Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0Access


  • This topic is locked This topic is locked
21 replies to this topic

#1 milon

milon

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 06 November 2013 - 11:10 AM

This thread is a continuation of my original thread in Am I Infected.
 
I have a Win7 computer at work on a workgroup network with a bunch of WinXP machines.  The Win7 system is our data server, and has been infected with the ZeroAccess malware with all the classic symptoms (no Security Center, no Windows Firewall, and Windows Defender was deleting all downloads from Internet Explorer).  We had no IT department, no anti-virus, and no Windows Updates.  I am truly surprised that we weren't simply crawling with infections.  Anyway, I need help removing ZA from the Win7 system.
 
 
I ran DDS, and created DDS.txt and attach.txt.  Here's a paste of DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by IR at 10:41:54 on 2013-11-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8063.4927 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\CTSecure\Backup Heartbeat\Backup Heartbeat.exe
C:\Program Files\CTSecure\BackupScheduler\BackupScheduler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PSChiro\ChiroTouch.Communicator\ChiroTouch.Communicator.exe
C:\Program Files (x86)\PSChiro\CTServices\CTMobileService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 74.40.74.40 74.40.74.41 192.168.1.1
TCP: Interfaces\{76D14207-FE51-4DB1-B8F0-9944654DE69F} : DHCPNameServer = 74.40.74.40 74.40.74.41 192.168.1.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-1 205320]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-1 1032416]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-11-1 409832]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-6 203776]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-1 38984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-1 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-1 50344]
R2 Backup Heartbeat;Backup Heartbeat;C:\Program Files\CTSecure\Backup Heartbeat\Backup Heartbeat.exe [2012-11-19 526848]
R2 BackupScheduler;BackupScheduler;C:\Program Files\CTSecure\BackupScheduler\BackupScheduler.exe [2012-11-19 5511168]
R2 ChiroTouch Communicator Service;ChiroTouch Communicator Service;C:\Program Files (x86)\PSChiro\ChiroTouch.Communicator\ChiroTouch.Communicator.exe [2013-4-4 98304]
R2 CTMobileService;ChiroTouch Mobile Service;C:\Program Files (x86)\PSChiro\CTServices\CTMobileService.exe [2012-6-21 192000]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-10-14 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-6-19 72216]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-8-18 1248256]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-18 347680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-18 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 CTIncorporateResult;ChiroTouch Incorporate Results;C:\Program Files (x86)\PSChiro\CTServices\CTIncorporateResult.exe [2012-6-21 20992]
S3 CTRCopiaService;ChiroTouch RCOPIA;C:\Program Files (x86)\PSChiro\CTServices\CTRcopiaService.exe [2012-6-21 16896]
S3 CTReportingService;ChiroTouch Reporting Service;C:\Program Files (x86)\PSChiro\CTServices\CTReportingService.exe [2012-6-21 20992]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
.
=============== Created Last 30 ================
.
2013-11-05 17:20:42 -------- d-----w- C:\Program Files (x86)\ESET
2013-11-04 16:57:52 -------- d-----w- C:\FRST
2013-11-04 15:57:45 -------- d-----w- C:\Users\IR\AppData\Local\LogMeIn
2013-11-03 07:05:46 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-03 07:03:00 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-11-03 07:03:00 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-11-03 07:03:00 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-11-03 07:02:59 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-11-03 07:02:59 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-11-03 07:02:59 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-11-03 07:02:59 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-11-01 19:34:45 105824 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2013-11-01 19:33:10 -------- d-----w- C:\PatFiles
2013-11-01 18:21:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-11-01 18:21:40 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-11-01 17:59:08 -------- d-----w- C:\Users\IR\AppData\Local\WindowsUpdate
2013-11-01 17:56:24 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-11-01 16:49:47 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-11-01 16:48:23 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-11-01 16:46:56 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-01 16:45:03 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-11-01 16:44:55 67072 ----a-w- C:\Windows\splwow64.exe
2013-11-01 16:44:55 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-11-01 16:44:03 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-11-01 16:16:45 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-01 16:15:13 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-01 16:15:13 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-01 16:04:31 -------- d-----w- C:\Windows\System32\MRT
2013-11-01 15:39:58 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-11-01 15:38:57 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-11-01 15:38:57 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-11-01 15:38:53 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-11-01 15:38:52 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-11-01 15:38:51 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-11-01 15:37:58 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-01 15:37:58 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-11-01 15:37:35 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-11-01 15:37:35 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-11-01 15:37:11 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-11-01 15:36:27 -------- d-----w- C:\Windows\Logs
2013-11-01 15:13:18 -------- d-----w- C:\Windows\pss
2013-11-01 15:05:46 -------- d-----w- C:\Users\IR\AppData\Roaming\AVAST Software
2013-11-01 15:05:07 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-11-01 15:05:07 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-11-01 15:05:05 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-11-01 15:05:02 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-11-01 15:05:00 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-11-01 15:04:57 43152 ----a-w- C:\Windows\avastSS.scr
2013-11-01 14:22:26 -------- d-----w- C:\Program Files\AVAST Software
2013-11-01 14:21:47 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-31 17:16:07 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-10-31 17:10:38 -------- d-----w- C:\Users\IR\AppData\Local\Google
2013-10-31 17:10:38 -------- d-----w- C:\Program Files (x86)\stupid
2013-10-19 06:15:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56CD84AB-B3B2-4FB2-9B60-32D6A7A03D46}\offreg.dll
.
==================== Find3M ====================
.
2013-11-04 15:58:23 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-11-04 15:58:21 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2013-11-04 15:58:21 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-11-01 16:16:45 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-14 22:17:08 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-10-08 22:14:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 22:14:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:42:21.38 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 06 November 2013 - 11:25 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Ensure you have your data backed up before proceeding!

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 milon

milon
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 06 November 2013 - 11:40 AM

Hi Marius, thank you for your assistance.  You said not to attempt other recovery methods, so I will do only as you say.  I want you to know that I have already attempted other recovery methods before posting here (see my thread in Am I Infected?).  I hope I have not made things too difficult for you to help me.

 

EDIT - I closed all applications that were on the taskbar.  I did not close any background processes, however.  If I need to do that and re-scan, please tell me.

 

 

Contents of ark.txt:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-06 11:37:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AZRX-00A8LB0 rev.01.01A01 465.76GB
Running: xw4xx8zl.exe; Driver: C:\Users\IR\AppData\Local\Temp\ufldypob.sys
 
 
---- Services - GMER 2.1 ----
 
Service  C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** )                                         [AUTO] aswFsBlk                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <-- ROOTKIT !!!
Service  C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** )                                        [AUTO] aswMonFlt                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               <-- ROOTKIT !!!
Service  C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** )                                          [SYSTEM] aswRdr                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <-- ROOTKIT !!!
Service  C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** )                                          [BOOT] aswRvrt                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 <-- ROOTKIT !!!
Service  C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** )                                           [SYSTEM] aswSnx                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <-- ROOTKIT !!!
Service  C:\Windows\system32\drivers\aswSP.sys (*** hidden *** )                                            [SYSTEM] aswSP                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 <-- ROOTKIT !!!
Service  C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** )                                           [SYSTEM] aswTdi                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <-- ROOTKIT !!!
Service  C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** )                                           [BOOT] aswVmm                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  <-- ROOTKIT !!!
Service  C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** )                               [AUTO] avast! Antivirus                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                4
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath                                          \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        Avast! Mini-filter Driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition2\Windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              17
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              319927
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322@                              Commited
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322@BootTimeout                   0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322@TickTimeout                   0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322@CreationTime                  0x40 0x9B 0xD9 0xC9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322@SetupOperations               MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1383318322","\??\c:\program files\avast software\avast\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1383318322","\??\c:\program files\avast software\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1383318322","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1383318322","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322@StartBootCounter              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383318322@StartTickCounter              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath                                            \??\C:\Windows\system32\drivers\aswSnx.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \??\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \??\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath                                             \??\C:\Windows\system32\drivers\aswSP.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \??\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \??\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \??\C:\Program Files
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  10
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath                                            \??\C:\Windows\system32\drivers\aswTdi.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          aswTdi
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          aswTdi
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       288
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764                                   316
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    4
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath                                              \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            Avast! Mini-filter Driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)    
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)  
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                            
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             avast! Revert
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition2\Windows
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  17
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  319927
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322 (not active ControlSet)           
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322@                                  Commited
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322@BootTimeout                       0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322@TickTimeout                       0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322@CreationTime                      0x40 0x9B 0xD9 0xC9 ...
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322@SetupOperations                   MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1383318322","\??\c:\program files\avast software\avast\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1383318322","\??\c:\program files\avast software\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1383318322","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1383318322","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322@StartBootCounter                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383318322@StartTickCounter                  0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath                                                \??\C:\Windows\system32\drivers\aswSnx.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                        
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)        
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \??\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \??\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath                                                 \??\C:\Windows\system32\drivers\aswSP.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                        
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \??\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \??\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \??\C:\Program Files
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      10
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath                                                \??\C:\Windows\system32\drivers\aswTdi.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              aswTdi
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              aswTdi
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                       
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           288
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)             
Reg      HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet)                                        
Reg      HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764                                       316
 
---- EOF - GMER 2.1 ----

Edited by milon, 06 November 2013 - 11:42 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 06 November 2013 - 11:45 AM

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 milon

milon
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 06 November 2013 - 12:09 PM

I downloaded and ran TDSSKiller from the link you provided.  It said it was version 2.8.16.0, and that the most recent version was 3.0.0.16.  I used version 2.8.16.0 from your link to scan the system.  Here is the contents of TDSSKiller.2.8.16.0_06.11.2013_11.53.23_log.txt:

 

11:53:23.0859 4860  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:53:31.0640 4860  ============================================================
11:53:31.0640 4860  Current date / time: 2013/11/06 11:53:31.0640
11:53:31.0640 4860  SystemInfo:
11:53:31.0640 4860  
11:53:31.0640 4860  OS Version: 6.1.7601 ServicePack: 1.0
11:53:31.0640 4860  Product type: Workstation
11:53:31.0640 4860  ComputerName: SERVERIR
11:53:31.0640 4860  UserName: IR
11:53:31.0640 4860  Windows directory: C:\Windows
11:53:31.0640 4860  System windows directory: C:\Windows
11:53:31.0640 4860  Running under WOW64
11:53:31.0640 4860  Processor architecture: Intel x64
11:53:31.0640 4860  Number of processors: 4
11:53:31.0640 4860  Page size: 0x1000
11:53:31.0640 4860  Boot type: Normal boot
11:53:31.0640 4860  ============================================================
11:53:32.0500 4860  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
11:53:32.0510 4860  ============================================================
11:53:32.0510 4860  \Device\Harddisk0\DR0:
11:53:32.0510 4860  MBR partitions:
11:53:32.0510 4860  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:53:32.0510 4860  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:53:32.0510 4860  ============================================================
11:53:32.0540 4860  C: <-> \Device\Harddisk0\DR0\Partition2
11:53:32.0540 4860  ============================================================
11:53:32.0540 4860  Initialize success
11:53:32.0540 4860  ============================================================
11:53:38.0591 4752  ============================================================
11:53:38.0591 4752  Scan started
11:53:38.0591 4752  Mode: Manual; 
11:53:38.0591 4752  ============================================================
11:53:39.0101 4752  ================ Scan system memory ========================
11:53:39.0101 4752  System memory - ok
11:53:39.0101 4752  ================ Scan services =============================
11:53:39.0241 4752  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:53:39.0241 4752  1394ohci - ok
11:53:39.0271 4752  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:53:39.0271 4752  ACPI - ok
11:53:39.0301 4752  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:53:39.0301 4752  AcpiPmi - ok
11:53:39.0371 4752  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:53:39.0371 4752  AdobeARMservice - ok
11:53:39.0471 4752  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:53:39.0471 4752  AdobeFlashPlayerUpdateSvc - ok
11:53:39.0521 4752  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:53:39.0531 4752  adp94xx - ok
11:53:39.0551 4752  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:53:39.0551 4752  adpahci - ok
11:53:39.0571 4752  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:53:39.0571 4752  adpu320 - ok
11:53:39.0601 4752  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:53:39.0601 4752  AeLookupSvc - ok
11:53:39.0631 4752  [ 314C17917AC8523EC77A710215012A65 ] AFD             C:\Windows\system32\drivers\afd.sys
11:53:39.0641 4752  AFD - ok
11:53:39.0651 4752  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:53:39.0651 4752  agp440 - ok
11:53:39.0671 4752  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:53:39.0671 4752  ALG - ok
11:53:39.0691 4752  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:53:39.0691 4752  aliide - ok
11:53:39.0741 4752  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:53:39.0741 4752  AMD External Events Utility - ok
11:53:39.0761 4752  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:53:39.0761 4752  amdide - ok
11:53:39.0781 4752  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:53:39.0781 4752  AmdK8 - ok
11:53:39.0961 4752  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:53:40.0091 4752  amdkmdag - ok
11:53:40.0121 4752  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:53:40.0121 4752  amdkmdap - ok
11:53:40.0131 4752  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:53:40.0131 4752  AmdPPM - ok
11:53:40.0151 4752  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:53:40.0151 4752  amdsata - ok
11:53:40.0161 4752  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:53:40.0161 4752  amdsbs - ok
11:53:40.0191 4752  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:53:40.0191 4752  amdxata - ok
11:53:40.0211 4752  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:53:40.0211 4752  AppID - ok
11:53:40.0231 4752  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:53:40.0231 4752  AppIDSvc - ok
11:53:40.0261 4752  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
11:53:40.0271 4752  Appinfo - ok
11:53:40.0341 4752  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:53:40.0351 4752  Apple Mobile Device - ok
11:53:40.0371 4752  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:53:40.0371 4752  AppMgmt - ok
11:53:40.0391 4752  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:53:40.0391 4752  arc - ok
11:53:40.0411 4752  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:53:40.0411 4752  arcsas - ok
11:53:40.0491 4752  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:53:40.0501 4752  aspnet_state - ok
11:53:40.0541 4752  [ 79EB7B1733F0EA220C95335795C806EB ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
11:53:40.0541 4752  aswFsBlk - ok
11:53:40.0571 4752  [ 9FB1012D9EE3B9510FAA4C8D34DECD1C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
11:53:40.0571 4752  aswMonFlt - ok
11:53:40.0591 4752  [ 679712B7A353EE665B9301592164A172 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
11:53:40.0601 4752  aswRdr - ok
11:53:40.0611 4752  [ C04F7B373881009D7994D9BF55D24AB4 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
11:53:40.0611 4752  aswRvrt - ok
11:53:40.0641 4752  [ DF97409EBD35C5A40AF5594806724F75 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
11:53:40.0641 4752  aswSnx - ok
11:53:40.0671 4752  [ 511595FFE2E06D6E1947E0A0C8C7AD27 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
11:53:40.0681 4752  aswSP - ok
11:53:40.0691 4752  [ 47BC12AC7D5B4F8D2086C6EAD759355E ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
11:53:40.0691 4752  aswTdi - ok
11:53:40.0701 4752  [ 59787B95DD9CA44CB139D96863438587 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
11:53:40.0701 4752  aswVmm - ok
11:53:40.0721 4752  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:53:40.0721 4752  AsyncMac - ok
11:53:40.0741 4752  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:53:40.0751 4752  atapi - ok
11:53:40.0871 4752  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:53:40.0911 4752  atikmdag - ok
11:53:40.0941 4752  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
11:53:40.0941 4752  AtiPcie - ok
11:53:40.0961 4752  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:53:40.0961 4752  AudioEndpointBuilder - ok
11:53:40.0981 4752  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:53:40.0981 4752  AudioSrv - ok
11:53:41.0061 4752  [ 4BE7EC02133544CDE7A580875E130208 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:53:41.0061 4752  avast! Antivirus - ok
11:53:41.0081 4752  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:53:41.0081 4752  AxInstSV - ok
11:53:41.0111 4752  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:53:41.0121 4752  b06bdrv - ok
11:53:41.0131 4752  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:53:41.0131 4752  b57nd60a - ok
11:53:41.0211 4752  [ 8A259CE0D046BC8B8E89802D5F3E6A19 ] Backup Heartbeat C:\Program Files\CTSecure\Backup Heartbeat\Backup Heartbeat.exe
11:53:41.0211 4752  Backup Heartbeat - ok
11:53:41.0331 4752  [ BEE51AE01E65C22056DBC42806F1AE17 ] BackupScheduler C:\Program Files\CTSecure\BackupScheduler\BackupScheduler.exe
11:53:41.0421 4752  BackupScheduler - ok
11:53:41.0441 4752  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:53:41.0441 4752  BDESVC - ok
11:53:41.0451 4752  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:53:41.0451 4752  Beep - ok
11:53:41.0481 4752  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:53:41.0491 4752  BITS - ok
11:53:41.0501 4752  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:53:41.0501 4752  blbdrive - ok
11:53:41.0531 4752  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:53:41.0541 4752  Bonjour Service - ok
11:53:41.0561 4752  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:53:41.0561 4752  bowser - ok
11:53:41.0571 4752  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:53:41.0571 4752  BrFiltLo - ok
11:53:41.0581 4752  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:53:41.0581 4752  BrFiltUp - ok
11:53:41.0611 4752  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:53:41.0611 4752  Browser - ok
11:53:41.0631 4752  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:53:41.0631 4752  Brserid - ok
11:53:41.0641 4752  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:53:41.0641 4752  BrSerWdm - ok
11:53:41.0661 4752  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:53:41.0661 4752  BrUsbMdm - ok
11:53:41.0671 4752  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:53:41.0671 4752  BrUsbSer - ok
11:53:41.0691 4752  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:53:41.0691 4752  BTHMODEM - ok
11:53:41.0701 4752  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:53:41.0701 4752  bthserv - ok
11:53:41.0711 4752  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:53:41.0711 4752  cdfs - ok
11:53:41.0721 4752  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:53:41.0721 4752  cdrom - ok
11:53:41.0731 4752  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:53:41.0731 4752  CertPropSvc - ok
11:53:41.0791 4752  [ 54C01DBEFAFA54B0AAA168A7C62B2A9E ] ChiroTouch Communicator Service C:\Program Files (x86)\PSChiro\ChiroTouch.Communicator\ChiroTouch.Communicator.exe
11:53:41.0791 4752  ChiroTouch Communicator Service - ok
11:53:41.0811 4752  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:53:41.0811 4752  circlass - ok
11:53:41.0831 4752  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:53:41.0841 4752  CLFS - ok
11:53:41.0881 4752  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:53:41.0881 4752  clr_optimization_v2.0.50727_32 - ok
11:53:41.0901 4752  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:53:41.0901 4752  clr_optimization_v2.0.50727_64 - ok
11:53:41.0961 4752  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:53:41.0961 4752  clr_optimization_v4.0.30319_32 - ok
11:53:41.0991 4752  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:53:42.0001 4752  clr_optimization_v4.0.30319_64 - ok
11:53:42.0012 4752  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:53:42.0022 4752  CmBatt - ok
11:53:42.0042 4752  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:53:42.0042 4752  cmdide - ok
11:53:42.0082 4752  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:53:42.0082 4752  CNG - ok
11:53:42.0102 4752  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:53:42.0102 4752  Compbatt - ok
11:53:42.0112 4752  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:53:42.0112 4752  CompositeBus - ok
11:53:42.0122 4752  COMSysApp - ok
11:53:42.0132 4752  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:53:42.0132 4752  crcdisk - ok
11:53:42.0182 4752  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:53:42.0182 4752  CryptSvc - ok
11:53:42.0202 4752  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
11:53:42.0212 4752  CSC - ok
11:53:42.0242 4752  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
11:53:42.0252 4752  CscService - ok
11:53:42.0302 4752  [ 00734F9F2ED39CFA8D37DFF23AC71E8C ] CTIncorporateResult C:\Program Files (x86)\PSChiro\CTServices\CTIncorporateResult.exe
11:53:42.0302 4752  CTIncorporateResult - ok
11:53:42.0332 4752  [ CB66F42BE4714147BC6942DC1FAF0A01 ] CTMobileService C:\Program Files (x86)\PSChiro\CTServices\CTMobileService.exe
11:53:42.0342 4752  CTMobileService - ok
11:53:42.0352 4752  [ C82B5AF2DA7E098ED7C750A656FD129F ] CTRCopiaService C:\Program Files (x86)\PSChiro\CTServices\CTRcopiaService.exe
11:53:42.0352 4752  CTRCopiaService - ok
11:53:42.0372 4752  [ 56629A0C0D8CC8CDFA2C3F9415C1F550 ] CTReportingService C:\Program Files (x86)\PSChiro\CTServices\CTReportingService.exe
11:53:42.0372 4752  CTReportingService - ok
11:53:42.0412 4752  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:53:42.0412 4752  DcomLaunch - ok
11:53:42.0422 4752  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:53:42.0432 4752  defragsvc - ok
11:53:42.0462 4752  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:53:42.0462 4752  DfsC - ok
11:53:42.0482 4752  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:53:42.0492 4752  Dhcp - ok
11:53:42.0502 4752  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:53:42.0502 4752  discache - ok
11:53:42.0512 4752  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:53:42.0512 4752  Disk - ok
11:53:42.0542 4752  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
11:53:42.0542 4752  dmvsc - ok
11:53:42.0562 4752  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:53:42.0562 4752  Dnscache - ok
11:53:42.0582 4752  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:53:42.0582 4752  dot3svc - ok
11:53:42.0602 4752  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:53:42.0642 4752  DPS - ok
11:53:42.0712 4752  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:53:42.0712 4752  drmkaud - ok
11:53:42.0872 4752  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:53:42.0892 4752  DXGKrnl - ok
11:53:42.0912 4752  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:53:42.0912 4752  EapHost - ok
11:53:42.0972 4752  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:53:43.0042 4752  ebdrv - ok
11:53:43.0072 4752  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:53:43.0072 4752  EFS - ok
11:53:43.0132 4752  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:53:43.0142 4752  ehRecvr - ok
11:53:43.0172 4752  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:53:43.0172 4752  ehSched - ok
11:53:43.0212 4752  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:53:43.0212 4752  elxstor - ok
11:53:43.0232 4752  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:53:43.0232 4752  ErrDev - ok
11:53:43.0252 4752  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:53:43.0262 4752  EventSystem - ok
11:53:43.0272 4752  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:53:43.0272 4752  exfat - ok
11:53:43.0292 4752  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:53:43.0292 4752  fastfat - ok
11:53:43.0322 4752  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:53:43.0322 4752  Fax - ok
11:53:43.0332 4752  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:53:43.0342 4752  fdc - ok
11:53:43.0352 4752  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:53:43.0352 4752  fdPHost - ok
11:53:43.0362 4752  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:53:43.0362 4752  FDResPub - ok
11:53:43.0362 4752  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:53:43.0372 4752  FileInfo - ok
11:53:43.0382 4752  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:53:43.0382 4752  Filetrace - ok
11:53:43.0392 4752  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:53:43.0392 4752  flpydisk - ok
11:53:43.0432 4752  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:53:43.0432 4752  FltMgr - ok
11:53:43.0472 4752  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:53:43.0482 4752  FontCache - ok
11:53:43.0522 4752  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:53:43.0522 4752  FontCache3.0.0.0 - ok
11:53:43.0532 4752  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:53:43.0532 4752  FsDepends - ok
11:53:43.0562 4752  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:53:43.0562 4752  Fs_Rec - ok
11:53:43.0602 4752  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:53:43.0602 4752  fvevol - ok
11:53:43.0622 4752  FXDrv32 - ok
11:53:43.0652 4752  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:53:43.0652 4752  gagp30kx - ok
11:53:43.0682 4752  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:53:43.0682 4752  GEARAspiWDM - ok
11:53:43.0692 4752  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:53:43.0702 4752  gpsvc - ok
11:53:43.0722 4752  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:53:43.0722 4752  hcw85cir - ok
11:53:43.0752 4752  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:53:43.0752 4752  HdAudAddService - ok
11:53:43.0772 4752  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:53:43.0772 4752  HDAudBus - ok
11:53:43.0782 4752  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:53:43.0782 4752  HidBatt - ok
11:53:43.0802 4752  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:53:43.0802 4752  HidBth - ok
11:53:43.0812 4752  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:53:43.0812 4752  HidIr - ok
11:53:43.0832 4752  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:53:43.0832 4752  hidserv - ok
11:53:43.0852 4752  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
11:53:43.0852 4752  HidUsb - ok
11:53:43.0872 4752  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:53:43.0872 4752  hkmsvc - ok
11:53:43.0892 4752  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:53:43.0892 4752  HomeGroupListener - ok
11:53:43.0912 4752  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:53:43.0922 4752  HomeGroupProvider - ok
11:53:43.0932 4752  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:53:43.0942 4752  HpSAMD - ok
11:53:43.0962 4752  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:53:43.0972 4752  HTTP - ok
11:53:43.0982 4752  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:53:43.0982 4752  hwpolicy - ok
11:53:44.0002 4752  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:53:44.0002 4752  i8042prt - ok
11:53:44.0052 4752  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:53:44.0052 4752  iaStorV - ok
11:53:44.0102 4752  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:53:44.0112 4752  idsvc - ok
11:53:44.0122 4752  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:53:44.0122 4752  iirsp - ok
11:53:44.0152 4752  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:53:44.0162 4752  IKEEXT - ok
11:53:44.0212 4752  [ DAECB75C7C2A4BDEAFEAD19A6FD327C5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:53:44.0252 4752  IntcAzAudAddService - ok
11:53:44.0262 4752  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:53:44.0272 4752  intelide - ok
11:53:44.0282 4752  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
11:53:44.0282 4752  intelppm - ok
11:53:44.0302 4752  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:53:44.0312 4752  IPBusEnum - ok
11:53:44.0322 4752  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:53:44.0322 4752  IpFilterDriver - ok
11:53:44.0332 4752  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:53:44.0332 4752  IPMIDRV - ok
11:53:44.0342 4752  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:53:44.0342 4752  IPNAT - ok
11:53:44.0382 4752  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:53:44.0382 4752  iPod Service - ok
11:53:44.0392 4752  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:53:44.0392 4752  IRENUM - ok
11:53:44.0412 4752  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:53:44.0412 4752  isapnp - ok
11:53:44.0422 4752  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:53:44.0422 4752  iScsiPrt - ok
11:53:44.0442 4752  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:53:44.0442 4752  kbdclass - ok
11:53:44.0462 4752  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:53:44.0462 4752  kbdhid - ok
11:53:44.0472 4752  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:53:44.0472 4752  KeyIso - ok
11:53:44.0502 4752  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:53:44.0502 4752  KSecDD - ok
11:53:44.0512 4752  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:53:44.0512 4752  KSecPkg - ok
11:53:44.0532 4752  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:53:44.0532 4752  ksthunk - ok
11:53:44.0552 4752  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:53:44.0562 4752  KtmRm - ok
11:53:44.0572 4752  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:53:44.0572 4752  LanmanServer - ok
11:53:44.0582 4752  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:53:44.0582 4752  LanmanWorkstation - ok
11:53:44.0612 4752  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:53:44.0612 4752  lltdio - ok
11:53:44.0632 4752  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:53:44.0632 4752  lltdsvc - ok
11:53:44.0652 4752  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:53:44.0652 4752  lmhosts - ok
11:53:44.0712 4752  [ 3FB354BA0817DEE1BD57281E2AD25862 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
11:53:44.0722 4752  LMIGuardianSvc - ok
11:53:44.0762 4752  [ 0F28935ECF1FBDEC22BAF720A5A94564 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
11:53:44.0762 4752  LMIInfo - ok
11:53:44.0772 4752  [ 7C57F333A413609055BDD64BB209C5D1 ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
11:53:44.0772 4752  LMIMaint - ok
11:53:44.0822 4752  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
11:53:44.0832 4752  lmimirr - ok
11:53:44.0842 4752  LMIRfsClientNP - ok
11:53:44.0872 4752  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
11:53:44.0872 4752  LMIRfsDriver - ok
11:53:44.0902 4752  [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
11:53:44.0912 4752  LogMeIn - ok
11:53:44.0922 4752  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:53:44.0932 4752  LSI_FC - ok
11:53:44.0942 4752  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:53:44.0942 4752  LSI_SAS - ok
11:53:44.0952 4752  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:53:44.0962 4752  LSI_SAS2 - ok
11:53:44.0972 4752  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:53:44.0972 4752  LSI_SCSI - ok
11:53:44.0992 4752  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:53:44.0992 4752  luafv - ok
11:53:45.0022 4752  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
11:53:45.0022 4752  LVRS64 - ok
11:53:45.0112 4752  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
11:53:45.0202 4752  LVUVC64 - ok
11:53:45.0232 4752  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:53:45.0232 4752  Mcx2Svc - ok
11:53:45.0242 4752  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:53:45.0242 4752  megasas - ok
11:53:45.0262 4752  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:53:45.0262 4752  MegaSR - ok
11:53:45.0282 4752  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:53:45.0282 4752  MMCSS - ok
11:53:45.0292 4752  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:53:45.0292 4752  Modem - ok
11:53:45.0302 4752  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:53:45.0302 4752  monitor - ok
11:53:45.0312 4752  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:53:45.0312 4752  mouclass - ok
11:53:45.0322 4752  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:53:45.0322 4752  mouhid - ok
11:53:45.0342 4752  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:53:45.0342 4752  mountmgr - ok
11:53:45.0362 4752  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:53:45.0362 4752  mpio - ok
11:53:45.0372 4752  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:53:45.0372 4752  mpsdrv - ok
11:53:45.0392 4752  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:53:45.0392 4752  MRxDAV - ok
11:53:45.0422 4752  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:53:45.0432 4752  mrxsmb - ok
11:53:45.0442 4752  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:53:45.0442 4752  mrxsmb10 - ok
11:53:45.0452 4752  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:53:45.0452 4752  mrxsmb20 - ok
11:53:45.0472 4752  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:53:45.0472 4752  msahci - ok
11:53:45.0482 4752  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:53:45.0482 4752  msdsm - ok
11:53:45.0502 4752  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:53:45.0502 4752  MSDTC - ok
11:53:45.0522 4752  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:53:45.0522 4752  Msfs - ok
11:53:45.0552 4752  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:53:45.0552 4752  mshidkmdf - ok
11:53:45.0562 4752  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:53:45.0562 4752  msisadrv - ok
11:53:45.0592 4752  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:53:45.0592 4752  MSiSCSI - ok
11:53:45.0592 4752  msiserver - ok
11:53:45.0612 4752  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:53:45.0612 4752  MSKSSRV - ok
11:53:45.0622 4752  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:53:45.0622 4752  MSPCLOCK - ok
11:53:45.0632 4752  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:53:45.0632 4752  MSPQM - ok
11:53:45.0662 4752  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:53:45.0662 4752  MsRPC - ok
11:53:45.0682 4752  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:53:45.0682 4752  mssmbios - ok
11:53:45.0742 4752  MSSQLSERVER - ok
11:53:45.0792 4752  [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
11:53:45.0792 4752  MSSQLServerADHelper100 - ok
11:53:45.0812 4752  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:53:45.0812 4752  MSTEE - ok
11:53:45.0822 4752  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:53:45.0822 4752  MTConfig - ok
11:53:45.0842 4752  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:53:45.0842 4752  Mup - ok
11:53:45.0862 4752  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:53:45.0872 4752  napagent - ok
11:53:45.0892 4752  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:53:45.0902 4752  NativeWifiP - ok
11:53:45.0942 4752  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:53:45.0952 4752  NDIS - ok
11:53:45.0972 4752  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:53:45.0972 4752  NdisCap - ok
11:53:45.0982 4752  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:53:45.0992 4752  NdisTapi - ok
11:53:46.0002 4752  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:53:46.0002 4752  Ndisuio - ok
11:53:46.0022 4752  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:53:46.0022 4752  NdisWan - ok
11:53:46.0032 4752  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:53:46.0032 4752  NDProxy - ok
11:53:46.0052 4752  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:53:46.0052 4752  NetBIOS - ok
11:53:46.0072 4752  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:53:46.0072 4752  NetBT - ok
11:53:46.0082 4752  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:53:46.0082 4752  Netlogon - ok
11:53:46.0122 4752  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:53:46.0132 4752  Netman - ok
11:53:46.0162 4752  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:53:46.0162 4752  NetMsmqActivator - ok
11:53:46.0172 4752  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:53:46.0172 4752  NetPipeActivator - ok
11:53:46.0192 4752  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:53:46.0192 4752  netprofm - ok
11:53:46.0202 4752  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:53:46.0202 4752  NetTcpActivator - ok
11:53:46.0212 4752  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:53:46.0212 4752  NetTcpPortSharing - ok
11:53:46.0242 4752  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:53:46.0252 4752  nfrd960 - ok
11:53:46.0272 4752  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:53:46.0282 4752  NlaSvc - ok
11:53:46.0302 4752  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:53:46.0302 4752  Npfs - ok
11:53:46.0312 4752  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:53:46.0312 4752  nsi - ok
11:53:46.0332 4752  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:53:46.0332 4752  nsiproxy - ok
11:53:46.0392 4752  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:53:46.0412 4752  Ntfs - ok
11:53:46.0432 4752  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:53:46.0432 4752  Null - ok
11:53:46.0462 4752  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:53:46.0462 4752  nvraid - ok
11:53:46.0492 4752  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:53:46.0492 4752  nvstor - ok
11:53:46.0532 4752  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:53:46.0532 4752  nv_agp - ok
11:53:46.0562 4752  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:53:46.0562 4752  ohci1394 - ok
11:53:46.0622 4752  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:53:46.0622 4752  ose - ok
11:53:46.0652 4752  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:53:46.0662 4752  p2pimsvc - ok
11:53:46.0692 4752  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:53:46.0702 4752  p2psvc - ok
11:53:46.0712 4752  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:53:46.0722 4752  Parport - ok
11:53:46.0742 4752  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:53:46.0742 4752  partmgr - ok
11:53:46.0752 4752  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:53:46.0752 4752  pci - ok
11:53:46.0772 4752  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:53:46.0772 4752  pciide - ok
11:53:46.0792 4752  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:53:46.0792 4752  pcmcia - ok
11:53:46.0802 4752  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:53:46.0802 4752  pcw - ok
11:53:46.0822 4752  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:53:46.0822 4752  PEAUTH - ok
11:53:46.0852 4752  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:53:46.0872 4752  PeerDistSvc - ok
11:53:46.0942 4752  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:53:46.0942 4752  PerfHost - ok
11:53:47.0002 4752  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:53:47.0022 4752  pla - ok
11:53:47.0072 4752  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:53:47.0082 4752  PlugPlay - ok
11:53:47.0092 4752  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:53:47.0092 4752  PNRPAutoReg - ok
11:53:47.0112 4752  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:53:47.0122 4752  PNRPsvc - ok
11:53:47.0152 4752  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:53:47.0152 4752  Power - ok
11:53:47.0172 4752  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:53:47.0172 4752  PptpMiniport - ok
11:53:47.0172 4752  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:53:47.0182 4752  Processor - ok
11:53:47.0212 4752  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:53:47.0212 4752  ProfSvc - ok
11:53:47.0232 4752  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:53:47.0232 4752  ProtectedStorage - ok
11:53:47.0242 4752  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:53:47.0242 4752  Psched - ok
11:53:47.0322 4752  [ D04E7F0671AC569A38525C6F04D96E18 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:53:47.0322 4752  QBCFMonitorService - ok
11:53:47.0382 4752  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:53:47.0382 4752  QBFCService - ok
11:53:47.0452 4752  [ A0EC711150D3E41539FE0542F7954341 ] QBVSS           C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
11:53:47.0462 4752  QBVSS - ok
11:53:47.0512 4752  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:53:47.0522 4752  ql2300 - ok
11:53:47.0562 4752  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:53:47.0562 4752  ql40xx - ok
11:53:47.0582 4752  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:53:47.0592 4752  QWAVE - ok
11:53:47.0592 4752  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:53:47.0592 4752  QWAVEdrv - ok
11:53:47.0612 4752  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:53:47.0612 4752  RasAcd - ok
11:53:47.0622 4752  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:53:47.0622 4752  RasAgileVpn - ok
11:53:47.0642 4752  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:53:47.0642 4752  RasAuto - ok
11:53:47.0652 4752  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:53:47.0652 4752  Rasl2tp - ok
11:53:47.0662 4752  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:53:47.0672 4752  RasMan - ok
11:53:47.0682 4752  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:53:47.0682 4752  RasPppoe - ok
11:53:47.0692 4752  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:53:47.0702 4752  RasSstp - ok
11:53:47.0722 4752  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:53:47.0722 4752  rdbss - ok
11:53:47.0742 4752  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:53:47.0742 4752  rdpbus - ok
11:53:47.0752 4752  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:53:47.0752 4752  RDPCDD - ok
11:53:47.0772 4752  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:53:47.0772 4752  RDPDR - ok
11:53:47.0792 4752  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:53:47.0792 4752  RDPENCDD - ok
11:53:47.0802 4752  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:53:47.0802 4752  RDPREFMP - ok
11:53:47.0832 4752  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:53:47.0832 4752  RDPWD - ok
11:53:47.0852 4752  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:53:47.0912 4752  rdyboost - ok
11:53:47.0932 4752  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:53:47.0942 4752  RemoteRegistry - ok
11:53:47.0952 4752  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:53:47.0962 4752  RpcEptMapper - ok
11:53:47.0972 4752  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:53:47.0972 4752  RpcLocator - ok
11:53:47.0982 4752  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:53:47.0992 4752  RpcSs - ok
11:53:48.0022 4752  [ C606C5F712A3761896CEFFA4AF6B1268 ] RsFx0151        C:\Windows\system32\DRIVERS\RsFx0151.sys
11:53:48.0022 4752  RsFx0151 - ok
11:53:48.0032 4752  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:53:48.0032 4752  rspndr - ok
11:53:48.0062 4752  [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:53:48.0062 4752  RTL8167 - ok
11:53:48.0082 4752  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:53:48.0082 4752  s3cap - ok
11:53:48.0092 4752  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:53:48.0092 4752  SamSs - ok
11:53:48.0112 4752  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:53:48.0112 4752  sbp2port - ok
11:53:48.0132 4752  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:53:48.0132 4752  SCardSvr - ok
11:53:48.0142 4752  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:53:48.0142 4752  scfilter - ok
11:53:48.0172 4752  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:53:48.0182 4752  Schedule - ok
11:53:48.0192 4752  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:53:48.0192 4752  SCPolicySvc - ok
11:53:48.0202 4752  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:53:48.0212 4752  SDRSVC - ok
11:53:48.0232 4752  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:53:48.0232 4752  secdrv - ok
11:53:48.0232 4752  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:53:48.0232 4752  seclogon - ok
11:53:48.0262 4752  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:53:48.0262 4752  SENS - ok
11:53:48.0272 4752  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:53:48.0272 4752  SensrSvc - ok
11:53:48.0282 4752  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:53:48.0282 4752  Serenum - ok
11:53:48.0292 4752  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:53:48.0292 4752  Serial - ok
11:53:48.0302 4752  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:53:48.0302 4752  sermouse - ok
11:53:48.0322 4752  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:53:48.0332 4752  SessionEnv - ok
11:53:48.0342 4752  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:53:48.0342 4752  sffdisk - ok
11:53:48.0352 4752  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:53:48.0352 4752  sffp_mmc - ok
11:53:48.0352 4752  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:53:48.0352 4752  sffp_sd - ok
11:53:48.0362 4752  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:53:48.0372 4752  sfloppy - ok
11:53:48.0382 4752  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:53:48.0392 4752  ShellHWDetection - ok
11:53:48.0412 4752  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:53:48.0412 4752  SiSRaid2 - ok
11:53:48.0432 4752  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:53:48.0432 4752  SiSRaid4 - ok
11:53:48.0552 4752  [ B9F101C40A8631B20778B46D1A6F6DAF ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:53:48.0562 4752  Skype C2C Service - ok
11:53:48.0642 4752  [ 9CD1BB2DB803B6AC642BD643DDB773BC ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:53:48.0652 4752  SkypeUpdate - ok
11:53:48.0672 4752  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:53:48.0672 4752  Smb - ok
11:53:48.0712 4752  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:53:48.0712 4752  SNMPTRAP - ok
11:53:48.0712 4752  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:53:48.0712 4752  spldr - ok
11:53:48.0742 4752  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:53:48.0752 4752  Spooler - ok
11:53:48.0822 4752  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:53:48.0882 4752  sppsvc - ok
11:53:48.0892 4752  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:53:48.0892 4752  sppuinotify - ok
11:53:48.0932 4752  [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:53:48.0942 4752  SQLBrowser - ok
11:53:48.0972 4752  [ 3420E0482AD95120B471B7328A8D7D08 ] SQLSERVERAGENT  c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
11:53:48.0982 4752  SQLSERVERAGENT - ok
11:53:48.0992 4752  [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:53:49.0002 4752  SQLWriter - ok
11:53:49.0033 4752  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:53:49.0033 4752  srv - ok
11:53:49.0043 4752  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:53:49.0053 4752  srv2 - ok
11:53:49.0093 4752  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:53:49.0103 4752  srvnet - ok
11:53:49.0123 4752  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:53:49.0123 4752  SSDPSRV - ok
11:53:49.0143 4752  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:53:49.0143 4752  SstpSvc - ok
11:53:49.0153 4752  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:53:49.0153 4752  stexstor - ok
11:53:49.0183 4752  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:53:49.0193 4752  stisvc - ok
11:53:49.0213 4752  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:53:49.0213 4752  storflt - ok
11:53:49.0243 4752  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
11:53:49.0253 4752  StorSvc - ok
11:53:49.0283 4752  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:53:49.0283 4752  storvsc - ok
11:53:49.0313 4752  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:53:49.0313 4752  swenum - ok
11:53:49.0333 4752  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:53:49.0343 4752  swprv - ok
11:53:49.0373 4752  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:53:49.0403 4752  SysMain - ok
11:53:49.0423 4752  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:53:49.0433 4752  TabletInputService - ok
11:53:49.0443 4752  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:53:49.0453 4752  TapiSrv - ok
11:53:49.0453 4752  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:53:49.0463 4752  TBS - ok
11:53:49.0503 4752  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:53:49.0533 4752  Tcpip - ok
11:53:49.0563 4752  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:53:49.0573 4752  TCPIP6 - ok
11:53:49.0593 4752  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:53:49.0593 4752  tcpipreg - ok
11:53:49.0613 4752  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:53:49.0613 4752  TDPIPE - ok
11:53:49.0633 4752  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:53:49.0633 4752  TDTCP - ok
11:53:49.0653 4752  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:53:49.0653 4752  tdx - ok
11:53:49.0673 4752  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:53:49.0673 4752  TermDD - ok
11:53:49.0683 4752  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:53:49.0693 4752  TermService - ok
11:53:49.0703 4752  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:53:49.0713 4752  Themes - ok
11:53:49.0733 4752  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:53:49.0733 4752  THREADORDER - ok
11:53:49.0743 4752  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:53:49.0753 4752  TrkWks - ok
11:53:49.0793 4752  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:53:49.0793 4752  TrustedInstaller - ok
11:53:49.0823 4752  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:53:49.0823 4752  tssecsrv - ok
11:53:49.0833 4752  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:53:49.0833 4752  TsUsbFlt - ok
11:53:49.0863 4752  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:53:49.0863 4752  TsUsbGD - ok
11:53:49.0873 4752  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:53:49.0873 4752  tunnel - ok
11:53:49.0883 4752  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:53:49.0883 4752  uagp35 - ok
11:53:49.0903 4752  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:53:49.0913 4752  udfs - ok
11:53:49.0933 4752  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:53:49.0933 4752  UI0Detect - ok
11:53:49.0953 4752  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:53:49.0963 4752  uliagpkx - ok
11:53:49.0973 4752  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:53:49.0973 4752  umbus - ok
11:53:49.0993 4752  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:53:49.0993 4752  UmPass - ok
11:53:50.0013 4752  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
11:53:50.0013 4752  UmRdpService - ok
11:53:50.0043 4752  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:53:50.0053 4752  UMVPFSrv - ok
11:53:50.0073 4752  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:53:50.0073 4752  upnphost - ok
11:53:50.0103 4752  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:53:50.0103 4752  USBAAPL64 - ok
11:53:50.0153 4752  [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:53:50.0153 4752  usbaudio - ok
11:53:50.0183 4752  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
11:53:50.0193 4752  usbccgp - ok
11:53:50.0243 4752  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:53:50.0253 4752  usbcir - ok
11:53:50.0283 4752  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:53:50.0293 4752  usbehci - ok
11:53:50.0313 4752  [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
11:53:50.0313 4752  usbfilter - ok
11:53:50.0343 4752  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:53:50.0353 4752  usbhub - ok
11:53:50.0363 4752  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:53:50.0363 4752  usbohci - ok
11:53:50.0383 4752  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
11:53:50.0383 4752  usbprint - ok
11:53:50.0413 4752  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
11:53:50.0413 4752  USBSTOR - ok
11:53:50.0433 4752  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:53:50.0433 4752  usbuhci - ok
11:53:50.0463 4752  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:53:50.0463 4752  usbvideo - ok
11:53:50.0473 4752  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:53:50.0473 4752  UxSms - ok
11:53:50.0483 4752  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:53:50.0483 4752  VaultSvc - ok
11:53:50.0503 4752  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:53:50.0503 4752  vdrvroot - ok
11:53:50.0513 4752  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:53:50.0523 4752  vds - ok
11:53:50.0553 4752  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:53:50.0553 4752  vga - ok
11:53:50.0563 4752  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:53:50.0563 4752  VgaSave - ok
11:53:50.0573 4752  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:53:50.0573 4752  vhdmp - ok
11:53:50.0593 4752  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:53:50.0593 4752  viaide - ok
11:53:50.0613 4752  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:53:50.0613 4752  vmbus - ok
11:53:50.0633 4752  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:53:50.0633 4752  VMBusHID - ok
11:53:50.0643 4752  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:53:50.0643 4752  volmgr - ok
11:53:50.0663 4752  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:53:50.0663 4752  volmgrx - ok
11:53:50.0673 4752  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:53:50.0673 4752  volsnap - ok
11:53:50.0693 4752  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:53:50.0693 4752  vsmraid - ok
11:53:50.0723 4752  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:53:50.0753 4752  VSS - ok
11:53:50.0783 4752  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:53:50.0783 4752  vwifibus - ok
11:53:50.0803 4752  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:53:50.0813 4752  W32Time - ok
11:53:50.0833 4752  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:53:50.0833 4752  WacomPen - ok
11:53:50.0853 4752  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:53:50.0853 4752  WANARP - ok
11:53:50.0853 4752  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:53:50.0853 4752  Wanarpv6 - ok
11:53:50.0903 4752  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:53:50.0913 4752  WatAdminSvc - ok
11:53:50.0933 4752  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:53:50.0953 4752  wbengine - ok
11:53:50.0963 4752  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:53:50.0973 4752  WbioSrvc - ok
11:53:50.0983 4752  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:53:50.0983 4752  wcncsvc - ok
11:53:51.0003 4752  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:53:51.0003 4752  WcsPlugInService - ok
11:53:51.0023 4752  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:53:51.0023 4752  Wd - ok
11:53:51.0043 4752  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:53:51.0053 4752  Wdf01000 - ok
11:53:51.0063 4752  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:53:51.0063 4752  WdiServiceHost - ok
11:53:51.0073 4752  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:53:51.0073 4752  WdiSystemHost - ok
11:53:51.0103 4752  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
11:53:51.0103 4752  WebClient - ok
11:53:51.0113 4752  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:53:51.0123 4752  Wecsvc - ok
11:53:51.0133 4752  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:53:51.0133 4752  wercplsupport - ok
11:53:51.0163 4752  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:53:51.0163 4752  WerSvc - ok
11:53:51.0183 4752  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:53:51.0183 4752  WfpLwf - ok
11:53:51.0193 4752  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:53:51.0193 4752  WIMMount - ok
11:53:51.0203 4752  WinHttpAutoProxySvc - ok
11:53:51.0243 4752  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:53:51.0243 4752  Winmgmt - ok
11:53:51.0313 4752  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:53:51.0363 4752  WinRM - ok
11:53:51.0393 4752  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:53:51.0403 4752  WinUsb - ok
11:53:51.0423 4752  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:53:51.0433 4752  Wlansvc - ok
11:53:51.0453 4752  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:53:51.0463 4752  WmiAcpi - ok
11:53:51.0483 4752  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:53:51.0483 4752  wmiApSrv - ok
11:53:51.0503 4752  WMPNetworkSvc - ok
11:53:51.0523 4752  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:53:51.0523 4752  WPCSvc - ok
11:53:51.0533 4752  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:53:51.0533 4752  WPDBusEnum - ok
11:53:51.0543 4752  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:53:51.0543 4752  ws2ifsl - ok
11:53:51.0563 4752  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:53:51.0563 4752  wscsvc - ok
11:53:51.0563 4752  WSearch - ok
11:53:51.0643 4752  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:53:51.0683 4752  wuauserv - ok
11:53:51.0703 4752  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:53:51.0713 4752  WudfPf - ok
11:53:51.0733 4752  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:53:51.0733 4752  WUDFRd - ok
11:53:51.0753 4752  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:53:51.0753 4752  wudfsvc - ok
11:53:51.0783 4752  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:53:51.0783 4752  WwanSvc - ok
11:53:51.0843 4752  __FOX__UNI_DRIVER__ - ok
11:53:51.0863 4752  ================ Scan global ===============================
11:53:51.0883 4752  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:53:51.0913 4752  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
11:53:51.0923 4752  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
11:53:51.0943 4752  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:53:51.0973 4752  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:53:51.0973 4752  [Global] - ok
11:53:51.0973 4752  ================ Scan MBR ==================================
11:53:51.0983 4752  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:53:52.0163 4752  \Device\Harddisk0\DR0 - ok
11:53:52.0163 4752  ================ Scan VBR ==================================
11:53:52.0163 4752  [ EA6448E62135AC471685D5BA5CF1FB45 ] \Device\Harddisk0\DR0\Partition1
11:53:52.0163 4752  \Device\Harddisk0\DR0\Partition1 - ok
11:53:52.0183 4752  [ 0B11A895E371E7BE767A0F73B8A6DE62 ] \Device\Harddisk0\DR0\Partition2
11:53:52.0183 4752  \Device\Harddisk0\DR0\Partition2 - ok
11:53:52.0183 4752  ============================================================
11:53:52.0183 4752  Scan finished
11:53:52.0183 4752  ============================================================
11:53:52.0193 5056  Detected object count: 0
11:53:52.0193 5056  Actual detected object count: 0
11:54:01.0024 4228  Deinitialize success
 
I also scanned with Malwarebytes Anti-Rootkit as you instructed.  The log mbar-log-2013-11-06 (11-55-57).txt is attached.
 

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 07 November 2013 - 03:24 AM

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 milon

milon
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 07 November 2013 - 12:30 PM

I scanned with mbar.exe and it found 9 malware items.  I chose CleanUp, and rebooted, then I scanned again.  This time, mbar.exe found 0 malware items!  I've attached both mbar.exe logs for you.

 

EDIT - Oops!  Forgot to update you on machine behavior.  Security Center, Windows Defender, and Windows Firewall all seem to be restored to normal function.  The Security Center was set to not monitor anything, show I turned on everything I wanted it to monitor.

Attached Files


Edited by milon, 07 November 2013 - 12:35 PM.


#8 milon

milon
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 07 November 2013 - 12:52 PM

Addendum to my last post:  Everything on the server is functioning fine, but all other computers have lost access to the server data.  I'm currently trying to diagnose & fix it.  Do you know of anything in mbar that would interrupt network access?  The server does have internet access, its IP address is correct on the router, and I can access it via LogMeIn.


Edited by milon, 07 November 2013 - 12:53 PM.


#9 milon

milon
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 07 November 2013 - 01:15 PM

Solved it.  Windows Firewall was the culprit.  I had to re-add some rules for our software.

 

Thanks for your help, Marius!  Let me know if there are any more steps to take.



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 08 November 2013 - 02:27 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If the program is already installed:
    • Run Malwarebytes Antimalware
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Post that log back here.
    Scan with Farbar´s Service Scanner

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 milon

milon
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 08 November 2013 - 10:24 AM

Malwarebytes Anti-Malware scan log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.08.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
IR :: SERVERIR [administrator]
 
11/8/2013 9:40:57 AM
mbam-log-2013-11-08 (09-40-57).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394923
Time elapsed: 31 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
Farbar's Service Scanner log:
Farbar Service Scanner Version: 24-10-2013
Ran by IR (administrator) on 08-11-2013 at 10:17:03
Running from "C:\Drivers"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
 
Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
 
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-01 11:46] - [2013-09-13 20:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-01 11:46] - [2013-09-07 21:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 11 November 2013 - 03:08 AM

Regfix
 
Please download these two files and save them to your desktop:

 

http://download.bleepingcomputer.com/win-services/7/RemoteAccess.reg

http://download.bleepingcomputer.com/win-services/7/PolicyAgent.reg

 

Run RemoteAccess.reg and confirm the messages to merge the information into the registry.

Repeat this procedure with PolicyAgent.reg, then reboot and post up a new FSS log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 milon

milon
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 11 November 2013 - 01:25 PM

I applied the two .reg files to the computer and re-ran FSS.  Here's the new log:
 
 
Farbar Service Scanner Version: 24-10-2013
Ran by IR (administrator) on 11-11-2013 at 13:23:17
Running from "C:\Drivers"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-01 11:46] - [2013-09-13 20:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-01 11:46] - [2013-09-07 21:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 12 November 2013 - 08:06 AM

Fine, the services are restored.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 15 November 2013 - 04:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users