suchek

Thank you, Maurice. I've burned the Gparted CD.

Maurice, I'll work on burning the CD. I can do this from a separate, non-infected machine. A few questions: 1) Since I've already reformatted the C-drive and reinstalled the OS, there's no data that I'm trying to retain. This is probably a dumb question, but could the suspicious 4th partition be deleted or reformatted? 2) Should I reformat the Recovery D-drive? 3) "IF you have an attached external HDD drive, please disconnect it now." — Is there an infection risk to external and flash drives? I don't currently have an external HDD attached, but I did use an external HDD to back up my data before reformatting. And I was using a USB flash drive last night to install all the instructed scanning programs. Since the infected machine is compromised, I've taken it offline altogether. I come to this forum from a separate machine, download the scanning programs to a USB drive, and then transfer them via USB to the infected machine. Then I use the USB to transfer the results logs from the infected machine to my clean machine for posting. Do I need to be worried about the flash drive or the external HDD harboring an infection? I did vaccinate both with the Panda USB vaccine. But they had been connected to the infected machine a couple times, prior to reformatting, before I was able to apply the vaccine.

Hi, Maurice. Thank you very much for your help. I was able to run all the scans you instructed, and the logs are pasted below. As a side note: I had shut down the infected machine after posting my initial help request yesterday. When I rebooted today to run the scans, the "Malicious software was removed" notification was no longer popping up from the task bar. The popup hasn't recurred yet during this session. However, I'm still not using the machine other than to follow your instructions. I also disconnected it from the internet and disabled the wireless adapter. Scan notes: • RogueKiller, in addition to the RKReport.txt file also produced a folder, "RK_Quarantine," containing three files: Eula.txt, PhysicalDriver0_User.dat, and QuarantineReport.txt. Do you need the content of either of the text files? • aswMBR did NOT have the "Fix" button enabled after completing its scan. • TDSS scan resulted in "No threats found"; there were no prompts to cure, skip, or reboot. I didn't make any adjustments to the "Change parameters" options before beginning the TDSS scan. The default options checked in "Objects to scan" were system memory, services and drivers, and boot sectors; loaded modules were NOT checked. Neither of the "Additional Options" — Verify file digital signatures, Detect TDLFS file system — were checked. • ListParts64, when launched, had a "List BCD" option that was not checked, by default. -------------------------------------------------------------------------------- aswMBR Log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-16 20:44:57 ----------------------------- 20:44:57.223 OS Version: Windows x64 6.1.7601 Service Pack 1 20:44:57.223 Number of processors: 4 586 0x2505 20:44:57.223 ComputerName: V-PC UserName: v 20:44:57.769 Initialize success 20:45:43.120 AVAST engine defs: 12101601 20:47:24.329 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:47:24.345 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3 20:47:24.345 Disk 0 MBR read successfully 20:47:24.345 Disk 0 MBR scan 20:47:24.360 Disk 0 Windows 7 default MBR code 20:47:24.360 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048 20:47:24.376 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 206848 20:47:24.391 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595364 MB offset 30926848 20:47:24.423 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 1250234368 20:47:24.469 Disk 0 scanning C:\Windows\system32\drivers 20:47:29.493 Service scanning 20:47:44.484 Modules scanning 20:47:44.484 Scan finished successfully 21:06:23.911 Disk 0 MBR has been saved successfully to "C:\Users\v\Desktop\MBR.dat" 21:06:23.911 The log file has been saved successfully to "C:\Users\v\Desktop\aswMBR.txt" -------------------------------------------------------------------------------- TDSSKiller Log 21:14:19.0692 3376 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 21:14:19.0723 3376 ============================================================ 21:14:19.0723 3376 Current date / time: 2012/10/16 21:14:19.0723 21:14:19.0723 3376 SystemInfo: 21:14:19.0723 3376 21:14:19.0723 3376 OS Version: 6.1.7601 ServicePack: 1.0 21:14:19.0723 3376 Product type: Workstation 21:14:19.0723 3376 ComputerName: V-PC 21:14:19.0723 3376 UserName: v 21:14:19.0723 3376 Windows directory: C:\Windows 21:14:19.0723 3376 System windows directory: C:\Windows 21:14:19.0723 3376 Running under WOW64 21:14:19.0723 3376 Processor architecture: Intel x64 21:14:19.0723 3376 Number of processors: 4 21:14:19.0723 3376 Page size: 0x1000 21:14:19.0723 3376 Boot type: Normal boot 21:14:19.0723 3376 ============================================================ 21:14:20.0004 3376 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:14:20.0020 3376 ============================================================ 21:14:20.0020 3376 \Device\Harddisk0\DR0: 21:14:20.0020 3376 MBR partitions: 21:14:20.0020 3376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 21:14:20.0020 3376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD22B0 21:14:20.0020 3376 ============================================================ 21:14:20.0035 3376 C: <-> \Device\Harddisk0\DR0\Partition2 21:14:20.0082 3376 D: <-> \Device\Harddisk0\DR0\Partition1 21:14:20.0082 3376 ============================================================ 21:14:20.0082 3376 Initialize success 21:14:20.0082 3376 ============================================================ 21:21:47.0741 1072 ============================================================ 21:21:47.0741 1072 Scan started 21:21:47.0741 1072 Mode: Manual; 21:21:47.0741 1072 ============================================================ 21:21:48.0255 1072 ================ Scan system memory ======================== 21:21:48.0255 1072 System memory - ok 21:21:48.0255 1072 ================ Scan services ============================= 21:21:48.0411 1072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:21:48.0427 1072 1394ohci - ok 21:21:48.0474 1072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:21:48.0474 1072 ACPI - ok 21:21:48.0505 1072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:21:48.0505 1072 AcpiPmi - ok 21:21:48.0567 1072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:21:48.0583 1072 adp94xx - ok 21:21:48.0630 1072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:21:48.0630 1072 adpahci - ok 21:21:48.0645 1072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:21:48.0645 1072 adpu320 - ok 21:21:48.0692 1072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:21:48.0692 1072 AeLookupSvc - ok 21:21:48.0833 1072 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 21:21:48.0833 1072 AESTFilters - ok 21:21:48.0879 1072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:21:48.0879 1072 AFD - ok 21:21:48.0942 1072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:21:48.0942 1072 agp440 - ok 21:21:48.0989 1072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:21:48.0989 1072 ALG - ok 21:21:49.0004 1072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:21:49.0004 1072 aliide - ok 21:21:49.0035 1072 [ 388E79AF1C9E4D84A8559FA77F804CF6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:21:49.0035 1072 AMD External Events Utility - ok 21:21:49.0035 1072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:21:49.0035 1072 amdide - ok 21:21:49.0067 1072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:21:49.0082 1072 AmdK8 - ok 21:21:49.0269 1072 [ 79A11CB10FF02A8425DABBB040249F7D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:21:49.0410 1072 amdkmdag - ok 21:21:49.0457 1072 [ 6F6D47246FBB0CF65619684A0F89179E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 21:21:49.0457 1072 amdkmdap - ok 21:21:49.0488 1072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 21:21:49.0488 1072 AmdPPM - ok 21:21:49.0519 1072 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:21:49.0519 1072 amdsata - ok 21:21:49.0550 1072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 21:21:49.0566 1072 amdsbs - ok 21:21:49.0566 1072 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:21:49.0566 1072 amdxata - ok 21:21:49.0613 1072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:21:49.0613 1072 AppID - ok 21:21:49.0659 1072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:21:49.0659 1072 AppIDSvc - ok 21:21:49.0659 1072 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 21:21:49.0659 1072 Appinfo - ok 21:21:49.0675 1072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 21:21:49.0675 1072 arc - ok 21:21:49.0706 1072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:21:49.0706 1072 arcsas - ok 21:21:49.0722 1072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:21:49.0722 1072 AsyncMac - ok 21:21:49.0769 1072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:21:49.0769 1072 atapi - ok 21:21:49.0909 1072 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 21:21:49.0909 1072 AtiHdmiService - ok 21:21:50.0081 1072 [ 79A11CB10FF02A8425DABBB040249F7D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:21:50.0112 1072 atikmdag - ok 21:21:50.0174 1072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:21:50.0190 1072 AudioEndpointBuilder - ok 21:21:50.0190 1072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:21:50.0205 1072 AudioSrv - ok 21:21:50.0252 1072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:21:50.0252 1072 AxInstSV - ok 21:21:50.0299 1072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 21:21:50.0299 1072 b06bdrv - ok 21:21:50.0377 1072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:21:50.0393 1072 b57nd60a - ok 21:21:50.0502 1072 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys 21:21:50.0502 1072 BCM42RLY - ok 21:21:50.0611 1072 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 21:21:50.0627 1072 BCM43XX - ok 21:21:50.0736 1072 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys 21:21:50.0736 1072 BcmVWL - ok 21:21:50.0751 1072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:21:50.0751 1072 BDESVC - ok 21:21:50.0783 1072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:21:50.0783 1072 Beep - ok 21:21:50.0861 1072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:21:50.0876 1072 BFE - ok 21:21:50.0923 1072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:21:50.0939 1072 BITS - ok 21:21:50.0985 1072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:21:50.0985 1072 blbdrive - ok 21:21:51.0017 1072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:21:51.0017 1072 bowser - ok 21:21:51.0079 1072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 21:21:51.0079 1072 BrFiltLo - ok 21:21:51.0095 1072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 21:21:51.0095 1072 BrFiltUp - ok 21:21:51.0141 1072 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 21:21:51.0141 1072 Browser - ok 21:21:51.0157 1072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:21:51.0157 1072 Brserid - ok 21:21:51.0173 1072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:21:51.0173 1072 BrSerWdm - ok 21:21:51.0188 1072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:21:51.0188 1072 BrUsbMdm - ok 21:21:51.0188 1072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:21:51.0188 1072 BrUsbSer - ok 21:21:51.0204 1072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:21:51.0204 1072 BTHMODEM - ok 21:21:51.0251 1072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:21:51.0266 1072 bthserv - ok 21:21:51.0282 1072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:21:51.0282 1072 cdfs - ok 21:21:51.0297 1072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:21:51.0297 1072 cdrom - ok 21:21:51.0360 1072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:21:51.0360 1072 CertPropSvc - ok 21:21:51.0407 1072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 21:21:51.0407 1072 circlass - ok 21:21:51.0438 1072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:21:51.0438 1072 CLFS - ok 21:21:51.0563 1072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:21:51.0578 1072 clr_optimization_v2.0.50727_32 - ok 21:21:51.0672 1072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:21:51.0672 1072 clr_optimization_v2.0.50727_64 - ok 21:21:51.0703 1072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:21:51.0703 1072 CmBatt - ok 21:21:51.0703 1072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:21:51.0703 1072 cmdide - ok 21:21:51.0797 1072 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 21:21:51.0797 1072 CNG - ok 21:21:51.0843 1072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:21:51.0843 1072 Compbatt - ok 21:21:51.0859 1072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 21:21:51.0859 1072 CompositeBus - ok 21:21:51.0875 1072 COMSysApp - ok 21:21:51.0875 1072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:21:51.0875 1072 crcdisk - ok 21:21:51.0921 1072 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:21:51.0921 1072 CryptSvc - ok 21:21:51.0953 1072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:21:51.0953 1072 DcomLaunch - ok 21:21:51.0984 1072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:21:51.0999 1072 defragsvc - ok 21:21:52.0015 1072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:21:52.0015 1072 DfsC - ok 21:21:52.0031 1072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:21:52.0031 1072 Dhcp - ok 21:21:52.0046 1072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:21:52.0046 1072 discache - ok 21:21:52.0124 1072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 21:21:52.0124 1072 Disk - ok 21:21:52.0155 1072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:21:52.0155 1072 Dnscache - ok 21:21:52.0187 1072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:21:52.0187 1072 dot3svc - ok 21:21:52.0202 1072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:21:52.0218 1072 DPS - ok 21:21:52.0280 1072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:21:52.0280 1072 drmkaud - ok 21:21:52.0311 1072 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:21:52.0327 1072 DXGKrnl - ok 21:21:52.0389 1072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:21:52.0389 1072 EapHost - ok 21:21:52.0483 1072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 21:21:52.0514 1072 ebdrv - ok 21:21:52.0545 1072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:21:52.0545 1072 EFS - ok 21:21:52.0655 1072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:21:52.0670 1072 ehRecvr - ok 21:21:52.0686 1072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:21:52.0686 1072 ehSched - ok 21:21:52.0733 1072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:21:52.0733 1072 elxstor - ok 21:21:52.0748 1072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:21:52.0748 1072 ErrDev - ok 21:21:52.0779 1072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:21:52.0795 1072 EventSystem - ok 21:21:52.0857 1072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:21:52.0857 1072 exfat - ok 21:21:52.0857 1072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:21:52.0873 1072 fastfat - ok 21:21:52.0920 1072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:21:52.0920 1072 Fax - ok 21:21:52.0935 1072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 21:21:52.0935 1072 fdc - ok 21:21:52.0951 1072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:21:52.0967 1072 fdPHost - ok 21:21:52.0967 1072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:21:52.0967 1072 FDResPub - ok 21:21:52.0982 1072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:21:52.0982 1072 FileInfo - ok 21:21:52.0982 1072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:21:52.0982 1072 Filetrace - ok 21:21:52.0998 1072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 21:21:52.0998 1072 flpydisk - ok 21:21:53.0013 1072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:21:53.0013 1072 FltMgr - ok 21:21:53.0045 1072 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll 21:21:53.0060 1072 FontCache - ok 21:21:53.0107 1072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:21:53.0107 1072 FontCache3.0.0.0 - ok 21:21:53.0107 1072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:21:53.0107 1072 FsDepends - ok 21:21:53.0185 1072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:21:53.0185 1072 Fs_Rec - ok 21:21:53.0216 1072 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:21:53.0216 1072 fvevol - ok 21:21:53.0247 1072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:21:53.0247 1072 gagp30kx - ok 21:21:53.0279 1072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:21:53.0294 1072 gpsvc - ok 21:21:53.0325 1072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:21:53.0325 1072 hcw85cir - ok 21:21:53.0372 1072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:21:53.0372 1072 HdAudAddService - ok 21:21:53.0388 1072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:21:53.0388 1072 HDAudBus - ok 21:21:53.0450 1072 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:21:53.0450 1072 HECIx64 - ok 21:21:53.0466 1072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 21:21:53.0466 1072 HidBatt - ok 21:21:53.0466 1072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:21:53.0466 1072 HidBth - ok 21:21:53.0481 1072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 21:21:53.0481 1072 HidIr - ok 21:21:53.0513 1072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:21:53.0513 1072 hidserv - ok 21:21:53.0544 1072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:21:53.0544 1072 HidUsb - ok 21:21:53.0575 1072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:21:53.0575 1072 hkmsvc - ok 21:21:53.0591 1072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:21:53.0591 1072 HomeGroupListener - ok 21:21:53.0622 1072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:21:53.0622 1072 HomeGroupProvider - ok 21:21:53.0637 1072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:21:53.0637 1072 HpSAMD - ok 21:21:53.0700 1072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:21:53.0700 1072 HTTP - ok 21:21:53.0715 1072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:21:53.0715 1072 hwpolicy - ok 21:21:53.0747 1072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:21:53.0747 1072 i8042prt - ok 21:21:53.0809 1072 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 21:21:53.0809 1072 iaStor - ok 21:21:53.0934 1072 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 21:21:53.0934 1072 IAStorDataMgrSvc - ok 21:21:53.0981 1072 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:21:53.0996 1072 iaStorV - ok 21:21:54.0059 1072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:21:54.0074 1072 idsvc - ok 21:21:54.0090 1072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:21:54.0090 1072 iirsp - ok 21:21:54.0137 1072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:21:54.0137 1072 IKEEXT - ok 21:21:54.0199 1072 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 21:21:54.0199 1072 Impcd - ok 21:21:54.0215 1072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:21:54.0215 1072 intelide - ok 21:21:54.0230 1072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:21:54.0230 1072 intelppm - ok 21:21:54.0277 1072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:21:54.0277 1072 IPBusEnum - ok 21:21:54.0293 1072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:21:54.0293 1072 IpFilterDriver - ok 21:21:54.0324 1072 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:21:54.0324 1072 iphlpsvc - ok 21:21:54.0339 1072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:21:54.0339 1072 IPMIDRV - ok 21:21:54.0339 1072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:21:54.0339 1072 IPNAT - ok 21:21:54.0417 1072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:21:54.0417 1072 IRENUM - ok 21:21:54.0417 1072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:21:54.0417 1072 isapnp - ok 21:21:54.0464 1072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:21:54.0464 1072 iScsiPrt - ok 21:21:54.0480 1072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:21:54.0480 1072 kbdclass - ok 21:21:54.0480 1072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:21:54.0480 1072 kbdhid - ok 21:21:54.0542 1072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:21:54.0542 1072 KeyIso - ok 21:21:54.0573 1072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:21:54.0573 1072 KSecDD - ok 21:21:54.0605 1072 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:21:54.0605 1072 KSecPkg - ok 21:21:54.0620 1072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:21:54.0620 1072 ksthunk - ok 21:21:54.0683 1072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:21:54.0698 1072 KtmRm - ok 21:21:54.0729 1072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:21:54.0729 1072 LanmanServer - ok 21:21:54.0761 1072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:21:54.0761 1072 LanmanWorkstation - ok 21:21:54.0823 1072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:21:54.0823 1072 lltdio - ok 21:21:54.0854 1072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:21:54.0854 1072 lltdsvc - ok 21:21:54.0854 1072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:21:54.0854 1072 lmhosts - ok 21:21:54.0979 1072 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 21:21:54.0979 1072 LMS - ok 21:21:55.0057 1072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:21:55.0057 1072 LSI_FC - ok 21:21:55.0057 1072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:21:55.0073 1072 LSI_SAS - ok 21:21:55.0073 1072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 21:21:55.0073 1072 LSI_SAS2 - ok 21:21:55.0088 1072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:21:55.0088 1072 LSI_SCSI - ok 21:21:55.0104 1072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:21:55.0104 1072 luafv - ok 21:21:55.0135 1072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:21:55.0135 1072 Mcx2Svc - ok 21:21:55.0135 1072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 21:21:55.0135 1072 megasas - ok 21:21:55.0182 1072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 21:21:55.0182 1072 MegaSR - ok 21:21:55.0197 1072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:21:55.0197 1072 MMCSS - ok 21:21:55.0197 1072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:21:55.0213 1072 Modem - ok 21:21:55.0213 1072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:21:55.0213 1072 monitor - ok 21:21:55.0229 1072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:21:55.0229 1072 mouclass - ok 21:21:55.0229 1072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:21:55.0229 1072 mouhid - ok 21:21:55.0244 1072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:21:55.0244 1072 mountmgr - ok 21:21:55.0260 1072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:21:55.0260 1072 mpio - ok 21:21:55.0275 1072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:21:55.0275 1072 mpsdrv - ok 21:21:55.0291 1072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:21:55.0291 1072 MpsSvc - ok 21:21:55.0307 1072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:21:55.0307 1072 MRxDAV - ok 21:21:55.0338 1072 [ C2B4651001A867FF3F8865863B592991 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:21:55.0338 1072 mrxsmb - ok 21:21:55.0400 1072 [ 7E79946AFC5F799AB62982282BE5AC13 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:21:55.0400 1072 mrxsmb10 - ok 21:21:55.0416 1072 [ 5FB954100CEA2BFEC6446FBBECAA3F79 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:21:55.0416 1072 mrxsmb20 - ok 21:21:55.0463 1072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:21:55.0463 1072 msahci - ok 21:21:55.0478 1072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:21:55.0478 1072 msdsm - ok 21:21:55.0509 1072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:21:55.0509 1072 MSDTC - ok 21:21:55.0509 1072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:21:55.0509 1072 Msfs - ok 21:21:55.0541 1072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:21:55.0541 1072 mshidkmdf - ok 21:21:55.0541 1072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:21:55.0541 1072 msisadrv - ok 21:21:55.0572 1072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:21:55.0572 1072 MSiSCSI - ok 21:21:55.0572 1072 msiserver - ok 21:21:55.0603 1072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:21:55.0603 1072 MSKSSRV - ok 21:21:55.0619 1072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:21:55.0619 1072 MSPCLOCK - ok 21:21:55.0619 1072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:21:55.0619 1072 MSPQM - ok 21:21:55.0634 1072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:21:55.0650 1072 MsRPC - ok 21:21:55.0650 1072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 21:21:55.0650 1072 mssmbios - ok 21:21:55.0650 1072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:21:55.0650 1072 MSTEE - ok 21:21:55.0665 1072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 21:21:55.0665 1072 MTConfig - ok 21:21:55.0665 1072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:21:55.0665 1072 Mup - ok 21:21:55.0728 1072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:21:55.0743 1072 napagent - ok 21:21:55.0806 1072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:21:55.0806 1072 NativeWifiP - ok 21:21:55.0837 1072 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 21:21:55.0853 1072 NDIS - ok 21:21:55.0853 1072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:21:55.0868 1072 NdisCap - ok 21:21:55.0884 1072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:21:55.0884 1072 NdisTapi - ok 21:21:55.0884 1072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:21:55.0884 1072 Ndisuio - ok 21:21:55.0899 1072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:21:55.0899 1072 NdisWan - ok 21:21:55.0899 1072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:21:55.0899 1072 NDProxy - ok 21:21:55.0915 1072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:21:55.0915 1072 NetBIOS - ok 21:21:55.0931 1072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:21:55.0931 1072 NetBT - ok 21:21:55.0946 1072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:21:55.0946 1072 Netlogon - ok 21:21:56.0009 1072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:21:56.0009 1072 Netman - ok 21:21:56.0024 1072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:21:56.0040 1072 netprofm - ok 21:21:56.0071 1072 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:21:56.0071 1072 NetTcpPortSharing - ok 21:21:56.0087 1072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:21:56.0087 1072 nfrd960 - ok 21:21:56.0149 1072 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:21:56.0149 1072 NlaSvc - ok 21:21:56.0165 1072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:21:56.0165 1072 Npfs - ok 21:21:56.0180 1072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:21:56.0180 1072 nsi - ok 21:21:56.0180 1072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:21:56.0196 1072 nsiproxy - ok 21:21:56.0227 1072 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:21:56.0243 1072 Ntfs - ok 21:21:56.0243 1072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:21:56.0243 1072 Null - ok 21:21:56.0258 1072 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys 21:21:56.0258 1072 nusb3hub - ok 21:21:56.0289 1072 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys 21:21:56.0289 1072 nusb3xhc - ok 21:21:56.0336 1072 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:21:56.0336 1072 nvraid - ok 21:21:56.0352 1072 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:21:56.0352 1072 nvstor - ok 21:21:56.0399 1072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:21:56.0399 1072 nv_agp - ok 21:21:56.0399 1072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:21:56.0399 1072 ohci1394 - ok 21:21:56.0430 1072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:21:56.0430 1072 p2pimsvc - ok 21:21:56.0461 1072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:21:56.0461 1072 p2psvc - ok 21:21:56.0477 1072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 21:21:56.0477 1072 Parport - ok 21:21:56.0508 1072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:21:56.0508 1072 partmgr - ok 21:21:56.0523 1072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:21:56.0523 1072 PcaSvc - ok 21:21:56.0555 1072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:21:56.0555 1072 pci - ok 21:21:56.0601 1072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:21:56.0601 1072 pciide - ok 21:21:56.0633 1072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:21:56.0633 1072 pcmcia - ok 21:21:56.0633 1072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:21:56.0633 1072 pcw - ok 21:21:56.0648 1072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:21:56.0648 1072 PEAUTH - ok 21:21:56.0742 1072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:21:56.0742 1072 PerfHost - ok 21:21:56.0804 1072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:21:56.0835 1072 pla - ok 21:21:56.0867 1072 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:21:56.0882 1072 PlugPlay - ok 21:21:56.0898 1072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:21:56.0898 1072 PNRPAutoReg - ok 21:21:56.0913 1072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:21:56.0913 1072 PNRPsvc - ok 21:21:56.0945 1072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:21:56.0945 1072 PolicyAgent - ok 21:21:56.0960 1072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:21:56.0960 1072 Power - ok 21:21:57.0007 1072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:21:57.0007 1072 PptpMiniport - ok 21:21:57.0007 1072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 21:21:57.0023 1072 Processor - ok 21:21:57.0069 1072 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 21:21:57.0069 1072 ProfSvc - ok 21:21:57.0101 1072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:21:57.0101 1072 ProtectedStorage - ok 21:21:57.0132 1072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:21:57.0132 1072 Psched - ok 21:21:57.0225 1072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:21:57.0241 1072 ql2300 - ok 21:21:57.0241 1072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:21:57.0257 1072 ql40xx - ok 21:21:57.0272 1072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:21:57.0272 1072 QWAVE - ok 21:21:57.0272 1072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:21:57.0288 1072 QWAVEdrv - ok 21:21:57.0288 1072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:21:57.0288 1072 RasAcd - ok 21:21:57.0319 1072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:21:57.0319 1072 RasAgileVpn - ok 21:21:57.0335 1072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:21:57.0350 1072 RasAuto - ok 21:21:57.0366 1072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:21:57.0366 1072 Rasl2tp - ok 21:21:57.0381 1072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:21:57.0397 1072 RasMan - ok 21:21:57.0397 1072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:21:57.0397 1072 RasPppoe - ok 21:21:57.0428 1072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:21:57.0428 1072 RasSstp - ok 21:21:57.0444 1072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:21:57.0444 1072 rdbss - ok 21:21:57.0459 1072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 21:21:57.0459 1072 rdpbus - ok 21:21:57.0459 1072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:21:57.0459 1072 RDPCDD - ok 21:21:57.0475 1072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:21:57.0475 1072 RDPENCDD - ok 21:21:57.0491 1072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:21:57.0491 1072 RDPREFMP - ok 21:21:57.0506 1072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:21:57.0522 1072 RDPWD - ok 21:21:57.0522 1072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:21:57.0537 1072 rdyboost - ok 21:21:57.0553 1072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:21:57.0553 1072 RemoteAccess - ok 21:21:57.0584 1072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:21:57.0584 1072 RemoteRegistry - ok 21:21:57.0615 1072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:21:57.0631 1072 RpcEptMapper - ok 21:21:57.0647 1072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:21:57.0662 1072 RpcLocator - ok 21:21:57.0678 1072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:21:57.0678 1072 RpcSs - ok 21:21:57.0693 1072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:21:57.0693 1072 rspndr - ok 21:21:57.0740 1072 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:21:57.0740 1072 RTL8167 - ok 21:21:57.0756 1072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:21:57.0756 1072 SamSs - ok 21:21:57.0771 1072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:21:57.0771 1072 sbp2port - ok 21:21:57.0787 1072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:21:57.0803 1072 SCardSvr - ok 21:21:57.0803 1072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:21:57.0803 1072 scfilter - ok 21:21:57.0865 1072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:21:57.0881 1072 Schedule - ok 21:21:57.0881 1072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:21:57.0881 1072 SCPolicySvc - ok 21:21:57.0896 1072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:21:57.0912 1072 SDRSVC - ok 21:21:57.0974 1072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:21:57.0974 1072 secdrv - ok 21:21:57.0990 1072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:21:57.0990 1072 seclogon - ok 21:21:58.0021 1072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:21:58.0021 1072 SENS - ok 21:21:58.0052 1072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:21:58.0052 1072 SensrSvc - ok 21:21:58.0099 1072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 21:21:58.0099 1072 Serenum - ok 21:21:58.0115 1072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 21:21:58.0115 1072 Serial - ok 21:21:58.0115 1072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:21:58.0115 1072 sermouse - ok 21:21:58.0146 1072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:21:58.0146 1072 SessionEnv - ok 21:21:58.0161 1072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:21:58.0161 1072 sffdisk - ok 21:21:58.0161 1072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:21:58.0161 1072 sffp_mmc - ok 21:21:58.0161 1072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:21:58.0161 1072 sffp_sd - ok 21:21:58.0161 1072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:21:58.0177 1072 sfloppy - ok 21:21:58.0193 1072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:21:58.0193 1072 SharedAccess - ok 21:21:58.0239 1072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:21:58.0255 1072 ShellHWDetection - ok 21:21:58.0286 1072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 21:21:58.0286 1072 SiSRaid2 - ok 21:21:58.0286 1072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:21:58.0286 1072 SiSRaid4 - ok 21:21:58.0302 1072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:21:58.0302 1072 Smb - ok 21:21:58.0364 1072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:21:58.0364 1072 SNMPTRAP - ok 21:21:58.0380 1072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:21:58.0380 1072 spldr - ok 21:21:58.0411 1072 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 21:21:58.0427 1072 Spooler - ok 21:21:58.0505 1072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:21:58.0583 1072 sppsvc - ok 21:21:58.0614 1072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:21:58.0614 1072 sppuinotify - ok 21:21:58.0645 1072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:21:58.0661 1072 srv - ok 21:21:58.0661 1072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:21:58.0676 1072 srv2 - ok 21:21:58.0707 1072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:21:58.0723 1072 srvnet - ok 21:21:58.0754 1072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:21:58.0754 1072 SSDPSRV - ok 21:21:58.0801 1072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:21:58.0801 1072 SstpSvc - ok 21:21:58.0941 1072 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 21:21:58.0941 1072 STacSV - ok 21:21:58.0973 1072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 21:21:58.0973 1072 stexstor - ok 21:21:58.0988 1072 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 21:21:59.0004 1072 STHDA - ok 21:21:59.0066 1072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:21:59.0082 1072 stisvc - ok 21:21:59.0082 1072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 21:21:59.0082 1072 swenum - ok 21:21:59.0113 1072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:21:59.0113 1072 swprv - ok 21:21:59.0144 1072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:21:59.0175 1072 SysMain - ok 21:21:59.0175 1072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:21:59.0175 1072 TabletInputService - ok 21:21:59.0191 1072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:21:59.0207 1072 TapiSrv - ok 21:21:59.0222 1072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:21:59.0222 1072 TBS - ok 21:21:59.0331 1072 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:21:59.0347 1072 Tcpip - ok 21:21:59.0378 1072 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:21:59.0394 1072 TCPIP6 - ok 21:21:59.0425 1072 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:21:59.0425 1072 tcpipreg - ok 21:21:59.0441 1072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:21:59.0441 1072 TDPIPE - ok 21:21:59.0472 1072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:21:59.0472 1072 TDTCP - ok 21:21:59.0472 1072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:21:59.0472 1072 tdx - ok 21:21:59.0519 1072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 21:21:59.0519 1072 TermDD - ok 21:21:59.0565 1072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:21:59.0565 1072 TermService - ok 21:21:59.0581 1072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:21:59.0597 1072 Themes - ok 21:21:59.0597 1072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:21:59.0597 1072 THREADORDER - ok 21:21:59.0628 1072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:21:59.0628 1072 TrkWks - ok 21:21:59.0659 1072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:21:59.0659 1072 TrustedInstaller - ok 21:21:59.0675 1072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:21:59.0675 1072 tssecsrv - ok 21:21:59.0690 1072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:21:59.0690 1072 TsUsbFlt - ok 21:21:59.0706 1072 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 21:21:59.0706 1072 TsUsbGD - ok 21:21:59.0768 1072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:21:59.0784 1072 tunnel - ok 21:21:59.0784 1072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:21:59.0784 1072 uagp35 - ok 21:21:59.0799 1072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:21:59.0815 1072 udfs - ok 21:21:59.0846 1072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:21:59.0846 1072 UI0Detect - ok 21:21:59.0877 1072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:21:59.0877 1072 uliagpkx - ok 21:21:59.0893 1072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:21:59.0893 1072 umbus - ok 21:21:59.0909 1072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 21:21:59.0909 1072 UmPass - ok 21:22:00.0002 1072 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 21:22:00.0033 1072 UNS - ok 21:22:00.0080 1072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:22:00.0080 1072 upnphost - ok 21:22:00.0127 1072 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:22:00.0127 1072 usbccgp - ok 21:22:00.0143 1072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:22:00.0143 1072 usbcir - ok 21:22:00.0174 1072 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:22:00.0174 1072 usbehci - ok 21:22:00.0205 1072 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:22:00.0205 1072 usbhub - ok 21:22:00.0221 1072 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:22:00.0221 1072 usbohci - ok 21:22:00.0221 1072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 21:22:00.0221 1072 usbprint - ok 21:22:00.0236 1072 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:22:00.0236 1072 USBSTOR - ok 21:22:00.0236 1072 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:22:00.0236 1072 usbuhci - ok 21:22:00.0283 1072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:22:00.0283 1072 usbvideo - ok 21:22:00.0299 1072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:22:00.0299 1072 UxSms - ok 21:22:00.0330 1072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:22:00.0330 1072 VaultSvc - ok 21:22:00.0345 1072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:22:00.0361 1072 vdrvroot - ok 21:22:00.0439 1072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:22:00.0455 1072 vds - ok 21:22:00.0501 1072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:22:00.0501 1072 vga - ok 21:22:00.0517 1072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:22:00.0517 1072 VgaSave - ok 21:22:00.0517 1072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:22:00.0517 1072 vhdmp - ok 21:22:00.0611 1072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:22:00.0611 1072 viaide - ok 21:22:00.0611 1072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:22:00.0611 1072 volmgr - ok 21:22:00.0626 1072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:22:00.0642 1072 volmgrx - ok 21:22:00.0657 1072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:22:00.0673 1072 volsnap - ok 21:22:00.0689 1072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:22:00.0689 1072 vsmraid - ok 21:22:00.0751 1072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:22:00.0767 1072 VSS - ok 21:22:00.0767 1072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:22:00.0767 1072 vwifibus - ok 21:22:00.0782 1072 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:22:00.0782 1072 vwififlt - ok 21:22:00.0798 1072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:22:00.0813 1072 W32Time - ok 21:22:00.0813 1072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:22:00.0829 1072 WacomPen - ok 21:22:00.0860 1072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:22:00.0860 1072 WANARP - ok 21:22:00.0860 1072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:22:00.0860 1072 Wanarpv6 - ok 21:22:00.0907 1072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:22:00.0923 1072 wbengine - ok 21:22:00.0938 1072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:22:00.0938 1072 WbioSrvc - ok 21:22:00.0938 1072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:22:00.0954 1072 wcncsvc - ok 21:22:00.0969 1072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:22:00.0969 1072 WcsPlugInService - ok 21:22:00.0969 1072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 21:22:00.0969 1072 Wd - ok 21:22:00.0985 1072 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:22:01.0001 1072 Wdf01000 - ok 21:22:01.0016 1072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:22:01.0016 1072 WdiServiceHost - ok 21:22:01.0016 1072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:22:01.0016 1072 WdiSystemHost - ok 21:22:01.0032 1072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:22:01.0032 1072 WebClient - ok 21:22:01.0047 1072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:22:01.0063 1072 Wecsvc - ok 21:22:01.0063 1072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:22:01.0063 1072 wercplsupport - ok 21:22:01.0094 1072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:22:01.0094 1072 WerSvc - ok 21:22:01.0125 1072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:22:01.0125 1072 WfpLwf - ok 21:22:01.0125 1072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:22:01.0125 1072 WIMMount - ok 21:22:01.0125 1072 WinDefend - ok 21:22:01.0141 1072 WinHttpAutoProxySvc - ok 21:22:01.0188 1072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:22:01.0188 1072 Winmgmt - ok 21:22:01.0266 1072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:22:01.0297 1072 WinRM - ok 21:22:01.0344 1072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:22:01.0359 1072 Wlansvc - ok 21:22:01.0422 1072 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 21:22:01.0422 1072 wltrysvc - ok 21:22:01.0437 1072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 21:22:01.0437 1072 WmiAcpi - ok 21:22:01.0469 1072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:22:01.0469 1072 wmiApSrv - ok 21:22:01.0500 1072 WMPNetworkSvc - ok 21:22:01.0531 1072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:22:01.0547 1072 WPCSvc - ok 21:22:01.0547 1072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:22:01.0547 1072 WPDBusEnum - ok 21:22:01.0562 1072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:22:01.0562 1072 ws2ifsl - ok 21:22:01.0578 1072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:22:01.0578 1072 wscsvc - ok 21:22:01.0593 1072 WSearch - ok 21:22:01.0656 1072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:22:01.0687 1072 wuauserv - ok 21:22:01.0718 1072 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:22:01.0718 1072 WudfPf - ok 21:22:01.0734 1072 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:22:01.0734 1072 WUDFRd - ok 21:22:01.0765 1072 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:22:01.0765 1072 wudfsvc - ok 21:22:01.0781 1072 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 21:22:01.0781 1072 WwanSvc - ok 21:22:01.0812 1072 ================ Scan global =============================== 21:22:01.0827 1072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:22:01.0874 1072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 21:22:01.0874 1072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 21:22:01.0905 1072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:22:01.0937 1072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:22:01.0952 1072 [Global] - ok 21:22:01.0952 1072 ================ Scan MBR ================================== 21:22:01.0968 1072 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:22:02.0139 1072 \Device\Harddisk0\DR0 - ok 21:22:02.0139 1072 ================ Scan VBR ================================== 21:22:02.0155 1072 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1 21:22:02.0155 1072 \Device\Harddisk0\DR0\Partition1 - ok 21:22:02.0155 1072 [ 28971EE490347507F03CFE58A87FDEFA ] \Device\Harddisk0\DR0\Partition2 21:22:02.0171 1072 \Device\Harddisk0\DR0\Partition2 - ok 21:22:02.0171 1072 ============================================================ 21:22:02.0171 1072 Scan finished 21:22:02.0171 1072 ============================================================ 21:22:02.0186 3580 Detected object count: 0 21:22:02.0186 3580 Actual detected object count: 0 -------------------------------------------------------------------------------- RogueKiller Log RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : v [Admin rights] Mode : Scan -- Date : 10/16/2012 21:42:22 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM641JI +++++ --- User --- [MBR] 2ac35bb9f6076176f09a43f8d819dd10 [bSP] 204c76306128b9011e19763a2ceaaae7 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595364 Mo 3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1250234368 | Size: 10 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt -------------------------------------------------------------------------------- ListParts64 Log ListParts by Farbar Version: 15-10-2012 Ran by v (administrator) on 16-10-2012 at 21:51:27 Windows 7 (X64) Running From: C:\Users\v\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 16% Total physical RAM: 6006.68 MB Available physical RAM: 4992.23 MB Total Pagefile: 12011.56 MB Available Pagefile: 10775.15 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:581.41 GB) (Free:558.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.66 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection. Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 100 MB 1024 KB Partition 2 Primary 14 GB 101 MB Partition 3 Primary 581 GB 14 GB Partition 4 Primary 10 MB 596 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D Recovery NTFS Partition 14 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 581 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 4 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== ****** End Of Log ******

After getting a backdoor Trojan infection (Win32/Kryptik.ALQD.trojan) on my Dell laptop, I reformatted my C-drive yesterday and reinstalled the Win7 OS. Then today, after installing all my Windows security updates, I started getting a popup from my taskbar: "Malicious software was removed from your computer. Click here to complete the removal process." I don't know if this is a legitimate Windows popup or a rogue? The Trojan I got that led to me reformatting involved rogue HDD popup warnings, so I don't want to click on this "malicious software" taskbar popup unless it's legitimate. The only actions I've taken on this machine since reinstalling the OS are install my drivers and Windows security updates, set some of my personalization preferences (including turning off UAC notifications), and try to download Firefox. So I'm concerned whether some of the previous infection has lingered in another partition after the reformat/OS reinstall of the C-drive. I've run full scans w. MBAM, Windows Defender, and the latest Malicious Software Removal Tool, and all three came up clean. This makes me even more suspicious that the "malicious software" popup is a rogue. MBAM and DDS logs are posted below. When I reinstalled the OS, I saw 4 partitions: 1) Partition 1 was something called "DELLUTILITIES" 2) Partition 2 was the C-drive 3) Partition 3 was the Recovery D-drive (currently using about half of the 14.6GB available) 4) Partition 4 was unnamed, labeled a "System" partition and allocated 10MB of space with no free space available. I reformatted only the C-drive and reinstalled the OS on the C-drive. I didn't reformat the Recovery drive or either of the two other partitions. I'm not at all a computer expert. Is it possible that an infection is still lodged in one of the other three partitions that I didn't reformat? I've never had to do a reformat or OS reinstall before. Do I need to reformat the other partitions, in addition to the C-drive, to fully clear the previous infection? (Is that 4th, "System" partition legitimate?) I posted about the backdoor Trojan I got here: http://forums.malwarebytes.org/index.php?showtopic=116050. I ended up reformatting b/c removal attempts didn't seem to be restoring the machine to its normal state. -------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 v :: V-PC [administrator] 10/15/2012 7:22:23 PM mbam-log-2012-10-15 (19-22-23).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 258429 Time elapsed: 10 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by v at 19:37:41 on 2012-10-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.4359 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\MRT.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nytimes.com/ uDefault_Page_URL = hxxp://www.dell.com mWinlogon: Userinit=userinit.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malware Bytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3E5B10EA-6524-4C13-9369-7EFDF1E4658C} : DhcpNameServer = 192.168.2.1 mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files\Malware Bytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-14 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-14 13336] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-14 2320920] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] . =============== Created Last 30 ================ . 2012-10-16 02:21:51 -------- d-----w- C:\Users\v\AppData\Roaming\Malwarebytes 2012-10-16 02:21:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-16 02:21:40 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-16 02:19:23 -------- d-----w- C:\Program Files\Malware Bytes 2012-10-16 01:31:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-10-16 01:31:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-10-16 01:31:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-10-16 01:31:12 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-10-16 01:31:12 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-10-16 01:31:12 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-16 01:31:12 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-16 01:29:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-10-16 01:28:34 77312 ----a-w- C:\Windows\System32\packager.dll 2012-10-16 01:28:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-10-14 20:23:13 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-10-14 20:23:11 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A25829E-D24A-4C47-80B2-C4AA902C30B8}\mpengine.dll 2012-10-14 20:12:44 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-10-14 20:12:41 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-10-14 20:12:35 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-10-14 20:12:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-10-14 20:02:38 -------- d-----w- C:\Users\v\AppData\Roaming\Intel Corporation 2012-10-14 19:54:58 -------- d-----w- C:\Windows\Panther 2012-10-14 19:54:43 -------- d-sh--w- C:\Boot 2012-10-14 19:54:24 -------- d-----w- C:\Windows\System32\OEM 2012-10-14 19:54:24 -------- d-----w- C:\Hotfix 2012-10-14 19:54:24 -------- d-----w- C:\Drivers 2012-10-14 19:53:21 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys 2012-10-14 19:52:43 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2012-10-14 19:52:43 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2012-10-14 19:52:42 325152 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2012-10-14 19:52:22 -------- d-----w- C:\Program Files (x86)\Realtek 2012-10-14 19:49:53 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2012-10-14 19:49:33 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2012-10-14 19:41:21 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll 2012-10-14 19:40:45 -------- d-----w- C:\Intel 2012-10-14 19:33:53 -------- d-----w- C:\Users\v\AppData\Local\ATI 2012-10-14 19:33:16 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2012-10-14 19:33:09 125456 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys 2012-10-14 19:32:57 55296 ----a-w- C:\Windows\System32\coinst.dll 2012-10-14 19:32:57 446464 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-10-14 19:32:44 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-10-14 19:32:08 -------- d-----w- C:\Program Files\ATI 2012-10-14 19:31:20 -------- d-----w- C:\Program Files\ATI Technologies 2012-10-14 19:23:15 -------- d-----w- C:\Users\v\AppData\Local\Diagnostics 2012-10-14 19:19:35 -------- d-----w- C:\Program Files (x86)\Cisco 2012-10-14 19:18:12 1089024 ----a-w- C:\Windows\System32\BCMLogon.dll 2012-10-14 19:18:01 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll 2012-10-14 19:18:01 47632 ----a-w- C:\Windows\System32\drivers\npf.sys 2012-10-14 19:18:01 22520 ----a-w- C:\Windows\System32\drivers\bcm42rly.sys 2012-10-14 19:18:00 73728 ----a-w- C:\Windows\System32\wltrynt.dll 2012-10-14 19:18:00 60928 ----a-w- C:\Windows\System32\bcmwlrmt.dll 2012-10-14 19:18:00 4961800 ----a-w- C:\Windows\SysWow64\vcredist_x64.exe 2012-10-14 19:18:00 4750848 ----a-w- C:\Windows\System32\bcmttls.dll 2012-10-14 19:18:00 459 ----a-w- C:\Windows\SysWow64\vcredist_x64.bat 2012-10-14 19:17:59 8075776 ----a-w- C:\Windows\System32\BCMWLCPL.CPL 2012-10-14 19:17:59 457 ----a-w- C:\Windows\System32\vcredist_x64.bat 2012-10-14 19:17:59 3161088 ----a-w- C:\Windows\System32\vcredist_x64.exe 2012-10-14 19:17:58 95472 ----a-w- C:\Windows\System32\bcmwlcoi.dll 2012-10-14 19:17:58 3555840 ----a-w- C:\Windows\System32\bcmihvui64.dll 2012-10-14 19:17:57 3891200 ----a-w- C:\Windows\System32\bcmihvsrv64.dll 2012-10-14 19:17:57 3058168 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS 2012-10-14 19:17:38 20984 ----a-w- C:\Windows\System32\drivers\bcmvwl64.sys 2012-10-14 19:17:26 -------- d-----w- C:\dell 2012-10-14 19:12:01 -------- d-----w- C:\Program Files\Dell 2012-10-14 19:08:14 45056 ----a-r- C:\Users\v\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe 2012-10-14 19:08:11 -------- d-----w- C:\Windows\SysWow64\vmm32 2012-10-14 19:08:11 -------- d-----w- C:\Program Files (x86)\Dell 2012-10-14 19:07:30 -------- d-sh--w- C:\Windows\Installer 2012-10-14 18:57:28 0 ----a-w- C:\Windows\ativpsrm.bin . ==================== Find3M ==================== . . ============= FINISH: 19:37:55.34 =============== -------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 10/14/2012 12:03:36 PM System Uptime: 10/15/2012 6:37:30 PM (1 hours ago) . Motherboard: Dell Inc. | | 0G62V9 Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU 1 | 1188/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 558.991 GiB free. D: is FIXED (NTFS) - 15 GiB total, 7.659 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP3: 10/14/2012 12:07:53 PM - Installed Dell Resource CD. RP4: 10/14/2012 12:11:52 PM - Installed Quickset64. RP5: 10/14/2012 12:37:32 PM - Installed IDT Audio RP6: 10/14/2012 12:52:11 PM - Installed Realtek Ethernet Controller Driver For Windows Vista aýOÐU RP7: 10/14/2012 1:12:25 PM - Windows Update RP8: 10/14/2012 1:21:50 PM - Windows Update RP9: 10/15/2012 6:30:20 PM - Windows Update . ==== Installed Programs ====================== . Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Dell Resource CD IDT Audio Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver Malwarebytes Anti-Malware version 1.65.0.1400 Realtek Ethernet Controller Driver For Windows 7 . ==== Event Viewer Messages From Past Week ======== . 10/15/2012 7:36:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 10/15/2012 6:37:12 PM, Error: Service Control Manager [7034] - The Intel® Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). 10/15/2012 6:37:11 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 10/15/2012 6:37:08 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 10/14/2012 11:58:28 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781. 10/14/2012 11:58:28 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B. . ==== End Of File ===========================

Maniac, I'm not sure what steps to take next? My machine still isn't functioning quite properly (still getting the " *.exe is not a valid Win32 application" error and running into some sort of unidentified program that seems to be running in the background). I haven't uninstalled Combofix or deleted/cleaned up any of the quarantines. Waiting for instructions ... Thank you for all your help so far.

Hello. I'm being helped by Maniac here: http://forums.malwarebytes.org/index.php?showtopic=116050 I'd sent you a PM on the 22nd about the second thread w. Maniac. I'm sorry for the confusion.

Sorry for this follow-up post, Maniac, I just noticed a couple additional issues when I went to shut down the infected machine: 3) When I went to shut down the machine, I got the message that Windows was waiting for background programs to close. The only thing I'd tried to do after booting up was launch TDSSKiller, which failed. I didn't click on, launch, or run anything else, and my computer isn't hooked up to the internet. (I'd disabled the wireless network adapter and turned off my wireless router.) I don't know what was running in the background — the computer was shutting down, so I didn't get to Task Manager — or if I should be worried that I got this background-programs message? 4) Before shutting down, when I tried to do a safe eject of my USB thumb drive, I got the error that the device couldn't be stopped because it was currently in use. I've been getting this "device in use" eject failure since infection, even when all I do is plug in the USB and don't access anything on it or copy anything to/from it. Just now, I had plugged in the USB drive to test it but hadn't interacted with it at all, so should the USB device show as being in use? Prior to infection, I had no issues with being able to stop and safe-eject the USB drive, so long as no file on it was currently being accessed by an active program.

Thank you very much! The machine is better, although not quite all the way back to its pre-infection state. All my programs, folders, and files seem to be visible and accessible now, and I haven't had any recurrences of the HDD or "Write Fault" error messages. Additionally, the rogue HDD-error icon that had appeared in my system tray (red circle w. a white X) is now gone. However, a couple of things that are still non-functional or a little off: 1) I clicked on the TDSSKiller.exe file on my desktop to see if I could get it to launch. I wasn't going to run the scan — I planned on cancelling if/once the interface launched — but I wanted to see if I could at least launch the program now. TDSSKiller still won't launch. I'm still getting the same "tdsskiller.exe is not a valid Win32 application" error. (I was able to run TDSSKiller on this machine successfully back in June.) I was noticing that this forum poster reported the same "not a valid Win32 app" error: http://forums.malwarebytes.org/index.php?showtopic=115979 Is the Win32 error I'm getting related to the backdoor Trojan that infected my machine? or is this a separate infection issue? 2) My desktop background, which had been the default Dell/Win 7 aero blue theme, has been a solid black since I first restarted the machine after infection. I'm able to go to my appearance personalization options to change the theme back to the default, but I don't know if the remaining black background is an infection remnant that I need to be worried about. It shows up in my theme personalization options as an "Unsaved Theme." (I'm sorry if this is a dumb question to be worried about. I'm just wary of everything out-of-the-ordinary now.)

Maniac, I went ahead and ran the ESET scan w. the additional scan options checked. Log is below. When the scan was finished, I had the option to choose "Uninstall application on close" and "Delete quarantined files." I left both unchecked, so ESET is still installed. -------------------------------------------------------------------------------- ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=29ee5187ebb7154aae31e0aeead4bf45 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-09-23 08:53:02 # local_time=2012-09-23 01:53:02 (-0700, US Mountain Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776573 100 94 0 99973770 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=176332 # found=2 # cleaned=2 # scan_time=3283 C:\Qoobox\Quarantine.zip a variant of Win32/Kryptik.ALQD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\ProgramData\RMgOYWJNIRmTJbK.exe.vir a variant of Win32/Kryptik.ALQD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ok, I have "Remove found threats" and "Scan for potentially unwanted applications" both checked. There are three additional options; should any of these also be checked?: • Scan archives • Scan for potentially unsafe applications • Enable Anti-Stealth technology The Anti-Stealth option is checked by default; the other two are not checked.

ok, I've created a zip file of the Qoobox Quarantine folder and sent you a PM w. the link to access it.

Thank you for your guidance. Maniac. I backed up my data files. Here's the ComboFix log: -------------------------------------------------------------------------------- ComboFix 12-09-22.02 - v 09/22/2012 21:41:42.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4478 [GMT -7:00] Running from: c:\users\v\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\RMgOYWJNIRmTJbK.exe Y:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 ))))))))))))))))))))))))))))))) . . 2012-09-23 05:09 . 2012-09-23 05:09 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-09-23 05:09 . 2012-09-23 05:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-10 18:30 . 2012-09-10 18:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A52000-996B-41D1-B1F7-728EC38EA79B}\offreg.dll 2012-09-08 17:20 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A52000-996B-41D1-B1F7-728EC38EA79B}\mpengine.dll 2012-09-05 23:18 . 2012-09-05 23:18 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-05 23:12 . 2012-09-05 23:12 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-31 04:40 . 2012-08-31 04:40 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-08-25 02:48 . 2012-08-25 02:48 -------- d-----w- c:\program files (x86)\Amazon 2012-08-25 02:47 . 2012-08-25 02:47 -------- d-----w- c:\program files\Amazon . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-05 23:12 . 2011-05-14 04:28 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-05 23:09 . 2012-04-04 20:05 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-05 23:09 . 2011-05-17 05:19 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-16 07:24 . 2011-01-22 19:52 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-18 17:31 . 2012-08-16 07:24 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 22:04 . 2012-08-16 07:24 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:01 . 2012-08-16 07:24 58880 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:01 . 2012-08-16 07:24 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:23 . 2012-08-16 07:24 41472 ----a-w- c:\windows\SysWow64\browcli.dll 2012-06-27 07:03 . 2012-08-16 07:24 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-06-27 07:03 . 2012-08-16 07:24 1501184 ----a-w- c:\windows\system32\urlmon.dll 2012-06-27 07:03 . 2012-08-16 07:24 134144 ----a-w- c:\windows\system32\url.dll 2012-06-27 07:00 . 2012-08-16 07:24 1026560 ----a-w- c:\windows\system32\mstime.dll 2012-06-27 06:59 . 2012-08-16 07:24 9372672 ----a-w- c:\windows\system32\mshtml.dll 2012-06-27 06:59 . 2012-08-16 07:24 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-27 06:59 . 2012-08-16 07:24 82944 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-06-27 06:59 . 2012-08-16 07:24 736256 ----a-w- c:\windows\system32\msfeeds.dll 2012-06-27 06:59 . 2012-08-16 07:24 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-06-27 06:58 . 2012-08-16 07:24 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-27 06:58 . 2012-08-16 07:24 247808 ----a-w- c:\windows\system32\ieui.dll 2012-06-27 06:58 . 2012-08-16 07:24 2458624 ----a-w- c:\windows\system32\iertutil.dll 2012-06-27 06:58 . 2012-08-16 07:24 12405760 ----a-w- c:\windows\system32\ieframe.dll 2012-06-27 06:58 . 2012-08-16 07:24 256000 ----a-w- c:\windows\system32\iepeers.dll 2012-06-27 06:58 . 2012-08-16 07:24 445952 ----a-w- c:\windows\system32\iedkcs32.dll 2012-06-27 06:55 . 2012-08-16 07:24 12288 ----a-w- c:\windows\system32\msfeedssync.exe 2012-06-27 06:03 . 2012-08-16 07:24 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-27 06:01 . 2012-08-16 07:24 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-06-27 05:41 . 2012-08-16 07:24 482816 ----a-w- c:\windows\system32\html.iec 2012-06-27 04:58 . 2012-08-16 07:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-27 04:53 . 2012-08-16 07:24 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-06-27 04:19 . 2012-08-16 07:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-31 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-02 203264] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-02 6857728] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-02 264192] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] . . Contents of the 'Scheduled Tasks' folder . 2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000Core.job - c:\users\v\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 05:27] . 2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000UA.job - c:\users\v\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 05:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nytimes.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: alohaenterprise.com\nextstudent Trusted Zone: nextstudent.com\exchange FF - ProfilePath - c:\users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-RMgOYWJNIRmTJbK.exe - c:\programdata\RMgOYWJNIRmTJbK.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\05\02\1d\02\01#é" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-22 22:28:01 ComboFix-quarantined-files.txt 2012-09-23 05:27 . Pre-Run: 497,562,943,488 bytes free Post-Run: 498,568,183,808 bytes free . - - End Of File - - AC7F5D0FE4598C32CCEC6A901E4C01C9

Thank you, Maniac. I downloaded the Panda USB vaccine and have vaccinated my USB drive as well as the machine I've been using to download the cleaner programs. I'd already used the USB drive between the infected machine and the clean one — before you sent the Panda link — so I'm running malware scans on the second machine to make sure it's still clean. So far, scans haven't detected anything. As far as the infected machine: 1) What steps should I take next? I'm still not able to run TDSSKiller. I get the "not a valid Win32 application" error when I double-click on the tdsskiller.exe icon on the desktop. I tried three different instances of the .exe file — 1 downloaded via Firefox, 1 via IE, and 1 via Chrome. 2) I've noticed that after I run Unhide, the My Documents folder on my desktop (and the files it contains) become visible. However, everything on the C-drive is still hidden. I can see the C-drive icon in the explorer window, but if you click on it or try to expand the folder list, nothing shows up, and the explorer window says that the C-drive folder is empty. I don't know if Unhide is supposed to be unhiding the folders and program files on the C-drive? 3) After running Unhide, I was going to try to back up my data (My Docs, Firefox profile, Outlook data files) to an external drive. I'll vaccinate the drive w. Panda before I use it. Is there a risk of spreading the infection via data files (e.g., .xls, .doc, ,pst, .ost, .pdf, MP3) if I copy these from the infected machine to my external drive? Also, my PST files are among the program files on the C-drive that are still hidden. I'm not sure how to get to those ... Thank you very much again for the Panda Security link. I'm going to use that to vaccinate all my USB drives.

I downloaded TDSSKiller using IE and then Chrome (I'd originally used Firefox), and I got the same error, "tdsskiller.exe is not a valid Win32 application," when trying to run either. Note: I'm downloading the tdsskiller.exe file from a different machine to a USB drive and then copying the file from the USB drive onto the desktop of the infected machine — I don't know if that makes a difference. Because of the backdoor danger, I didn't want to hook the infected machine up to the internet in order to download the needed cleaner programs. So I've been copying the programs over to the infected machine's desktop from a USB drive.

Hello, Maniac. Thank you for the backdoor warning. I understand. Yes, please, I would still like to try to clean this machine. Thank you so much for your help, the speedy reply, and your easy-to-follow instructions. I'd already disconnected this machine from the Internet and have kept it shut down. After booting up today to run the programs you listed for me, I disabled the wireless adapter before running the programs. I booted up in Normal mode and was able to run both Unhide and RKill. (I was able to run the rkill.exe version.) Logs are below. However, when I try to run TDSSKiller from my desktop, I get this error: C:\Users\[...]\Desktop\tdsskiller.exe is not a valid Win32 application. -------------------------------------------------------------------------------- Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 09/18/2012 11:18:10 PM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 214278 files processed. Processing the E:\ drive Finished processing the E:\ drive. 995 files processed. Restoring the Start Menu. * 154 Shortcuts and Desktop items were restored. Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System * DisableTaskMgr policy was found and deleted! - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop * HidNoChangingWallPaperden policy was found and deleted! - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_ShowControlPanel was set to 0! It was set back to 1! * Start_ShowHelp was set to 0! It was set back to 1! * Start_ShowMyComputer was set to 0! It was set back to 1! * Start_ShowMyDocs was set to 0! It was set back to 1! * Start_ShowMyMusic was set to 0! It was set back to 1! * Start_ShowMyPics was set to 0! It was set back to 1! * Start_ShowPrinters was set to 0! It was set back to 1! * Start_ShowRun was set to 0! It was set back to 1! * Start_ShowSearch was set to 0! It was set back to 1! * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! * Start_ShowRecentDocs was set to 0! It was set back to 2! * Start_ShowNetConn was set to 0! It was set back to 1! * Start_ShowNetPlaces was set to 0! It was set back to 1! * Start_TrackDocs was set to 0! It was set back to 1! * Start_TrackProgs was set to 0! It was set back to 1! * Start_ShowUser was set to 0! It was set back to 1! * Start_ShowMyGames was set to 0! It was set back to 1! Restarting Explorer.exe in order to apply changes. Program finished at: 09/18/2012 11:23:20 PM Execution time: 0 hours(s), 5 minute(s), and 10 seconds(s) -------------------------------------------------------------------------------- Rkill 2.3.15 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/18/2012 11:26:28 PM in x64 mode. Windows Version: Windows 7 Home Premium Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\ProgramData\RMgOYWJNIRmTJbK.exe (PID: 3540) [AU-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*! * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*! Performing miscellaneous checks: * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Program finished at: 09/18/2012 11:26:41 PM Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)