Inactive [A] Complex issues, I think HP and Microsoft support made it worse :(

Status
Not open for further replies.
A

Agreed88

Posts: 12   +0
Long story short here, I've been having several issues with my laptop over the past few weeks, neither HP nor microsoft have been able to really fix the issue. The problem is actually slightly worse now than it was before, mostly for other reasons.

My primary issue was, anytime I play any form of game or do something some forms of video/audio I get lag spikes that persist for about 10-15 seconds then go away. During the period of time, the program itself will spike extremely high in CPU performance, have a wait-chain for LocalServiceRestricted which will also have a waitchain for audiodx.exe . This prompted HP to have me nuke the majority of both my audio and video drivers, and do a set of restores.

Edit: I appologize about the multiple posts, the large text amount was causing the server to deny the posts, so I had to break it up into smaller chunks. MSE did not however produce a log, if anyone can inform me on how to pull that I'd be more than happy to post that as well.
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-11-15 23:16:22
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Services - GMER 1.0.15 ----

Service C:\SystemRoot\System32\Drivers\37f7b81f92588e55.sys (*** hidden *** ) [BOOT] 37f7b81f92588e55 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----




DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_32
Run by Agreed at 23:17:01 on 2012-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.2208 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
mWinlogon: Userinit = userinit.exe
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\4586F6D637F6E6 : DHCPNameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\9647473616D6075737 : DHCPNameServer = 10.89.110.11 192.168.110.13 192.168.110.10
TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\C6F636B6F6E663039333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4833C7D-0989-409E-BEE7-CE4B27B5536C}\D42405E413 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 genuine.microsoft.com
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Agreed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-27 00:12; facebook@disconnect.me; C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\facebook@disconnect.me.xpi
FF - ExtSQL: 2012-09-27 00:19; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2012-11-13 11:28; {1519200d-6633-40c9-a9a1-d60d8d1d0479}; C:\Users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-18 283200]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-15 89600]
R2 syshost32;syshost32;"C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe" /service --> C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe [?]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2012-6-20 20752]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-15 26168]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
S1 egilntau;egilntau;C:\Windows\System32\drivers\egilntau.sys [2012-11-15 49872]
S2 FTSvc;Fantapper Player Update Service;"C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe" --> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-23 193840]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
S4 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-23 365952]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-24 296320]
S4 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-24 116096]
S4 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
S4 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
S4 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
S4 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-5-19 628624]
.
=============== Created Last 30 ================
.
2012-11-16 04:09:21 49872 ----a-w- C:\Windows\System32\drivers\egilntau.sys
2012-11-16 03:56:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AC82C08-3E82-4CD7-8C87-78224C0CD925}\offreg.dll
2012-11-16 03:33:31 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AC82C08-3E82-4CD7-8C87-78224C0CD925}\mpengine.dll
2012-11-16 03:25:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-16 03:24:52 -------- d-----w- C:\8dbcef58daa4e5501b55c33dbcd6
2012-11-16 03:15:37 -------- d-----w- C:\ProgramData\RegCure
2012-11-16 03:08:02 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2012-11-16 03:08:02 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2012-11-16 03:08:02 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-11-16 03:08:02 4642816 ----a-w- C:\Windows\System32\stlang64.dll
2012-11-16 03:08:02 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2012-11-16 03:08:02 162304 ----a-w- C:\Windows\System32\AESTAC64.dll
2012-11-16 03:08:02 13170176 ----a-w- C:\Windows\System32\idtcpl64.cpl
2012-11-16 03:08:02 1128448 ----a-w- C:\Windows\sttray64.exe
2012-11-15 07:41:18 -------- d-----w- C:\Program Files\IDT
2012-11-15 07:17:09 521728 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-11-15 07:17:08 652288 ------w- C:\Windows\System32\stapi64.dll
2012-11-15 07:17:08 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2012-11-15 07:17:08 220160 ----a-w- C:\Windows\System32\staco64.dll
2012-11-15 07:17:08 1500672 ----a-w- C:\Windows\System32\stapo64.dll
2012-11-15 07:13:06 -------- d-----w- C:\Users\Agreed\AppData\Roaming\WinBatch
2012-11-15 07:06:13 -------- d-----w- C:\Users\Agreed\AppData\Roaming\ParetoLogic
2012-11-15 07:06:13 -------- d-----w- C:\Users\Agreed\AppData\Roaming\DriverCure
2012-11-15 07:05:59 -------- d-----w- C:\ProgramData\ParetoLogic
2012-11-15 07:05:59 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2012-11-15 07:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2012-11-15 06:49:20 -------- d-----w- C:\Program Files (x86)\Hp
2012-11-15 06:49:10 -------- d-----w- C:\Windows\Hewlett-Packard
2012-11-15 05:49:57 -------- d-----w- C:\Windows\pss
2012-11-15 05:08:37 -------- d-----w- C:\Program Files (x86)\DriverFinder
2012-11-15 05:08:14 -------- d-----w- C:\Users\Agreed\AppData\Roaming\DriverFinder
2012-11-11 17:12:32 -------- d-----w- C:\Users\Agreed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-11-11 17:10:37 -------- d-----w- C:\Users\Agreed\AppData\Local\Htc
2012-11-11 17:09:32 -------- d-----w- C:\Users\Agreed\AppData\Roaming\HTC
2012-11-11 17:05:08 -------- d-----w- C:\Program Files (x86)\HTC
2012-10-30 04:48:47 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-10-30 04:44:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-27 03:37:48 -------- d-----w- C:\Users\Agreed\AppData\Roaming\HpUpdate
2012-10-24 14:39:17 -------- d-----w- C:\Users\Agreed\AppData\Roaming\SUPERAntiSpyware.com
2012-10-24 14:39:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-24 14:39:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-21 02:45:13 -------- d-sh--w- C:\found.000
2012-10-20 04:27:07 -------- d-----w- C:\ProgramData\SecTaskMan
.
==================== Find3M ====================
.
2012-09-03 14:28:33 59904 ----a-w- C:\Windows\SysWow64\zlib1.dll
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 14:07:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 14:07:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 23:17:24.09 ===============
 
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Agreed :: AGREED [administrator]

11/15/2012 11:23:12 PM
mbam-log-2012-11-15 (23-23-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238401
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 1
c:\windows\installer\{2ce9860a-9785-9e5c-f2f6-4787d090af99}\syshost.exe (Trojan.Agent) -> 1544 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\syshost32|ImagePath (Trojan.Agent) -> Data: "C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe" /service -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
c:\windows\syshost.exe (Trojan.Downloader) -> Delete on reboot.
c:\users\agreed\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\users\not agreed\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\installer\{2ce9860a-9785-9e5c-f2f6-4787d090af99}\syshost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

I still need Attach.txt part of DDS.

=====================================

Some items in MBAM log are marked "No action taken".
Re-run it, fix ALL issues and post new log.

====================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
01:19:20.0029 2444 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:19:20.0329 2444 ============================================================
01:19:20.0329 2444 Current date / time: 2012/11/16 01:19:20.0329
01:19:20.0329 2444 SystemInfo:
01:19:20.0329 2444
01:19:20.0329 2444 OS Version: 6.1.7601 ServicePack: 1.0
01:19:20.0329 2444 Product type: Workstation
01:19:20.0329 2444 ComputerName: AGREED
01:19:20.0329 2444 UserName: Agreed
01:19:20.0329 2444 Windows directory: C:\Windows
01:19:20.0329 2444 System windows directory: C:\Windows
01:19:20.0329 2444 Running under WOW64
01:19:20.0329 2444 Processor architecture: Intel x64
01:19:20.0329 2444 Number of processors: 2
01:19:20.0329 2444 Page size: 0x1000
01:19:20.0329 2444 Boot type: Normal boot
01:19:20.0329 2444 ============================================================
01:19:22.0859 2444 Raw registry subsystem init failed!
01:19:23.0059 2444 !crdlk
01:19:23.0069 2444 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
01:19:23.0109 2444 ============================================================
01:19:23.0119 2444 \Device\Harddisk0\DR0:
01:19:23.0119 2444 MBR partitions:
01:19:23.0119 2444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
01:19:23.0119 2444 ============================================================
01:19:23.0129 2444 C: <-> \Device\Harddisk0\DR0\Partition1
01:19:23.0129 2444 ============================================================
01:19:23.0129 2444 Initialize success
01:19:23.0129 2444 ============================================================







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2012 5:56:43 PM
System Uptime: 11/15/2012 6:58:26 PM (5 hours ago)
.
Motherboard: Hewlett-Packard | | 30FC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-74 | Socket M2/S1G1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 182.83 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Eraser Control driver
Device ID: ROOT\LEGACY_EECTRL\0000
Manufacturer:
Name: Symantec Eraser Control driver
PNP Device ID: ROOT\LEGACY_EECTRL\0000
Service: eeCtrl
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: IDT High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C3625&REV_1003\4&2F0A96A8&0&0001
Manufacturer: IDT
Name: IDT High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C3625&REV_1003\4&2F0A96A8&0&0001
Service: STHDA
.
==== System Restore Points ===================
.
RP63: 10/13/2012 3:51:24 PM - ComboFix created restore point
RP64: 10/17/2012 1:12:47 AM - Windows Update
RP65: 10/17/2012 3:00:20 AM - Windows Update
RP66: 10/18/2012 5:57:45 PM - Removed Skype Click to Call
RP67: 10/18/2012 5:58:36 PM - Removed Adobe Reader 9.
RP68: 10/18/2012 6:40:11 PM - Removed Java(TM) 6 Update 7
RP69: 10/18/2012 6:41:13 PM - Removed Java(TM) 6 Update 32
RP70: 10/18/2012 6:55:15 PM - Restore Operation
RP71: 10/19/2012 9:40:44 AM - Windows Update
RP72: 10/19/2012 3:55:06 PM - Restore Operation
RP73: 10/19/2012 4:09:01 PM - Windows Update
RP74: 10/20/2012 3:00:18 AM - Windows Update
RP75: 10/20/2012 3:57:02 PM - Removed Slingbox - Watch Your TV Anywhere
RP76: 10/20/2012 4:01:53 PM - Configured SlingPlayer
RP77: 10/20/2012 4:03:13 PM - Removed Java(TM) 6 Update 32
RP78: 10/20/2012 4:04:25 PM - Removed Java(TM) 6 Update 7
RP79: 10/21/2012 2:08:06 PM - Windows Update
RP80: 10/21/2012 2:22:08 PM - Removed Skype Click to Call
RP81: 10/27/2012 12:38:30 AM - Windows Update
RP82: 10/28/2012 11:18:33 PM - Removed Adobe Reader 9.
RP83: 10/29/2012 10:41:20 PM - Removed Facebook Video Calling 1.2.0.287
RP84: 10/29/2012 11:27:41 PM - Removed NetZero Preloader
RP85: 10/29/2012 11:30:58 PM - Removed League of Legends
RP86: 11/8/2012 3:24:58 AM - Scheduled Checkpoint
RP87: 11/11/2012 12:06:44 PM - Installed HTC Sync.
RP88: 11/13/2012 2:21:36 PM - Restore Operation
RP89: 11/14/2012 10:47:44 PM - Removed IDT Audio
RP90: 11/15/2012 2:20:04 AM - Installed IDT Audio
RP91: 11/15/2012 2:43:20 AM - Configured IDT Audio
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.20 (x64 edition)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Agere Systems HDA Modem
AMD USB Audio Driver Filter
ASPCA Reminder by We-Care.com v4.0.19.1
Atheros Driver Installation Program
ATI Catalyst Install Manager
BitTorrent
BitTorrentBar Toolbar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compact Wireless-G USB Network Adapter with SpeedBooster
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DAEMON Tools Lite
DriverFinder
EasyTether
ESU for Microsoft Vista
Facebook Video Calling 1.2.0.159
Google Chrome
Google Update Helper
Grandia2
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Juno Preloader
LabelPrint
League of Legends
Linksys Wireless-G USB Network Adapter
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetLab for Win95/NT
NetZero Preloader
PakkISO 0.4
Pando Media Booster
ParetoLogic PC Health Advisor
Pokemon Online 1.0.53
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
RegCure
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skins
Skype Click to Call
Skype™ 5.10
Slingbox - Watch Your TV Anywhere
SlingPlayer
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Ventrilo Client for Windows x64
Vid-Saver
Visual Studio 2010 x64 Redistributables
WD SmartWare
WinZip System Utilities Suite
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 6:27:54 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
11/15/2012 6:59:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
11/15/2012 6:59:02 PM, Error: Service Control Manager [7000] - The Fantapper Player Update Service service failed to start due to the following error: The system cannot find the file specified.
11/15/2012 6:59:01 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
11/15/2012 6:58:51 PM, Error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the file specified.
11/15/2012 6:58:49 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
11/15/2012 6:58:49 PM, Error: atikmdag [43029] - Display is not active
11/15/2012 6:58:30 PM, Error: hpdskflt [1001] -
11/15/2012 6:50:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.
11/15/2012 6:50:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.
11/15/2012 6:50:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0x80070505'. If possible, reinstall Windows Media Player.
11/15/2012 6:48:31 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: Access is denied.
11/15/2012 6:47:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc00002e3 (0xfffff8a0028ad680, 0xffffffffc0000189, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-25053-01.
11/15/2012 11:09:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Necurs.A&threatid=2147645812 Name: Trojan:Win64/Necurs.A ID: 2147645812 Severity: Severe Category: Trojan Path: file:_C:\Windows\system32\drivers\37f7b81f92588e55.sys;hiddendriver:_37f7b81f92588e55;hiddenfile:_C:\Windows\System32\Drivers\37f7b81f92588e55.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: AGREED\Agreed Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.139.2199.0, AS: 1.139.2199.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8904.0, NIS: 0.0.0.0
11/15/2012 11:09:21 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Necurs.A&threatid=2147645812 Name: Trojan:Win64/Necurs.A ID: 2147645812 Severity: Severe Category: Trojan Path: file:_C:\Windows\system32\drivers\37f7b81f92588e55.sys;hiddendriver:_37f7b81f92588e55;hiddenfile:_C:\Windows\System32\Drivers\37f7b81f92588e55.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: AGREED\Agreed Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.139.2199.0, AS: 1.139.2199.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8904.0, NIS: 0.0.0.0
11/15/2012 10:35:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
11/15/2012 10:35:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
11/15/2012 10:35:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
11/15/2012 10:35:11 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2012 10:35:11 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection System service failed to start due to the following error: A device attached to the system is not functioning.
11/15/2012 10:35:11 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: AGREED\Agreed Error Code: 0x8007042c Error description: The dependency service or group failed to start.
11/15/2012 10:35:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: AGREED\Agreed Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
11/15/2012 10:35:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2199.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: AGREED\Agreed Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
11/15/2012 10:35:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2199.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: AGREED\Agreed Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
11/15/2012 10:33:55 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
11/15/2012 10:33:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2199.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
11/15/2012 10:33:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
11/15/2012 10:33:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/15/2012 10:26:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/15/2012 10:25:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/14/2012 12:16:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/14/2012 12:14:07 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/14/2012 11:50:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/14/2012 10:05:30 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/13/2012 8:47:25 PM, Error: Service Control Manager [7034] - The syshost32 service terminated unexpectedly. It has done this 1 time(s).
11/13/2012 8:46:43 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2012 8:45:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.
11/13/2012 8:45:17 PM, Error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2012 2:17:32 PM, Error: Service Control Manager [7000] - The WINZIPSSDiskOptimizer service failed to start due to the following error: The system cannot find the file specified.
11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2012 1:21:07 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/11/2012 9:41:52 PM, Error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/11/2012 9:03:18 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
12:02:06.0185 2208 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:02:06.0446 2208 ============================================================
12:02:06.0446 2208 Current date / time: 2012/11/16 12:02:06.0446
12:02:06.0446 2208 SystemInfo:
12:02:06.0446 2208
12:02:06.0446 2208 OS Version: 6.1.7601 ServicePack: 1.0
12:02:06.0446 2208 Product type: Workstation
12:02:06.0446 2208 ComputerName: AGREED
12:02:06.0446 2208 UserName: Agreed
12:02:06.0446 2208 Windows directory: C:\Windows
12:02:06.0446 2208 System windows directory: C:\Windows
12:02:06.0446 2208 Running under WOW64
12:02:06.0446 2208 Processor architecture: Intel x64
12:02:06.0446 2208 Number of processors: 2
12:02:06.0446 2208 Page size: 0x1000
12:02:06.0446 2208 Boot type: Normal boot
12:02:06.0446 2208 ============================================================
12:02:12.0636 2208 !crdlk
12:02:12.0646 2208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:02:12.0676 2208 Drive \Device\Harddisk1\DR1 - Size: 0x77600000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:02:12.0686 2208 ============================================================
12:02:12.0686 2208 \Device\Harddisk0\DR0:
12:02:12.0686 2208 MBR partitions:
12:02:12.0686 2208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
12:02:12.0686 2208 \Device\Harddisk1\DR1:
12:02:12.0686 2208 MBR partitions:
12:02:12.0686 2208 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3BAF7F
12:02:12.0686 2208 ============================================================
12:02:12.0696 2208 C: <-> \Device\Harddisk0\DR0\Partition1
12:02:12.0696 2208 ============================================================
12:02:12.0696 2208 Initialize success
12:02:12.0696 2208 ============================================================
12:02:16.0946 4528 ============================================================
12:02:16.0946 4528 Scan started
12:02:16.0946 4528 Mode: Manual;
12:02:16.0946 4528 ============================================================
12:02:17.0336 4528 ================ Scan system memory ========================
12:02:17.0336 4528 System memory - ok
12:02:17.0336 4528 ================ Scan services =============================
12:02:17.0536 4528 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:02:17.0546 4528 1394ohci - ok
12:02:17.0546 4528 Suspicious service (NoAccess): 37f7b81f92588e55
12:02:17.0606 4528 [ CF8A7E7536983E7F94BC760AF8B17451 ] 37f7b81f92588e55 C:\Windows\System32\Drivers\37f7b81f92588e55.sys
12:02:17.0606 4528 Suspicious file (NoAccess): C:\Windows\System32\Drivers\37f7b81f92588e55.sys. md5: CF8A7E7536983E7F94BC760AF8B17451
12:02:17.0716 4528 37f7b81f92588e55 ( Rootkit.Win32.Necurs.gen ) - infected
12:02:17.0716 4528 37f7b81f92588e55 - detected Rootkit.Win32.Necurs.gen (0)
12:02:17.0766 4528 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
12:02:17.0766 4528 Accelerometer - ok
12:02:17.0826 4528 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:02:17.0826 4528 ACPI - ok
12:02:17.0876 4528 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:02:17.0876 4528 AcpiPmi - ok
12:02:17.0936 4528 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:02:17.0976 4528 adp94xx - ok
12:02:18.0056 4528 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:02:18.0056 4528 adpahci - ok
12:02:18.0136 4528 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:02:18.0146 4528 adpu320 - ok
12:02:18.0196 4528 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:02:18.0196 4528 AeLookupSvc - ok
12:02:18.0356 4528 [ 7F66523A27754AFCFECAE2F5EB643A4A ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21bd21dd0a38d98e\AESTSr64.exe
12:02:18.0356 4528 AESTFilters - ok
12:02:18.0446 4528 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:02:18.0446 4528 AFD - ok
12:02:18.0566 4528 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
12:02:18.0616 4528 AgereSoftModem - ok
12:02:18.0696 4528 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:02:18.0706 4528 agp440 - ok
12:02:18.0776 4528 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:02:18.0776 4528 ALG - ok
12:02:18.0826 4528 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:02:18.0836 4528 aliide - ok
12:02:18.0906 4528 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:02:18.0916 4528 AMD External Events Utility - ok
12:02:18.0936 4528 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:02:18.0936 4528 amdide - ok
12:02:18.0986 4528 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:02:18.0986 4528 AmdK8 - ok
12:02:19.0046 4528 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:02:19.0046 4528 AmdPPM - ok
12:02:19.0106 4528 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:02:19.0106 4528 amdsata - ok
12:02:19.0146 4528 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:02:19.0146 4528 amdsbs - ok
12:02:19.0176 4528 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:02:19.0176 4528 amdxata - ok
12:02:19.0227 4528 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:02:19.0227 4528 AppID - ok
12:02:19.0267 4528 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:02:19.0277 4528 AppIDSvc - ok
12:02:19.0307 4528 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:02:19.0307 4528 Appinfo - ok
12:02:19.0377 4528 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:02:19.0387 4528 AppMgmt - ok
12:02:19.0457 4528 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:02:19.0457 4528 arc - ok
12:02:19.0497 4528 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:02:19.0497 4528 arcsas - ok
12:02:19.0547 4528 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:02:19.0547 4528 AsyncMac - ok
12:02:19.0607 4528 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:02:19.0607 4528 atapi - ok
12:02:19.0697 4528 [ 8C56E93749BA53A4B645963D3439E01E ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:02:19.0747 4528 athr - ok
12:02:19.0967 4528 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:02:20.0127 4528 atikmdag - ok
12:02:20.0207 4528 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:02:20.0207 4528 AtiPcie - ok
12:02:20.0287 4528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:02:20.0317 4528 AudioEndpointBuilder - ok
12:02:20.0397 4528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:02:20.0397 4528 AudioSrv - ok
12:02:20.0467 4528 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:02:20.0477 4528 AxInstSV - ok
12:02:20.0557 4528 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:02:20.0597 4528 b06bdrv - ok
12:02:20.0657 4528 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:02:20.0667 4528 b57nd60a - ok
12:02:20.0747 4528 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:02:20.0747 4528 BDESVC - ok
12:02:20.0797 4528 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:02:20.0797 4528 Beep - ok
12:02:20.0877 4528 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:02:20.0917 4528 BFE - ok
12:02:21.0017 4528 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:02:21.0077 4528 BITS - ok
12:02:21.0177 4528 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:02:21.0187 4528 blbdrive - ok
12:02:21.0247 4528 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:02:21.0257 4528 bowser - ok
12:02:21.0297 4528 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:02:21.0297 4528 BrFiltLo - ok
12:02:21.0347 4528 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:02:21.0347 4528 BrFiltUp - ok
12:02:21.0397 4528 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:02:21.0407 4528 Browser - ok
12:02:21.0467 4528 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:02:21.0467 4528 Brserid - ok
12:02:21.0497 4528 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:02:21.0497 4528 BrSerWdm - ok
12:02:21.0547 4528 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:02:21.0547 4528 BrUsbMdm - ok
12:02:21.0587 4528 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:02:21.0597 4528 BrUsbSer - ok
12:02:21.0617 4528 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:02:21.0617 4528 BTHMODEM - ok
12:02:21.0707 4528 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:02:21.0707 4528 bthserv - ok
12:02:21.0757 4528 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:02:21.0757 4528 cdfs - ok
12:02:21.0807 4528 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:02:21.0807 4528 cdrom - ok
12:02:21.0847 4528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:02:21.0847 4528 CertPropSvc - ok
12:02:21.0927 4528 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:02:21.0927 4528 circlass - ok
12:02:22.0007 4528 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:02:22.0007 4528 CLFS - ok
12:02:22.0107 4528 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:02:22.0107 4528 clr_optimization_v2.0.50727_32 - ok
12:02:22.0227 4528 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:02:22.0227 4528 clr_optimization_v2.0.50727_64 - ok
12:02:22.0307 4528 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:02:22.0307 4528 CmBatt - ok
12:02:22.0387 4528 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:02:22.0387 4528 cmdide - ok
12:02:22.0447 4528 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:02:22.0457 4528 CNG - ok
12:02:22.0577 4528 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:02:22.0587 4528 Com4QLBEx - ok
12:02:22.0677 4528 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:02:22.0677 4528 Compbatt - ok
12:02:22.0737 4528 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:02:22.0737 4528 CompositeBus - ok
12:02:22.0767 4528 COMSysApp - ok
12:02:22.0797 4528 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:02:22.0797 4528 crcdisk - ok
12:02:22.0887 4528 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:02:22.0887 4528 CryptSvc - ok
12:02:22.0957 4528 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:02:22.0987 4528 CSC - ok
12:02:23.0067 4528 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:02:23.0097 4528 CscService - ok
12:02:23.0197 4528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:02:23.0237 4528 DcomLaunch - ok
12:02:23.0307 4528 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:02:23.0307 4528 defragsvc - ok
12:02:23.0367 4528 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:02:23.0377 4528 DfsC - ok
12:02:23.0447 4528 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:02:23.0457 4528 Dhcp - ok
12:02:23.0507 4528 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:02:23.0507 4528 discache - ok
12:02:23.0577 4528 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:02:23.0577 4528 Disk - ok
12:02:23.0637 4528 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
12:02:23.0637 4528 dmvsc - ok
12:02:23.0717 4528 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:02:23.0727 4528 Dnscache - ok
12:02:23.0797 4528 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:02:23.0807 4528 dot3svc - ok
12:02:23.0847 4528 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:02:23.0847 4528 DPS - ok
12:02:23.0907 4528 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:02:23.0907 4528 drmkaud - ok
12:02:23.0977 4528 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:02:23.0977 4528 dtsoftbus01 - ok
12:02:24.0047 4528 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:02:24.0047 4528 DXGKrnl - ok
12:02:24.0147 4528 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:02:24.0147 4528 EapHost - ok
12:02:24.0227 4528 [ 43E16E4011D80D0F794B695363AF2260 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
12:02:24.0227 4528 easytether - ok
12:02:24.0357 4528 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:02:24.0447 4528 ebdrv - ok
12:02:24.0547 4528 [ EB0883462AC43829E47929D705D40933 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:02:24.0587 4528 eeCtrl - ok
12:02:24.0647 4528 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:02:24.0647 4528 EFS - ok
12:02:24.0767 4528 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:02:24.0807 4528 ehRecvr - ok
12:02:24.0867 4528 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:02:24.0867 4528 ehSched - ok
12:02:24.0947 4528 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:02:24.0987 4528 elxstor - ok
12:02:25.0057 4528 [ A9EC08727C64D985678F5B64C03823F0 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
12:02:25.0057 4528 enecir - ok
12:02:25.0087 4528 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:02:25.0087 4528 ErrDev - ok
12:02:25.0227 4528 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:02:25.0237 4528 EventSystem - ok
12:02:25.0277 4528 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:02:25.0277 4528 exfat - ok
12:02:25.0337 4528 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:02:25.0337 4528 fastfat - ok
12:02:25.0387 4528 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:02:25.0427 4528 Fax - ok
12:02:25.0467 4528 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:02:25.0467 4528 fdc - ok
12:02:25.0537 4528 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:02:25.0537 4528 fdPHost - ok
12:02:25.0567 4528 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:02:25.0567 4528 FDResPub - ok
12:02:25.0637 4528 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:02:25.0637 4528 FileInfo - ok
12:02:25.0657 4528 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:02:25.0667 4528 Filetrace - ok
12:02:25.0707 4528 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:02:25.0707 4528 flpydisk - ok
12:02:25.0747 4528 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:02:25.0747 4528 FltMgr - ok
12:02:25.0847 4528 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
12:02:25.0897 4528 FontCache - ok
12:02:25.0987 4528 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:02:25.0987 4528 FontCache3.0.0.0 - ok
12:02:26.0047 4528 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:02:26.0047 4528 FsDepends - ok
12:02:26.0117 4528 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:02:26.0127 4528 Fs_Rec - ok
12:02:26.0137 4528 FTSvc - ok
12:02:26.0177 4528 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:02:26.0177 4528 fvevol - ok
12:02:26.0237 4528 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:02:26.0237 4528 gagp30kx - ok
12:02:26.0337 4528 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
12:02:26.0337 4528 GameConsoleService - ok
12:02:26.0467 4528 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:02:26.0507 4528 gpsvc - ok
12:02:26.0597 4528 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:02:26.0597 4528 gupdate - ok
12:02:26.0627 4528 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:02:26.0627 4528 gupdatem - ok
12:02:26.0677 4528 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:02:26.0677 4528 hcw85cir - ok
12:02:26.0737 4528 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:02:26.0747 4528 HdAudAddService - ok
12:02:26.0797 4528 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:02:26.0797 4528 HDAudBus - ok
12:02:26.0847 4528 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:02:26.0847 4528 HidBatt - ok
12:02:26.0877 4528 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:02:26.0877 4528 HidBth - ok
12:02:26.0927 4528 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:02:26.0927 4528 HidIr - ok
12:02:26.0997 4528 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:02:26.0997 4528 hidserv - ok
12:02:27.0067 4528 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:02:27.0067 4528 HidUsb - ok
12:02:27.0127 4528 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:02:27.0127 4528 hkmsvc - ok
12:02:27.0187 4528 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:02:27.0197 4528 HomeGroupListener - ok
12:02:27.0247 4528 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:02:27.0257 4528 HomeGroupProvider - ok
12:02:27.0317 4528 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
12:02:27.0327 4528 HP Health Check Service - ok
12:02:27.0387 4528 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
12:02:27.0387 4528 hpdskflt - ok
12:02:27.0457 4528 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:02:27.0457 4528 HpqKbFiltr - ok
12:02:27.0537 4528 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:02:27.0537 4528 hpqwmiex - ok
12:02:27.0597 4528 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:02:27.0597 4528 HpSAMD - ok
12:02:27.0627 4528 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv C:\Windows\system32\Hpservice.exe
12:02:27.0627 4528 hpsrv - ok
12:02:27.0717 4528 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:02:27.0727 4528 HTTP - ok
12:02:27.0777 4528 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:02:27.0777 4528 hwpolicy - ok
12:02:27.0847 4528 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:02:27.0847 4528 i8042prt - ok
12:02:27.0917 4528 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:02:27.0947 4528 iaStorV - ok
12:02:28.0047 4528 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:02:28.0047 4528 IDriverT - ok
12:02:28.0147 4528 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:02:28.0167 4528 idsvc - ok
12:02:28.0247 4528 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:02:28.0247 4528 iirsp - ok
12:02:28.0337 4528 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:02:28.0367 4528 IKEEXT - ok
12:02:28.0427 4528 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:02:28.0437 4528 intelide - ok
12:02:28.0477 4528 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:02:28.0487 4528 intelppm - ok
12:02:28.0537 4528 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:02:28.0537 4528 IPBusEnum - ok
12:02:28.0577 4528 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:02:28.0577 4528 IpFilterDriver - ok
12:02:28.0667 4528 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:02:28.0707 4528 iphlpsvc - ok
12:02:28.0767 4528 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:02:28.0777 4528 IPMIDRV - ok
12:02:28.0827 4528 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:02:28.0827 4528 IPNAT - ok
12:02:28.0877 4528 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:02:28.0877 4528 IRENUM - ok
12:02:28.0927 4528 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:02:28.0937 4528 isapnp - ok
12:02:28.0967 4528 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:02:28.0977 4528 iScsiPrt - ok
12:02:29.0027 4528 [ 15371306D1ADBBF35E475C8DA516A956 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
12:02:29.0027 4528 JMCR - ok
12:02:29.0077 4528 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:02:29.0077 4528 kbdclass - ok
12:02:29.0217 4528 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:02:29.0217 4528 kbdhid - ok
12:02:29.0257 4528 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:02:29.0267 4528 KeyIso - ok
12:02:29.0297 4528 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:02:29.0297 4528 KSecDD - ok
12:02:29.0347 4528 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:02:29.0347 4528 KSecPkg - ok
12:02:29.0397 4528 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:02:29.0397 4528 ksthunk - ok
12:02:29.0477 4528 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:02:29.0487 4528 KtmRm - ok
12:02:29.0547 4528 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:02:29.0557 4528 LanmanServer - ok
12:02:29.0627 4528 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:02:29.0627 4528 LanmanWorkstation - ok
12:02:29.0697 4528 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:02:29.0697 4528 lltdio - ok
12:02:29.0747 4528 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:02:29.0757 4528 lltdsvc - ok
12:02:29.0797 4528 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:02:29.0797 4528 lmhosts - ok
12:02:29.0867 4528 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:02:29.0877 4528 LSI_FC - ok
12:02:29.0917 4528 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:02:29.0927 4528 LSI_SAS - ok
12:02:29.0967 4528 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:02:29.0967 4528 LSI_SAS2 - ok
12:02:30.0007 4528 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:02:30.0007 4528 LSI_SCSI - ok
12:02:30.0057 4528 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:02:30.0057 4528 luafv - ok
12:02:30.0127 4528 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:02:30.0137 4528 Mcx2Svc - ok
12:02:30.0187 4528 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:02:30.0187 4528 megasas - ok
12:02:30.0227 4528 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:02:30.0227 4528 MegaSR - ok
12:02:30.0277 4528 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:02:30.0287 4528 MMCSS - ok
12:02:30.0347 4528 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:02:30.0347 4528 Modem - ok
12:02:30.0397 4528 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:02:30.0407 4528 monitor - ok
12:02:30.0457 4528 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:02:30.0457 4528 mouclass - ok
12:02:30.0507 4528 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:02:30.0507 4528 mouhid - ok
12:02:30.0567 4528 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:02:30.0567 4528 mountmgr - ok
12:02:30.0657 4528 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:02:30.0657 4528 MozillaMaintenance - ok
12:02:30.0717 4528 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:02:30.0717 4528 mpio - ok
12:02:30.0767 4528 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:02:30.0767 4528 mpsdrv - ok
12:02:30.0857 4528 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:02:30.0867 4528 MpsSvc - ok
12:02:30.0937 4528 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:02:30.0937 4528 MRxDAV - ok
12:02:31.0007 4528 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:02:31.0007 4528 mrxsmb - ok
12:02:31.0077 4528 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:02:31.0077 4528 mrxsmb10 - ok
12:02:31.0117 4528 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:02:31.0117 4528 mrxsmb20 - ok
12:02:31.0157 4528 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:02:31.0167 4528 msahci - ok
12:02:31.0217 4528 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:02:31.0227 4528 msdsm - ok
12:02:31.0277 4528 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:02:31.0277 4528 MSDTC - ok
12:02:31.0327 4528 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:02:31.0327 4528 Msfs - ok
12:02:31.0387 4528 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:02:31.0387 4528 mshidkmdf - ok
12:02:31.0407 4528 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:02:31.0407 4528 msisadrv - ok
12:02:31.0477 4528 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:02:31.0487 4528 MSiSCSI - ok
12:02:31.0517 4528 msiserver - ok
12:02:31.0547 4528 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:02:31.0547 4528 MSKSSRV - ok
12:02:31.0597 4528 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:02:31.0607 4528 MSPCLOCK - ok
12:02:31.0677 4528 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:02:31.0677 4528 MSPQM - ok
12:02:31.0707 4528 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:02:31.0717 4528 MsRPC - ok
12:02:31.0777 4528 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:02:31.0777 4528 mssmbios - ok
12:02:31.0807 4528 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:02:31.0807 4528 MSTEE - ok
12:02:31.0837 4528 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:02:31.0837 4528 MTConfig - ok
12:02:31.0888 4528 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:02:31.0888 4528 Mup - ok
12:02:31.0998 4528 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:02:32.0028 4528 napagent - ok
12:02:32.0118 4528 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:02:32.0128 4528 NativeWifiP - ok
12:02:32.0188 4528 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:02:32.0218 4528 NDIS - ok
12:02:32.0268 4528 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:02:32.0268 4528 NdisCap - ok
12:02:32.0318 4528 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:02:32.0318 4528 NdisTapi - ok
12:02:32.0368 4528 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:02:32.0368 4528 Ndisuio - ok
12:02:32.0428 4528 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:02:32.0428 4528 NdisWan - ok
12:02:32.0458 4528 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:02:32.0458 4528 NDProxy - ok
12:02:32.0498 4528 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:02:32.0498 4528 NetBIOS - ok
12:02:32.0548 4528 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:02:32.0558 4528 NetBT - ok
12:02:32.0608 4528 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:02:32.0608 4528 Netlogon - ok
12:02:32.0688 4528 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:02:32.0688 4528 Netman - ok
12:02:32.0778 4528 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:02:32.0808 4528 netprofm - ok
12:02:32.0878 4528 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:02:32.0878 4528 NetTcpPortSharing - ok
12:02:32.0938 4528 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:02:32.0948 4528 nfrd960 - ok
12:02:33.0038 4528 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:02:33.0048 4528 NlaSvc - ok
12:02:33.0158 4528 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:02:33.0158 4528 Npfs - ok
12:02:33.0188 4528 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:02:33.0188 4528 nsi - ok
12:02:33.0218 4528 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:02:33.0218 4528 nsiproxy - ok
12:02:33.0308 4528 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
 
12:02:33.0368 4528 Ntfs - ok
12:02:33.0438 4528 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:02:33.0438 4528 Null - ok
12:02:33.0488 4528 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:02:33.0498 4528 nvraid - ok
12:02:33.0528 4528 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:02:33.0538 4528 nvstor - ok
12:02:33.0568 4528 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:02:33.0578 4528 nv_agp - ok
12:02:33.0668 4528 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:02:33.0698 4528 odserv - ok
12:02:33.0758 4528 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:02:33.0758 4528 ohci1394 - ok
12:02:33.0798 4528 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:33.0798 4528 ose - ok
12:02:33.0888 4528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:02:33.0898 4528 p2pimsvc - ok
12:02:33.0948 4528 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:02:33.0948 4528 p2psvc - ok
12:02:34.0008 4528 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:02:34.0018 4528 Parport - ok
12:02:34.0078 4528 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:02:34.0078 4528 partmgr - ok
12:02:34.0118 4528 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:02:34.0128 4528 PcaSvc - ok
12:02:34.0188 4528 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:02:34.0188 4528 pci - ok
12:02:34.0258 4528 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:02:34.0258 4528 pciide - ok
12:02:34.0308 4528 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:02:34.0308 4528 pcmcia - ok
12:02:34.0368 4528 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:02:34.0368 4528 pcw - ok
12:02:34.0448 4528 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:02:34.0478 4528 PEAUTH - ok
12:02:34.0588 4528 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:02:34.0638 4528 PeerDistSvc - ok
12:02:34.0758 4528 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:02:34.0768 4528 PerfHost - ok
12:02:34.0888 4528 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:02:34.0938 4528 pla - ok
12:02:35.0038 4528 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:02:35.0078 4528 PlugPlay - ok
12:02:35.0138 4528 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:02:35.0148 4528 PNRPAutoReg - ok
12:02:35.0198 4528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:02:35.0208 4528 PNRPsvc - ok
12:02:35.0288 4528 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:02:35.0318 4528 PolicyAgent - ok
12:02:35.0418 4528 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:02:35.0418 4528 Power - ok
12:02:35.0478 4528 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:02:35.0478 4528 PptpMiniport - ok
12:02:35.0528 4528 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:02:35.0528 4528 Processor - ok
12:02:35.0578 4528 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
12:02:35.0578 4528 ProfSvc - ok
12:02:35.0638 4528 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:02:35.0638 4528 ProtectedStorage - ok
12:02:35.0698 4528 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:02:35.0698 4528 Psched - ok
12:02:35.0778 4528 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:02:35.0838 4528 ql2300 - ok
12:02:35.0888 4528 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:02:35.0888 4528 ql40xx - ok
12:02:35.0968 4528 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:02:35.0978 4528 QWAVE - ok
12:02:35.0998 4528 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:02:35.0998 4528 QWAVEdrv - ok
12:02:36.0038 4528 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:02:36.0038 4528 RasAcd - ok
12:02:36.0118 4528 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:02:36.0118 4528 RasAgileVpn - ok
12:02:36.0188 4528 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:02:36.0188 4528 RasAuto - ok
12:02:36.0238 4528 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:02:36.0238 4528 Rasl2tp - ok
12:02:36.0308 4528 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:02:36.0308 4528 RasMan - ok
12:02:36.0338 4528 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:02:36.0338 4528 RasPppoe - ok
12:02:36.0358 4528 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:02:36.0368 4528 RasSstp - ok
12:02:36.0398 4528 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:02:36.0398 4528 rdbss - ok
12:02:36.0468 4528 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:02:36.0468 4528 rdpbus - ok
12:02:36.0518 4528 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:02:36.0518 4528 RDPCDD - ok
12:02:36.0588 4528 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:02:36.0588 4528 RDPDR - ok
12:02:36.0638 4528 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:02:36.0638 4528 RDPENCDD - ok
12:02:36.0708 4528 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:02:36.0708 4528 RDPREFMP - ok
12:02:36.0808 4528 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:02:36.0808 4528 RdpVideoMiniport - ok
12:02:36.0848 4528 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:02:36.0858 4528 RDPWD - ok
12:02:36.0958 4528 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:02:36.0958 4528 rdyboost - ok
12:02:37.0018 4528 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
12:02:37.0028 4528 Recovery Service for Windows - ok
12:02:37.0098 4528 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:02:37.0098 4528 RemoteAccess - ok
12:02:37.0168 4528 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:02:37.0178 4528 RemoteRegistry - ok
12:02:37.0268 4528 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
12:02:37.0278 4528 RichVideo - ok
12:02:37.0338 4528 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:02:37.0338 4528 RpcEptMapper - ok
12:02:37.0378 4528 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:02:37.0378 4528 RpcLocator - ok
12:02:37.0458 4528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:02:37.0458 4528 RpcSs - ok
12:02:37.0538 4528 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:02:37.0538 4528 rspndr - ok
12:02:37.0608 4528 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
12:02:37.0608 4528 RTL8169 - ok
12:02:37.0668 4528 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:02:37.0678 4528 s3cap - ok
12:02:37.0738 4528 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:02:37.0738 4528 SamSs - ok
12:02:37.0788 4528 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:02:37.0798 4528 sbp2port - ok
12:02:37.0858 4528 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:02:37.0868 4528 SCardSvr - ok
12:02:37.0898 4528 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:02:37.0898 4528 scfilter - ok
12:02:37.0988 4528 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:02:38.0038 4528 Schedule - ok
12:02:38.0138 4528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:02:38.0138 4528 SCPolicySvc - ok
12:02:38.0228 4528 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:02:38.0228 4528 SDRSVC - ok
12:02:38.0278 4528 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:02:38.0288 4528 secdrv - ok
12:02:38.0308 4528 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:02:38.0318 4528 seclogon - ok
12:02:38.0368 4528 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:02:38.0378 4528 SENS - ok
12:02:38.0408 4528 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:02:38.0408 4528 SensrSvc - ok
12:02:38.0458 4528 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:02:38.0458 4528 Serenum - ok
12:02:38.0508 4528 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:02:38.0508 4528 Serial - ok
12:02:38.0568 4528 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:02:38.0568 4528 sermouse - ok
12:02:38.0678 4528 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:02:38.0688 4528 SessionEnv - ok
12:02:38.0738 4528 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:02:38.0738 4528 sffdisk - ok
12:02:38.0768 4528 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:02:38.0768 4528 sffp_mmc - ok
12:02:38.0798 4528 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:02:38.0798 4528 sffp_sd - ok
12:02:38.0848 4528 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:02:38.0848 4528 sfloppy - ok
12:02:38.0928 4528 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:02:38.0928 4528 SharedAccess - ok
12:02:39.0008 4528 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:02:39.0008 4528 ShellHWDetection - ok
12:02:39.0068 4528 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:02:39.0068 4528 SiSRaid2 - ok
12:02:39.0118 4528 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:02:39.0118 4528 SiSRaid4 - ok
12:02:39.0298 4528 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:02:39.0388 4528 Skype C2C Service - ok
12:02:39.0478 4528 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:02:39.0478 4528 SkypeUpdate - ok
12:02:39.0528 4528 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:02:39.0538 4528 Smb - ok
12:02:39.0628 4528 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:02:39.0628 4528 SNMPTRAP - ok
12:02:39.0688 4528 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:02:39.0688 4528 spldr - ok
12:02:39.0748 4528 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
12:02:39.0788 4528 Spooler - ok
12:02:39.0938 4528 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:02:40.0038 4528 sppsvc - ok
12:02:40.0088 4528 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:02:40.0088 4528 sppuinotify - ok
12:02:40.0188 4528 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:02:40.0188 4528 srv - ok
12:02:40.0268 4528 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:02:40.0268 4528 srv2 - ok
12:02:40.0318 4528 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:02:40.0328 4528 srvnet - ok
12:02:40.0388 4528 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:02:40.0398 4528 SSDPSRV - ok
12:02:40.0448 4528 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:02:40.0448 4528 SstpSvc - ok
12:02:40.0588 4528 [ 3FB66E86BA667D627A613E1D677469B0 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21bd21dd0a38d98e\STacSV64.exe
12:02:40.0598 4528 STacSV - ok
12:02:40.0678 4528 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:02:40.0678 4528 stexstor - ok
12:02:40.0778 4528 [ E01797A54F8A61512B7E590FDE6D1988 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
12:02:40.0808 4528 STHDA - ok
12:02:40.0928 4528 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:02:40.0938 4528 stisvc - ok
12:02:41.0008 4528 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:02:41.0008 4528 storflt - ok
12:02:41.0098 4528 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:02:41.0108 4528 storvsc - ok
12:02:41.0168 4528 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:02:41.0168 4528 swenum - ok
12:02:41.0258 4528 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:02:41.0268 4528 swprv - ok
12:02:41.0328 4528 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
12:02:41.0328 4528 Synth3dVsc - ok
12:02:41.0398 4528 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:02:41.0408 4528 SynTP - ok
12:02:41.0528 4528 [ C6139282423971FD961A99FD48CFD635 ] syshost32 C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe
12:02:41.0528 4528 Suspicious file (NoAccess): C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe. md5: C6139282423971FD961A99FD48CFD635
12:02:41.0548 4528 syshost32 ( LockedFile.Multi.Generic ) - warning
12:02:41.0548 4528 syshost32 - detected LockedFile.Multi.Generic (1)
12:02:41.0668 4528 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:02:41.0728 4528 SysMain - ok
12:02:41.0788 4528 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:02:41.0788 4528 TabletInputService - ok
12:02:41.0848 4528 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:02:41.0848 4528 TapiSrv - ok
12:02:41.0918 4528 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:02:41.0918 4528 TBS - ok
12:02:42.0038 4528 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:02:42.0098 4528 Tcpip - ok
12:02:42.0228 4528 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:02:42.0238 4528 TCPIP6 - ok
12:02:42.0318 4528 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:02:42.0328 4528 tcpipreg - ok
12:02:42.0388 4528 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:02:42.0398 4528 TDPIPE - ok
12:02:42.0428 4528 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:02:42.0428 4528 TDTCP - ok
12:02:42.0458 4528 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:02:42.0458 4528 tdx - ok
12:02:42.0518 4528 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:02:42.0518 4528 TermDD - ok
12:02:42.0568 4528 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
12:02:42.0568 4528 terminpt - ok
12:02:42.0658 4528 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:02:42.0668 4528 TermService - ok
12:02:42.0728 4528 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:02:42.0728 4528 Themes - ok
12:02:42.0798 4528 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:02:42.0798 4528 THREADORDER - ok
12:02:42.0878 4528 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:02:42.0878 4528 TrkWks - ok
12:02:42.0968 4528 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:02:42.0968 4528 TrustedInstaller - ok
12:02:43.0158 4528 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:02:43.0158 4528 tssecsrv - ok
12:02:43.0218 4528 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:02:43.0218 4528 TsUsbFlt - ok
12:02:43.0268 4528 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:02:43.0278 4528 TsUsbGD - ok
12:02:43.0318 4528 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
12:02:43.0328 4528 tsusbhub - ok
12:02:43.0378 4528 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:02:43.0388 4528 tunnel - ok
12:02:43.0518 4528 [ BB313AE85EC95B7CB87FC5ED53F3A22B ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
12:02:43.0528 4528 TVCapSvc - ok
12:02:43.0588 4528 [ 0C66E48654AFD8A6BCFBCE22E7FAB251 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
12:02:43.0588 4528 TVSched - ok
12:02:43.0628 4528 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:02:43.0638 4528 uagp35 - ok
12:02:43.0698 4528 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:02:43.0698 4528 udfs - ok
12:02:43.0758 4528 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:02:43.0758 4528 UI0Detect - ok
12:02:43.0818 4528 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:02:43.0818 4528 uliagpkx - ok
12:02:43.0878 4528 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:02:43.0878 4528 umbus - ok
12:02:43.0908 4528 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:02:43.0908 4528 UmPass - ok
12:02:43.0978 4528 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:02:43.0978 4528 UmRdpService - ok
12:02:44.0058 4528 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:02:44.0058 4528 upnphost - ok
12:02:44.0148 4528 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:02:44.0148 4528 usbccgp - ok
12:02:44.0218 4528 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:02:44.0218 4528 usbcir - ok
12:02:44.0248 4528 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:02:44.0258 4528 usbehci - ok
12:02:44.0308 4528 [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
12:02:44.0308 4528 usbfilter - ok
12:02:44.0368 4528 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:02:44.0378 4528 usbhub - ok
12:02:44.0398 4528 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:02:44.0408 4528 usbohci - ok
12:02:44.0468 4528 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:02:44.0468 4528 usbprint - ok
12:02:44.0508 4528 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:02:44.0508 4528 USBSTOR - ok
12:02:44.0558 4528 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:02:44.0558 4528 usbuhci - ok
12:02:44.0618 4528 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:02:44.0618 4528 usbvideo - ok
12:02:44.0688 4528 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:02:44.0688 4528 UxSms - ok
12:02:44.0738 4528 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:02:44.0738 4528 VaultSvc - ok
12:02:44.0808 4528 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:02:44.0818 4528 vdrvroot - ok
12:02:44.0878 4528 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:02:44.0878 4528 vds - ok
12:02:44.0919 4528 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:02:44.0919 4528 vga - ok
12:02:44.0969 4528 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:02:44.0969 4528 VgaSave - ok
12:02:45.0019 4528 VGPU - ok
12:02:45.0059 4528 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:02:45.0069 4528 vhdmp - ok
12:02:45.0109 4528 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:02:45.0109 4528 viaide - ok
12:02:45.0159 4528 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:02:45.0169 4528 vmbus - ok
12:02:45.0199 4528 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:02:45.0199 4528 VMBusHID - ok
12:02:45.0249 4528 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:02:45.0259 4528 volmgr - ok
12:02:45.0329 4528 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:02:45.0329 4528 volmgrx - ok
12:02:45.0379 4528 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:02:45.0379 4528 volsnap - ok
12:02:45.0449 4528 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:02:45.0449 4528 vsmraid - ok
12:02:45.0569 4528 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:02:45.0619 4528 VSS - ok
12:02:45.0679 4528 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:02:45.0679 4528 vwifibus - ok
12:02:45.0749 4528 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:02:45.0749 4528 vwififlt - ok
12:02:45.0789 4528 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:02:45.0799 4528 vwifimp - ok
12:02:45.0859 4528 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:02:45.0869 4528 W32Time - ok
12:02:45.0909 4528 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:02:45.0919 4528 WacomPen - ok
12:02:45.0969 4528 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:02:45.0969 4528 WANARP - ok
12:02:46.0029 4528 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:02:46.0029 4528 Wanarpv6 - ok
12:02:46.0119 4528 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:02:46.0159 4528 WatAdminSvc - ok
12:02:46.0279 4528 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:02:46.0319 4528 wbengine - ok
12:02:46.0409 4528 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:02:46.0419 4528 WbioSrvc - ok
12:02:46.0479 4528 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:02:46.0479 4528 wcncsvc - ok
12:02:46.0509 4528 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:02:46.0509 4528 WcsPlugInService - ok
12:02:46.0579 4528 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:02:46.0579 4528 Wd - ok
12:02:46.0639 4528 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
12:02:46.0639 4528 WDC_SAM - ok
12:02:46.0749 4528 [ E6050FE6B60FA91188B8ABDB5B1E339F ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:02:46.0749 4528 WDDMService - ok
12:02:46.0839 4528 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:02:46.0839 4528 Wdf01000 - ok
12:02:46.0969 4528 [ B83D5071B32A70BEBDB3330BFA7ACB80 ] WDFME C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
12:02:47.0019 4528 WDFME - ok
12:02:47.0079 4528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:02:47.0079 4528 WdiServiceHost - ok
12:02:47.0129 4528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:02:47.0129 4528 WdiSystemHost - ok
12:02:47.0179 4528 [ 517DE2C5568CBA6B2A24A557AC60C30B ] WDSC C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
12:02:47.0219 4528 WDSC - ok
12:02:47.0319 4528 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:02:47.0319 4528 WebClient - ok
12:02:47.0369 4528 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:02:47.0379 4528 Wecsvc - ok
12:02:47.0409 4528 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:02:47.0419 4528 wercplsupport - ok
12:02:47.0449 4528 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:02:47.0449 4528 WerSvc - ok
12:02:47.0519 4528 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:02:47.0529 4528 WfpLwf - ok
12:02:47.0559 4528 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:02:47.0559 4528 WIMMount - ok
12:02:47.0589 4528 WinHttpAutoProxySvc - ok
12:02:47.0709 4528 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:02:47.0719 4528 Winmgmt - ok
12:02:47.0849 4528 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:02:47.0909 4528 WinRM - ok
12:02:48.0049 4528 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:02:48.0049 4528 WinUsb - ok
12:02:48.0179 4528 [ 8F8D4E3B79710155B05CECEBDF4CFABD ] WINZIPSSDiskOptimizer C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
12:02:48.0199 4528 WINZIPSSDiskOptimizer - ok
12:02:48.0309 4528 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:02:48.0319 4528 Wlansvc - ok
12:02:48.0399 4528 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:02:48.0399 4528 WmiAcpi - ok
12:02:48.0479 4528 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:02:48.0479 4528 wmiApSrv - ok
12:02:48.0539 4528 WMPNetworkSvc - ok
12:02:48.0579 4528 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:02:48.0579 4528 WPCSvc - ok
12:02:48.0649 4528 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:02:48.0649 4528 WPDBusEnum - ok
12:02:48.0709 4528 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:02:48.0709 4528 ws2ifsl - ok
12:02:48.0779 4528 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:02:48.0779 4528 wscsvc - ok
12:02:48.0819 4528 WSearch - ok
12:02:48.0959 4528 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:02:49.0019 4528 wuauserv - ok
12:02:49.0079 4528 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:02:49.0079 4528 WudfPf - ok
12:02:49.0149 4528 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:02:49.0149 4528 WUDFRd - ok
12:02:49.0179 4528 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:02:49.0179 4528 wudfsvc - ok
12:02:49.0269 4528 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:02:49.0269 4528 WwanSvc - ok
12:02:49.0369 4528 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
12:02:49.0369 4528 xnacc - ok
12:02:49.0489 4528 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
12:02:49.0489 4528 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
12:02:49.0529 4528 ================ Scan global ===============================
12:02:49.0599 4528 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:02:49.0629 4528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:02:49.0639 4528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:02:49.0679 4528 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:02:49.0689 4528 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:02:49.0699 4528 [Global] - ok
12:02:49.0699 4528 ================ Scan MBR ==================================
12:02:49.0709 4528 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:02:50.0229 4528 \Device\Harddisk0\DR0 - ok
12:02:50.0239 4528 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
12:02:50.0249 4528 \Device\Harddisk1\DR1 - ok
12:02:50.0249 4528 ================ Scan VBR ==================================
12:02:50.0259 4528 [ 9D1685A25781065111D7A8626BBC599A ] \Device\Harddisk0\DR0\Partition1
12:02:50.0259 4528 \Device\Harddisk0\DR0\Partition1 - ok
12:02:50.0269 4528 [ 9B9B5F6B062016F887E3C5692CBE178C ] \Device\Harddisk1\DR1\Partition1
12:02:50.0269 4528 \Device\Harddisk1\DR1\Partition1 - ok
12:02:50.0269 4528 ============================================================
12:02:50.0269 4528 Scan finished
12:02:50.0269 4528 ============================================================
12:02:50.0289 1876 Detected object count: 2
12:02:50.0289 1876 Actual detected object count: 2
12:03:02.0520 1876 C:\Windows\System32\Drivers\37f7b81f92588e55.sys - copied to quarantine
12:03:02.0580 1876 HKLM\SYSTEM\ControlSet001\services\37f7b81f92588e55 - will be deleted on reboot
12:03:02.0640 1876 HKLM\SYSTEM\ControlSet002\services\37f7b81f92588e55 - will be deleted on reboot
12:03:03.0080 1876 C:\Windows\System32\Drivers\37f7b81f92588e55.sys - will be deleted on reboot
12:03:03.0080 1876 37f7b81f92588e55 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
12:03:03.0090 1876 syshost32 ( LockedFile.Multi.Generic ) - skipped by user
12:03:03.0090 1876 syshost32 ( LockedFile.Multi.Generic ) - User select action: Skip
 
TDDS had me reboot after running, it booted and run again upon rebooting. Here's a sniped portion of the second log since it's going above the character limit. I have the secondary log saved in a notepad if you want me to post that as well.

12:20:32.0312 3572 ================ Scan global ===============================
12:20:32.0406 3572 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:20:32.0452 3572 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:20:32.0499 3572 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:20:32.0546 3572 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:20:32.0577 3572 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:20:32.0593 3572 [Global] - ok
12:20:32.0593 3572 ================ Scan MBR ==================================
12:20:32.0624 3572 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:20:34.0075 3572 \Device\Harddisk0\DR0 - ok
12:20:34.0090 3572 ================ Scan VBR ==================================
12:20:34.0122 3572 [ 9D1685A25781065111D7A8626BBC599A ] \Device\Harddisk0\DR0\Partition1
12:20:34.0122 3572 \Device\Harddisk0\DR0\Partition1 - ok
12:20:34.0122 3572 ============================================================
12:20:34.0122 3572 Scan finished
12:20:34.0122 3572 ============================================================
12:20:34.0184 3564 Detected object count: 2
12:20:34.0184 3564 Actual detected object count: 2
12:20:44.0152 3564 C:\Windows\System32\Drivers\fdbf8c8158206056.sys - copied to quarantine
12:20:44.0215 3564 HKLM\SYSTEM\ControlSet001\services\fdbf8c8158206056 - will be deleted on reboot
12:20:44.0324 3564 HKLM\SYSTEM\ControlSet002\services\fdbf8c8158206056 - will be deleted on reboot
12:20:46.0399 3564 C:\Windows\System32\Drivers\fdbf8c8158206056.sys - will be deleted on reboot
12:20:46.0399 3564 fdbf8c8158206056 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
12:20:46.0461 3564 C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe - copied to quarantine
12:20:46.0539 3564 HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
12:20:46.0648 3564 HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
12:20:47.0475 3564 C:\Windows\Installer\{2CE9860A-9785-9E5C-F2F6-4787D090AF99}\syshost.exe - will be deleted on reboot
12:20:47.0475 3564 syshost32 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
 
Please re-run MBAM and post new log.

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Agreed :: AGREED [administrator]

11/16/2012 12:52:28 PM
mbam-log-2012-11-16 (12-52-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260280
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

(end)
 
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Agreed [Admin rights]
Mode : Remove -- Date : 11/16/2012 13:00:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3455147775-3925942382-2652221077-1001\$d9819484fab74315a7e0d2198c32d2e1\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
--- User ---
[MBR] e456139656676716fe76522aa24ed495
[BSP] a145b58aa76b2b7b8de61cdc4f2fa00d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HTC Android Phone USB Device +++++
--- User ---
[MBR] e7c4811166bab12f5c19592cc9af1009
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 129 | Size: 1909 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11162012_02d1300.txt >>

RKreport[1]_S_11162012_02d1259.txt ; RKreport[2]_D_11162012_02d1300.txt




aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 13:01:19
-----------------------------
13:01:19.470 OS Version: Windows x64 6.1.7601 Service Pack 1
13:01:19.470 Number of processors: 2 586 0x301
13:01:19.470 ComputerName: AGREED UserName: Agreed
13:01:20.800 Initialize success
13:05:46.512 AVAST engine defs: 12111600
13:06:05.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:06:05.563 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 11
13:06:05.583 Disk 0 MBR read successfully
13:06:05.593 Disk 0 MBR scan
13:06:05.613 Disk 0 Windows 7 default MBR code
13:06:05.633 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 2048
13:06:05.713 Disk 0 scanning C:\Windows\system32\drivers
13:06:27.665 Service scanning
13:06:56.287 Modules scanning
13:06:56.287 Disk 0 trace - called modules:
13:06:56.307 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:06:56.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5e670]
13:06:56.317 3 CLASSPNP.SYS[fffff8800197743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c14680]
13:06:57.378 AVAST engine scan C:\Windows
13:07:00.008 AVAST engine scan C:\Windows\system32
13:12:07.893 AVAST engine scan C:\Windows\system32\drivers
13:12:26.196 AVAST engine scan C:\Users\Agreed
13:18:58.373 AVAST engine scan C:\ProgramData
13:19:33.616 Scan finished successfully
13:22:24.930 Disk 0 MBR has been saved successfully to "C:\Users\Agreed\Desktop\MBR.dat"
13:22:24.940 The log file has been saved successfully to "C:\Users\Agreed\Desktop\aswMBR.txt"
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-11-16.02 - Agreed 11/16/2012 15:32:36.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.2352 [GMT -5:00]
Running from: c:\users\Agreed\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Uninstall.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\ApnStub.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-16 21:02 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CB53415-E6CD-4AC3-ADED-4A70C3136222}\mpengine.dll
2012-11-16 20:45 . 2012-08-23 08:26 9310152 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF048D00-EB59-48C2-9298-D365BFB994B2}\mpengine.dll
2012-11-16 20:42 . 2012-11-16 20:42 -------- d-----w- c:\users\Not agreed\AppData\Local\temp
2012-11-16 20:42 . 2012-11-16 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 17:51 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 17:03 . 2012-11-16 17:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-16 05:57 . 2008-09-26 19:13 439808 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-16 05:57 . 2008-09-26 19:13 58880 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-16 05:57 . 2008-09-26 19:13 155648 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-16 05:57 . 2008-09-26 19:14 441344 ----a-w- c:\windows\sttray64.exe
2012-11-16 05:57 . 2008-09-26 19:14 2869248 ----a-w- c:\windows\system32\stlang64.dll
2012-11-16 05:57 . 2008-09-26 19:13 10760704 ----a-w- c:\windows\system32\idtcpl64.cpl
2012-11-16 05:57 . 2008-09-26 19:13 562688 ----a-w- c:\windows\system32\idt64mp1.exe
2012-11-16 05:57 . 2008-09-26 19:13 76288 ----a-w- c:\windows\system32\AESTCo64.dll
2012-11-16 05:56 . 2008-09-26 19:14 465408 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-16 05:56 . 2008-09-26 19:14 430592 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-16 05:56 . 2008-09-26 19:13 773632 ----a-w- c:\windows\system32\stapo64.dll
2012-11-16 05:56 . 2008-09-26 19:13 530944 ----a-w- c:\windows\system32\stapi64.dll
2012-11-16 05:56 . 2012-11-16 05:56 -------- d-----w- c:\program files\IDT
2012-11-16 05:55 . 2012-11-16 05:55 -------- d-----w- c:\program files\DIFX
2012-11-16 05:32 . 2012-11-16 05:33 -------- d-----w- c:\programdata\UAB
2012-11-16 05:32 . 2012-11-16 05:32 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2012-11-16 05:31 . 2012-11-16 05:31 -------- d-----w- c:\program files (x86)\PC Drivers HeadQuarters
2012-11-16 05:30 . 2012-11-16 05:30 -------- d-----w- c:\programdata\APN
2012-11-16 05:07 . 2012-11-16 05:09 -------- d-----w- c:\users\Administrator
2012-11-16 03:24 . 2012-11-16 03:25 -------- d-----w- C:\8dbcef58daa4e5501b55c33dbcd6
2012-11-16 03:15 . 2012-11-16 08:05 -------- d-----w- c:\program files (x86)\RegCure
2012-11-16 03:15 . 2012-11-16 03:19 -------- d-----w- c:\programdata\RegCure
2012-11-15 07:17 . 2008-09-26 19:13 201216 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 07:13 . 2012-11-15 07:13 -------- d-----w- c:\users\Agreed\AppData\Roaming\WinBatch
2012-11-15 07:06 . 2012-11-15 07:06 -------- d-----w- c:\users\Agreed\AppData\Roaming\ParetoLogic
2012-11-15 07:06 . 2012-11-15 07:06 -------- d-----w- c:\users\Agreed\AppData\Roaming\DriverCure
2012-11-15 07:05 . 2012-11-15 07:05 -------- d-----w- c:\programdata\ParetoLogic
2012-11-15 07:05 . 2012-11-15 07:05 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-11-15 07:05 . 2012-11-15 07:05 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-11-15 06:49 . 2012-11-15 06:49 -------- d-----w- c:\program files (x86)\Hp
2012-11-15 06:49 . 2012-11-15 06:49 -------- d-----w- c:\windows\Hewlett-Packard
2012-11-15 05:08 . 2012-11-15 05:08 -------- d-----w- c:\program files (x86)\DriverFinder
2012-11-15 05:08 . 2012-11-15 05:09 -------- d-----w- c:\users\Agreed\AppData\Roaming\DriverFinder
2012-11-11 17:10 . 2012-11-13 19:19 -------- d-----w- c:\users\Agreed\AppData\Local\Htc
2012-11-11 17:09 . 2012-11-11 17:10 -------- d-----w- c:\users\Agreed\AppData\Roaming\HTC
2012-11-11 17:05 . 2012-11-14 00:44 -------- d-----w- c:\program files (x86)\HTC
2012-10-30 04:48 . 2012-10-30 04:48 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-10-30 04:44 . 2012-11-13 20:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-27 03:37 . 2012-11-15 06:49 -------- d-----w- c:\users\Agreed\AppData\Roaming\HpUpdate
2012-10-24 14:39 . 2012-10-24 14:39 -------- d-----w- c:\users\Agreed\AppData\Roaming\SUPERAntiSpyware.com
2012-10-24 14:39 . 2012-11-14 00:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-24 14:39 . 2012-10-24 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-21 02:45 . 2012-10-21 02:45 -------- d-----w- C:\found.000
2012-10-21 00:03 . 2012-10-21 00:03 -------- d-----w- c:\users\LORI
2012-10-20 04:27 . 2012-11-13 20:01 -------- d-----w- c:\programdata\SecTaskMan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 14:28 . 2012-09-03 14:28 59904 ----a-w- c:\windows\SysWow64\zlib1.dll
2012-08-23 08:26 . 2012-09-12 01:02 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24D4287A-DEBA-4F8C-8E59-AF7D84DBCC05}\mpengine.dll
2012-08-22 18:12 . 2012-09-12 01:02 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 01:02 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 01:02 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 14:07 . 2012-05-19 22:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 14:07 . 2012-05-19 22:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 09:12 . 2012-09-18 04:25 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-18 04:25 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverFinder"="c:\program files (x86)\DriverFinder\DriverFinder.exe" [2011-07-18 7151816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-25 206120]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Health Check Scheduler"=c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-20 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 23040]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-25 296320]
R4 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-25 116096]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
R4 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
R4 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
R4 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-03-22 628624]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-19 283200]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21bd21dd0a38d98e\AESTSr64.exe [2008-09-26 89088]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-05-11 20752]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 145496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 26168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - WS2IFSL
*Deregistered* - {55662437-DA8C-40c0-AADA-2C816A897A49}
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3455147775-3925942382-2652221077-1001Core.job
- c:\users\Agreed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-20 13:08]
.
2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3455147775-3925942382-2652221077-1001UA.job
- c:\users\Agreed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-20 13:08]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 02:49]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 02:49]
.
2012-11-15 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-11-15 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-15 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-15 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-11-15 c:\windows\Tasks\PC Health Advisor.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-09-23 c:\windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
- c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2012-05-19 12:38]
.
2012-09-24 c:\windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
- c:\program files (x86)\WinZip System Utilities Suite\WINZIPSS.exe [2012-05-19 12:38]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-27 00:12; facebook@disconnect.me; c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\facebook@disconnect.me.xpi
FF - ExtSQL: 2012-09-27 00:19; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2012-11-13 11:28; {1519200d-6633-40c9-a9a1-d60d8d1d0479}; c:\users\Agreed\AppData\Roaming\Mozilla\Firefox\Profiles\x359zdiy.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-UpdatePSTShortCut - c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdatePDIRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
SafeBoot-00093444.sys
SafeBoot-73618190.sys
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-16 23:02:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-17 04:02
.
Pre-Run: 192,810,217,472 bytes free
Post-Run: 193,368,059,904 bytes free
.
- - End Of File - - ED74D0A2B74C2DCE9F48B73A097F15F3
 
Looks good.

Any current issues?

========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

A
Microsoft criticized for security practices, the Azure platform is "worse than you think"
Replies
5
Views
449
sorten
S
D
Microsoft confirms Windows 10 and 11 activation issues, says it is investigating
Replies
18
Views
684
captaincranky
captaincranky
A
Recent Windows updates made video playback and capture impossible for some users
Replies
2
Views
429
lazer
lazer

Latest posts

Back