TechSpot

[A] Complex issues, I think HP and Microsoft support made it worse :(

Inactive
By Agreed88
Nov 15, 2012
Topic Status:
Not open for further replies.
  1. Long story short here, I've been having several issues with my laptop over the past few weeks, neither HP nor microsoft have been able to really fix the issue. The problem is actually slightly worse now than it was before, mostly for other reasons.

    My primary issue was, anytime I play any form of game or do something some forms of video/audio I get lag spikes that persist for about 10-15 seconds then go away. During the period of time, the program itself will spike extremely high in CPU performance, have a wait-chain for LocalServiceRestricted which will also have a waitchain for audiodx.exe . This prompted HP to have me nuke the majority of both my audio and video drivers, and do a set of restores.

    Edit: I appologize about the multiple posts, the large text amount was causing the server to deny the posts, so I had to break it up into smaller chunks. MSE did not however produce a log, if anyone can inform me on how to pull that I'd be more than happy to post that as well.
  2. Agreed88

    Agreed88 TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-11-15 23:16:22
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\37f7b81f92588e55.sys (*** hidden *** ) [BOOT] 37f7b81f92588e55 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----




    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_32
    Run by Agreed at 23:17:01 on 2012-11-15
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.2208 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\4586F6D637F6E6 : DHCPNameServer = 192.168.1.1 192.168.2.1
    TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\9647473616D6075737 : DHCPNameServer = 10.89.110.11 192.168.110.13 192.168.110.10
    TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\C6F636B6F6E663039333 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\D42405E413 : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 genuine.microsoft.com
    Hosts: 127.0.0.1 mpa.one.microsoft.com
    Hosts: 127.0.0.1 sls.microsoft.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Agreed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-09-27 00:12; facebook@disconnect.me; C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\facebook@disconnect.me.xpi
    FF - ExtSQL: 2012-09-27 00:19; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    FF - ExtSQL: 2012-11-13 11:28; {1519200d-6633-40c9-a9a1-d60d8d1d0479}; C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-18 283200]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-15 89600]
    R2 syshost32;syshost32;"C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe" /service --> C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe [?]
    R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2012-6-20 20752]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-15 26168]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    S1 egilntau;egilntau;C:\Windows\System32\drivers\egilntau.sys [2012-11-15 49872]
    S2 FTSvc;Fantapper Player Update Service;"C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe" --> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [?]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-20 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
    S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-23 193840]
    S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
    S4 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-23 365952]
    S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S4 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-24 296320]
    S4 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-24 116096]
    S4 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
    S4 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
    S4 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
    S4 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-5-19 628624]
    .
    =============== Created Last 30 ================
    .
    2012-11-16 04:09:21 49872 ----a-w- C:\Windows\System32\drivers\egilntau.sys
    2012-11-16 03:56:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AC82C08-3E82-4CD7-8C87-78224C0CD925}\offreg.dll
    2012-11-16 03:33:31 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AC82C08-3E82-4CD7-8C87-78224C0CD925}\mpengine.dll
    2012-11-16 03:25:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-11-16 03:24:52 -------- d-----w- C:\8dbcef58daa4e5501b55c33dbcd6
    2012-11-16 03:15:37 -------- d-----w- C:\ProgramData\RegCure
    2012-11-16 03:08:02 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
    2012-11-16 03:08:02 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
    2012-11-16 03:08:02 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
    2012-11-16 03:08:02 4642816 ----a-w- C:\Windows\System32\stlang64.dll
    2012-11-16 03:08:02 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
    2012-11-16 03:08:02 162304 ----a-w- C:\Windows\System32\AESTAC64.dll
    2012-11-16 03:08:02 13170176 ----a-w- C:\Windows\System32\idtcpl64.cpl
    2012-11-16 03:08:02 1128448 ----a-w- C:\Windows\sttray64.exe
    2012-11-15 07:41:18 -------- d-----w- C:\Program Files\IDT
    2012-11-15 07:17:09 521728 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
    2012-11-15 07:17:08 652288 ------w- C:\Windows\System32\stapi64.dll
    2012-11-15 07:17:08 431616 ----a-w- C:\Windows\System32\stcplx64.dll
    2012-11-15 07:17:08 220160 ----a-w- C:\Windows\System32\staco64.dll
    2012-11-15 07:17:08 1500672 ----a-w- C:\Windows\System32\stapo64.dll
    2012-11-15 07:13:06 -------- d-----w- C:\Users\Agreed\AppData\Roaming\WinBatch
    2012-11-15 07:06:13 -------- d-----w- C:\Users\Agreed\AppData\Roaming\ParetoLogic
    2012-11-15 07:06:13 -------- d-----w- C:\Users\Agreed\AppData\Roaming\DriverCure
    2012-11-15 07:05:59 -------- d-----w- C:\ProgramData\ParetoLogic
    2012-11-15 07:05:59 -------- d-----w- C:\Program Files (x86)\ParetoLogic
    2012-11-15 07:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
    2012-11-15 06:49:20 -------- d-----w- C:\Program Files (x86)\Hp
    2012-11-15 06:49:10 -------- d-----w- C:\Windows\Hewlett-Packard
    2012-11-15 05:49:57 -------- d-----w- C:\Windows\pss
    2012-11-15 05:08:37 -------- d-----w- C:\Program Files (x86)\DriverFinder
    2012-11-15 05:08:14 -------- d-----w- C:\Users\Agreed\AppData\Roaming\DriverFinder
    2012-11-11 17:12:32 -------- d-----w- C:\Users\Agreed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    2012-11-11 17:10:37 -------- d-----w- C:\Users\Agreed\AppData\Local\Htc
    2012-11-11 17:09:32 -------- d-----w- C:\Users\Agreed\AppData\Roaming\HTC
    2012-11-11 17:05:08 -------- d-----w- C:\Program Files (x86)\HTC
    2012-10-30 04:48:47 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2012-10-30 04:44:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-10-27 03:37:48 -------- d-----w- C:\Users\Agreed\AppData\Roaming\HpUpdate
    2012-10-24 14:39:17 -------- d-----w- C:\Users\Agreed\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-24 14:39:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-10-24 14:39:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-10-21 02:45:13 -------- d-sh--w- C:\found.000
    2012-10-20 04:27:07 -------- d-----w- C:\ProgramData\SecTaskMan
    .
    ==================== Find3M ====================
    .
    2012-09-03 14:28:33 59904 ----a-w- C:\Windows\SysWow64\zlib1.dll
    2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 14:07:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-21 14:07:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
    .
    ============= FINISH: 23:17:24.09 ===============
  3. Agreed88

    Agreed88 TS Rookie Topic Starter

  4. Agreed88

    Agreed88 TS Rookie Topic Starter

  5. Agreed88

    Agreed88 TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.16.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Agreed :: AGREED [administrator]

    11/15/2012 11:23:12 PM
    mbam-log-2012-11-15 (23-23-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238401
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Detected: 1
    c:\windows\installer\{2ce9860a-9785-9e5c-f2f6-4787d090af99}\syshost.exe (Trojan.Agent) -> 1544 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 11
    HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
    HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
    HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32 (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\syshost32|ImagePath (Trojan.Agent) -> Data: "C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe" /service -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
    c:\windows\syshost.exe (Trojan.Downloader) -> Delete on reboot.
    c:\users\agreed\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
    c:\users\not agreed\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
    c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
    c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
    c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
    c:\windows\installer\{2ce9860a-9785-9e5c-f2f6-4787d090af99}\syshost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  6. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    I still need Attach.txt part of DDS.

    =====================================

    Some items in MBAM log are marked "No action taken".
    Re-run it, fix ALL issues and post new log.

    ====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. Agreed88

    Agreed88 TS Rookie Topic Starter

    01:19:20.0029 2444 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    01:19:20.0329 2444 ============================================================
    01:19:20.0329 2444 Current date / time: 2012/11/16 01:19:20.0329
    01:19:20.0329 2444 SystemInfo:
    01:19:20.0329 2444
    01:19:20.0329 2444 OS Version: 6.1.7601 ServicePack: 1.0
    01:19:20.0329 2444 Product type: Workstation
    01:19:20.0329 2444 ComputerName: AGREED
    01:19:20.0329 2444 UserName: Agreed
    01:19:20.0329 2444 Windows directory: C:\Windows
    01:19:20.0329 2444 System windows directory: C:\Windows
    01:19:20.0329 2444 Running under WOW64
    01:19:20.0329 2444 Processor architecture: Intel x64
    01:19:20.0329 2444 Number of processors: 2
    01:19:20.0329 2444 Page size: 0x1000
    01:19:20.0329 2444 Boot type: Normal boot
    01:19:20.0329 2444 ============================================================
    01:19:22.0859 2444 Raw registry subsystem init failed!
    01:19:23.0059 2444 !crdlk
    01:19:23.0069 2444 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
    01:19:23.0109 2444 ============================================================
    01:19:23.0119 2444 \Device\Harddisk0\DR0:
    01:19:23.0119 2444 MBR partitions:
    01:19:23.0119 2444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
    01:19:23.0119 2444 ============================================================
    01:19:23.0129 2444 C: <-> \Device\Harddisk0\DR0\Partition1
    01:19:23.0129 2444 ============================================================
    01:19:23.0129 2444 Initialize success
    01:19:23.0129 2444 ============================================================







    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/19/2012 5:56:43 PM
    System Uptime: 11/15/2012 6:58:26 PM (5 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30FC
    Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-74 | Socket M2/S1G1 | 2200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 182.83 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Symantec Eraser Control driver
    Device ID: ROOT\LEGACY_EECTRL\0000
    Manufacturer:
    Name: Symantec Eraser Control driver
    PNP Device ID: ROOT\LEGACY_EECTRL\0000
    Service: eeCtrl
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: IDT High Definition Audio CODEC
    Device ID: HDAUDIO\FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C3625&REV_1003\4&2F0A96A8&0&0001
    Manufacturer: IDT
    Name: IDT High Definition Audio CODEC
    PNP Device ID: HDAUDIO\FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C3625&REV_1003\4&2F0A96A8&0&0001
    Service: STHDA
    .
    ==== System Restore Points ===================
    .
    RP63: 10/13/2012 3:51:24 PM - ComboFix created restore point
    RP64: 10/17/2012 1:12:47 AM - Windows Update
    RP65: 10/17/2012 3:00:20 AM - Windows Update
    RP66: 10/18/2012 5:57:45 PM - Removed Skype Click to Call
    RP67: 10/18/2012 5:58:36 PM - Removed Adobe Reader 9.
    RP68: 10/18/2012 6:40:11 PM - Removed Java(TM) 6 Update 7
    RP69: 10/18/2012 6:41:13 PM - Removed Java(TM) 6 Update 32
    RP70: 10/18/2012 6:55:15 PM - Restore Operation
    RP71: 10/19/2012 9:40:44 AM - Windows Update
    RP72: 10/19/2012 3:55:06 PM - Restore Operation
    RP73: 10/19/2012 4:09:01 PM - Windows Update
    RP74: 10/20/2012 3:00:18 AM - Windows Update
    RP75: 10/20/2012 3:57:02 PM - Removed Slingbox - Watch Your TV Anywhere
    RP76: 10/20/2012 4:01:53 PM - Configured SlingPlayer
    RP77: 10/20/2012 4:03:13 PM - Removed Java(TM) 6 Update 32
    RP78: 10/20/2012 4:04:25 PM - Removed Java(TM) 6 Update 7
    RP79: 10/21/2012 2:08:06 PM - Windows Update
    RP80: 10/21/2012 2:22:08 PM - Removed Skype Click to Call
    RP81: 10/27/2012 12:38:30 AM - Windows Update
    RP82: 10/28/2012 11:18:33 PM - Removed Adobe Reader 9.
    RP83: 10/29/2012 10:41:20 PM - Removed Facebook Video Calling 1.2.0.287
    RP84: 10/29/2012 11:27:41 PM - Removed NetZero Preloader
    RP85: 10/29/2012 11:30:58 PM - Removed League of Legends
    RP86: 11/8/2012 3:24:58 AM - Scheduled Checkpoint
    RP87: 11/11/2012 12:06:44 PM - Installed HTC Sync.
    RP88: 11/13/2012 2:21:36 PM - Restore Operation
    RP89: 11/14/2012 10:47:44 PM - Removed IDT Audio
    RP90: 11/15/2012 2:20:04 AM - Installed IDT Audio
    RP91: 11/15/2012 2:43:20 AM - Configured IDT Audio
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    7-Zip 9.20 (x64 edition)
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    Agere Systems HDA Modem
    AMD USB Audio Driver Filter
    ASPCA Reminder by We-Care.com v4.0.19.1
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    BitTorrent
    BitTorrentBar Toolbar
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compact Wireless-G USB Network Adapter with SpeedBooster
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    DAEMON Tools Lite
    DriverFinder
    EasyTether
    ESU for Microsoft Vista
    Facebook Video Calling 1.2.0.159
    Google Chrome
    Google Update Helper
    Grandia2
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart TV
    HP MediaSmart Webcam
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Update
    HP User Guides 0129
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPTCSSetup
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 32
    Java(TM) 6 Update 7
    JMicron JMB38X Flash Media Controller
    Juno Preloader
    LabelPrint
    League of Legends
    Linksys Wireless-G USB Network Adapter
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    NetLab for Win95/NT
    NetZero Preloader
    PakkISO 0.4
    Pando Media Booster
    ParetoLogic PC Health Advisor
    Pokemon Online 1.0.53
    Power2Go
    PowerDirector
    ProtectSmart Hard Drive Protection
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    RegCure
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skins
    Skype Click to Call
    Skype™ 5.10
    Slingbox - Watch Your TV Anywhere
    SlingPlayer
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Ventrilo Client for Windows x64
    Vid-Saver
    Visual Studio 2010 x64 Redistributables
    WD SmartWare
    WinZip System Utilities Suite
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/8/2012 6:27:54 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
    11/15/2012 6:59:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
    11/15/2012 6:59:02 PM, Error: Service Control Manager [7000] - The Fantapper Player Update Service service failed to start due to the following error: The system cannot find the file specified.
    11/15/2012 6:59:01 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
    11/15/2012 6:58:51 PM, Error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the file specified.
    11/15/2012 6:58:49 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    11/15/2012 6:58:49 PM, Error: atikmdag [43029] - Display is not active
    11/15/2012 6:58:30 PM, Error: hpdskflt [1001] -
    11/15/2012 6:50:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.
    11/15/2012 6:50:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.
    11/15/2012 6:50:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0x80070505'. If possible, reinstall Windows Media Player.
    11/15/2012 6:48:31 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: Access is denied.
    11/15/2012 6:47:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc00002e3 (0xfffff8a0028ad680, 0xffffffffc0000189, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-25053-01.
    11/15/2012 11:09:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Necurs.A&threatid=2147645812 Name: Trojan:Win64/Necurs.A ID: 2147645812 Severity: Severe Category: Trojan Path: file:_C:\Windows\system32\drivers\37f7b81f92588e55.sys;hiddendriver:_37f7b81f92588e55;hiddenfile:_C:\Windows\System32\Drivers\37f7b81f92588e55.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: AGREED\Agreed Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.139.2199.0, AS: 1.139.2199.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8904.0, NIS: 0.0.0.0
    11/15/2012 11:09:21 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Necurs.A&threatid=2147645812 Name: Trojan:Win64/Necurs.A ID: 2147645812 Severity: Severe Category: Trojan Path: file:_C:\Windows\system32\drivers\37f7b81f92588e55.sys;hiddendriver:_37f7b81f92588e55;hiddenfile:_C:\Windows\System32\Drivers\37f7b81f92588e55.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: AGREED\Agreed Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.139.2199.0, AS: 1.139.2199.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8904.0, NIS: 0.0.0.0
    11/15/2012 10:35:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
    11/15/2012 10:35:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
    11/15/2012 10:35:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
    11/15/2012 10:35:11 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: A device attached to the system is not functioning.
    11/15/2012 10:35:11 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection System service failed to start due to the following error: A device attached to the system is not functioning.
    11/15/2012 10:35:11 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: AGREED\Agreed Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    11/15/2012 10:35:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: AGREED\Agreed Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    11/15/2012 10:35:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2199.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: AGREED\Agreed Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    11/15/2012 10:35:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2199.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: AGREED\Agreed Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    11/15/2012 10:33:55 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    11/15/2012 10:33:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2199.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    11/15/2012 10:33:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/15/2012 10:26:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/15/2012 10:25:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/14/2012 12:16:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
    11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/14/2012 11:50:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    11/13/2012 8:47:25 PM, Error: Service Control Manager [7034] - The syshost32 service terminated unexpectedly. It has done this 1 time(s).
    11/13/2012 8:46:43 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    11/13/2012 8:45:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.
    11/13/2012 8:45:17 PM, Error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2012 2:17:32 PM, Error: Service Control Manager [7000] - The WINZIPSSDiskOptimizer service failed to start due to the following error: The system cannot find the file specified.
    11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/11/2012 9:41:52 PM, Error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/11/2012 9:03:18 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
  8. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    TDSSKiller log is incomplete.
    Please re-run it.
  9. Agreed88

    Agreed88 TS Rookie Topic Starter

    12:02:06.0185 2208 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    12:02:06.0446 2208 ============================================================
    12:02:06.0446 2208 Current date / time: 2012/11/16 12:02:06.0446
    12:02:06.0446 2208 SystemInfo:
    12:02:06.0446 2208
    12:02:06.0446 2208 OS Version: 6.1.7601 ServicePack: 1.0
    12:02:06.0446 2208 Product type: Workstation
    12:02:06.0446 2208 ComputerName: AGREED
    12:02:06.0446 2208 UserName: Agreed
    12:02:06.0446 2208 Windows directory: C:\Windows
    12:02:06.0446 2208 System windows directory: C:\Windows
    12:02:06.0446 2208 Running under WOW64
    12:02:06.0446 2208 Processor architecture: Intel x64
    12:02:06.0446 2208 Number of processors: 2
    12:02:06.0446 2208 Page size: 0x1000
    12:02:06.0446 2208 Boot type: Normal boot
    12:02:06.0446 2208 ============================================================
    12:02:12.0636 2208 !crdlk
    12:02:12.0646 2208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
    12:02:12.0676 2208 Drive \Device\Harddisk1\DR1 - Size: 0x77600000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:02:12.0686 2208 ============================================================
    12:02:12.0686 2208 \Device\Harddisk0\DR0:
    12:02:12.0686 2208 MBR partitions:
    12:02:12.0686 2208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
    12:02:12.0686 2208 \Device\Harddisk1\DR1:
    12:02:12.0686 2208 MBR partitions:
    12:02:12.0686 2208 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3BAF7F
    12:02:12.0686 2208 ============================================================
    12:02:12.0696 2208 C: <-> \Device\Harddisk0\DR0\Partition1
    12:02:12.0696 2208 ============================================================
    12:02:12.0696 2208 Initialize success
    12:02:12.0696 2208 ============================================================
    12:02:16.0946 4528 ============================================================
    12:02:16.0946 4528 Scan started
    12:02:16.0946 4528 Mode: Manual;
    12:02:16.0946 4528 ============================================================
    12:02:17.0336 4528 ================ Scan system memory ========================
    12:02:17.0336 4528 System memory - ok
    12:02:17.0336 4528 ================ Scan services =============================
    12:02:17.0536 4528 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    12:02:17.0546 4528 1394ohci - ok
    12:02:17.0546 4528 Suspicious service (NoAccess): 37f7b81f92588e55
    12:02:17.0606 4528 [ CF8A7E7536983E7F94BC760AF8B17451 ] 37f7b81f92588e55 C:\Windows\System32\Drivers\37f7b81f92588e55.sys
    12:02:17.0606 4528 Suspicious file (NoAccess): C:\Windows\System32\Drivers\37f7b81f92588e55.sys. md5: CF8A7E7536983E7F94BC760AF8B17451
    12:02:17.0716 4528 37f7b81f92588e55 ( Rootkit.Win32.Necurs.gen ) - infected
    12:02:17.0716 4528 37f7b81f92588e55 - detected Rootkit.Win32.Necurs.gen (0)
    12:02:17.0766 4528 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    12:02:17.0766 4528 Accelerometer - ok
    12:02:17.0826 4528 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    12:02:17.0826 4528 ACPI - ok
    12:02:17.0876 4528 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    12:02:17.0876 4528 AcpiPmi - ok
    12:02:17.0936 4528 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    12:02:17.0976 4528 adp94xx - ok
    12:02:18.0056 4528 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    12:02:18.0056 4528 adpahci - ok
    12:02:18.0136 4528 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    12:02:18.0146 4528 adpu320 - ok
    12:02:18.0196 4528 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    12:02:18.0196 4528 AeLookupSvc - ok
    12:02:18.0356 4528 [ 7F66523A27754AFCFECAE2F5EB643A4A ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21bd21dd0a38d98e\AESTSr64.exe
    12:02:18.0356 4528 AESTFilters - ok
    12:02:18.0446 4528 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    12:02:18.0446 4528 AFD - ok
    12:02:18.0566 4528 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    12:02:18.0616 4528 AgereSoftModem - ok
    12:02:18.0696 4528 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    12:02:18.0706 4528 agp440 - ok
    12:02:18.0776 4528 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    12:02:18.0776 4528 ALG - ok
    12:02:18.0826 4528 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    12:02:18.0836 4528 aliide - ok
    12:02:18.0906 4528 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    12:02:18.0916 4528 AMD External Events Utility - ok
    12:02:18.0936 4528 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    12:02:18.0936 4528 amdide - ok
    12:02:18.0986 4528 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    12:02:18.0986 4528 AmdK8 - ok
    12:02:19.0046 4528 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    12:02:19.0046 4528 AmdPPM - ok
    12:02:19.0106 4528 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
    12:02:19.0106 4528 amdsata - ok
    12:02:19.0146 4528 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    12:02:19.0146 4528 amdsbs - ok
    12:02:19.0176 4528 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    12:02:19.0176 4528 amdxata - ok
    12:02:19.0227 4528 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    12:02:19.0227 4528 AppID - ok
    12:02:19.0267 4528 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    12:02:19.0277 4528 AppIDSvc - ok
    12:02:19.0307 4528 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    12:02:19.0307 4528 Appinfo - ok
    12:02:19.0377 4528 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    12:02:19.0387 4528 AppMgmt - ok
    12:02:19.0457 4528 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    12:02:19.0457 4528 arc - ok
    12:02:19.0497 4528 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    12:02:19.0497 4528 arcsas - ok
    12:02:19.0547 4528 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    12:02:19.0547 4528 AsyncMac - ok
    12:02:19.0607 4528 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    12:02:19.0607 4528 atapi - ok
    12:02:19.0697 4528 [ 8C56E93749BA53A4B645963D3439E01E ] athr C:\Windows\system32\DRIVERS\athrx.sys
    12:02:19.0747 4528 athr - ok
    12:02:19.0967 4528 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    12:02:20.0127 4528 atikmdag - ok
    12:02:20.0207 4528 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    12:02:20.0207 4528 AtiPcie - ok
    12:02:20.0287 4528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    12:02:20.0317 4528 AudioEndpointBuilder - ok
    12:02:20.0397 4528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    12:02:20.0397 4528 AudioSrv - ok
    12:02:20.0467 4528 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    12:02:20.0477 4528 AxInstSV - ok
    12:02:20.0557 4528 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    12:02:20.0597 4528 b06bdrv - ok
    12:02:20.0657 4528 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    12:02:20.0667 4528 b57nd60a - ok
    12:02:20.0747 4528 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    12:02:20.0747 4528 BDESVC - ok
    12:02:20.0797 4528 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    12:02:20.0797 4528 Beep - ok
    12:02:20.0877 4528 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    12:02:20.0917 4528 BFE - ok
    12:02:21.0017 4528 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    12:02:21.0077 4528 BITS - ok
    12:02:21.0177 4528 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    12:02:21.0187 4528 blbdrive - ok
    12:02:21.0247 4528 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    12:02:21.0257 4528 bowser - ok
    12:02:21.0297 4528 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    12:02:21.0297 4528 BrFiltLo - ok
    12:02:21.0347 4528 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    12:02:21.0347 4528 BrFiltUp - ok
    12:02:21.0397 4528 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    12:02:21.0407 4528 Browser - ok
    12:02:21.0467 4528 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    12:02:21.0467 4528 Brserid - ok
    12:02:21.0497 4528 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    12:02:21.0497 4528 BrSerWdm - ok
    12:02:21.0547 4528 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:02:21.0547 4528 BrUsbMdm - ok
    12:02:21.0587 4528 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    12:02:21.0597 4528 BrUsbSer - ok
    12:02:21.0617 4528 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    12:02:21.0617 4528 BTHMODEM - ok
    12:02:21.0707 4528 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    12:02:21.0707 4528 bthserv - ok
    12:02:21.0757 4528 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    12:02:21.0757 4528 cdfs - ok
    12:02:21.0807 4528 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    12:02:21.0807 4528 cdrom - ok
    12:02:21.0847 4528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    12:02:21.0847 4528 CertPropSvc - ok
    12:02:21.0927 4528 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    12:02:21.0927 4528 circlass - ok
    12:02:22.0007 4528 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    12:02:22.0007 4528 CLFS - ok
    12:02:22.0107 4528 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:02:22.0107 4528 clr_optimization_v2.0.50727_32 - ok
    12:02:22.0227 4528 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:02:22.0227 4528 clr_optimization_v2.0.50727_64 - ok
    12:02:22.0307 4528 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    12:02:22.0307 4528 CmBatt - ok
    12:02:22.0387 4528 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    12:02:22.0387 4528 cmdide - ok
    12:02:22.0447 4528 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    12:02:22.0457 4528 CNG - ok
    12:02:22.0577 4528 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    12:02:22.0587 4528 Com4QLBEx - ok
    12:02:22.0677 4528 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    12:02:22.0677 4528 Compbatt - ok
    12:02:22.0737 4528 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    12:02:22.0737 4528 CompositeBus - ok
    12:02:22.0767 4528 COMSysApp - ok
    12:02:22.0797 4528 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    12:02:22.0797 4528 crcdisk - ok
    12:02:22.0887 4528 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    12:02:22.0887 4528 CryptSvc - ok
    12:02:22.0957 4528 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    12:02:22.0987 4528 CSC - ok
    12:02:23.0067 4528 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    12:02:23.0097 4528 CscService - ok
    12:02:23.0197 4528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    12:02:23.0237 4528 DcomLaunch - ok
    12:02:23.0307 4528 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    12:02:23.0307 4528 defragsvc - ok
    12:02:23.0367 4528 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    12:02:23.0377 4528 DfsC - ok
    12:02:23.0447 4528 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    12:02:23.0457 4528 Dhcp - ok
    12:02:23.0507 4528 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    12:02:23.0507 4528 discache - ok
    12:02:23.0577 4528 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    12:02:23.0577 4528 Disk - ok
    12:02:23.0637 4528 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    12:02:23.0637 4528 dmvsc - ok
    12:02:23.0717 4528 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    12:02:23.0727 4528 Dnscache - ok
    12:02:23.0797 4528 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    12:02:23.0807 4528 dot3svc - ok
    12:02:23.0847 4528 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    12:02:23.0847 4528 DPS - ok
    12:02:23.0907 4528 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    12:02:23.0907 4528 drmkaud - ok
    12:02:23.0977 4528 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    12:02:23.0977 4528 dtsoftbus01 - ok
    12:02:24.0047 4528 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    12:02:24.0047 4528 DXGKrnl - ok
    12:02:24.0147 4528 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    12:02:24.0147 4528 EapHost - ok
    12:02:24.0227 4528 [ 43E16E4011D80D0F794B695363AF2260 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
    12:02:24.0227 4528 easytether - ok
    12:02:24.0357 4528 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    12:02:24.0447 4528 ebdrv - ok
    12:02:24.0547 4528 [ EB0883462AC43829E47929D705D40933 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    12:02:24.0587 4528 eeCtrl - ok
    12:02:24.0647 4528 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    12:02:24.0647 4528 EFS - ok
    12:02:24.0767 4528 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    12:02:24.0807 4528 ehRecvr - ok
    12:02:24.0867 4528 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    12:02:24.0867 4528 ehSched - ok
    12:02:24.0947 4528 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    12:02:24.0987 4528 elxstor - ok
    12:02:25.0057 4528 [ A9EC08727C64D985678F5B64C03823F0 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
    12:02:25.0057 4528 enecir - ok
    12:02:25.0087 4528 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    12:02:25.0087 4528 ErrDev - ok
    12:02:25.0227 4528 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    12:02:25.0237 4528 EventSystem - ok
    12:02:25.0277 4528 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    12:02:25.0277 4528 exfat - ok
    12:02:25.0337 4528 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    12:02:25.0337 4528 fastfat - ok
    12:02:25.0387 4528 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    12:02:25.0427 4528 Fax - ok
    12:02:25.0467 4528 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    12:02:25.0467 4528 fdc - ok
    12:02:25.0537 4528 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    12:02:25.0537 4528 fdPHost - ok
    12:02:25.0567 4528 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    12:02:25.0567 4528 FDResPub - ok
    12:02:25.0637 4528 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    12:02:25.0637 4528 FileInfo - ok
    12:02:25.0657 4528 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    12:02:25.0667 4528 Filetrace - ok
    12:02:25.0707 4528 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    12:02:25.0707 4528 flpydisk - ok
    12:02:25.0747 4528 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    12:02:25.0747 4528 FltMgr - ok
    12:02:25.0847 4528 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
    12:02:25.0897 4528 FontCache - ok
    12:02:25.0987 4528 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:02:25.0987 4528 FontCache3.0.0.0 - ok
    12:02:26.0047 4528 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    12:02:26.0047 4528 FsDepends - ok
    12:02:26.0117 4528 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    12:02:26.0127 4528 Fs_Rec - ok
    12:02:26.0137 4528 FTSvc - ok
    12:02:26.0177 4528 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    12:02:26.0177 4528 fvevol - ok
    12:02:26.0237 4528 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    12:02:26.0237 4528 gagp30kx - ok
    12:02:26.0337 4528 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    12:02:26.0337 4528 GameConsoleService - ok
    12:02:26.0467 4528 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    12:02:26.0507 4528 gpsvc - ok
    12:02:26.0597 4528 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:02:26.0597 4528 gupdate - ok
    12:02:26.0627 4528 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:02:26.0627 4528 gupdatem - ok
    12:02:26.0677 4528 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    12:02:26.0677 4528 hcw85cir - ok
    12:02:26.0737 4528 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    12:02:26.0747 4528 HdAudAddService - ok
    12:02:26.0797 4528 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:02:26.0797 4528 HDAudBus - ok
    12:02:26.0847 4528 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    12:02:26.0847 4528 HidBatt - ok
    12:02:26.0877 4528 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    12:02:26.0877 4528 HidBth - ok
    12:02:26.0927 4528 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    12:02:26.0927 4528 HidIr - ok
    12:02:26.0997 4528 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    12:02:26.0997 4528 hidserv - ok
    12:02:27.0067 4528 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    12:02:27.0067 4528 HidUsb - ok
    12:02:27.0127 4528 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    12:02:27.0127 4528 hkmsvc - ok
    12:02:27.0187 4528 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    12:02:27.0197 4528 HomeGroupListener - ok
    12:02:27.0247 4528 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    12:02:27.0257 4528 HomeGroupProvider - ok
    12:02:27.0317 4528 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    12:02:27.0327 4528 HP Health Check Service - ok
    12:02:27.0387 4528 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    12:02:27.0387 4528 hpdskflt - ok
    12:02:27.0457 4528 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    12:02:27.0457 4528 HpqKbFiltr - ok
    12:02:27.0537 4528 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    12:02:27.0537 4528 hpqwmiex - ok
    12:02:27.0597 4528 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    12:02:27.0597 4528 HpSAMD - ok
    12:02:27.0627 4528 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv C:\Windows\system32\Hpservice.exe
    12:02:27.0627 4528 hpsrv - ok
    12:02:27.0717 4528 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    12:02:27.0727 4528 HTTP - ok
    12:02:27.0777 4528 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    12:02:27.0777 4528 hwpolicy - ok
    12:02:27.0847 4528 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    12:02:27.0847 4528 i8042prt - ok
    12:02:27.0917 4528 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    12:02:27.0947 4528 iaStorV - ok
    12:02:28.0047 4528 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    12:02:28.0047 4528 IDriverT - ok
    12:02:28.0147 4528 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:02:28.0167 4528 idsvc - ok
    12:02:28.0247 4528 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    12:02:28.0247 4528 iirsp - ok
    12:02:28.0337 4528 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    12:02:28.0367 4528 IKEEXT - ok
    12:02:28.0427 4528 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    12:02:28.0437 4528 intelide - ok
    12:02:28.0477 4528 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    12:02:28.0487 4528 intelppm - ok
    12:02:28.0537 4528 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    12:02:28.0537 4528 IPBusEnum - ok
    12:02:28.0577 4528 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:02:28.0577 4528 IpFilterDriver - ok
    12:02:28.0667 4528 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    12:02:28.0707 4528 iphlpsvc - ok
    12:02:28.0767 4528 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    12:02:28.0777 4528 IPMIDRV - ok
    12:02:28.0827 4528 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    12:02:28.0827 4528 IPNAT - ok
    12:02:28.0877 4528 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    12:02:28.0877 4528 IRENUM - ok
    12:02:28.0927 4528 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    12:02:28.0937 4528 isapnp - ok
    12:02:28.0967 4528 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    12:02:28.0977 4528 iScsiPrt - ok
    12:02:29.0027 4528 [ 15371306D1ADBBF35E475C8DA516A956 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
    12:02:29.0027 4528 JMCR - ok
    12:02:29.0077 4528 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    12:02:29.0077 4528 kbdclass - ok
    12:02:29.0217 4528 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    12:02:29.0217 4528 kbdhid - ok
    12:02:29.0257 4528 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    12:02:29.0267 4528 KeyIso - ok
    12:02:29.0297 4528 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    12:02:29.0297 4528 KSecDD - ok
    12:02:29.0347 4528 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    12:02:29.0347 4528 KSecPkg - ok
    12:02:29.0397 4528 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    12:02:29.0397 4528 ksthunk - ok
    12:02:29.0477 4528 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    12:02:29.0487 4528 KtmRm - ok
    12:02:29.0547 4528 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    12:02:29.0557 4528 LanmanServer - ok
    12:02:29.0627 4528 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    12:02:29.0627 4528 LanmanWorkstation - ok
    12:02:29.0697 4528 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    12:02:29.0697 4528 lltdio - ok
    12:02:29.0747 4528 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    12:02:29.0757 4528 lltdsvc - ok
    12:02:29.0797 4528 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    12:02:29.0797 4528 lmhosts - ok
    12:02:29.0867 4528 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    12:02:29.0877 4528 LSI_FC - ok
    12:02:29.0917 4528 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    12:02:29.0927 4528 LSI_SAS - ok
    12:02:29.0967 4528 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    12:02:29.0967 4528 LSI_SAS2 - ok
    12:02:30.0007 4528 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    12:02:30.0007 4528 LSI_SCSI - ok
    12:02:30.0057 4528 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    12:02:30.0057 4528 luafv - ok
    12:02:30.0127 4528 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    12:02:30.0137 4528 Mcx2Svc - ok
    12:02:30.0187 4528 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    12:02:30.0187 4528 megasas - ok
    12:02:30.0227 4528 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    12:02:30.0227 4528 MegaSR - ok
    12:02:30.0277 4528 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    12:02:30.0287 4528 MMCSS - ok
    12:02:30.0347 4528 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    12:02:30.0347 4528 Modem - ok
    12:02:30.0397 4528 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    12:02:30.0407 4528 monitor - ok
    12:02:30.0457 4528 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    12:02:30.0457 4528 mouclass - ok
    12:02:30.0507 4528 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    12:02:30.0507 4528 mouhid - ok
    12:02:30.0567 4528 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    12:02:30.0567 4528 mountmgr - ok
    12:02:30.0657 4528 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    12:02:30.0657 4528 MozillaMaintenance - ok
    12:02:30.0717 4528 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    12:02:30.0717 4528 mpio - ok
    12:02:30.0767 4528 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    12:02:30.0767 4528 mpsdrv - ok
    12:02:30.0857 4528 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    12:02:30.0867 4528 MpsSvc - ok
    12:02:30.0937 4528 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    12:02:30.0937 4528 MRxDAV - ok
    12:02:31.0007 4528 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:02:31.0007 4528 mrxsmb - ok
    12:02:31.0077 4528 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:02:31.0077 4528 mrxsmb10 - ok
    12:02:31.0117 4528 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:02:31.0117 4528 mrxsmb20 - ok
    12:02:31.0157 4528 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    12:02:31.0167 4528 msahci - ok
    12:02:31.0217 4528 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    12:02:31.0227 4528 msdsm - ok
    12:02:31.0277 4528 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    12:02:31.0277 4528 MSDTC - ok
    12:02:31.0327 4528 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    12:02:31.0327 4528 Msfs - ok
    12:02:31.0387 4528 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    12:02:31.0387 4528 mshidkmdf - ok
    12:02:31.0407 4528 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    12:02:31.0407 4528 msisadrv - ok
    12:02:31.0477 4528 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    12:02:31.0487 4528 MSiSCSI - ok
    12:02:31.0517 4528 msiserver - ok
    12:02:31.0547 4528 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    12:02:31.0547 4528 MSKSSRV - ok
    12:02:31.0597 4528 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    12:02:31.0607 4528 MSPCLOCK - ok
    12:02:31.0677 4528 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    12:02:31.0677 4528 MSPQM - ok
    12:02:31.0707 4528 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    12:02:31.0717 4528 MsRPC - ok
    12:02:31.0777 4528 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    12:02:31.0777 4528 mssmbios - ok
    12:02:31.0807 4528 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    12:02:31.0807 4528 MSTEE - ok
    12:02:31.0837 4528 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    12:02:31.0837 4528 MTConfig - ok
    12:02:31.0888 4528 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    12:02:31.0888 4528 Mup - ok
    12:02:31.0998 4528 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    12:02:32.0028 4528 napagent - ok
    12:02:32.0118 4528 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    12:02:32.0128 4528 NativeWifiP - ok
    12:02:32.0188 4528 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    12:02:32.0218 4528 NDIS - ok
    12:02:32.0268 4528 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    12:02:32.0268 4528 NdisCap - ok
    12:02:32.0318 4528 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    12:02:32.0318 4528 NdisTapi - ok
    12:02:32.0368 4528 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    12:02:32.0368 4528 Ndisuio - ok
    12:02:32.0428 4528 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    12:02:32.0428 4528 NdisWan - ok
    12:02:32.0458 4528 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    12:02:32.0458 4528 NDProxy - ok
    12:02:32.0498 4528 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    12:02:32.0498 4528 NetBIOS - ok
    12:02:32.0548 4528 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    12:02:32.0558 4528 NetBT - ok
    12:02:32.0608 4528 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    12:02:32.0608 4528 Netlogon - ok
    12:02:32.0688 4528 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    12:02:32.0688 4528 Netman - ok
    12:02:32.0778 4528 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    12:02:32.0808 4528 netprofm - ok
    12:02:32.0878 4528 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:02:32.0878 4528 NetTcpPortSharing - ok
    12:02:32.0938 4528 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    12:02:32.0948 4528 nfrd960 - ok
    12:02:33.0038 4528 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    12:02:33.0048 4528 NlaSvc - ok
    12:02:33.0158 4528 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    12:02:33.0158 4528 Npfs - ok
    12:02:33.0188 4528 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    12:02:33.0188 4528 nsi - ok
    12:02:33.0218 4528 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    12:02:33.0218 4528 nsiproxy - ok
    12:02:33.0308 4528 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
  10. Agreed88

    Agreed88 TS Rookie Topic Starter

    12:02:33.0368 4528 Ntfs - ok
    12:02:33.0438 4528 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    12:02:33.0438 4528 Null - ok
    12:02:33.0488 4528 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    12:02:33.0498 4528 nvraid - ok
    12:02:33.0528 4528 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    12:02:33.0538 4528 nvstor - ok
    12:02:33.0568 4528 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    12:02:33.0578 4528 nv_agp - ok
    12:02:33.0668 4528 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    12:02:33.0698 4528 odserv - ok
    12:02:33.0758 4528 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    12:02:33.0758 4528 ohci1394 - ok
    12:02:33.0798 4528 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:02:33.0798 4528 ose - ok
    12:02:33.0888 4528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    12:02:33.0898 4528 p2pimsvc - ok
    12:02:33.0948 4528 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    12:02:33.0948 4528 p2psvc - ok
    12:02:34.0008 4528 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    12:02:34.0018 4528 Parport - ok
    12:02:34.0078 4528 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    12:02:34.0078 4528 partmgr - ok
    12:02:34.0118 4528 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    12:02:34.0128 4528 PcaSvc - ok
    12:02:34.0188 4528 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    12:02:34.0188 4528 pci - ok
    12:02:34.0258 4528 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    12:02:34.0258 4528 pciide - ok
    12:02:34.0308 4528 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    12:02:34.0308 4528 pcmcia - ok
    12:02:34.0368 4528 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    12:02:34.0368 4528 pcw - ok
    12:02:34.0448 4528 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    12:02:34.0478 4528 PEAUTH - ok
    12:02:34.0588 4528 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    12:02:34.0638 4528 PeerDistSvc - ok
    12:02:34.0758 4528 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    12:02:34.0768 4528 PerfHost - ok
    12:02:34.0888 4528 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    12:02:34.0938 4528 pla - ok
    12:02:35.0038 4528 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    12:02:35.0078 4528 PlugPlay - ok
    12:02:35.0138 4528 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    12:02:35.0148 4528 PNRPAutoReg - ok
    12:02:35.0198 4528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    12:02:35.0208 4528 PNRPsvc - ok
    12:02:35.0288 4528 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    12:02:35.0318 4528 PolicyAgent - ok
    12:02:35.0418 4528 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    12:02:35.0418 4528 Power - ok
    12:02:35.0478 4528 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    12:02:35.0478 4528 PptpMiniport - ok
    12:02:35.0528 4528 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    12:02:35.0528 4528 Processor - ok
    12:02:35.0578 4528 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    12:02:35.0578 4528 ProfSvc - ok
    12:02:35.0638 4528 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    12:02:35.0638 4528 ProtectedStorage - ok
    12:02:35.0698 4528 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    12:02:35.0698 4528 Psched - ok
    12:02:35.0778 4528 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    12:02:35.0838 4528 ql2300 - ok
    12:02:35.0888 4528 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    12:02:35.0888 4528 ql40xx - ok
    12:02:35.0968 4528 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    12:02:35.0978 4528 QWAVE - ok
    12:02:35.0998 4528 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    12:02:35.0998 4528 QWAVEdrv - ok
    12:02:36.0038 4528 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    12:02:36.0038 4528 RasAcd - ok
    12:02:36.0118 4528 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:02:36.0118 4528 RasAgileVpn - ok
    12:02:36.0188 4528 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    12:02:36.0188 4528 RasAuto - ok
    12:02:36.0238 4528 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:02:36.0238 4528 Rasl2tp - ok
    12:02:36.0308 4528 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    12:02:36.0308 4528 RasMan - ok
    12:02:36.0338 4528 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    12:02:36.0338 4528 RasPppoe - ok
    12:02:36.0358 4528 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    12:02:36.0368 4528 RasSstp - ok
    12:02:36.0398 4528 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    12:02:36.0398 4528 rdbss - ok
    12:02:36.0468 4528 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    12:02:36.0468 4528 rdpbus - ok
    12:02:36.0518 4528 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:02:36.0518 4528 RDPCDD - ok
    12:02:36.0588 4528 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    12:02:36.0588 4528 RDPDR - ok
    12:02:36.0638 4528 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    12:02:36.0638 4528 RDPENCDD - ok
    12:02:36.0708 4528 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    12:02:36.0708 4528 RDPREFMP - ok
    12:02:36.0808 4528 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    12:02:36.0808 4528 RdpVideoMiniport - ok
    12:02:36.0848 4528 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    12:02:36.0858 4528 RDPWD - ok
    12:02:36.0958 4528 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    12:02:36.0958 4528 rdyboost - ok
    12:02:37.0018 4528 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
    12:02:37.0028 4528 Recovery Service for Windows - ok
    12:02:37.0098 4528 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    12:02:37.0098 4528 RemoteAccess - ok
    12:02:37.0168 4528 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    12:02:37.0178 4528 RemoteRegistry - ok
    12:02:37.0268 4528 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    12:02:37.0278 4528 RichVideo - ok
    12:02:37.0338 4528 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    12:02:37.0338 4528 RpcEptMapper - ok
    12:02:37.0378 4528 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    12:02:37.0378 4528 RpcLocator - ok
    12:02:37.0458 4528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    12:02:37.0458 4528 RpcSs - ok
    12:02:37.0538 4528 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    12:02:37.0538 4528 rspndr - ok
    12:02:37.0608 4528 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
    12:02:37.0608 4528 RTL8169 - ok
    12:02:37.0668 4528 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    12:02:37.0678 4528 s3cap - ok
    12:02:37.0738 4528 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    12:02:37.0738 4528 SamSs - ok
    12:02:37.0788 4528 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    12:02:37.0798 4528 sbp2port - ok
    12:02:37.0858 4528 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    12:02:37.0868 4528 SCardSvr - ok
    12:02:37.0898 4528 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    12:02:37.0898 4528 scfilter - ok
    12:02:37.0988 4528 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    12:02:38.0038 4528 Schedule - ok
    12:02:38.0138 4528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    12:02:38.0138 4528 SCPolicySvc - ok
    12:02:38.0228 4528 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    12:02:38.0228 4528 SDRSVC - ok
    12:02:38.0278 4528 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    12:02:38.0288 4528 secdrv - ok
    12:02:38.0308 4528 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    12:02:38.0318 4528 seclogon - ok
    12:02:38.0368 4528 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    12:02:38.0378 4528 SENS - ok
    12:02:38.0408 4528 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    12:02:38.0408 4528 SensrSvc - ok
    12:02:38.0458 4528 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    12:02:38.0458 4528 Serenum - ok
    12:02:38.0508 4528 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    12:02:38.0508 4528 Serial - ok
    12:02:38.0568 4528 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    12:02:38.0568 4528 sermouse - ok
    12:02:38.0678 4528 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    12:02:38.0688 4528 SessionEnv - ok
    12:02:38.0738 4528 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    12:02:38.0738 4528 sffdisk - ok
    12:02:38.0768 4528 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    12:02:38.0768 4528 sffp_mmc - ok
    12:02:38.0798 4528 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    12:02:38.0798 4528 sffp_sd - ok
    12:02:38.0848 4528 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    12:02:38.0848 4528 sfloppy - ok
    12:02:38.0928 4528 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    12:02:38.0928 4528 SharedAccess - ok
    12:02:39.0008 4528 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    12:02:39.0008 4528 ShellHWDetection - ok
    12:02:39.0068 4528 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    12:02:39.0068 4528 SiSRaid2 - ok
    12:02:39.0118 4528 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    12:02:39.0118 4528 SiSRaid4 - ok
    12:02:39.0298 4528 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    12:02:39.0388 4528 Skype C2C Service - ok
    12:02:39.0478 4528 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    12:02:39.0478 4528 SkypeUpdate - ok
    12:02:39.0528 4528 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    12:02:39.0538 4528 Smb - ok
    12:02:39.0628 4528 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    12:02:39.0628 4528 SNMPTRAP - ok
    12:02:39.0688 4528 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    12:02:39.0688 4528 spldr - ok
    12:02:39.0748 4528 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    12:02:39.0788 4528 Spooler - ok
    12:02:39.0938 4528 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    12:02:40.0038 4528 sppsvc - ok
    12:02:40.0088 4528 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    12:02:40.0088 4528 sppuinotify - ok
    12:02:40.0188 4528 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    12:02:40.0188 4528 srv - ok
    12:02:40.0268 4528 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    12:02:40.0268 4528 srv2 - ok
    12:02:40.0318 4528 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    12:02:40.0328 4528 srvnet - ok
    12:02:40.0388 4528 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    12:02:40.0398 4528 SSDPSRV - ok
    12:02:40.0448 4528 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    12:02:40.0448 4528 SstpSvc - ok
    12:02:40.0588 4528 [ 3FB66E86BA667D627A613E1D677469B0 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21bd21dd0a38d98e\STacSV64.exe
    12:02:40.0598 4528 STacSV - ok
    12:02:40.0678 4528 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    12:02:40.0678 4528 stexstor - ok
    12:02:40.0778 4528 [ E01797A54F8A61512B7E590FDE6D1988 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    12:02:40.0808 4528 STHDA - ok
    12:02:40.0928 4528 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    12:02:40.0938 4528 stisvc - ok
    12:02:41.0008 4528 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    12:02:41.0008 4528 storflt - ok
    12:02:41.0098 4528 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    12:02:41.0108 4528 storvsc - ok
    12:02:41.0168 4528 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    12:02:41.0168 4528 swenum - ok
    12:02:41.0258 4528 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    12:02:41.0268 4528 swprv - ok
    12:02:41.0328 4528 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
    12:02:41.0328 4528 Synth3dVsc - ok
    12:02:41.0398 4528 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    12:02:41.0408 4528 SynTP - ok
    12:02:41.0528 4528 [ C6139282423971FD961A99FD48CFD635 ] syshost32 C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe
    12:02:41.0528 4528 Suspicious file (NoAccess): C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe. md5: C6139282423971FD961A99FD48CFD635
    12:02:41.0548 4528 syshost32 ( LockedFile.Multi.Generic ) - warning
    12:02:41.0548 4528 syshost32 - detected LockedFile.Multi.Generic (1)
    12:02:41.0668 4528 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    12:02:41.0728 4528 SysMain - ok
    12:02:41.0788 4528 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    12:02:41.0788 4528 TabletInputService - ok
    12:02:41.0848 4528 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    12:02:41.0848 4528 TapiSrv - ok
    12:02:41.0918 4528 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    12:02:41.0918 4528 TBS - ok
    12:02:42.0038 4528 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    12:02:42.0098 4528 Tcpip - ok
    12:02:42.0228 4528 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    12:02:42.0238 4528 TCPIP6 - ok
    12:02:42.0318 4528 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    12:02:42.0328 4528 tcpipreg - ok
    12:02:42.0388 4528 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    12:02:42.0398 4528 TDPIPE - ok
    12:02:42.0428 4528 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    12:02:42.0428 4528 TDTCP - ok
    12:02:42.0458 4528 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    12:02:42.0458 4528 tdx - ok
    12:02:42.0518 4528 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    12:02:42.0518 4528 TermDD - ok
    12:02:42.0568 4528 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
    12:02:42.0568 4528 terminpt - ok
    12:02:42.0658 4528 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    12:02:42.0668 4528 TermService - ok
    12:02:42.0728 4528 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    12:02:42.0728 4528 Themes - ok
    12:02:42.0798 4528 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    12:02:42.0798 4528 THREADORDER - ok
    12:02:42.0878 4528 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    12:02:42.0878 4528 TrkWks - ok
    12:02:42.0968 4528 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    12:02:42.0968 4528 TrustedInstaller - ok
    12:02:43.0158 4528 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:02:43.0158 4528 tssecsrv - ok
    12:02:43.0218 4528 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    12:02:43.0218 4528 TsUsbFlt - ok
    12:02:43.0268 4528 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    12:02:43.0278 4528 TsUsbGD - ok
    12:02:43.0318 4528 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
    12:02:43.0328 4528 tsusbhub - ok
    12:02:43.0378 4528 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    12:02:43.0388 4528 tunnel - ok
    12:02:43.0518 4528 [ BB313AE85EC95B7CB87FC5ED53F3A22B ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    12:02:43.0528 4528 TVCapSvc - ok
    12:02:43.0588 4528 [ 0C66E48654AFD8A6BCFBCE22E7FAB251 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    12:02:43.0588 4528 TVSched - ok
    12:02:43.0628 4528 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    12:02:43.0638 4528 uagp35 - ok
    12:02:43.0698 4528 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    12:02:43.0698 4528 udfs - ok
    12:02:43.0758 4528 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    12:02:43.0758 4528 UI0Detect - ok
    12:02:43.0818 4528 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    12:02:43.0818 4528 uliagpkx - ok
    12:02:43.0878 4528 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    12:02:43.0878 4528 umbus - ok
    12:02:43.0908 4528 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    12:02:43.0908 4528 UmPass - ok
    12:02:43.0978 4528 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    12:02:43.0978 4528 UmRdpService - ok
    12:02:44.0058 4528 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    12:02:44.0058 4528 upnphost - ok
    12:02:44.0148 4528 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    12:02:44.0148 4528 usbccgp - ok
    12:02:44.0218 4528 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    12:02:44.0218 4528 usbcir - ok
    12:02:44.0248 4528 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    12:02:44.0258 4528 usbehci - ok
    12:02:44.0308 4528 [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    12:02:44.0308 4528 usbfilter - ok
    12:02:44.0368 4528 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    12:02:44.0378 4528 usbhub - ok
    12:02:44.0398 4528 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    12:02:44.0408 4528 usbohci - ok
    12:02:44.0468 4528 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    12:02:44.0468 4528 usbprint - ok
    12:02:44.0508 4528 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:02:44.0508 4528 USBSTOR - ok
    12:02:44.0558 4528 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    12:02:44.0558 4528 usbuhci - ok
    12:02:44.0618 4528 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    12:02:44.0618 4528 usbvideo - ok
    12:02:44.0688 4528 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    12:02:44.0688 4528 UxSms - ok
    12:02:44.0738 4528 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    12:02:44.0738 4528 VaultSvc - ok
    12:02:44.0808 4528 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    12:02:44.0818 4528 vdrvroot - ok
    12:02:44.0878 4528 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    12:02:44.0878 4528 vds - ok
    12:02:44.0919 4528 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    12:02:44.0919 4528 vga - ok
    12:02:44.0969 4528 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    12:02:44.0969 4528 VgaSave - ok
    12:02:45.0019 4528 VGPU - ok
    12:02:45.0059 4528 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    12:02:45.0069 4528 vhdmp - ok
    12:02:45.0109 4528 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    12:02:45.0109 4528 viaide - ok
    12:02:45.0159 4528 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    12:02:45.0169 4528 vmbus - ok
    12:02:45.0199 4528 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    12:02:45.0199 4528 VMBusHID - ok
    12:02:45.0249 4528 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    12:02:45.0259 4528 volmgr - ok
    12:02:45.0329 4528 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    12:02:45.0329 4528 volmgrx - ok
    12:02:45.0379 4528 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    12:02:45.0379 4528 volsnap - ok
    12:02:45.0449 4528 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    12:02:45.0449 4528 vsmraid - ok
    12:02:45.0569 4528 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    12:02:45.0619 4528 VSS - ok
    12:02:45.0679 4528 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    12:02:45.0679 4528 vwifibus - ok
    12:02:45.0749 4528 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    12:02:45.0749 4528 vwififlt - ok
    12:02:45.0789 4528 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    12:02:45.0799 4528 vwifimp - ok
    12:02:45.0859 4528 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    12:02:45.0869 4528 W32Time - ok
    12:02:45.0909 4528 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    12:02:45.0919 4528 WacomPen - ok
    12:02:45.0969 4528 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:45.0969 4528 WANARP - ok
    12:02:46.0029 4528 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:46.0029 4528 Wanarpv6 - ok
    12:02:46.0119 4528 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    12:02:46.0159 4528 WatAdminSvc - ok
    12:02:46.0279 4528 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    12:02:46.0319 4528 wbengine - ok
    12:02:46.0409 4528 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    12:02:46.0419 4528 WbioSrvc - ok
    12:02:46.0479 4528 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    12:02:46.0479 4528 wcncsvc - ok
    12:02:46.0509 4528 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    12:02:46.0509 4528 WcsPlugInService - ok
    12:02:46.0579 4528 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    12:02:46.0579 4528 Wd - ok
    12:02:46.0639 4528 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    12:02:46.0639 4528 WDC_SAM - ok
    12:02:46.0749 4528 [ E6050FE6B60FA91188B8ABDB5B1E339F ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    12:02:46.0749 4528 WDDMService - ok
    12:02:46.0839 4528 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    12:02:46.0839 4528 Wdf01000 - ok
    12:02:46.0969 4528 [ B83D5071B32A70BEBDB3330BFA7ACB80 ] WDFME C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    12:02:47.0019 4528 WDFME - ok
    12:02:47.0079 4528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    12:02:47.0079 4528 WdiServiceHost - ok
    12:02:47.0129 4528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    12:02:47.0129 4528 WdiSystemHost - ok
    12:02:47.0179 4528 [ 517DE2C5568CBA6B2A24A557AC60C30B ] WDSC C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    12:02:47.0219 4528 WDSC - ok
    12:02:47.0319 4528 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    12:02:47.0319 4528 WebClient - ok
    12:02:47.0369 4528 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    12:02:47.0379 4528 Wecsvc - ok
    12:02:47.0409 4528 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    12:02:47.0419 4528 wercplsupport - ok
    12:02:47.0449 4528 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    12:02:47.0449 4528 WerSvc - ok
    12:02:47.0519 4528 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    12:02:47.0529 4528 WfpLwf - ok
    12:02:47.0559 4528 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    12:02:47.0559 4528 WIMMount - ok
    12:02:47.0589 4528 WinHttpAutoProxySvc - ok
    12:02:47.0709 4528 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    12:02:47.0719 4528 Winmgmt - ok
    12:02:47.0849 4528 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    12:02:47.0909 4528 WinRM - ok
    12:02:48.0049 4528 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    12:02:48.0049 4528 WinUsb - ok
    12:02:48.0179 4528 [ 8F8D4E3B79710155B05CECEBDF4CFABD ] WINZIPSSDiskOptimizer C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
    12:02:48.0199 4528 WINZIPSSDiskOptimizer - ok
    12:02:48.0309 4528 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    12:02:48.0319 4528 Wlansvc - ok
    12:02:48.0399 4528 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    12:02:48.0399 4528 WmiAcpi - ok
    12:02:48.0479 4528 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    12:02:48.0479 4528 wmiApSrv - ok
    12:02:48.0539 4528 WMPNetworkSvc - ok
    12:02:48.0579 4528 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    12:02:48.0579 4528 WPCSvc - ok
    12:02:48.0649 4528 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    12:02:48.0649 4528 WPDBusEnum - ok
    12:02:48.0709 4528 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    12:02:48.0709 4528 ws2ifsl - ok
    12:02:48.0779 4528 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    12:02:48.0779 4528 wscsvc - ok
    12:02:48.0819 4528 WSearch - ok
    12:02:48.0959 4528 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    12:02:49.0019 4528 wuauserv - ok
    12:02:49.0079 4528 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    12:02:49.0079 4528 WudfPf - ok
    12:02:49.0149 4528 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:02:49.0149 4528 WUDFRd - ok
    12:02:49.0179 4528 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    12:02:49.0179 4528 wudfsvc - ok
    12:02:49.0269 4528 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    12:02:49.0269 4528 WwanSvc - ok
    12:02:49.0369 4528 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
    12:02:49.0369 4528 xnacc - ok
    12:02:49.0489 4528 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
    12:02:49.0489 4528 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
    12:02:49.0529 4528 ================ Scan global ===============================
    12:02:49.0599 4528 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    12:02:49.0629 4528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    12:02:49.0639 4528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    12:02:49.0679 4528 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    12:02:49.0689 4528 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    12:02:49.0699 4528 [Global] - ok
    12:02:49.0699 4528 ================ Scan MBR ==================================
    12:02:49.0709 4528 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    12:02:50.0229 4528 \Device\Harddisk0\DR0 - ok
    12:02:50.0239 4528 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    12:02:50.0249 4528 \Device\Harddisk1\DR1 - ok
    12:02:50.0249 4528 ================ Scan VBR ==================================
    12:02:50.0259 4528 [ 9D1685A25781065111D7A8626BBC599A ] \Device\Harddisk0\DR0\Partition1
    12:02:50.0259 4528 \Device\Harddisk0\DR0\Partition1 - ok
    12:02:50.0269 4528 [ 9B9B5F6B062016F887E3C5692CBE178C ] \Device\Harddisk1\DR1\Partition1
    12:02:50.0269 4528 \Device\Harddisk1\DR1\Partition1 - ok
    12:02:50.0269 4528 ============================================================
    12:02:50.0269 4528 Scan finished
    12:02:50.0269 4528 ============================================================
    12:02:50.0289 1876 Detected object count: 2
    12:02:50.0289 1876 Actual detected object count: 2
    12:03:02.0520 1876 C:\Windows\System32\Drivers\37f7b81f92588e55.sys - copied to quarantine
    12:03:02.0580 1876 HKLM\SYSTEM\ControlSet001\services\37f7b81f92588e55 - will be deleted on reboot
    12:03:02.0640 1876 HKLM\SYSTEM\ControlSet002\services\37f7b81f92588e55 - will be deleted on reboot
    12:03:03.0080 1876 C:\Windows\System32\Drivers\37f7b81f92588e55.sys - will be deleted on reboot
    12:03:03.0080 1876 37f7b81f92588e55 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
    12:03:03.0090 1876 syshost32 ( LockedFile.Multi.Generic ) - skipped by user
    12:03:03.0090 1876 syshost32 ( LockedFile.Multi.Generic ) - User select action: Skip
  11. Agreed88

    Agreed88 TS Rookie Topic Starter

    TDDS had me reboot after running, it booted and run again upon rebooting. Here's a sniped portion of the second log since it's going above the character limit. I have the secondary log saved in a notepad if you want me to post that as well.

    12:20:32.0312 3572 ================ Scan global ===============================
    12:20:32.0406 3572 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    12:20:32.0452 3572 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    12:20:32.0499 3572 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    12:20:32.0546 3572 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    12:20:32.0577 3572 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    12:20:32.0593 3572 [Global] - ok
    12:20:32.0593 3572 ================ Scan MBR ==================================
    12:20:32.0624 3572 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    12:20:34.0075 3572 \Device\Harddisk0\DR0 - ok
    12:20:34.0090 3572 ================ Scan VBR ==================================
    12:20:34.0122 3572 [ 9D1685A25781065111D7A8626BBC599A ] \Device\Harddisk0\DR0\Partition1
    12:20:34.0122 3572 \Device\Harddisk0\DR0\Partition1 - ok
    12:20:34.0122 3572 ============================================================
    12:20:34.0122 3572 Scan finished
    12:20:34.0122 3572 ============================================================
    12:20:34.0184 3564 Detected object count: 2
    12:20:34.0184 3564 Actual detected object count: 2
    12:20:44.0152 3564 C:\Windows\System32\Drivers\fdbf8c8158206056.sys - copied to quarantine
    12:20:44.0215 3564 HKLM\SYSTEM\ControlSet001\services\fdbf8c8158206056 - will be deleted on reboot
    12:20:44.0324 3564 HKLM\SYSTEM\ControlSet002\services\fdbf8c8158206056 - will be deleted on reboot
    12:20:46.0399 3564 C:\Windows\System32\Drivers\fdbf8c8158206056.sys - will be deleted on reboot
    12:20:46.0399 3564 fdbf8c8158206056 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
    12:20:46.0461 3564 C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe - copied to quarantine
    12:20:46.0539 3564 HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
    12:20:46.0648 3564 HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
    12:20:47.0475 3564 C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe - will be deleted on reboot
    12:20:47.0475 3564 syshost32 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
     
  12. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Please re-run MBAM and post new log.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  13. Agreed88

    Agreed88 TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.16.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Agreed :: AGREED [administrator]

    11/16/2012 12:52:28 PM
    mbam-log-2012-11-16 (12-52-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 260280
    Time elapsed: 5 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 10
    HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    (end)
  14. Agreed88

    Agreed88 TS Rookie Topic Starter

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Agreed [Admin rights]
    Mode : Remove -- Date : 11/16/2012 13:00:32

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3455147775-3925942382-2652221077-1001\$d9819484fab74315a7e0d2198c32d2e1\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 genuine.microsoft.com
    127.0.0.1 mpa.one.microsoft.com
    127.0.0.1 sls.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
    --- User ---
    [MBR] e456139656676716fe76522aa24ed495
    [BSP] a145b58aa76b2b7b8de61cdc4f2fa00d : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305242 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: HTC Android Phone USB Device +++++
    --- User ---
    [MBR] e7c4811166bab12f5c19592cc9af1009
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 129 | Size: 1909 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_11162012_02d1300.txt >>

    RKreport[1]_S_11162012_02d1259.txt ; RKreport[2]_D_11162012_02d1300.txt




    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-16 13:01:19
    -----------------------------
    13:01:19.470 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:01:19.470 Number of processors: 2 586 0x301
    13:01:19.470 ComputerName: AGREED UserName: Agreed
    13:01:20.800 Initialize success
    13:05:46.512 AVAST engine defs: 12111600
    13:06:05.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    13:06:05.563 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 11
    13:06:05.583 Disk 0 MBR read successfully
    13:06:05.593 Disk 0 MBR scan
    13:06:05.613 Disk 0 Windows 7 default MBR code
    13:06:05.633 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 2048
    13:06:05.713 Disk 0 scanning C:\Windows\system32\drivers
    13:06:27.665 Service scanning
    13:06:56.287 Modules scanning
    13:06:56.287 Disk 0 trace - called modules:
    13:06:56.307 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    13:06:56.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5e670]
    13:06:56.317 3 CLASSPNP.SYS[fffff8800197743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c14680]
    13:06:57.378 AVAST engine scan C:\Windows
    13:07:00.008 AVAST engine scan C:\Windows\system32
    13:12:07.893 AVAST engine scan C:\Windows\system32\drivers
    13:12:26.196 AVAST engine scan C:\Users\Agreed
    13:18:58.373 AVAST engine scan C:\ProgramData
    13:19:33.616 Scan finished successfully
    13:22:24.930 Disk 0 MBR has been saved successfully to "C:\Users\Agreed\Desktop\MBR.dat"
    13:22:24.940 The log file has been saved successfully to "C:\Users\Agreed\Desktop\aswMBR.txt"
  15. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  16. Agreed88

    Agreed88 TS Rookie Topic Starter

    ComboFix 12-11-16.02 - Agreed 11/16/2012 15:32:36.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.2352 [GMT -5:00]
    Running from: c:\users\Agreed\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
    c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
    c:\program files (x86)\Vid-Saver
    c:\program files (x86)\Vid-Saver\Uninstall.exe
    c:\program files (x86)\Vid-Saver\Vid-Saver.exe
    c:\program files (x86)\Vid-Saver\Vid-Saver.ico
    c:\program files (x86)\Vid-Saver\Vid-Saver.ini
    c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
    c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\ApnStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_FTSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-16 21:02 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CB53415-E6CD-4AC3-ADED-4A70C3136222}\mpengine.dll
    2012-11-16 20:45 . 2012-08-23 08:26 9310152 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF048D00-EB59-48C2-9298-D365BFB994B2}\mpengine.dll
    2012-11-16 20:42 . 2012-11-16 20:42 -------- d-----w- c:\users\Not agreed\AppData\Local\temp
    2012-11-16 20:42 . 2012-11-16 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-16 17:51 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-16 17:03 . 2012-11-16 17:20 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-16 05:57 . 2008-09-26 19:13 439808 ----a-w- c:\windows\system32\AESTEC64.dll
    2012-11-16 05:57 . 2008-09-26 19:13 58880 ----a-w- c:\windows\system32\AESTAR64.dll
    2012-11-16 05:57 . 2008-09-26 19:13 155648 ----a-w- c:\windows\system32\AESTAC64.dll
    2012-11-16 05:57 . 2008-09-26 19:14 441344 ----a-w- c:\windows\sttray64.exe
    2012-11-16 05:57 . 2008-09-26 19:14 2869248 ----a-w- c:\windows\system32\stlang64.dll
    2012-11-16 05:57 . 2008-09-26 19:13 10760704 ----a-w- c:\windows\system32\idtcpl64.cpl
    2012-11-16 05:57 . 2008-09-26 19:13 562688 ----a-w- c:\windows\system32\idt64mp1.exe
    2012-11-16 05:57 . 2008-09-26 19:13 76288 ----a-w- c:\windows\system32\AESTCo64.dll
    2012-11-16 05:56 . 2008-09-26 19:14 465408 ----a-w- c:\windows\system32\drivers\stwrt64.sys
    2012-11-16 05:56 . 2008-09-26 19:14 430592 ----a-w- c:\windows\system32\stcplx64.dll
    2012-11-16 05:56 . 2008-09-26 19:13 773632 ----a-w- c:\windows\system32\stapo64.dll
    2012-11-16 05:56 . 2008-09-26 19:13 530944 ----a-w- c:\windows\system32\stapi64.dll
    2012-11-16 05:56 . 2012-11-16 05:56 -------- d-----w- c:\program files\IDT
    2012-11-16 05:55 . 2012-11-16 05:55 -------- d-----w- c:\program files\DIFX
    2012-11-16 05:32 . 2012-11-16 05:33 -------- d-----w- c:\programdata\UAB
    2012-11-16 05:32 . 2012-11-16 05:32 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
    2012-11-16 05:31 . 2012-11-16 05:31 -------- d-----w- c:\program files (x86)\PC Drivers HeadQuarters
    2012-11-16 05:30 . 2012-11-16 05:30 -------- d-----w- c:\programdata\APN
    2012-11-16 05:07 . 2012-11-16 05:09 -------- d-----w- c:\users\Administrator
    2012-11-16 03:24 . 2012-11-16 03:25 -------- d-----w- C:\8dbcef58daa4e5501b55c33dbcd6
    2012-11-16 03:15 . 2012-11-16 08:05 -------- d-----w- c:\program files (x86)\RegCure
    2012-11-16 03:15 . 2012-11-16 03:19 -------- d-----w- c:\programdata\RegCure
    2012-11-15 07:17 . 2008-09-26 19:13 201216 ----a-w- c:\windows\system32\staco64.dll
    2012-11-15 07:13 . 2012-11-15 07:13 -------- d-----w- c:\users\Agreed\AppData\Roaming\WinBatch
    2012-11-15 07:06 . 2012-11-15 07:06 -------- d-----w- c:\users\Agreed\AppData\Roaming\ParetoLogic
    2012-11-15 07:06 . 2012-11-15 07:06 -------- d-----w- c:\users\Agreed\AppData\Roaming\DriverCure
    2012-11-15 07:05 . 2012-11-15 07:05 -------- d-----w- c:\programdata\ParetoLogic
    2012-11-15 07:05 . 2012-11-15 07:05 -------- d-----w- c:\program files (x86)\ParetoLogic
    2012-11-15 07:05 . 2012-11-15 07:05 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
    2012-11-15 06:49 . 2012-11-15 06:49 -------- d-----w- c:\program files (x86)\Hp
    2012-11-15 06:49 . 2012-11-15 06:49 -------- d-----w- c:\windows\Hewlett-Packard
    2012-11-15 05:08 . 2012-11-15 05:08 -------- d-----w- c:\program files (x86)\DriverFinder
    2012-11-15 05:08 . 2012-11-15 05:09 -------- d-----w- c:\users\Agreed\AppData\Roaming\DriverFinder
    2012-11-11 17:10 . 2012-11-13 19:19 -------- d-----w- c:\users\Agreed\AppData\Local\Htc
    2012-11-11 17:09 . 2012-11-11 17:10 -------- d-----w- c:\users\Agreed\AppData\Roaming\HTC
    2012-11-11 17:05 . 2012-11-14 00:44 -------- d-----w- c:\program files (x86)\HTC
    2012-10-30 04:48 . 2012-10-30 04:48 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2012-10-30 04:44 . 2012-11-13 20:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-10-27 03:37 . 2012-11-15 06:49 -------- d-----w- c:\users\Agreed\AppData\Roaming\HpUpdate
    2012-10-24 14:39 . 2012-10-24 14:39 -------- d-----w- c:\users\Agreed\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-24 14:39 . 2012-11-14 00:44 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-10-24 14:39 . 2012-10-24 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-10-21 02:45 . 2012-10-21 02:45 -------- d-----w- C:\found.000
    2012-10-21 00:03 . 2012-10-21 00:03 -------- d-----w- c:\users\LORI
    2012-10-20 04:27 . 2012-11-13 20:01 -------- d-----w- c:\programdata\SecTaskMan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-03 14:28 . 2012-09-03 14:28 59904 ----a-w- c:\windows\SysWow64\zlib1.dll
    2012-08-23 08:26 . 2012-09-12 01:02 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24D4287A-DEBA-4F8C-8E59-AF7D84DBCC05}\mpengine.dll
    2012-08-22 18:12 . 2012-09-12 01:02 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 01:02 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 01:02 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 14:07 . 2012-05-19 22:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-21 14:07 . 2012-05-19 22:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-21 09:12 . 2012-09-18 04:25 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-21 09:12 . 2012-09-18 04:25 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DriverFinder"="c:\program files (x86)\DriverFinder\DriverFinder.exe" [2011-07-18 7151816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-25 206120]
    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "HP Health Check Scheduler"=c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-20 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
    R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 23040]
    R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R4 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-25 296320]
    R4 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-25 116096]
    R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
    R4 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
    R4 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
    R4 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-03-22 628624]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-19 283200]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21bd21dd0a38d98e\AESTSr64.exe [2008-09-26 89088]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-05-11 20752]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 70656]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 145496]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 26168]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - WS2IFSL
    *Deregistered* - {55662437-DA8C-40c0-AADA-2C816A897A49}
    *Deregistered* - eeCtrl
    *Deregistered* - EraserUtilRebootDrv
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3455147775-3925942382-2652221077-1001Core.job
    - c:\users\Agreed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-20 13:08]
    .
    2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3455147775-3925942382-2652221077-1001UA.job
    - c:\users\Agreed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-20 13:08]
    .
    2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 02:49]
    .
    2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 02:49]
    .
    2012-11-15 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2012-11-15 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
    .
    2012-11-15 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
    .
    2012-11-15 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
    .
    2012-11-15 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
    .
    2012-09-23 c:\windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
    - c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2012-05-19 12:38]
    .
    2012-09-24 c:\windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
    - c:\program files (x86)\WinZip System Utilities Suite\WINZIPSS.exe [2012-05-19 12:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-09-27 00:12; facebook@disconnect.me; c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\facebook@disconnect.me.xpi
    FF - ExtSQL: 2012-09-27 00:19; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    FF - ExtSQL: 2012-11-13 11:28; {1519200d-6633-40c9-a9a1-d60d8d1d0479}; c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-UpdatePSTShortCut - c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    Wow6432Node-HKLM-Run-UpdatePDIRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    Wow6432Node-HKLM-Run-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    Wow6432Node-HKLM-Run-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
    Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
    SafeBoot-00093444.sys
    SafeBoot-73618190.sys
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
    AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-16 23:02:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-17 04:02
    .
    Pre-Run: 192,810,217,472 bytes free
    Post-Run: 193,368,059,904 bytes free
    .
    - - End Of File - - ED74D0A2B74C2DCE9F48B73A097F15F3
  17. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Looks good.

    Any current issues?

    ========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Still with me?
  19. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.