12:10:45.0605 5244  acpipagr - ok
12:10:45.0621 5244  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
12:10:45.0623 5244  AcpiPmi - ok
12:10:45.0641 5244  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
12:10:45.0643 5244  acpitime - ok
12:10:45.0734 5244  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:10:45.0735 5244  AdobeARMservice - ok
12:10:45.0902 5244  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:45.0904 5244  AdobeFlashPlayerUpdateSvc - ok
12:10:45.0921 5244  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:10:45.0933 5244  adp94xx - ok
12:10:46.0015 5244  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:10:46.0390 5244  adpahci - ok
12:10:46.0405 5244  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:10:46.0411 5244  adpu320 - ok
12:10:46.0449 5244  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:10:46.0450 5244  AeLookupSvc - ok
12:10:46.0524 5244  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
12:10:46.0530 5244  AFD - ok
12:10:46.0617 5244  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
12:10:46.0631 5244  AgereSoftModem - ok
12:10:46.0647 5244  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:10:46.0653 5244  agp440 - ok
12:10:46.0685 5244  [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
12:10:46.0687 5244  AiCharger - ok
12:10:46.0729 5244  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
12:10:46.0775 5244  ALG - ok
12:10:46.0790 5244  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
12:10:46.0795 5244  AllUserInstallAgent - ok
12:10:46.0818 5244  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
12:10:46.0822 5244  AmdK8 - ok
12:10:46.0849 5244  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
12:10:46.0852 5244  AmdPPM - ok
12:10:46.0884 5244  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:10:46.0887 5244  amdsata - ok
12:10:46.0926 5244  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:10:46.0938 5244  amdsbs - ok
12:10:46.0965 5244  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:10:46.0968 5244  amdxata - ok
12:10:47.0015 5244  [ 582AF0A7617E5FFB1D8AB4E2DD074937 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
12:10:47.0019 5244  AmUStor - ok
12:10:47.0034 5244  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
12:10:47.0153 5244  AppID - ok
12:10:47.0199 5244  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:10:47.0201 5244  AppIDSvc - ok
12:10:47.0212 5244  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
12:10:47.0213 5244  Appinfo - ok
12:10:47.0250 5244  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
12:10:47.0335 5244  arc - ok
12:10:47.0367 5244  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:10:47.0369 5244  arcsas - ok
12:10:47.0443 5244  [ D01D1B40EEF27F64B45165CE0ACDE6CD ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
12:10:47.0444 5244  ASLDRService - ok
12:10:47.0467 5244  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:10:47.0469 5244  ASMMAP64 - ok
12:10:47.0512 5244  [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn  C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
12:10:47.0513 5244  ASUS InstantOn - ok
12:10:47.0544 5244  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
12:10:47.0546 5244  aswFsBlk - ok
12:10:47.0559 5244  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:10:47.0566 5244  aswMonFlt - ok
12:10:47.0580 5244  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
12:10:47.0584 5244  aswRdr - ok
12:10:47.0597 5244  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:10:47.0600 5244  aswRvrt - ok
12:10:47.0690 5244  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:10:47.0703 5244  aswSnx - ok
12:10:47.0730 5244  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:10:47.0738 5244  aswSP - ok
12:10:47.0773 5244  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
12:10:47.0779 5244  aswTdi - ok
12:10:47.0805 5244  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
12:10:47.0812 5244  aswVmm - ok
12:10:47.0826 5244  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:47.0832 5244  AsyncMac - ok
12:10:47.0871 5244  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:10:47.0873 5244  atapi - ok
12:10:48.0161 5244  [ 0322DB3E6AA9AFA3B32838D0A0C3F7C1 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
12:10:48.0620 5244  athr - ok
12:10:48.0633 5244  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
12:10:48.0634 5244  ATKGFNEXSrv - ok
12:10:48.0673 5244  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
12:10:48.0803 5244  ATKWMIACPIIO - ok
12:10:48.0838 5244  [ 437EB91CB20144375DDE145149778405 ] ATP             C:\Windows\System32\drivers\AsusTP.sys
12:10:48.0991 5244  ATP - ok
12:10:49.0023 5244  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
12:10:49.0151 5244  AudioEndpointBuilder - ok
12:10:49.0224 5244  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:10:49.0229 5244  Audiosrv - ok
12:10:49.0292 5244  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:10:49.0293 5244  avast! Antivirus - ok
12:10:49.0347 5244  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:10:49.0354 5244  AxInstSV - ok
12:10:49.0401 5244  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:10:49.0411 5244  b06bdrv - ok
12:10:49.0441 5244  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
12:10:49.0443 5244  BasicDisplay - ok
12:10:49.0461 5244  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
12:10:49.0462 5244  BasicRender - ok
12:10:49.0508 5244  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:10:49.0515 5244  BDESVC - ok
12:10:49.0548 5244  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:10:49.0549 5244  Beep - ok
12:10:49.0613 5244  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
12:10:49.0617 5244  BFE - ok
12:10:49.0697 5244  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
12:10:50.0005 5244  BITS - ok
12:10:50.0015 5244  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:10:50.0017 5244  bowser - ok
12:10:50.0053 5244  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
12:10:50.0056 5244  BrokerInfrastructure - ok
12:10:50.0086 5244  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
12:10:50.0087 5244  Browser - ok
12:10:50.0132 5244  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
12:10:50.0136 5244  BthAvrcpTg - ok
12:10:50.0162 5244  [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
12:10:50.0165 5244  BthEnum - ok
12:10:50.0204 5244  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
12:10:50.0207 5244  BthHFEnum - ok
12:10:50.0234 5244  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
12:10:50.0236 5244  bthhfhid - ok
12:10:50.0254 5244  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
12:10:50.0256 5244  BTHMODEM - ok
12:10:50.0288 5244  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:10:50.0291 5244  BthPan - ok
12:10:50.0411 5244  [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:10:50.0425 5244  BTHPORT - ok
12:10:50.0455 5244  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
12:10:50.0459 5244  bthserv - ok
12:10:50.0474 5244  [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:10:50.0476 5244  BTHUSB - ok
12:10:50.0529 5244  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:10:50.0531 5244  cdfs - ok
12:10:50.0559 5244  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
12:10:50.0563 5244  cdrom - ok
12:10:50.0597 5244  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:10:50.0599 5244  CertPropSvc - ok
12:10:50.0638 5244  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
12:10:50.0640 5244  circlass - ok
12:10:50.0687 5244  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
12:10:50.0694 5244  CLFS - ok
12:10:50.0714 5244  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
12:10:50.0717 5244  CmBatt - ok
12:10:50.0759 5244  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:10:50.0767 5244  CNG - ok
12:10:50.0802 5244  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
12:10:50.0804 5244  CompositeBus - ok
12:10:50.0808 5244  COMSysApp - ok
12:10:50.0824 5244  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
12:10:50.0827 5244  condrv - ok
12:10:50.0970 5244  [ EB726E02074FDC44EBE97E01A2660AA6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
12:10:51.0058 5244  cphs - ok
12:10:51.0121 5244  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:10:51.0122 5244  CryptSvc - ok
12:10:51.0148 5244  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
12:10:51.0155 5244  dam - ok
12:10:51.0263 5244  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:10:51.0373 5244  DcomLaunch - ok
12:10:51.0416 5244  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:10:51.0712 5244  defragsvc - ok
12:10:51.0757 5244  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
12:10:51.0759 5244  DeviceAssociationService - ok
12:10:51.0798 5244  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
12:10:51.0806 5244  DeviceInstall - ok
12:10:51.0836 5244  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
12:10:51.0838 5244  Dfsc - ok
12:10:51.0921 5244  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:10:51.0924 5244  Dhcp - ok
12:10:51.0944 5244  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
12:10:51.0949 5244  discache - ok
12:10:51.0971 5244  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
12:10:51.0977 5244  disk - ok
12:10:51.0995 5244  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
12:10:52.0007 5244  dmvsc - ok
12:10:52.0058 5244  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:10:52.0060 5244  Dnscache - ok
12:10:52.0140 5244  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
12:10:52.0157 5244  dot3svc - ok
12:10:52.0185 5244  [ 27069CFFF29B7F04F4B1BB10154BE52B ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:10:52.0192 5244  dot4 - ok
12:10:52.0207 5244  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D ] Dot4Print       C:\Windows\System32\drivers\Dot4Prt.sys
12:10:52.0210 5244  Dot4Print - ok
12:10:52.0225 5244  [ B7D595F2F464F7B628AD53F06547792C ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:10:52.0228 5244  dot4usb - ok
12:10:52.0288 5244  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
12:10:52.0290 5244  DPS - ok
12:10:52.0341 5244  [ 0EB108FDBF4662E2666DAEDF79BBFED9 ] DptfDevDram     C:\Windows\system32\DRIVERS\DptfDevDram.sys
12:10:52.0351 5244  DptfDevDram - ok
12:10:52.0355 5244  [ 02262B2DD70E27D7C9F05D7F44135D28 ] DptfDevFan      C:\Windows\system32\DRIVERS\DptfDevFan.sys
12:10:52.0381 5244  DptfDevFan - ok
12:10:52.0398 5244  [ 1A251FC32063972B4EEDEC43637061ED ] DptfDevGen      C:\Windows\system32\DRIVERS\DptfDevGen.sys
12:10:52.0404 5244  DptfDevGen - ok
12:10:52.0422 5244  [ 2986DF25D67710EB415BFDEB5EBDD486 ] DptfDevPch      C:\Windows\system32\DRIVERS\DptfDevPch.sys
12:10:52.0428 5244  DptfDevPch - ok
12:10:52.0452 5244  [ 6C3A9CF2037ADDFDC3AB96B04797AE12 ] DptfDevProc     C:\Windows\system32\DRIVERS\DptfDevProc.sys
12:10:52.0463 5244  DptfDevProc - ok
12:10:52.0495 5244  [ 593BFE1580F26864AFA2B3CDF3EEF71F ] DptfManager     C:\Windows\system32\DRIVERS\DptfManager.sys
12:10:52.0633 5244  DptfManager - ok
12:10:52.0692 5244  [ 3EBB900BA3BC774CABEBE2BED3200B8C ] DptfParticipantProcessorService C:\Windows\system32\DptfParticipantProcessorService.exe
12:10:52.0693 5244  DptfParticipantProcessorService - ok
12:10:52.0735 5244  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:10:53.0013 5244  drmkaud - ok
12:10:53.0073 5244  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
12:10:53.0197 5244  DsmSvc - ok
12:10:53.0330 5244  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:10:53.0348 5244  DXGKrnl - ok
12:10:53.0388 5244  [ 651FBD69A9713D623D456A240F96179C ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
12:10:53.0398 5244  e1iexpress - ok
12:10:53.0435 5244  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
12:10:53.0438 5244  Eaphost - ok
12:10:53.0583 5244  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:10:53.0902 5244  ebdrv - ok
12:10:53.0935 5244  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
12:10:54.0072 5244  EFS - ok
12:10:54.0088 5244  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
12:10:54.0091 5244  EhStorClass - ok
12:10:54.0142 5244  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
12:10:54.0145 5244  EhStorTcgDrv - ok
12:10:54.0173 5244  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
12:10:54.0174 5244  ErrDev - ok
12:10:54.0237 5244  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
12:10:54.0241 5244  EventSystem - ok
12:10:54.0299 5244  [ D2EAA04AF43154B62FA85B08BAD0A7CA ] excfs           C:\Windows\system32\DRIVERS\excfs.sys
12:10:54.0302 5244  excfs - ok
12:10:54.0342 5244  [ E6082A6C109238A725D83184724C4A36 ] excsd           C:\Windows\system32\DRIVERS\excsd.sys
12:10:54.0346 5244  excsd - ok
12:10:54.0397 5244  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:10:54.0405 5244  exfat - ok
12:10:54.0532 5244  [ 68030FF4B7669E15916910885E2E6160 ] ExpressCache    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
12:10:54.0533 5244  ExpressCache - ok
12:10:54.0591 5244  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:10:54.0595 5244  fastfat - ok
12:10:54.0679 5244  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
12:10:54.0691 5244  Fax - ok
12:10:54.0707 5244  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
12:10:54.0714 5244  fdc - ok
12:10:54.0754 5244  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:10:54.0756 5244  fdPHost - ok
12:10:54.0776 5244  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
12:10:54.0778 5244  FDResPub - ok
12:10:54.0818 5244  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
12:10:54.0822 5244  fhsvc - ok
12:10:54.0869 5244  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:10:54.0876 5244  FileInfo - ok
12:10:54.0895 5244  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:10:55.0084 5244  Filetrace - ok
12:10:55.0111 5244  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
12:10:55.0111 5244  flpydisk - ok
12:10:55.0126 5244  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:10:55.0292 5244  FltMgr - ok
12:10:55.0358 5244  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
12:10:55.0366 5244  FontCache - ok
12:10:55.0496 5244  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:10:55.0498 5244  FontCache3.0.0.0 - ok
12:10:55.0548 5244  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:10:55.0550 5244  FsDepends - ok
12:10:55.0573 5244  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:10:55.0574 5244  Fs_Rec - ok
12:10:55.0631 5244  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:10:55.0637 5244  fvevol - ok
12:10:55.0678 5244  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
12:10:55.0681 5244  FxPPM - ok
12:10:55.0739 5244  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:10:55.0745 5244  gagp30kx - ok
12:10:55.0795 5244  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
12:10:55.0798 5244  gencounter - ok
12:10:55.0847 5244  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
12:10:55.0853 5244  GPIOClx0101 - ok
12:10:55.0906 5244  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:10:55.0914 5244  gpsvc - ok
12:10:56.0032 5244  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:10:56.0033 5244  gupdate - ok
12:10:56.0040 5244  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:10:56.0041 5244  gupdatem - ok
12:10:56.0094 5244  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:10:56.0110 5244  gusvc - ok
12:10:56.0148 5244  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:10:56.0157 5244  HdAudAddService - ok
12:10:56.0187 5244  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
12:10:56.0190 5244  HDAudBus - ok
12:10:56.0221 5244  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
12:10:56.0226 5244  HidBatt - ok
12:10:56.0250 5244  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
12:10:56.0252 5244  HidBth - ok
12:10:56.0292 5244  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
12:10:56.0303 5244  hidi2c - ok
12:10:56.0367 5244  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
12:10:56.0368 5244  HidIr - ok
12:10:56.0421 5244  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
12:10:56.0423 5244  hidserv - ok
12:10:56.0477 5244  [ A9F2301B8D28BB4D887F5AEBB55ACB3A ] HIDSwitch       C:\Windows\System32\drivers\AsHIDSwitch64.sys
12:10:56.0483 5244  HIDSwitch - ok
12:10:56.0544 5244  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
12:10:56.0546 5244  HidUsb - ok
12:10:56.0598 5244  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:10:56.0602 5244  hkmsvc - ok
12:10:56.0656 5244  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:10:56.0662 5244  HomeGroupListener - ok
12:10:56.0706 5244  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:10:56.0711 5244  HomeGroupProvider - ok
12:10:56.0791 5244  [ 0D0213498683414DDE29B1686A4C08D5 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:10:56.0792 5244  hpqcxs08 - ok
12:10:56.0809 5244  [ EE281DD6843F3F697C1AD7933EEB1E9B ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:10:56.0810 5244  hpqddsvc - ok
12:10:56.0848 5244  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:10:56.0849 5244  HpSAMD - ok
12:10:56.0902 5244  [ C995EA1C6915D897E06D41AF95B9312C ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:10:56.0907 5244  HPSLPSVC - ok
12:10:56.0925 5244  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\System32\Drivers\ANDROIDUSB.sys
12:10:57.0235 5244  HTCAND64 - ok
12:10:57.0261 5244  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
12:10:57.0626 5244  htcnprot - ok
12:10:57.0770 5244  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:10:57.0794 5244  HTTP - ok
12:10:57.0808 5244  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:10:57.0976 5244  hwpolicy - ok
12:10:58.0009 5244  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
12:10:58.0013 5244  hyperkbd - ok
12:10:58.0038 5244  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
12:10:58.0041 5244  HyperVideo - ok
12:10:58.0093 5244  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
12:10:58.0096 5244  i8042prt - ok
12:10:58.0169 5244  [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
12:10:58.0172 5244  iaStorA - ok
12:10:58.0212 5244  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:10:58.0220 5244  iaStorV - ok
12:10:58.0849 5244  [ B9857625DF8B539ABCB90E15B5716568 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:10:59.0153 5244  igfx - ok
12:10:59.0177 5244  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:10:59.0187 5244  iirsp - ok
12:10:59.0253 5244  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:10:59.0260 5244  IKEEXT - ok
12:10:59.0296 5244  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:10:59.0302 5244  IntcDAud - ok
12:10:59.0360 5244  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:10:59.0363 5244  Intel® Capability Licensing Service Interface - ok
12:10:59.0412 5244  [ 9656F8E29F6C3161A3E99BCD3A472FF9 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
12:10:59.0413 5244  Intel® ME Service - ok
12:10:59.0450 5244  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:10:59.0452 5244  intelide - ok
12:10:59.0477 5244  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
12:10:59.0480 5244  intelppm - ok
12:10:59.0496 5244  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:10:59.0497 5244  IpFilterDriver - ok
12:10:59.0532 5244  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:10:59.0538 5244  iphlpsvc - ok
12:10:59.0569 5244  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
12:10:59.0572 5244  IPMIDRV - ok
12:10:59.0583 5244  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:10:59.0585 5244  IPNAT - ok
12:10:59.0602 5244  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:10:59.0608 5244  IRENUM - ok
12:10:59.0641 5244  [ 4D9B9A794F22415B8C3E0CCFBE61BC7A ] irstrtdv        C:\Windows\System32\drivers\irstrtdv.sys
12:10:59.0642 5244  irstrtdv - ok
12:10:59.0698 5244  [ E145E934392E7A49FDC6775AC3A347F8 ] irstrtsv        C:\Windows\SysWOW64\irstrtsv.exe
12:10:59.0700 5244  irstrtsv - ok
12:10:59.0709 5244  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:10:59.0711 5244  isapnp - ok
12:10:59.0733 5244  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
12:10:59.0737 5244  iScsiPrt - ok
12:10:59.0777 5244  [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
12:10:59.0779 5244  jhi_service - ok
12:10:59.0817 5244  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
12:10:59.0823 5244  kbdclass - ok
12:10:59.0833 5244  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
12:10:59.0835 5244  kbdhid - ok
12:10:59.0854 5244  [ A8080BEBCDB7A16495CE1205921DCAC5 ] kbfiltr         C:\Windows\System32\drivers\kbfiltr.sys
12:10:59.0863 5244  kbfiltr - ok
12:10:59.0881 5244  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
12:10:59.0882 5244  kdnic - ok
12:10:59.0913 5244  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
12:10:59.0915 5244  KeyIso - ok
12:10:59.0948 5244  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:10:59.0951 5244  KSecDD - ok
12:10:59.0972 5244  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:10:59.0975 5244  KSecPkg - ok
12:11:00.0003 5244  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:11:00.0004 5244  ksthunk - ok
12:11:00.0042 5244  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:11:00.0049 5244  KtmRm - ok
12:11:00.0081 5244  [ CBD16721541EE334F6D623CE0B4003BF ] L1C             C:\Windows\system32\DRIVERS\L1C63x64.sys
12:11:00.0083 5244  L1C - ok
12:11:00.0111 5244  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:11:00.0116 5244  LanmanServer - ok
12:11:00.0146 5244  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:11:00.0151 5244  LanmanWorkstation - ok
12:11:00.0196 5244  [ FCBDCC6F1801E32244235608E1277752 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:11:00.0198 5244  LightScribeService - ok
12:11:00.0225 5244  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:11:00.0227 5244  lltdio - ok
12:11:00.0262 5244  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:11:00.0267 5244  lltdsvc - ok
12:11:00.0284 5244  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:11:00.0286 5244  lmhosts - ok
12:11:00.0335 5244  [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:11:00.0337 5244  LMS - ok
12:11:00.0360 5244  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:11:00.0363 5244  LSI_SAS - ok
12:11:00.0391 5244  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:11:00.0393 5244  LSI_SAS2 - ok
12:11:00.0415 5244  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:11:00.0417 5244  LSI_SCSI - ok
12:11:00.0450 5244  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
12:11:00.0451 5244  LSI_SSS - ok
12:11:00.0490 5244  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
12:11:00.0496 5244  LSM - ok
12:11:00.0507 5244  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:11:00.0510 5244  luafv - ok
12:11:00.0527 5244  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:11:00.0528 5244  MBAMProtector - ok
12:11:00.0556 5244  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:11:00.0558 5244  MBAMScheduler - ok
12:11:00.0579 5244  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:11:00.0583 5244  MBAMService - ok
12:11:00.0613 5244  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
12:11:00.0615 5244  megasas - ok
12:11:00.0629 5244  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:11:00.0633 5244  MegaSR - ok
12:11:00.0649 5244  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
12:11:00.0650 5244  MEIx64 - ok
12:11:00.0688 5244  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
12:11:00.0690 5244  MMCSS - ok
12:11:00.0729 5244  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
12:11:00.0731 5244  Modem - ok
12:11:00.0748 5244  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:11:00.0749 5244  monitor - ok
12:11:00.0760 5244  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
12:11:00.0762 5244  mouclass - ok
12:11:00.0772 5244  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
12:11:00.0773 5244  mouhid - ok
12:11:00.0786 5244  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:11:00.0788 5244  mountmgr - ok
12:11:00.0823 5244  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:11:00.0825 5244  MozillaMaintenance - ok
12:11:00.0847 5244  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:11:00.0849 5244  mpsdrv - ok
12:11:00.0883 5244  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:11:00.0890 5244  MpsSvc - ok
12:11:00.0915 5244  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:11:00.0917 5244  MRxDAV - ok
12:11:00.0956 5244  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:11:00.0960 5244  mrxsmb - ok
12:11:01.0010 5244  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:11:01.0014 5244  mrxsmb10 - ok
12:11:01.0019 5244  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:11:01.0023 5244  mrxsmb20 - ok
12:11:01.0046 5244  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
12:11:01.0049 5244  MsBridge - ok
12:11:01.0066 5244  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
12:11:01.0070 5244  MSDTC - ok
12:11:01.0077 5244  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:11:01.0079 5244  Msfs - ok
12:11:01.0095 5244  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
12:11:01.0097 5244  msgpiowin32 - ok
12:11:01.0133 5244  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:11:01.0135 5244  mshidkmdf - ok
12:11:01.0158 5244  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
12:11:01.0169 5244  mshidumdf - ok
12:11:01.0188 5244  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:11:01.0190 5244  msisadrv - ok
12:11:01.0260 5244  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:11:01.0264 5244  MSiSCSI - ok
12:11:01.0267 5244  msiserver - ok
12:11:01.0289 5244  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:11:01.0291 5244  MSKSSRV - ok
12:11:01.0324 5244  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
12:11:01.0326 5244  MsLldp - ok
12:11:01.0355 5244  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:11:01.0356 5244  MSPCLOCK - ok
12:11:01.0378 5244  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:11:01.0380 5244  MSPQM - ok
12:11:01.0395 5244  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:11:01.0401 5244  MsRPC - ok
12:11:01.0422 5244  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
12:11:01.0424 5244  mssmbios - ok
12:11:01.0427 5244  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:11:01.0429 5244  MSTEE - ok
12:11:01.0444 5244  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
12:11:01.0445 5244  MTConfig - ok
12:11:01.0481 5244  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:11:01.0483 5244  Mup - ok
12:11:01.0495 5244  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
12:11:01.0506 5244  mvumis - ok
12:11:01.0560 5244  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
12:11:01.0568 5244  napagent - ok
12:11:01.0582 5244  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:11:01.0587 5244  NativeWifiP - ok
12:11:01.0617 5244  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
12:11:01.0622 5244  NcaSvc - ok
12:11:01.0635 5244  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
12:11:01.0638 5244  NcdAutoSetup - ok
12:11:01.0678 5244  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:11:01.0686 5244  NDIS - ok
12:11:01.0714 5244  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:11:01.0716 5244  NdisCap - ok
12:11:01.0736 5244  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
12:11:01.0738 5244  NdisImPlatform - ok
12:11:01.0764 5244  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:11:01.0766 5244  NdisTapi - ok
12:11:01.0776 5244  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:11:01.0777 5244  Ndisuio - ok
12:11:01.0810 5244  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:11:01.0814 5244  NdisWan - ok
12:11:01.0818 5244  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
12:11:01.0819 5244  NDISWANLEGACY - ok
12:11:01.0832 5244  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:11:01.0834 5244  NDProxy - ok
12:11:01.0848 5244  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
12:11:01.0850 5244  Ndu - ok
12:11:01.0869 5244  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
12:11:01.0871 5244  Net Driver HPZ12 - ok
12:11:01.0901 5244  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:11:01.0902 5244  NetBIOS - ok
12:11:01.0925 5244  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:11:01.0929 5244  NetBT - ok
12:11:01.0936 5244  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
12:11:01.0938 5244  Netlogon - ok
12:11:01.0982 5244  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
12:11:01.0987 5244  Netman - ok
12:11:02.0021 5244  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\Windows\System32\netprofmsvc.dll
12:11:02.0026 5244  netprofm - ok
12:11:02.0128 5244  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:11:02.0145 5244  NetTcpPortSharing - ok
12:11:02.0303 5244  [ 57B9C04D673F236D41FAB03842C8640B ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
12:11:02.0370 5244  NETwNs64 - ok
12:11:02.0402 5244  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:11:02.0405 5244  nfrd960 - ok
12:11:02.0438 5244  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:11:02.0442 5244  NlaSvc - ok
12:11:02.0456 5244  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:11:02.0459 5244  Npfs - ok
12:11:02.0496 5244  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
12:11:02.0498 5244  npsvctrig - ok
12:11:02.0526 5244  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
12:11:02.0529 5244  nsi - ok
12:11:02.0544 5244  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:11:02.0547 5244  nsiproxy - ok
12:11:02.0594 5244  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:11:02.0612 5244  Ntfs - ok
12:11:02.0648 5244  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
12:11:02.0649 5244  Null - ok
12:11:02.0669 5244  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:11:02.0673 5244  nvraid - ok
12:11:02.0687 5244  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:11:02.0690 5244  nvstor - ok
12:11:02.0709 5244  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:11:02.0712 5244  nv_agp - ok
12:11:02.0758 5244  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:11:02.0764 5244  p2pimsvc - ok
12:11:02.0798 5244  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:11:02.0805 5244  p2psvc - ok
12:11:02.0843 5244  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
12:11:02.0846 5244  Parport - ok
12:11:02.0864 5244  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:11:02.0868 5244  partmgr - ok
12:11:02.0905 5244  [ 3CAE2BBC86FCF7F94C9696994AF30386 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:11:02.0906 5244  PassThru Service - ok
12:11:02.0923 5244  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:11:02.0928 5244  PcaSvc - ok
12:11:02.0967 5244  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
12:11:02.0970 5244  pci - ok
12:11:02.0986 5244  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:11:02.0988 5244  pciide - ok
12:11:03.0007 5244  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:11:03.0012 5244  pcmcia - ok
12:11:03.0056 5244  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:11:03.0058 5244  pcw - ok
12:11:03.0073 5244  [ AECC24430301DBC6A76916E3029B6B83 ] pdc             C:\Windows\system32\drivers\pdc.sys
12:11:03.0075 5244  pdc - ok
12:11:03.0159 5244  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:11:03.0167 5244  PEAUTH - ok
12:11:03.0231 5244  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:11:03.0245 5244  PerfHost - ok
12:11:03.0298 5244  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
12:11:03.0313 5244  pla - ok
12:11:03.0344 5244  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:11:03.0348 5244  PlugPlay - ok
12:11:03.0370 5244  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
12:11:03.0372 5244  Pml Driver HPZ12 - ok
12:11:03.0382 5244  [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth         C:\Windows\system32\DRIVERS\pneteth.sys
12:11:03.0383 5244  pneteth - ok
12:11:03.0405 5244  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:11:03.0409 5244  PNRPAutoReg - ok
12:11:03.0427 5244  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:11:03.0431 5244  PNRPsvc - ok
12:11:03.0473 5244  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:11:03.0477 5244  PolicyAgent - ok
12:11:03.0515 5244  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
12:11:03.0521 5244  Power - ok
12:11:03.0563 5244  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:11:03.0567 5244  PptpMiniport - ok
12:11:03.0660 5244  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
12:11:03.0688 5244  PrintNotify - ok
12:11:03.0712 5244  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
12:11:03.0714 5244  Processor - ok
12:11:03.0744 5244  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:11:03.0748 5244  ProfSvc - ok
12:11:03.0765 5244  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:11:03.0768 5244  Psched - ok
12:11:03.0793 5244  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
12:11:03.0800 5244  QWAVE - ok
12:11:03.0840 5244  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:11:03.0843 5244  QWAVEdrv - ok
12:11:03.0857 5244  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:11:03.0858 5244  RasAcd - ok
12:11:03.0874 5244  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:11:03.0875 5244  RasAgileVpn - ok
12:11:03.0910 5244  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:11:03.0915 5244  RasAuto - ok
12:11:03.0929 5244  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:11:03.0932 5244  Rasl2tp - ok
12:11:03.0943 5244  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
12:11:03.0951 5244  RasMan - ok
12:11:03.0966 5244  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:11:03.0969 5244  RasPppoe - ok
12:11:04.0002 5244  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:11:04.0003 5244  RasSstp - ok
12:11:04.0017 5244  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:11:04.0022 5244  rdbss - ok
12:11:04.0031 5244  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
12:11:04.0033 5244  rdpbus - ok
12:11:04.0044 5244  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:11:04.0047 5244  RDPDR - ok
12:11:04.0069 5244  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:11:04.0072 5244  RdpVideoMiniport - ok
12:11:04.0091 5244  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:11:04.0094 5244  RDPWD - ok
12:11:04.0125 5244  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:11:04.0129 5244  rdyboost - ok
12:11:04.0168 5244  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:11:04.0171 5244  RemoteAccess - ok
12:11:04.0202 5244  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:11:04.0206 5244  RemoteRegistry - ok
12:11:04.0223 5244  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:11:04.0227 5244  RFCOMM - ok
12:11:04.0251 5244  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:11:04.0256 5244  RpcEptMapper - ok
12:11:04.0267 5244  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
12:11:04.0270 5244  RpcLocator - ok
12:11:04.0297 5244  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
12:11:04.0304 5244  RpcSs - ok
12:11:04.0335 5244  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:11:04.0338 5244  rspndr - ok
12:11:04.0360 5244  [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
12:11:04.0367 5244  RTL8168 - ok
12:11:04.0382 5244  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
12:11:04.0385 5244  s3cap - ok
12:11:04.0424 5244  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
12:11:04.0427 5244  SamSs - ok
12:11:04.0444 5244  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:11:04.0446 5244  sbp2port - ok
12:11:04.0477 5244  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:11:04.0481 5244  SCardSvr - ok
12:11:04.0514 5244  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:11:04.0517 5244  scfilter - ok
12:11:04.0553 5244  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
12:11:04.0562 5244  Schedule - ok
12:11:04.0587 5244  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:11:04.0589 5244  SCPolicySvc - ok
12:11:04.0614 5244  [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
12:11:04.0619 5244  sdbus - ok
12:11:04.0644 5244  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:11:04.0650 5244  SDRSVC - ok
12:11:04.0675 5244  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
12:11:04.0677 5244  sdstor - ok
12:11:04.0709 5244  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:11:04.0711 5244  secdrv - ok
12:11:04.0721 5244  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
12:11:04.0726 5244  seclogon - ok
12:11:04.0737 5244  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
12:11:04.0740 5244  SENS - ok
12:11:04.0767 5244  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:11:04.0773 5244  SensrSvc - ok
12:11:04.0788 5244  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
12:11:04.0791 5244  SerCx - ok
12:11:04.0801 5244  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
12:11:04.0804 5244  Serenum - ok
12:11:04.0820 5244  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
12:11:04.0822 5244  Serial - ok
12:11:04.0836 5244  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
12:11:04.0838 5244  sermouse - ok
12:11:04.0874 5244  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
12:11:04.0880 5244  SessionEnv - ok
12:11:04.0905 5244  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
12:11:04.0906 5244  sfloppy - ok
12:11:04.0941 5244  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:11:04.0947 5244  SharedAccess - ok
12:11:04.0993 5244  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:11:04.0999 5244  ShellHWDetection - ok
12:11:05.0029 5244  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:11:05.0030 5244  SiSRaid2 - ok
12:11:05.0048 5244  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:11:05.0050 5244  SiSRaid4 - ok
12:11:05.0142 5244  [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:11:05.0158 5244  Skype C2C Service - ok
12:11:05.0193 5244  [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:11:05.0194 5244  SkypeUpdate - ok
12:11:05.0227 5244  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:11:05.0230 5244  SNMPTRAP - ok
12:11:05.0262 5244  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
12:11:05.0265 5244  spaceport - ok
12:11:05.0277 5244  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
12:11:05.0279 5244  SpbCx - ok
12:11:05.0319 5244  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
12:11:05.0325 5244  Spooler - ok
12:11:05.0405 5244  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:11:05.0432 5244  sppsvc - ok
12:11:05.0456 5244  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:11:05.0460 5244  srv - ok
12:11:05.0501 5244  [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:11:05.0508 5244  srv2 - ok
12:11:05.0557 5244  [ FD8B4F201B681C555A4AF41922C52557 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:11:05.0561 5244  srvnet - ok
12:11:05.0606 5244  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:11:05.0611 5244  SSDPSRV - ok
12:11:05.0624 5244  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:11:05.0627 5244  SstpSvc - ok
12:11:05.0665 5244  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:11:05.0667 5244  stexstor - ok
12:11:05.0688 5244  [ F38F79114380246B6D40CD53FB2CA28D ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:11:05.0689 5244  StillCam - ok
12:11:05.0778 5244  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
12:11:05.0785 5244  stisvc - ok
12:11:05.0832 5244  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
12:11:05.0835 5244  storahci - ok
12:11:05.0850 5244  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
12:11:05.0851 5244  storflt - ok
12:11:05.0876 5244  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
12:11:05.0879 5244  StorSvc - ok
12:11:05.0897 5244  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:11:05.0900 5244  storvsc - ok
12:11:05.0910 5244  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
12:11:05.0913 5244  svsvc - ok
12:11:05.0924 5244  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
12:11:05.0925 5244  swenum - ok
12:11:05.0961 5244  SwOffScheduler - ok
12:11:05.0964 5244  SwOffWeb - ok
12:11:05.0993 5244  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
12:11:06.0001 5244  swprv - ok
12:11:06.0067 5244  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
12:11:06.0077 5244  SysMain - ok
12:11:06.0098 5244  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
12:11:06.0103 5244  SystemEventsBroker - ok
12:11:06.0134 5244  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
12:11:06.0138 5244  TabletInputService - ok
12:11:06.0158 5244  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:11:06.0165 5244  TapiSrv - ok
12:11:06.0214 5244  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:11:06.0233 5244  Tcpip - ok
12:11:06.0258 5244  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:11:06.0270 5244  TCPIP6 - ok
12:11:06.0309 5244  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:11:06.0312 5244  tcpipreg - ok
12:11:06.0332 5244  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:11:06.0334 5244  tdx - ok
12:11:06.0347 5244  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
12:11:06.0349 5244  terminpt - ok
12:11:06.0421 5244  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
12:11:06.0431 5244  TermService - ok
12:11:06.0448 5244  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
12:11:06.0452 5244  Themes - ok
12:11:06.0488 5244  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:11:06.0491 5244  THREADORDER - ok
12:11:06.0525 5244  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
12:11:06.0529 5244  TimeBroker - ok
12:11:06.0549 5244  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
12:11:06.0551 5244  TPM - ok
12:11:06.0578 5244  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
12:11:06.0582 5244  TrkWks - ok
12:11:06.0639 5244  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:11:06.0640 5244  TrustedInstaller - ok
12:11:06.0668 5244  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:11:06.0670 5244  TsUsbFlt - ok
12:11:06.0697 5244  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
12:11:06.0698 5244  TsUsbGD - ok
12:11:06.0730 5244  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:11:06.0731 5244  tunnel - ok
12:11:06.0760 5244  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:11:06.0763 5244  uagp35 - ok
12:11:06.0778 5244  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
12:11:06.0780 5244  UASPStor - ok
12:11:06.0804 5244  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
12:11:06.0806 5244  UCX01000 - ok
12:11:06.0825 5244  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:11:06.0831 5244  udfs - ok
12:11:06.0874 5244  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:11:06.0879 5244  UI0Detect - ok
12:11:06.0896 5244  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:11:06.0898 5244  uliagpkx - ok
12:11:06.0926 5244  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
12:11:06.0927 5244  umbus - ok
12:11:06.0946 5244  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
12:11:06.0947 5244  UmPass - ok
12:11:06.0967 5244  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
12:11:06.0974 5244  UmRdpService - ok
12:11:07.0044 5244  [ E1A119AD21F5AFE22EB516C549306D3D ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:11:07.0046 5244  UNS - ok
12:11:07.0092 5244  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
12:11:07.0100 5244  upnphost - ok
12:11:07.0129 5244  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
12:11:07.0132 5244  usbccgp - ok
12:11:07.0147 5244  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
12:11:07.0151 5244  usbcir - ok
12:11:07.0204 5244  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
12:11:07.0205 5244  usbehci - ok
12:11:07.0232 5244  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\Windows\System32\drivers\usbhub.sys
12:11:07.0240 5244  usbhub - ok
12:11:07.0259 5244  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
12:11:07.0262 5244  USBHUB3 - ok
12:11:07.0290 5244  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
12:11:07.0291 5244  usbohci - ok
12:11:07.0314 5244  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
12:11:07.0316 5244  usbprint - ok
12:11:07.0344 5244  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:11:07.0347 5244  usbscan - ok
12:11:07.0363 5244  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
12:11:07.0367 5244  USBSTOR - ok
12:11:07.0395 5244  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
12:11:07.0396 5244  usbuhci - ok
12:11:07.0413 5244  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:11:07.0417 5244  usbvideo - ok
12:11:07.0434 5244  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
12:11:07.0436 5244  USBXHCI - ok
12:11:07.0465 5244  [ 9AD9560606A3049CE492E3A06FB12716 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
12:11:07.0467 5244  usb_rndisx - ok
12:11:07.0480 5244  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
12:11:07.0483 5244  VaultSvc - ok
12:11:07.0519 5244  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:11:07.0520 5244  vdrvroot - ok
12:11:07.0549 5244  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
12:11:07.0559 5244  vds - ok
12:11:07.0578 5244  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
12:11:07.0581 5244  VerifierExt - ok
12:11:07.0604 5244  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
12:11:07.0609 5244  vhdmp - ok
12:11:07.0677 5244  [ 835E7D983FF99783E508AE79585F55DB ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:11:07.0689 5244  VIAHdAudAddService - ok
12:11:07.0731 5244  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
12:11:07.0733 5244  viaide - ok
12:11:07.0765 5244  [ 6EC4BE21EA092B69C1BBCB9756483212 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
12:11:07.0769 5244  VIAKaraokeService - ok
12:11:07.0785 5244  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:11:07.0790 5244  vmbus - ok
12:11:07.0811 5244  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
12:11:07.0812 5244  VMBusHID - ok
12:11:07.0861 5244  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
12:11:07.0867 5244  vmicheartbeat - ok
12:11:07.0872 5244  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
12:11:07.0875 5244  vmickvpexchange - ok
12:11:07.0881 5244  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
12:11:07.0885 5244  vmicrdv - ok
12:11:07.0891 5244  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
12:11:07.0894 5244  vmicshutdown - ok
12:11:07.0900 5244  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
12:11:07.0903 5244  vmictimesync - ok
12:11:07.0909 5244  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
12:11:07.0912 5244  vmicvss - ok
12:11:07.0943 5244  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:11:07.0945 5244  volmgr - ok
12:11:07.0952 5244  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:11:07.0966 5244  volmgrx - ok
12:11:07.0973 5244  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:11:07.0978 5244  volsnap - ok
12:11:07.0993 5244  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
12:11:07.0995 5244  vpci - ok
12:11:08.0025 5244  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:11:08.0029 5244  vsmraid - ok
12:11:08.0077 5244  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
12:11:08.0093 5244  VSS - ok
12:11:08.0105 5244  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
12:11:08.0110 5244  VSTXRAID - ok
12:11:08.0121 5244  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:11:08.0123 5244  vwifibus - ok
12:11:08.0154 5244  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:11:08.0155 5244  vwififlt - ok
12:11:08.0180 5244  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:11:08.0181 5244  vwifimp - ok
12:11:08.0273 5244  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
12:11:08.0281 5244  W32Time - ok
12:11:08.0290 5244  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
12:11:08.0293 5244  WacomPen - ok
12:11:08.0311 5244  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:11:08.0312 5244  Wanarp - ok
12:11:08.0315 5244  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:11:08.0317 5244  Wanarpv6 - ok
12:11:08.0372 5244  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
12:11:08.0388 5244  wbengine - ok
12:11:08.0403 5244  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:11:08.0410 5244  WbioSrvc - ok
12:11:08.0443 5244  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
12:11:08.0448 5244  Wcmsvc - ok
12:11:08.0472 5244  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:11:08.0481 5244  wcncsvc - ok
12:11:08.0493 5244  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:11:08.0497 5244  WcsPlugInService - ok
12:11:08.0523 5244  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
12:11:08.0526 5244  Wd - ok
12:11:08.0552 5244  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
12:11:08.0555 5244  WdBoot - ok
12:11:08.0592 5244  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:11:08.0600 5244  Wdf01000 - ok
12:11:08.0627 5244  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
12:11:08.0629 5244  WdFilter - ok
12:11:08.0663 5244  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:11:08.0668 5244  WdiServiceHost - ok
12:11:08.0671 5244  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:11:08.0675 5244  WdiSystemHost - ok
12:11:08.0695 5244  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
12:11:08.0701 5244  WebClient - ok
12:11:08.0717 5244  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:11:08.0724 5244  Wecsvc - ok
12:11:08.0747 5244  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:11:08.0751 5244  wercplsupport - ok
12:11:08.0775 5244  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:11:08.0781 5244  WerSvc - ok
12:11:08.0812 5244  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
12:11:08.0814 5244  WFPLWFS - ok
12:11:08.0830 5244  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
12:11:08.0835 5244  WiaRpc - ok
12:11:08.0846 5244  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:11:08.0848 5244  WIMMount - ok
12:11:08.0888 5244  WinDefend - ok
12:11:08.0924 5244  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
12:11:08.0931 5244  WinHttpAutoProxySvc - ok
12:11:08.0985 5244  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:11:08.0986 5244  Winmgmt - ok
12:11:09.0075 5244  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:11:09.0101 5244  WinRM - ok
12:11:09.0143 5244  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
12:11:09.0144 5244  WinUsb - ok
12:11:09.0184 5244  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
12:11:09.0194 5244  WlanSvc - ok
12:11:09.0243 5244  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
12:11:09.0256 5244  wlidsvc - ok
12:11:09.0270 5244  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
12:11:09.0271 5244  WmiAcpi - ok
12:11:09.0340 5244  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:11:09.0345 5244  wmiApSrv - ok
12:11:09.0427 5244  WMPNetworkSvc - ok
12:11:09.0463 5244  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
12:11:09.0464 5244  wpcfltr - ok
12:11:09.0500 5244  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:11:09.0504 5244  WPCSvc - ok
12:11:09.0531 5244  [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:11:09.0536 5244  WPDBusEnum - ok
12:11:09.0549 5244  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
12:11:09.0551 5244  WpdUpFltr - ok
12:11:09.0582 5244  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:11:09.0583 5244  ws2ifsl - ok
12:11:09.0615 5244  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:11:09.0619 5244  wscsvc - ok
12:11:09.0642 5244  [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
12:11:09.0643 5244  WSDPrintDevice - ok
12:11:09.0670 5244  [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
12:11:09.0671 5244  WSDScan - ok
12:11:09.0675 5244  WSearch - ok
12:11:09.0723 5244  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
12:11:09.0745 5244  WSService - ok
12:11:09.0816 5244  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
12:11:09.0835 5244  wuauserv - ok
12:11:09.0877 5244  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:11:09.0878 5244  WudfPf - ok
12:11:09.0891 5244  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
12:11:09.0895 5244  WUDFRd - ok
12:11:09.0900 5244  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
12:11:09.0902 5244  WUDFSensorLP - ok
12:11:09.0928 5244  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:11:09.0932 5244  wudfsvc - ok
12:11:09.0937 5244  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
12:11:09.0939 5244  WUDFWpdFs - ok
12:11:09.0943 5244  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
12:11:09.0945 5244  WUDFWpdMtp - ok
12:11:09.0985 5244  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:11:09.0994 5244  WwanSvc - ok
12:11:10.0007 5244  ================ Scan global ===============================
12:11:10.0052 5244  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
12:11:10.0076 5244  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
12:11:10.0107 5244  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
12:11:10.0127 5244  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
12:11:10.0134 5244  [Global] - ok
12:11:10.0135 5244  ================ Scan MBR ==================================
12:11:10.0150 5244  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:11:10.0173 5244  \Device\Harddisk0\DR0 - ok
12:11:10.0176 5244  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
12:11:10.0179 5244  \Device\Harddisk1\DR1 - ok
12:11:10.0180 5244  ================ Scan VBR ==================================
12:11:10.0182 5244  [ E8E6B44B0CAA1A6BBADC9978259F637A ] \Device\Harddisk0\DR0\Partition1
12:11:10.0183 5244  \Device\Harddisk0\DR0\Partition1 - ok
12:11:10.0196 5244  [ 3CB3E757204F069D436327AB273007FF ] \Device\Harddisk0\DR0\Partition2
12:11:10.0197 5244  \Device\Harddisk0\DR0\Partition2 - ok
12:11:10.0211 5244  [ 05DA05766A59176F438170EC6492A242 ] \Device\Harddisk0\DR0\Partition3
12:11:10.0211 5244  \Device\Harddisk0\DR0\Partition3 - ok
12:11:10.0219 5244  [ CBB0DDCB7A7E5D19E2B31314D05CE7BC ] \Device\Harddisk0\DR0\Partition4
12:11:10.0220 5244  \Device\Harddisk0\DR0\Partition4 - ok
12:11:10.0238 5244  [ 9BBA6355B529DC05352774AB969062F5 ] \Device\Harddisk0\DR0\Partition5
12:11:10.0239 5244  \Device\Harddisk0\DR0\Partition5 - ok
12:11:10.0262 5244  [ EE23D33D93944E6173684230F34719FC ] \Device\Harddisk0\DR0\Partition6
12:11:10.0263 5244  \Device\Harddisk0\DR0\Partition6 - ok
12:11:10.0266 5244  [ 4442C0A6C04745FB6E5882AD4133A05F ] \Device\Harddisk1\DR1\Partition1
12:11:10.0267 5244  \Device\Harddisk1\DR1\Partition1 - ok
12:11:10.0270 5244  [ 4D483C21AAF39C62081E1E71AB6DB06D ] \Device\Harddisk1\DR1\Partition2
12:11:10.0271 5244  \Device\Harddisk1\DR1\Partition2 - ok
12:11:14.0873 5244  ============================================================
12:11:14.0873 5244  Scan finished
12:11:14.0873 5244  ============================================================
12:11:14.0897 4776  Detected object count: 0
12:11:14.0897 4776  Actual detected object count: 0
12:13:00.0256 4748  Deinitialize success
 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:33 PM

Posted 26 March 2013 - 02:34 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 mwda

mwda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 26 March 2013 - 09:03 PM

It seems to be running well but as I noted we really never had much of a problem with it.  We posted because we where told by a Tech Support person that we had a backdoor and you did find a Trojan though it does not seem to have effected the computer much.  I am under the impression that Win 8 64bit version can put up with much abuse and still run well.

 

Should we do something else?

 

Thanks again for your help

Marshall D'Arcy



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:33 PM

Posted 27 March 2013 - 11:52 AM

Lets run a couple other tools and see if any leftovers.
 
 
1.
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • .Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • After completing the scan, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

     
     
    2.
    I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png  button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png
         icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    Things to include in your next reply::
    MBAM log
    Eset log

Edited by fireman4it, 27 March 2013 - 11:55 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 mwda

mwda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 28 March 2013 - 08:23 PM

Thank you again for your response

 

I have scaned my sisters computer serveral times with Malwarebytes and the Malwarebytes root kit program with no results.

 

I don't think I will be able to get to her house to scan using  "esetsmartinstaller_enu.exe" program untill after Easter with Good Friday and all the holiday things that she has to do but I will do it as soon as I can.

 

Thank you again for your help

Marshall



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:33 PM

Posted 28 March 2013 - 10:28 PM

Ok I will keep the topic open until next tuesday.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 mwda

mwda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 31 March 2013 - 01:39 PM

Thank you again for your help ESET found 12 items that it removed.  It was clearly important to run an on line scan as you said.

I do not have the log of when we ran Malwarebytes but have put the log of Malwarebytes root kit finder and the end.

 

logs

ESET found

ESET log

Malwarebytes root kit finder log

 

================================

ESET found

C:\Users\JeanetteN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\25b53a1d-14ed40df    probably a variant of Java/Exploit.Agent.NMS trojan    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\advanced-mp3-converterexe.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\cbsidlm-tr1_10a-AutoShutdown-SEO-10190408.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\cbsidlm-tr1_10a-Switch_Off-SEO-10056977.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\cbsidlm-tr1_11-Free_Convert_All_Music_Audio_Converter_Gold-SEO-10909678(1).exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\cbsidlm-tr1_11-Free_Convert_All_Music_Audio_Converter_Gold-SEO-10909678(2).exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\cbsidlm-tr1_11-Free_Convert_All_Music_Audio_Converter_Gold-SEO-10909678.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\pdfsplitandmerge_freely_d157194.exe    probably a variant of Win32/InstallIQ application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\PhotoScape_V3.6.3.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\JeanetteN\Downloads\speedupmypc.exe    Win32/SpeedUpMyPC application    cleaned by deleting - quarantined
D:\all\util\defrag\auslogic\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
D:\all\util\key finder\KeyFinderInstaller.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
 

=============================

eset log

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=83c67e781d95ad40a4f85016f089ba16
# engine=13521
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-31 06:14:17
# local_time=2013-03-31 01:14:17 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=774 16777213 85 91 263903 140541929 0 0
# compatibility_mode=5893 16776574 100 94 119363 24173368 0 0
# scanned=214579
# found=12
# cleaned=12
# scan_time=5711
sh=36236951F6CE17CE5038C765631714B0E680D4C5 ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\25b53a1d-14ed40df"
sh=EDB4DB13FC0D8540FCFB4EC5A99A6B1E99D7EBFC ft=1 fh=99c02ab668a5cdf6 vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\advanced-mp3-converterexe.exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\cbsidlm-tr1_10a-AutoShutdown-SEO-10190408.exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\cbsidlm-tr1_10a-Switch_Off-SEO-10056977.exe"
sh=40D202A651FC7C6AE8C6773B0CD3FA8B652BCE09 ft=1 fh=9e25b6ea9088c4c6 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\cbsidlm-tr1_11-Free_Convert_All_Music_Audio_Converter_Gold-SEO-10909678(1).exe"
sh=40D202A651FC7C6AE8C6773B0CD3FA8B652BCE09 ft=1 fh=9e25b6ea9088c4c6 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\cbsidlm-tr1_11-Free_Convert_All_Music_Audio_Converter_Gold-SEO-10909678(2).exe"
sh=40D202A651FC7C6AE8C6773B0CD3FA8B652BCE09 ft=1 fh=9e25b6ea9088c4c6 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\cbsidlm-tr1_11-Free_Convert_All_Music_Audio_Converter_Gold-SEO-10909678.exe"
sh=0B0FA4DB46F36F57A592DC512F6847A1FF597A7B ft=1 fh=d5a4d9bca9929321 vn="probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\pdfsplitandmerge_freely_d157194.exe"
sh=5BCBA1C25D5BEB2AD67A91FD407CF2D36710901A ft=1 fh=00640f97360e4fc8 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\PhotoScape_V3.6.3.exe"
sh=563D839F32AC34BE889E6DF32051D13F1263227D ft=1 fh=ae8e2ceba838c9fb vn="Win32/SpeedUpMyPC application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\JeanetteN\Downloads\speedupmypc.exe"
sh=AB798002DF5282C7E46D5E397624EAC91B5B82B3 ft=1 fh=dcb92b73b2a19d7c vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="D:\all\util\defrag\auslogic\disk-defrag-setup.exe"
sh=3020B029859FCA64DD7302B6A15EB95ED63F2CE4 ft=1 fh=c3fa197657d89c9b vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\all\util\key finder\KeyFinderInstaller.exe"

 

======================================

Malwarebytes Root kit finder log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16519

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4175003648, free: 1412194304

------------ Kernel report ------------
     03/17/2013 18:26:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswnet.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\DptfDevProc.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\DptfDevFan.sys
\SystemRoot\system32\DRIVERS\DptfDevGen.sys
\SystemRoot\system32\DRIVERS\DptfDevPch.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\DptfDevDram.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\DptfManager.sys
\SystemRoot\System32\drivers\irstrtdv.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\drivers\hidusb.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800674a060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000046\
Lower Device Object: 0xfffffa800432a060
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800674b060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000045\
Lower Device Object: 0xfffffa800432c060
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
Downloaded database version: v2013.03.17.13
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800674b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800674bb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80059e4880, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa800674b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800432ab80, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800432c060, DeviceName: \Device\00000045\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0xfffff8a0105894a0, 0xfffffa800674b060, 0xfffffa802ed53090
Lower DeviceData: 0xfffff8a00a782af0, 0xfffffa800432c060, 0xfffffa800496a280
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1FEB4A9B

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 976773167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 459718010
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid b493156a-8540-46f9-a3eb-e08346125e6f
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 459718010
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid b493156a-8540-46f9-a3eb-e08346125e6f
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID ed04135b-bd79-4c7c-b3b5-b0f9c2fe6826
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 95a1d2c2-393a-4150-bbd2-d8e7179e7f8a
    FirstLBA 616448  Last LBA 2459647
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 432a977b-f26d-4e75-b9ee-bf61ee6f4a4
    FirstLBA 2459648  Last LBA 2721791
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID a4b797d9-868-4bd1-a92d-f244639039f5
    FirstLBA 2721792  Last LBA 393431039
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f64f82a7-8f2b-4748-88b1-7bc61e71c70
    FirstLBA 393431040  Last LBA 934809599
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ab4d458-cd09-4bfb-a447-5f5fa66332e2
    FirstLBA 934809600  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800674a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800674ab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80059e3880, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa800674a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800432cbe0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800432a060, DeviceName: \Device\00000046\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0xfffff8a00c4ed2d0, 0xfffffa800674a060, 0xfffffa8030f6b090
Lower DeviceData: 0xfffff8a002cd9660, 0xfffffa800432a060, 0xfffffa80176a6460
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 327B2445

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2551698815
    GPT Header CurrentLba = 1 BackupLba 46905263
    GPT Header FirstUsableLba 34  LastUsableLba 46905230
    GPT Header Guid cbf928bf-2fc1-4119-bf11-fa5fa6abcb6
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2551698815
    Backup GPT header CurrentLba = 46905263 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 46905230
    Backup GPT header Guid cbf928bf-2fc1-4119-bf11-fa5fa6abcb6
    Backup GPT header Contains 128 partition entries starting at LBA 46905231
    Backup GPT header Partition entry size = 128

    Partition 0 Type b8cb5058-c187-4719-baf0-379ca2d4c97e
    Partition ID 4613ee39-4727-4347-8134-173f59f716f
    FirstLBA 8392704  Last LBA 46903295
    Attributes 0
    Partition Name                                  HFS

    Partition 1 Type d3bfe2de-3daf-11df-ba40-e3a556d89593
    Partition ID 65803252-70f-4193-9121-f185efc03d2c
    FirstLBA 2048  Last LBA 8390655
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 24015495168 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16519

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4175003648, free: 2072297472

=======================================


 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:33 PM

Posted 31 March 2013 - 04:21 PM

Hello, mwda.
Congratulations! You now appear clean! :cool:

 


  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 


Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Now you should to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: and .

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 mwda

mwda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 31 March 2013 - 05:17 PM

Thank you thank you thank you

 

Things seem to be running normally. 

 

I would only like to ask if it is normal for Win 8 to trun off the computer while the Eset scan was running?  When I started the computer again it automatically went back to the desktop with the Eset scan program still running as if nothing had happened and the program finished and reported the viruses with no apparent problem.  Usually when Win 8 starts up it goes to a "Start" page then we have to click on desktop to get to the desktop.  I assume that the program did something that caused the laptop computer to shut down but I do not know.

 

Thank you again

Marshall D'Arcy



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:33 PM

Posted 31 March 2013 - 08:40 PM

I would only like to ask if it is normal for Win 8 to trun off the computer while the Eset scan was running?  When I started the computer again it automatically went back to the desktop with the Eset scan program still running as if nothing had happened and the program finished and reported the viruses with no apparent problem.  Usually when Win 8 starts up it goes to a "Start" page then we have to click on desktop to get to the desktop.  I assume that the program did something that caused the laptop computer to shut down but I do not know.

This is normal for Eset to do that.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 mwda

mwda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 04 April 2013 - 12:48 PM

I uninstalled every thing as instructed.  I wish to thank you for one last time for the help your provided.

 

best wishes

Marshall D'Arcy






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users