Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus- a trojan?


  • This topic is locked This topic is locked
32 replies to this topic

#1 brickcityblues

brickcityblues

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 07 May 2013 - 03:21 PM

I keep getting error messages about malware in my Chrome browser. Chrome recommends that I not visit certain sites because my personal information may be compromised. I have no idea where to start to remove this problem. I have ran several anti-viral programs which repeatedly state that a trojan was quarentined but the problem is never resolved. I can only use my computer in safe mode. I enable networking in safe mode to use for work. If I start my computer in normal mode, it will crash without fail. Because of this, I cannot quote the actual error message. Attached File  attach.txt   59.13KB   1 downloads Any help is greatly appreciated. Thank you!

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.5.1

Run by NOLITA at 16:07:20 on 2013-05-07

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.2484 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c

uRun: [EPSON WorkForce 520 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_SC0A0.tmp" /EF "HKCU"

uRun: [Google] rundll32.exe "c:\users\nolita\appdata\local\logmein\google\iqxnznsy.dll",SonyUsbCheckMyDeviceW

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex

StartupFolder: c:\users\nolita\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{B0AB436B-A063-4E07-AE55-84D2FDE93158} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B0AB436B-A063-4E07-AE55-84D2FDE93158}\131364850383139333034363 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B0AB436B-A063-4E07-AE55-84D2FDE93158}\4557E6E65697142747 : DHCPNameServer = 65.91.52.25 216.128.200.2

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374704]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-7-29 47640]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-29 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-29 1343400]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\Winword.exe="c:\program files\microsoft office\office12\WINWORD.EXE" /n /dde [UserChoice] [default=edit - 'Open' doesn't exist]

.

=============== Created Last 30 ================

.

2013-05-07 14:38:27     6906960     ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{314bad8f-e8b5-446d-8b2d-c0a24906e984}\mpengine.dll

2013-05-06 14:34:16     6906960     ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-05 02:02:33     --------    d-----w-    c:\programdata\AVG April 2013 Campaign

2013-04-26 14:57:06     --------    d-----w-    c:\programdata\McAfee Security Scan

2013-04-26 14:57:03     --------    d-----w-    c:\program files\McAfee Security Scan

2013-04-18 17:16:27     --------    d-----w-    c:\program files\Microsoft Security Client

2013-04-14 20:00:21     0     ----a-w-    c:\users\nolita\www.mediatakeot.com

2013-04-11 07:18:40     302368      ----a-w-    c:\windows\system32\drivers\avgtdix.sys

.

==================== Find3M  ====================

.

2013-04-19 13:10:14     83456 ----a-w-    c:\windows\system32\drivers\SERIAL.SYS

2013-04-02 21:04:05     73432 ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-02 21:04:05     693976      ----a-w-    c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 16:10:04.31 ===============

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.5.1

Run by NOLITA at 16:07:20 on 2013-05-07

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.2484 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c

uRun: [EPSON WorkForce 520 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_SC0A0.tmp" /EF "HKCU"

uRun: [Google] rundll32.exe "c:\users\nolita\appdata\local\logmein\google\iqxnznsy.dll",SonyUsbCheckMyDeviceW

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex

StartupFolder: c:\users\nolita\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{B0AB436B-A063-4E07-AE55-84D2FDE93158} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B0AB436B-A063-4E07-AE55-84D2FDE93158}\131364850383139333034363 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B0AB436B-A063-4E07-AE55-84D2FDE93158}\4557E6E65697142747 : DHCPNameServer = 65.91.52.25 216.128.200.2

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374704]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-7-29 47640]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-29 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-29 1343400]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\Winword.exe="c:\program files\microsoft office\office12\WINWORD.EXE" /n /dde [UserChoice] [default=edit - 'Open' doesn't exist]

.

=============== Created Last 30 ================

.

2013-05-07 14:38:27     6906960     ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{314bad8f-e8b5-446d-8b2d-c0a24906e984}\mpengine.dll

2013-05-06 14:34:16     6906960     ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-05 02:02:33     --------    d-----w-    c:\programdata\AVG April 2013 Campaign

2013-04-26 14:57:06     --------    d-----w-    c:\programdata\McAfee Security Scan

2013-04-26 14:57:03     --------    d-----w-    c:\program files\McAfee Security Scan

2013-04-18 17:16:27     --------    d-----w-    c:\program files\Microsoft Security Client

2013-04-14 20:00:21     0     ----a-w-    c:\users\nolita\www.mediatakeot.com

2013-04-11 07:18:40     302368      ----a-w-    c:\windows\system32\drivers\avgtdix.sys

.

==================== Find3M  ====================

.

2013-04-19 13:10:14     83456 ----a-w-    c:\windows\system32\drivers\SERIAL.SYS

2013-04-02 21:04:05     73432 ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-02 21:04:05     693976      ----a-w-    c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 16:10:04.31 ===============

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 07 May 2013 - 03:47 PM


Hello brickcityblues

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 09:35 AM

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
AVG Internet Security 2012   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java™ 7 Update 5  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Google Chrome 25.0.1364.172  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 


#4 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 10:26 AM

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 10:42:19

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : NOLITA - NOLITA-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\NOLITA\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16448

 

[OK] Registry is clean.

 

-\\ Google Chrome v26.0.1410.64

 

File : C:\Users\NOLITA\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [1124 octets] - [08/05/2013 10:38:31]

AdwCleaner[S1].txt - [1064 octets] - [08/05/2013 10:42:19]

 

########## EOF - C:\AdwCleaner[S1].txt - [1124 octets] ##########



#5 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 10:32 AM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : NOLITA [Admin rights]
Mode : Remove -- Date : 05/08/2013 11:30:36
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google (rundll32.exe "C:\Users\NOLITA\AppData\Local\LogMeIn\Google\iqxnznsy.dll",SonyUsbCheckMyDeviceW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Policies\Explorer\Run : ebebacbffad (C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\23891e9b-6928-4e26-8b29-a48cbf39469fad\ebebacbffad.exe) [-] -> DELETED
[TASK][SUSP PATH] ROC_SYS_TASK_DELETE.job : C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[TASK][SUSP PATH] ROC_SYS_TASK.job : C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /TASK_START_SYS --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [7] -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\@ [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\U\80000032.@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\L\76603ac3 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$c117d79687204ab5f8bdd41cfbdb3b45\L --> REMOVED
[ZeroAccess][JUNCTION] C:\Windows\$NtUninstallKB58616$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FILE] 1781165955 : C:\Windows\$NtUninstallKB58616$\1781165955 [-] --> REMOVED
[Del.Parent][FILE] @ : C:\Windows\$NtUninstallKB58616$\3528275637\@ [-] --> REMOVED
[Del.Parent][FILE] Desktop.ini : C:\Windows\$NtUninstallKB58616$\3528275637\Desktop.ini [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\$NtUninstallKB58616$\3528275637\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\$NtUninstallKB58616$\3528275637\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 6715e287 : C:\Windows\$NtUninstallKB58616$\3528275637\L\6715e287 [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\Windows\$NtUninstallKB58616$\3528275637\L\76603ac3 [-] --> REMOVED
[Del.Parent][FILE] xadqgnnk : C:\Windows\$NtUninstallKB58616$\3528275637\L\xadqgnnk [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB58616$\3528275637\L --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\$NtUninstallKB58616$\3528275637\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\$NtUninstallKB58616$\3528275637\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\$NtUninstallKB58616$\3528275637\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\$NtUninstallKB58616$\3528275637\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\$NtUninstallKB58616$\3528275637\U\80000032.@ [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB58616$\3528275637\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB58616$\3528275637 --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\$NtUninstallKB58616$ --> REMOVED
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 1afbb88b5c188965f46e5e2454db4731
[BSP] 2eda49426ce203bd102524b83299df6a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f106756b6c77f58b9cfda299c538e7dc
[BSP] 2eda49426ce203bd102524b83299df6a : Windows 7/8 MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
 
Finished : << RKreport[2]_D_05082013_02d1130.txt >>
RKreport[1]_S_05082013_02d1129.txt ; RKreport[2]_D_05082013_02d1130.txt


#6 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 10:34 AM

Also, I tried to start up in normal mode and it keeps kicking me into this infinite loop of restarting. I can only start my pc in safemode. No other mode will allow me to get further then the profile log in screen. Next time I'm able to catch the exact error message I will post. Thank you SO much, Gringo!



#7 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 10:44 AM

So this is what happens when I attempt to start/restart the computer in normal mode:

 

It will load all the way to the blue screen that is used to sign into your profile. After I enter my password and hit enter, the screen goes black, then flashes blue. The blue screen is not up long enough for me to read but it says something along the lines of "A ? was detected" and it looks like there is a scan of sorts going on but like I said it flashes VERY quickly. Then it reboots and asks what mode I would like to start the pc in. Restarting the computer in normal mode will result in the a repeat of the above. Starting in Safe Mode with networking will allow me to use the pc MOST of the time. There are times when starting in Safe Mode gives the same results and I have to keep selecting the option for a boot in safe mode several times before it actually boots up. Hope this helps!

 

-Brick



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 08 May 2013 - 12:42 PM


Hello brickcityblues

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 02:23 PM

Gringo-

 

When I attempted to run the scan the first time, it crashed and I had to reboot it mid-scan. After restarting, it completed the scan fully with no problems. Once everything was done and I was given a log/report, I attempted to restart my computer normally and it still will not boot in this mode. I had to opt for the Safe Mode again to be able to use the machine so no change in performance that I have seen.

 

Here is my log:

 

 

ComboFix 13-05-08.02 - NOLITA 05/08/2013  14:57:28.2.2 - x86 NETWORK

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.2364 [GMT -4:00]

Running from: c:\users\NOLITA\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\Desktop\Internet Security 2013.lnk

c:\windows\system32\config\systemprofile\alg.exe

c:\windows\system32\config\systemprofile\winlogon.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-04-08 to 2013-05-08  )))))))))))))))))))))))))))))))

.

.

2013-05-08 19:05 . 2013-05-08 19:12 --------    d-----w-      c:\users\NOLITA\AppData\Local\temp

2013-05-08 19:05 . 2013-05-08 19:05 --------    d-----w-      c:\windows\system32\config\systemprofile\AppData\Local\temp ERROR(0x00000005)

2013-05-08 19:05 . 2013-05-08 19:05 --------    d-----w-      c:\users\Default\AppData\Local\temp

2013-05-08 15:14 . 2013-04-17 10:31 6906960     ----a-w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00093A6F-ACAE-4D0A-95D4-5AA5A81DEEAB}\mpengine.dll

2013-05-07 14:38 . 2013-04-17 10:31 6906960     ----a-w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-05 02:02 . 2013-05-05 02:02 --------    d-----w-    c:\programdata\AVG April 2013 Campaign

2013-04-30 15:06 . 2013-04-30 15:06 --------    d-----w-      c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee   ERROR(0x00000005)

2013-04-26 14:57 . 2013-04-26 14:57 --------    d-----w-    c:\programdata\McAfee Security Scan

2013-04-26 14:57 . 2013-04-30 15:05 --------    d-----w-    c:\program files\McAfee Security Scan

2013-04-18 17:16 . 2013-04-18 17:16 --------    d-----w-    c:\program files\Microsoft Security Client

2013-04-14 20:00 . 2013-04-14 20:00 0     ----a-w-    c:\users\NOLITA\www.mediatakeot.com

2013-04-11 07:18 . 2013-04-11 07:18 302368      ----a-w-      c:\windows\system32\drivers\avgtdix.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-19 13:10 . 2009-07-13 23:45 83456 ----a-w-    c:\windows\system32\drivers\SERIAL.SYS

2013-04-02 21:04 . 2012-07-30 00:01 73432 ----a-w-      c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-02 21:04 . 2012-07-30 00:01 693976      ----a-w-      c:\windows\system32\FlashPlayerApp.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe" [2013-03-13 706776]

.

c:\users\NOLITA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-7-31 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-19 17:28  1642448     ----a-w-    c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 21:04]

.

2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 02:47]

.

2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 02:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-05-08  15:13:19

ComboFix-quarantined-files.txt  2013-05-08 19:13

.

Pre-Run: 267,864,465,408 bytes free

Post-Run: 270,921,654,272 bytes free

.

- - End Of File - - 6F2729A1F67C2C7D312268209CA5546B

 

 

 

Thanks! 

 

-Brick



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 08 May 2013 - 02:42 PM


Hello brickcityblues

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 03:14 PM

I'm having some trouble. When I got to change the parameters, it allows me to check the box and the reboot begins. When it reboots, it restarts in Normal mode which causes it to start the crashing loop. To stop this loop, I select the option to start in Safe Mode but when the desktop loads TDSSKiller does not load automatically. When I select the icon to start it, and attempt to check the boxes in the change parameters menu, it prompts me again for the reboot when I select the 'loaded modules' box. This restarts my computer in Normal Mode and a new cycle begins anew....

 

-Brick



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 08 May 2013 - 03:17 PM

OK move to the next item
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 03:32 PM

16:20:48.0506 1636  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:20:48.0912 1636  ============================================================

16:20:48.0912 1636  Current date / time: 2013/05/08 16:20:48.0912

16:20:48.0912 1636  SystemInfo:

16:20:48.0912 1636 

16:20:48.0912 1636  OS Version: 6.1.7601 ServicePack: 1.0

16:20:48.0912 1636  Product type: Workstation

16:20:48.0912 1636  ComputerName: NOLITA-PC

16:20:48.0912 1636  UserName: NOLITA

16:20:48.0912 1636  Windows directory: C:\Windows

16:20:48.0912 1636  System windows directory: C:\Windows

16:20:48.0912 1636  Processor architecture: Intel x86

16:20:48.0912 1636  Number of processors: 2

16:20:48.0912 1636  Page size: 0x1000

16:20:48.0912 1636  Boot type: Safe boot with network

16:20:48.0912 1636  ============================================================

16:20:50.0019 1636  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:20:50.0019 1636  ============================================================

16:20:50.0019 1636  \Device\Harddisk0\DR0:

16:20:50.0019 1636  MBR partitions:

16:20:50.0019 1636  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

16:20:50.0019 1636  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE000

16:20:50.0019 1636  ============================================================

16:20:50.0035 1636  C: <-> \Device\Harddisk0\DR0\Partition2

16:20:50.0035 1636  ============================================================

16:20:50.0035 1636  Initialize success

16:20:50.0035 1636  ============================================================

16:21:15.0993 0848  ============================================================

16:21:15.0993 0848  Scan started

16:21:15.0993 0848  Mode: Manual; SigCheck; TDLFS;

16:21:15.0993 0848  ============================================================

16:21:16.0633 0848  ================ Scan system memory ========================

16:21:16.0633 0848  System memory - ok

16:21:16.0633 0848  ================ Scan services =============================

16:21:16.0758 0848  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

16:21:17.0148 0848  1394ohci - ok

16:21:17.0179 0848  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

16:21:17.0194 0848  ACPI - ok

16:21:17.0210 0848  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

16:21:17.0257 0848  AcpiPmi - ok

16:21:17.0304 0848  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:21:17.0319 0848  AdobeFlashPlayerUpdateSvc - ok

16:21:17.0350 0848  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

16:21:17.0366 0848  adp94xx - ok

16:21:17.0382 0848  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

16:21:17.0397 0848  adpahci - ok

16:21:17.0413 0848  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

16:21:17.0428 0848  adpu320 - ok

16:21:17.0475 0848  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

16:21:17.0522 0848  AeLookupSvc - ok

16:21:17.0553 0848  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

16:21:17.0600 0848  AFD - ok

16:21:17.0631 0848  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

16:21:17.0631 0848  agp440 - ok

16:21:17.0662 0848  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys

16:21:17.0678 0848  aic78xx - ok

16:21:17.0694 0848  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

16:21:17.0709 0848  ALG - ok

16:21:17.0725 0848  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

16:21:17.0725 0848  aliide - ok

16:21:17.0740 0848  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

16:21:17.0756 0848  amdagp - ok

16:21:17.0772 0848  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

16:21:17.0772 0848  amdide - ok

16:21:17.0803 0848  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

16:21:17.0850 0848  AmdK8 - ok

16:21:17.0850 0848  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

16:21:17.0896 0848  AmdPPM - ok

16:21:17.0912 0848  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

16:21:17.0928 0848  amdsata - ok

16:21:17.0943 0848  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

16:21:17.0943 0848  amdsbs - ok

16:21:17.0959 0848  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

16:21:17.0974 0848  amdxata - ok

16:21:17.0990 0848  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

16:21:18.0068 0848  AppID - ok

16:21:18.0115 0848  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

16:21:18.0146 0848  AppIDSvc - ok

16:21:18.0162 0848  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

16:21:18.0193 0848  Appinfo - ok

16:21:18.0208 0848  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll

16:21:18.0240 0848  AppMgmt - ok

16:21:18.0255 0848  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys

16:21:18.0271 0848  arc - ok

16:21:18.0286 0848  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

16:21:18.0302 0848  arcsas - ok

16:21:18.0318 0848  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

16:21:18.0396 0848  AsyncMac - ok

16:21:18.0411 0848  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

16:21:18.0427 0848  atapi - ok

16:21:18.0458 0848  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:21:18.0505 0848  AudioEndpointBuilder - ok

16:21:18.0505 0848  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

16:21:18.0520 0848  Audiosrv - ok

16:21:18.0676 0848  [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent     C:\Program Files\AVG\AVG2012\avgidsagent.exe

16:21:18.0801 0848  AVGIDSAgent - ok

16:21:18.0848 0848  [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys

16:21:18.0848 0848  AVGIDSDriver - ok

16:21:18.0879 0848  [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfilterx.sys

16:21:18.0879 0848  AVGIDSFilter - ok

16:21:18.0879 0848  [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys

16:21:18.0895 0848  AVGIDSHX - ok

16:21:18.0910 0848  [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys

16:21:18.0910 0848  AVGIDSShim - ok

16:21:18.0942 0848  [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys

16:21:18.0942 0848  Avgldx86 - ok

16:21:18.0957 0848  [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys

16:21:18.0957 0848  Avgmfx86 - ok

16:21:18.0973 0848  [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys

16:21:18.0973 0848  Avgrkx86 - ok

16:21:19.0004 0848  [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys

16:21:19.0020 0848  Avgtdix - ok

16:21:19.0051 0848  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files\AVG\AVG2012\avgwdsvc.exe

16:21:19.0066 0848  avgwd - ok

16:21:19.0098 0848  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

16:21:19.0113 0848  AxInstSV - ok

16:21:19.0144 0848  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys

16:21:19.0160 0848  b06bdrv - ok

16:21:19.0191 0848  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

16:21:19.0207 0848  b57nd60x - ok

16:21:19.0285 0848  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys

16:21:19.0316 0848  BCM43XX - ok

16:21:19.0332 0848  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

16:21:19.0363 0848  BDESVC - ok

16:21:19.0378 0848  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

16:21:19.0410 0848  Beep - ok

16:21:19.0472 0848  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll

16:21:19.0503 0848  BFE - ok

16:21:19.0566 0848  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll

16:21:19.0628 0848  BITS - ok

16:21:19.0675 0848  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

16:21:19.0690 0848  blbdrive - ok

16:21:19.0737 0848  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

16:21:19.0768 0848  bowser - ok

16:21:19.0768 0848  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:21:19.0815 0848  BrFiltLo - ok

16:21:19.0831 0848  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:21:19.0862 0848  BrFiltUp - ok

16:21:19.0909 0848  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys

16:21:19.0940 0848  BridgeMP - ok

16:21:19.0971 0848  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

16:21:19.0987 0848  Browser - ok

16:21:20.0002 0848  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

16:21:20.0018 0848  Brserid - ok

16:21:20.0034 0848  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

16:21:20.0065 0848  BrSerWdm - ok

16:21:20.0080 0848  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

16:21:20.0096 0848  BrUsbMdm - ok

16:21:20.0112 0848  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

16:21:20.0127 0848  BrUsbSer - ok

16:21:20.0143 0848  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

16:21:20.0158 0848  BTHMODEM - ok

16:21:20.0190 0848  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

16:21:20.0221 0848  bthserv - ok

16:21:20.0268 0848  catchme - ok

16:21:20.0299 0848  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

16:21:20.0330 0848  cdfs - ok

16:21:20.0361 0848  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys

16:21:20.0377 0848  cdrom - ok

16:21:20.0408 0848  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

16:21:20.0424 0848  CertPropSvc - ok

16:21:20.0439 0848  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

16:21:20.0455 0848  circlass - ok

16:21:20.0486 0848  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

16:21:20.0502 0848  CLFS - ok

16:21:20.0564 0848  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:21:20.0580 0848  clr_optimization_v2.0.50727_32 - ok

16:21:20.0611 0848  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:21:20.0642 0848  clr_optimization_v4.0.30319_32 - ok

16:21:20.0673 0848  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

16:21:20.0689 0848  CmBatt - ok

16:21:20.0704 0848  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

16:21:20.0704 0848  cmdide - ok

16:21:20.0736 0848  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

16:21:20.0751 0848  CNG - ok

16:21:20.0782 0848  [ FF2D3984D938168CB56E839F1E77AFD9 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys

16:21:20.0814 0848  CnxtHdAudService - ok

16:21:20.0814 0848  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

16:21:20.0829 0848  Compbatt - ok

16:21:20.0845 0848  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

16:21:20.0845 0848  CompositeBus - ok

16:21:20.0860 0848  COMSysApp - ok

16:21:20.0892 0848  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

16:21:20.0892 0848  crcdisk - ok

16:21:20.0938 0848  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

16:21:20.0954 0848  CryptSvc - ok

16:21:20.0985 0848  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys

16:21:21.0016 0848  CSC - ok

16:21:21.0048 0848  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll

16:21:21.0063 0848  CscService - ok

16:21:21.0094 0848  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

16:21:21.0141 0848  DcomLaunch - ok

16:21:21.0157 0848  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

16:21:21.0188 0848  defragsvc - ok

16:21:21.0204 0848  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

16:21:21.0250 0848  DfsC - ok

16:21:21.0266 0848  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

16:21:21.0297 0848  Dhcp - ok

16:21:21.0313 0848  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

16:21:21.0344 0848  discache - ok

16:21:21.0360 0848  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys

16:21:21.0375 0848  Disk - ok

16:21:21.0406 0848  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

16:21:21.0438 0848  Dnscache - ok

16:21:21.0469 0848  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

16:21:21.0500 0848  dot3svc - ok

16:21:21.0516 0848  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

16:21:21.0562 0848  DPS - ok

16:21:21.0578 0848  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

16:21:21.0594 0848  drmkaud - ok

16:21:21.0625 0848  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

16:21:21.0656 0848  DXGKrnl - ok

16:21:21.0672 0848  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

16:21:21.0687 0848  EapHost - ok

16:21:21.0750 0848  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys

16:21:21.0828 0848  ebdrv - ok

16:21:21.0859 0848  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

16:21:21.0874 0848  EFS - ok

16:21:21.0937 0848  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

16:21:21.0952 0848  ehRecvr - ok

16:21:21.0984 0848  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe

16:21:21.0999 0848  ehSched - ok

16:21:22.0030 0848  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

16:21:22.0046 0848  elxstor - ok

16:21:22.0062 0848  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

16:21:22.0077 0848  ErrDev - ok

16:21:22.0124 0848  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

16:21:22.0155 0848  EventSystem - ok

16:21:22.0171 0848  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

16:21:22.0186 0848  exfat - ok

16:21:22.0202 0848  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

16:21:22.0218 0848  fastfat - ok

16:21:22.0249 0848  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

16:21:22.0280 0848  Fax - ok

16:21:22.0280 0848  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

16:21:22.0296 0848  fdc - ok

16:21:22.0311 0848  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

16:21:22.0342 0848  fdPHost - ok

16:21:22.0374 0848  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

16:21:22.0405 0848  FDResPub - ok

16:21:22.0436 0848  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

16:21:22.0452 0848  FileInfo - ok

16:21:22.0467 0848  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

16:21:22.0483 0848  Filetrace - ok

16:21:22.0498 0848  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

16:21:22.0514 0848  flpydisk - ok

16:21:22.0530 0848  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

16:21:22.0545 0848  FltMgr - ok

16:21:22.0592 0848  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll

16:21:22.0623 0848  FontCache - ok

16:21:22.0654 0848  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:21:22.0654 0848  FontCache3.0.0.0 - ok

16:21:22.0670 0848  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

16:21:22.0686 0848  FsDepends - ok

16:21:22.0701 0848  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

16:21:22.0717 0848  Fs_Rec - ok

16:21:22.0732 0848  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

16:21:22.0748 0848  fvevol - ok

16:21:22.0748 0848  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

16:21:22.0764 0848  gagp30kx - ok

16:21:22.0795 0848  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

16:21:22.0842 0848  gpsvc - ok

16:21:22.0873 0848  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

16:21:22.0888 0848  gupdate - ok

16:21:22.0888 0848  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

16:21:22.0904 0848  gupdatem - ok

16:21:22.0935 0848  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

16:21:22.0935 0848  gusvc - ok

16:21:22.0951 0848  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

16:21:22.0966 0848  hcw85cir - ok

16:21:22.0982 0848  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:21:23.0013 0848  HdAudAddService - ok

16:21:23.0029 0848  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

16:21:23.0044 0848  HDAudBus - ok

16:21:23.0076 0848  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

16:21:23.0076 0848  HidBatt - ok

16:21:23.0107 0848  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

16:21:23.0122 0848  HidBth - ok

16:21:23.0138 0848  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

16:21:23.0138 0848  HidIr - ok

16:21:23.0185 0848  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll

16:21:23.0216 0848  hidserv - ok

16:21:23.0232 0848  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

16:21:23.0247 0848  HidUsb - ok

16:21:23.0278 0848  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

16:21:23.0310 0848  hkmsvc - ok

16:21:23.0325 0848  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:21:23.0356 0848  HomeGroupListener - ok

16:21:23.0388 0848  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:21:23.0419 0848  HomeGroupProvider - ok

16:21:23.0419 0848  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

16:21:23.0434 0848  HpSAMD - ok

16:21:23.0450 0848  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

16:21:23.0481 0848  HTTP - ok

16:21:23.0512 0848  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

16:21:23.0512 0848  hwpolicy - ok

16:21:23.0528 0848  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

16:21:23.0559 0848  i8042prt - ok

16:21:23.0590 0848  [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

16:21:23.0606 0848  iaStorV - ok

16:21:23.0653 0848  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:21:23.0668 0848  idsvc - ok

16:21:23.0809 0848  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

16:21:24.0012 0848  igfx - ok

16:21:24.0027 0848  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

16:21:24.0027 0848  iirsp - ok

16:21:24.0058 0848  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

16:21:24.0105 0848  IKEEXT - ok

16:21:24.0121 0848  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

16:21:24.0136 0848  intelide - ok

16:21:24.0152 0848  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

16:21:24.0183 0848  intelppm - ok

16:21:24.0214 0848  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

16:21:24.0246 0848  IPBusEnum - ok

16:21:24.0261 0848  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:21:24.0292 0848  IpFilterDriver - ok

16:21:24.0339 0848  [ 4D65A07B795D6674312F879D09AA7663 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll

16:21:24.0370 0848  IpHlpSvc - ok

16:21:24.0402 0848  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

16:21:24.0417 0848  IPMIDRV - ok

16:21:24.0433 0848  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

16:21:24.0480 0848  IPNAT - ok

16:21:24.0495 0848  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

16:21:24.0542 0848  IRENUM - ok

16:21:24.0558 0848  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

16:21:24.0558 0848  isapnp - ok

16:21:24.0573 0848  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

16:21:24.0589 0848  iScsiPrt - ok

16:21:24.0589 0848  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

16:21:24.0604 0848  kbdclass - ok

16:21:24.0620 0848  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

16:21:24.0620 0848  kbdhid - ok

16:21:24.0636 0848  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

16:21:24.0636 0848  KeyIso - ok

16:21:24.0682 0848  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

16:21:24.0682 0848  KSecDD - ok

16:21:24.0698 0848  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

16:21:24.0714 0848  KSecPkg - ok

16:21:24.0729 0848  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

16:21:24.0760 0848  KtmRm - ok

16:21:24.0776 0848  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll

16:21:24.0823 0848  LanmanServer - ok

16:21:24.0854 0848  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:21:24.0901 0848  LanmanWorkstation - ok

16:21:24.0916 0848  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

16:21:24.0948 0848  lltdio - ok

16:21:24.0979 0848  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

16:21:25.0010 0848  lltdsvc - ok

16:21:25.0041 0848  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

16:21:25.0057 0848  lmhosts - ok

16:21:25.0119 0848  [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

16:21:25.0135 0848  LMIGuardianSvc - ok

16:21:25.0150 0848  [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys

16:21:25.0166 0848  LMIInfo - ok

16:21:25.0197 0848  [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe

16:21:25.0197 0848  LMIMaint - ok

16:21:25.0213 0848  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys

16:21:25.0213 0848  lmimirr - ok

16:21:25.0213 0848  LMIRfsClientNP - ok

16:21:25.0228 0848  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys

16:21:25.0244 0848  LMIRfsDriver - ok

16:21:25.0260 0848  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe

16:21:25.0275 0848  LogMeIn - ok

16:21:25.0291 0848  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

16:21:25.0306 0848  LSI_FC - ok

16:21:25.0322 0848  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

16:21:25.0322 0848  LSI_SAS - ok

16:21:25.0338 0848  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:21:25.0353 0848  LSI_SAS2 - ok

16:21:25.0369 0848  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:21:25.0369 0848  LSI_SCSI - ok

16:21:25.0384 0848  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

16:21:25.0416 0848  luafv - ok

16:21:25.0525 0848  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe

16:21:25.0540 0848  McComponentHostService - ok

16:21:25.0572 0848  [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys

16:21:25.0587 0848  mcdbus ( UnsignedFile.Multi.Generic ) - warning

16:21:25.0587 0848  mcdbus - detected UnsignedFile.Multi.Generic (1)

16:21:25.0603 0848  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

16:21:25.0618 0848  Mcx2Svc - ok

16:21:25.0634 0848  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

16:21:25.0634 0848  megasas - ok

16:21:25.0650 0848  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

16:21:25.0665 0848  MegaSR - ok

16:21:25.0696 0848  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

16:21:25.0728 0848  MMCSS - ok

16:21:25.0728 0848  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

16:21:25.0774 0848  Modem - ok

16:21:25.0790 0848  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

16:21:25.0806 0848  monitor - ok

16:21:25.0837 0848  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

16:21:25.0837 0848  mouclass - ok

16:21:25.0852 0848  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

16:21:25.0868 0848  mouhid - ok

16:21:25.0884 0848  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

16:21:25.0899 0848  mountmgr - ok

16:21:25.0915 0848  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys

16:21:25.0930 0848  MpFilter - ok

16:21:25.0946 0848  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

16:21:25.0962 0848  mpio - ok

16:21:25.0977 0848  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

16:21:25.0993 0848  mpsdrv - ok

16:21:26.0024 0848  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll

16:21:26.0071 0848  MpsSvc - ok

16:21:26.0102 0848  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

16:21:26.0118 0848  MRxDAV - ok

16:21:26.0133 0848  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

16:21:26.0180 0848  mrxsmb - ok

16:21:26.0196 0848  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:21:26.0211 0848  mrxsmb10 - ok

16:21:26.0227 0848  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:21:26.0242 0848  mrxsmb20 - ok

16:21:26.0258 0848  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\drivers\msahci.sys

16:21:26.0274 0848  msahci - ok

16:21:26.0274 0848  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\drivers\msdsm.sys

16:21:26.0289 0848  msdsm - ok

16:21:26.0305 0848  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

16:21:26.0320 0848  MSDTC - ok

16:21:26.0336 0848  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

16:21:26.0352 0848  Msfs - ok

16:21:26.0383 0848  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

16:21:26.0414 0848  mshidkmdf - ok

16:21:26.0430 0848  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

16:21:26.0445 0848  msisadrv - ok

16:21:26.0461 0848  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

16:21:26.0476 0848  MSiSCSI - ok

16:21:26.0492 0848  msiserver - ok

16:21:26.0508 0848  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

16:21:26.0539 0848  MSKSSRV - ok

16:21:26.0570 0848  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe

16:21:26.0570 0848  MsMpSvc - ok

16:21:26.0586 0848  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

16:21:26.0617 0848  MSPCLOCK - ok

16:21:26.0617 0848  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

16:21:26.0664 0848  MSPQM - ok

16:21:26.0679 0848  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

16:21:26.0695 0848  MsRPC - ok

16:21:26.0710 0848  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

16:21:26.0710 0848  mssmbios - ok

16:21:26.0726 0848  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

16:21:26.0742 0848  MSTEE - ok

16:21:26.0757 0848  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

16:21:26.0788 0848  MTConfig - ok

16:21:26.0804 0848  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

16:21:26.0804 0848  Mup - ok

16:21:26.0835 0848  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

16:21:26.0866 0848  napagent - ok

16:21:26.0898 0848  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

16:21:26.0898 0848  NativeWifiP - ok

16:21:26.0929 0848  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

16:21:26.0944 0848  NDIS - ok

16:21:26.0960 0848  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

16:21:26.0976 0848  NdisCap - ok

16:21:26.0991 0848  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

16:21:27.0022 0848  NdisTapi - ok

16:21:27.0038 0848  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

16:21:27.0054 0848  Ndisuio - ok

16:21:27.0069 0848  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

16:21:27.0100 0848  NdisWan - ok

16:21:27.0100 0848  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

16:21:27.0116 0848  NDProxy - ok

16:21:27.0132 0848  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

16:21:27.0163 0848  NetBIOS - ok

16:21:27.0178 0848  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

16:21:27.0210 0848  NetBT - ok

16:21:27.0241 0848  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

16:21:27.0241 0848  Netlogon - ok

16:21:27.0272 0848  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

16:21:27.0319 0848  Netman - ok

16:21:27.0334 0848  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

16:21:27.0366 0848  netprofm - ok

16:21:27.0381 0848  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:21:27.0397 0848  NetTcpPortSharing - ok

16:21:27.0428 0848  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

16:21:27.0428 0848  nfrd960 - ok

16:21:27.0459 0848  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys

16:21:27.0475 0848  NisDrv - ok

16:21:27.0506 0848  [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe

16:21:27.0522 0848  NisSrv - ok

16:21:27.0553 0848  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll

16:21:27.0584 0848  NlaSvc - ok

16:21:27.0600 0848  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

16:21:27.0615 0848  Npfs - ok

16:21:27.0646 0848  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

16:21:27.0662 0848  nsi - ok

16:21:27.0678 0848  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

16:21:27.0693 0848  nsiproxy - ok

16:21:27.0740 0848  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

16:21:27.0787 0848  Ntfs - ok

16:21:27.0802 0848  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

16:21:27.0818 0848  Null - ok

16:21:27.0834 0848  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

16:21:27.0849 0848  nvraid - ok

16:21:27.0865 0848  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

16:21:27.0880 0848  nvstor - ok

16:21:27.0896 0848  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

16:21:27.0912 0848  nv_agp - ok

16:21:27.0958 0848  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:21:27.0974 0848  odserv - ok

16:21:27.0990 0848  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

16:21:28.0005 0848  ohci1394 - ok

16:21:28.0021 0848  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:21:28.0036 0848  ose - ok

16:21:28.0052 0848  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

16:21:28.0068 0848  p2pimsvc - ok

16:21:28.0083 0848  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

16:21:28.0099 0848  p2psvc - ok

16:21:28.0114 0848  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

16:21:28.0114 0848  Parport - ok

16:21:28.0130 0848  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

16:21:28.0146 0848  partmgr - ok

16:21:28.0161 0848  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

16:21:28.0177 0848  Parvdm - ok

16:21:28.0208 0848  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

16:21:28.0224 0848  PcaSvc - ok

16:21:28.0239 0848  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

16:21:28.0255 0848  pci - ok

16:21:28.0270 0848  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

16:21:28.0270 0848  pciide - ok

16:21:28.0286 0848  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

16:21:28.0302 0848  pcmcia - ok

16:21:28.0317 0848  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

16:21:28.0317 0848  pcw - ok

16:21:28.0348 0848  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

16:21:28.0364 0848  PEAUTH - ok

16:21:28.0411 0848  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

16:21:28.0442 0848  PeerDistSvc - ok

16:21:28.0505 0848  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

16:21:28.0567 0848  pla - ok

16:21:28.0598 0848  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

16:21:28.0614 0848  PlugPlay - ok

16:21:28.0629 0848  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

16:21:28.0645 0848  PNRPAutoReg - ok

16:21:28.0661 0848  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

16:21:28.0676 0848  PNRPsvc - ok

16:21:28.0692 0848  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

16:21:28.0739 0848  PolicyAgent - ok

16:21:28.0754 0848  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

16:21:28.0785 0848  Power - ok

16:21:28.0801 0848  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

16:21:28.0817 0848  PptpMiniport - ok

16:21:28.0832 0848  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

16:21:28.0832 0848  Processor - ok

16:21:28.0848 0848  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

16:21:28.0879 0848  ProfSvc - ok

16:21:28.0895 0848  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:21:28.0895 0848  ProtectedStorage - ok

16:21:28.0926 0848  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

16:21:28.0941 0848  Psched - ok

16:21:28.0973 0848  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

16:21:29.0004 0848  ql2300 - ok

16:21:29.0019 0848  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

16:21:29.0035 0848  ql40xx - ok

16:21:29.0051 0848  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

16:21:29.0082 0848  QWAVE - ok

16:21:29.0097 0848  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

16:21:29.0113 0848  QWAVEdrv - ok

16:21:29.0129 0848  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

16:21:29.0160 0848  RasAcd - ok

16:21:29.0175 0848  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

16:21:29.0207 0848  RasAgileVpn - ok

16:21:29.0238 0848  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

16:21:29.0269 0848  RasAuto - ok

16:21:29.0285 0848  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

16:21:29.0316 0848  Rasl2tp - ok

16:21:29.0331 0848  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

16:21:29.0363 0848  RasMan - ok

16:21:29.0378 0848  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

16:21:29.0394 0848  RasPppoe - ok

16:21:29.0409 0848  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

16:21:29.0441 0848  RasSstp - ok

16:21:29.0441 0848  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

16:21:29.0472 0848  rdbss - ok

16:21:29.0487 0848  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

16:21:29.0503 0848  rdpbus - ok

16:21:29.0519 0848  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

16:21:29.0534 0848  RDPCDD - ok

16:21:29.0565 0848  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

16:21:29.0581 0848  RDPDR - ok

16:21:29.0597 0848  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

16:21:29.0628 0848  RDPENCDD - ok

16:21:29.0643 0848  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

16:21:29.0675 0848  RDPREFMP - ok

16:21:29.0706 0848  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

16:21:29.0721 0848  RDPWD - ok

16:21:29.0737 0848  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

16:21:29.0753 0848  rdyboost - ok

16:21:29.0784 0848  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

16:21:29.0815 0848  RemoteAccess - ok

16:21:29.0846 0848  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

16:21:29.0877 0848  RemoteRegistry - ok

16:21:29.0893 0848  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

16:21:29.0940 0848  RpcEptMapper - ok

16:21:29.0955 0848  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

16:21:29.0971 0848  RpcLocator - ok

16:21:30.0002 0848  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

16:21:30.0018 0848  RpcSs - ok

16:21:30.0033 0848  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

16:21:30.0080 0848  rspndr - ok

16:21:30.0111 0848  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys

16:21:30.0127 0848  RTL8167 - ok

16:21:30.0143 0848  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

16:21:30.0158 0848  s3cap - ok

16:21:30.0174 0848  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

16:21:30.0174 0848  SamSs - ok

16:21:30.0189 0848  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

16:21:30.0205 0848  sbp2port - ok

16:21:30.0221 0848  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

16:21:30.0267 0848  SCardSvr - ok

16:21:30.0283 0848  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

16:21:30.0299 0848  scfilter - ok

16:21:30.0345 0848  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

16:21:30.0377 0848  Schedule - ok

16:21:30.0392 0848  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

16:21:30.0408 0848  SCPolicySvc - ok

16:21:30.0439 0848  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys

16:21:30.0455 0848  sdbus - ok

16:21:30.0470 0848  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

16:21:30.0486 0848  SDRSVC - ok

16:21:30.0501 0848  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

16:21:30.0517 0848  secdrv - ok

16:21:30.0548 0848  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

16:21:30.0564 0848  seclogon - ok

16:21:30.0595 0848  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll

16:21:30.0611 0848  SENS - ok

16:21:30.0642 0848  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll

16:21:30.0657 0848  SensrSvc - ok

16:21:30.0673 0848  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

16:21:30.0704 0848  Serenum - ok

16:21:30.0735 0848  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\SERIAL.SYS

16:21:30.0751 0848  Serial - ok

16:21:30.0767 0848  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

16:21:30.0782 0848  sermouse - ok

16:21:30.0798 0848  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

16:21:30.0829 0848  SessionEnv - ok

16:21:30.0845 0848  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

16:21:30.0876 0848  sffdisk - ok

16:21:30.0891 0848  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

16:21:30.0907 0848  sffp_mmc - ok

16:21:30.0923 0848  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

16:21:30.0938 0848  sffp_sd - ok

16:21:30.0954 0848  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

16:21:30.0985 0848  sfloppy - ok

16:21:31.0016 0848  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

16:21:31.0063 0848  SharedAccess - ok

16:21:31.0094 0848  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:21:31.0125 0848  ShellHWDetection - ok

16:21:31.0141 0848  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

16:21:31.0157 0848  sisagp - ok

16:21:31.0172 0848  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:21:31.0172 0848  SiSRaid2 - ok

16:21:31.0188 0848  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

16:21:31.0203 0848  SiSRaid4 - ok

16:21:31.0203 0848  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

16:21:31.0235 0848  Smb - ok

16:21:31.0250 0848  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

16:21:31.0266 0848  SNMPTRAP - ok

16:21:31.0281 0848  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

16:21:31.0281 0848  spldr - ok

16:21:31.0313 0848  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

16:21:31.0328 0848  Spooler - ok

16:21:31.0406 0848  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

16:21:31.0484 0848  sppsvc - ok

16:21:31.0500 0848  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

16:21:31.0515 0848  sppuinotify - ok

16:21:31.0547 0848  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

16:21:31.0578 0848  srv - ok

16:21:31.0578 0848  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

16:21:31.0625 0848  srv2 - ok

16:21:31.0656 0848  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

16:21:31.0671 0848  srvnet - ok

16:21:31.0687 0848  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

16:21:31.0718 0848  SSDPSRV - ok

16:21:31.0734 0848  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

16:21:31.0749 0848  SstpSvc - ok

16:21:31.0765 0848  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

16:21:31.0781 0848  stexstor - ok

16:21:31.0796 0848  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

16:21:31.0827 0848  StiSvc - ok

16:21:31.0843 0848  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

16:21:31.0859 0848  storflt - ok

16:21:31.0874 0848  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll

16:21:31.0890 0848  StorSvc - ok

16:21:31.0905 0848  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys

16:21:31.0921 0848  storvsc - ok

16:21:31.0937 0848  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

16:21:31.0937 0848  swenum - ok

16:21:31.0952 0848  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

16:21:31.0999 0848  swprv - ok

16:21:32.0030 0848  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

16:21:32.0077 0848  SysMain - ok

16:21:32.0093 0848  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:21:32.0124 0848  TabletInputService - ok

16:21:32.0139 0848  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

16:21:32.0155 0848  TapiSrv - ok

16:21:32.0171 0848  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

16:21:32.0202 0848  TBS - ok

16:21:32.0233 0848  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

16:21:32.0280 0848  Tcpip - ok

16:21:32.0295 0848  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

16:21:32.0311 0848  TCPIP6 - ok

16:21:32.0342 0848  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

16:21:32.0373 0848  tcpipreg - ok

16:21:32.0405 0848  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

16:21:32.0420 0848  TDPIPE - ok

16:21:32.0420 0848  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

16:21:32.0436 0848  TDTCP - ok

16:21:32.0451 0848  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

16:21:32.0483 0848  tdx - ok

16:21:32.0483 0848  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

16:21:32.0498 0848  TermDD - ok

16:21:32.0529 0848  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

16:21:32.0545 0848  TermService - ok

16:21:32.0576 0848  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

16:21:32.0607 0848  Themes - ok

16:21:32.0623 0848  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

16:21:32.0639 0848  THREADORDER - ok

16:21:32.0654 0848  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

16:21:32.0670 0848  TrkWks - ok

16:21:32.0717 0848  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:21:32.0748 0848  TrustedInstaller - ok

16:21:32.0779 0848  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

16:21:32.0810 0848  tssecsrv - ok

16:21:32.0826 0848  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

16:21:32.0841 0848  TsUsbFlt - ok

16:21:32.0857 0848  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

16:21:32.0919 0848  tunnel - ok

16:21:32.0935 0848  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

16:21:32.0951 0848  uagp35 - ok

16:21:32.0966 0848  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

16:21:32.0997 0848  udfs - ok

16:21:33.0013 0848  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

16:21:33.0029 0848  UI0Detect - ok

16:21:33.0044 0848  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

16:21:33.0060 0848  uliagpkx - ok

16:21:33.0075 0848  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

16:21:33.0091 0848  umbus - ok

16:21:33.0107 0848  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

16:21:33.0122 0848  UmPass - ok

16:21:33.0153 0848  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll

16:21:33.0185 0848  UmRdpService - ok

16:21:33.0200 0848  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

16:21:33.0216 0848  upnphost - ok

16:21:33.0247 0848  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

16:21:33.0278 0848  usbccgp - ok

16:21:33.0309 0848  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

16:21:33.0325 0848  usbcir - ok

16:21:33.0341 0848  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

16:21:33.0356 0848  usbehci - ok

16:21:33.0356 0848  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

16:21:33.0387 0848  usbhub - ok

16:21:33.0403 0848  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

16:21:33.0419 0848  usbohci - ok

16:21:33.0434 0848  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

16:21:33.0434 0848  usbprint - ok

16:21:33.0465 0848  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

16:21:33.0481 0848  usbscan - ok

16:21:33.0497 0848  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:21:33.0512 0848  USBSTOR - ok

16:21:33.0528 0848  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

16:21:33.0543 0848  usbuhci - ok

16:21:33.0575 0848  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

16:21:33.0590 0848  usbvideo - ok

16:21:33.0606 0848  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

16:21:33.0621 0848  UxSms - ok

16:21:33.0637 0848  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

16:21:33.0637 0848  VaultSvc - ok

16:21:33.0653 0848  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

16:21:33.0668 0848  vdrvroot - ok

16:21:33.0684 0848  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

16:21:33.0715 0848  vds - ok

16:21:33.0731 0848  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

16:21:33.0746 0848  vga - ok

16:21:33.0762 0848  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

16:21:33.0777 0848  VgaSave - ok

16:21:33.0809 0848  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

16:21:33.0809 0848  vhdmp - ok

16:21:33.0824 0848  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

16:21:33.0840 0848  viaagp - ok

16:21:33.0855 0848  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

16:21:33.0871 0848  ViaC7 - ok

16:21:33.0871 0848  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

16:21:33.0887 0848  viaide - ok

16:21:33.0902 0848  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys

16:21:33.0918 0848  vmbus - ok

16:21:33.0918 0848  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

16:21:33.0933 0848  VMBusHID - ok

16:21:33.0949 0848  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

16:21:33.0949 0848  volmgr - ok

16:21:33.0980 0848  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

16:21:33.0980 0848  volmgrx - ok

16:21:33.0996 0848  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

16:21:34.0011 0848  volsnap - ok

16:21:34.0027 0848  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

16:21:34.0027 0848  vsmraid - ok

16:21:34.0058 0848  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

16:21:34.0089 0848  VSS - ok

16:21:34.0105 0848  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

16:21:34.0121 0848  vwifibus - ok

16:21:34.0121 0848  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

16:21:34.0136 0848  vwififlt - ok

16:21:34.0152 0848  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

16:21:34.0167 0848  vwifimp - ok

16:21:34.0199 0848  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

16:21:34.0214 0848  W32Time - ok

16:21:34.0230 0848  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

16:21:34.0245 0848  WacomPen - ok

16:21:34.0277 0848  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

16:21:34.0308 0848  WANARP - ok

16:21:34.0308 0848  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

16:21:34.0323 0848  Wanarpv6 - ok

16:21:34.0386 0848  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

16:21:34.0417 0848  WatAdminSvc - ok

16:21:34.0511 0848  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

16:21:34.0573 0848  wbengine - ok

16:21:34.0589 0848  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

16:21:34.0620 0848  WbioSrvc - ok

16:21:34.0651 0848  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

16:21:34.0667 0848  wcncsvc - ok

16:21:34.0682 0848  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:21:34.0713 0848  WcsPlugInService - ok

16:21:34.0745 0848  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys

16:21:34.0745 0848  Wd - ok

16:21:34.0760 0848  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

16:21:34.0776 0848  Wdf01000 - ok

16:21:34.0791 0848  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

16:21:34.0823 0848  WdiServiceHost - ok

16:21:34.0823 0848  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

16:21:34.0838 0848  WdiSystemHost - ok

16:21:34.0854 0848  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

16:21:34.0885 0848  WebClient - ok

16:21:34.0901 0848  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

16:21:34.0916 0848  Wecsvc - ok

16:21:34.0947 0848  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

16:21:34.0979 0848  wercplsupport - ok

16:21:35.0010 0848  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

16:21:35.0025 0848  WerSvc - ok

16:21:35.0041 0848  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

16:21:35.0057 0848  WfpLwf - ok

16:21:35.0072 0848  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

16:21:35.0088 0848  WIMMount - ok

16:21:35.0135 0848  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

16:21:35.0166 0848  WinDefend - ok

16:21:35.0181 0848  WinHttpAutoProxySvc - ok

16:21:35.0228 0848  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

16:21:35.0244 0848  Winmgmt - ok

16:21:35.0275 0848  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

16:21:35.0337 0848  WinRM - ok

16:21:35.0369 0848  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

16:21:35.0415 0848  Wlansvc - ok

16:21:35.0431 0848  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

16:21:35.0447 0848  WmiAcpi - ok

16:21:35.0462 0848  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

16:21:35.0478 0848  wmiApSrv - ok

16:21:35.0525 0848  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

16:21:35.0571 0848  WMPNetworkSvc - ok

16:21:35.0603 0848  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

16:21:35.0618 0848  WPCSvc - ok

16:21:35.0634 0848  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

16:21:35.0634 0848  WPDBusEnum - ok

16:21:35.0665 0848  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

16:21:35.0696 0848  ws2ifsl - ok

16:21:35.0727 0848  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll

16:21:35.0743 0848  wscsvc - ok

16:21:35.0743 0848  WSearch - ok

16:21:35.0852 0848  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

16:21:35.0899 0848  wuauserv - ok

16:21:35.0915 0848  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

16:21:35.0961 0848  WudfPf - ok

16:21:35.0977 0848  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

16:21:36.0008 0848  WUDFRd - ok

16:21:36.0024 0848  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

16:21:36.0055 0848  wudfsvc - ok

16:21:36.0071 0848  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

16:21:36.0086 0848  WwanSvc - ok

16:21:36.0102 0848  ================ Scan global ===============================

16:21:36.0149 0848  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

16:21:36.0164 0848  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

16:21:36.0180 0848  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

16:21:36.0195 0848  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

16:21:36.0211 0848  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

16:21:36.0211 0848  [Global] - ok

16:21:36.0211 0848  ================ Scan MBR ==================================

16:21:36.0227 0848  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

16:21:36.0227 0848  Suspicious mbr (Forged): \Device\Harddisk0\DR0

16:21:36.0273 0848  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

16:21:36.0273 0848  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

16:21:36.0320 0848  \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:21:36.0320 0848  \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:21:36.0320 0848  ================ Scan VBR ==================================

16:21:36.0320 0848  [ 0DB4C33EA9F363AEE0AF064E13BB6AD7 ] \Device\Harddisk0\DR0\Partition1

16:21:36.0320 0848  \Device\Harddisk0\DR0\Partition1 - ok

16:21:36.0351 0848  [ 6790DF683FD29888CD1D4380A9309CA5 ] \Device\Harddisk0\DR0\Partition2

16:21:36.0351 0848  \Device\Harddisk0\DR0\Partition2 - ok

16:21:36.0351 0848  ============================================================

16:21:36.0351 0848  Scan finished

16:21:36.0351 0848  ============================================================

16:21:36.0367 0816  Detected object count: 3

16:21:36.0367 0816  Actual detected object count: 3

16:22:15.0539 0816  mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

16:22:15.0539 0816  mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:22:16.0085 0816  \Device\Harddisk0\DR0\# - copied to quarantine

16:22:16.0085 0816  \Device\Harddisk0\DR0 - copied to quarantine

16:22:16.0100 0816  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

16:22:16.0116 0816  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

16:22:16.0116 0816  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

16:22:16.0131 0816  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

16:22:16.0147 0816  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

16:22:16.0163 0816  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

16:22:16.0163 0816  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine

16:22:16.0178 0816  \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine

16:22:16.0194 0816  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

16:22:16.0194 0816  \Device\Harddisk0\DR0 - ok

16:22:18.0752 0816  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

16:22:18.0752 0816  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:22:18.0752 0816  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:23:01.0746 1640  Deinitialize success



#14 brickcityblues

brickcityblues
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 08 May 2013 - 03:34 PM

Rebooted in Normal Mode.... IT WORKS!!!!!!!!!!! :bananas:  :bananas:  :bananas:



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 08 May 2013 - 04:11 PM


Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users