madara
-
Posts
36 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by madara
-
-
The manufacturer is Hewlett-Packard. Here is the log.
ListParts by Farbar Version: 23-06-2012
Ran by Patrick Fong (administrator) on 01-07-2012 at 02:14:57
Windows Vista (X86)
Running From: C:\Users\Patrick Fong\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 60%
Total physical RAM: 2046.57 MB
Available physical RAM: 802.93 MB
Total Pagefile: 4332.16 MB
Available Pagefile: 2870.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.57 MB
======================= Partitions =========================
1 Drive c: (HP) (Fixed) (Total:289.41 GB) (Free:74.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:8.68 GB) (Free:1.01 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 289 GB 32 KB
Partition 2 Primary 9 GB 289 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 289 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Recovery NTFS Partition 9 GB Healthy
======================================================================================================
Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {b646ad0b-2031-11dc-83db-001bfc5eda91}
resumeobject {b646ad0c-2031-11dc-83db-001bfc5eda91}
displayorder {b646ad0b-2031-11dc-83db-001bfc5eda91}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
resume No
Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae2-0007e994107d}
device ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description HP Recovery Manager
osdevice ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {b646ad0b-2031-11dc-83db-001bfc5eda91}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b646ad0c-2031-11dc-83db-001bfc5eda91}
nx OptIn
Resume from Hibernate
---------------------
identifier {b646ad0c-2031-11dc-83db-001bfc5eda91}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes
Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device partition=C:
path \ntldr
description Earlier Version of Windows
EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes
Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=D:
ramdisksdipath \boot\boot.sdi
Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description RAM Disk Settings
ramdisksdidevice partition=D:
ramdisksdipath \boot\boot.sdi
****** End Of Log ******
-
Nope, I'm still going with the clean install. I was just surprised when I turned the computer on today.
-
PS. When I turned the computer on to check the "created date" for Trend, I noticed that Windows Command Processor didn't pop up and we started the computer in normal mode.
-
1a) The computer belongs to me.
1b) Vista came pre-installed on our computer.
2a) We chose to install it, in early-mid June after our Norton 360 subscription ran out.
2b) June 11, 2012
2c) Norton 360. No, Norton expired for ~3 days before TrendMicro was activated. Yes I uninstalled Norton before installing Trend.
3) Yes, we've only had Norton installed on this computer.
4) A Norton free-trial came pre-installed.
5) Yes, only the ~3 days between Norton expiring and Trend being activated in June, 2012.
6) No, I don't think so. I will have a look around but I don't remember ever seeing one.
7) We only ever backed up to a HP SimpleSave external hard drive. That was also a long time ago. We haven't used this computer for important things as much recently as we have two new computers for our work-related stuff.
We've decided to follow your advice and do a full reformat. If I can't find a disc with the Vista operating system, is there any other way to get it back? Or will I have to go and buy the disc? Also, in the past we did use this computer for internet banking, university sites, emails and entered other personal information. How far back can this virus go in terms of gathering personal information? I will still be changing all my passwords and alerting my bank.
Can you help us through the reformatting process, please?
Thank you for all your help.
Pat
-
Also ran ESET online scanner in safe mode with networking. Here is the log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9fe70c67ed45ca4ea6b5006bb84e666c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-30 03:11:32
# local_time=2012-06-30 01:11:32 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1608473 1608473 0 0
# compatibility_mode=5892 16776574 100 100 1652098 178551185 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=211431
# found=6
# cleaned=6
# scan_time=3961
C:\Qoobox\Quarantine\C\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe.vir a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Patrick Fong\AppData\Local\temp\lhfujcbahkhdwheq.exe a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Patrick Fong\Desktop\Programs\Startup\tchahayq.exe a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Patrick Fong\Desktop\RK_Quarantine\lhfujcbahkhdwheq.exe.vir a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Patrick Fong\Desktop\RK_Quarantine\tchahayq.exe.vir a variant of Win32/Kryptik.AHES trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
MBAM ran in safe mode with networking.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Database version: v2012.06.29.12
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Patrick Fong :: PATRICKFONG-PC [administrator]
Protection: Disabled
30/06/2012 10:46:25 AM
mbam-log-2012-06-30 (10-46-25).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 420748
Time elapsed: 1 hour(s), 1 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Bad news, I still can't run MBAM in normal mode so I'm currently running the scan in safe mode with networking. The same goes for the ESET Online Scanner; I can't access the website in normal mode of the infected computer. I will try ESET in safe mode once MBAM is finished.
Also, when I turned my computer on this morning (in normal mode), the Windows Command Processor popup appeared again.
-
Oh, I see why you say my previous post is hard to read. Sorry about that. I hope this is better.
-
22:08:26.0548 10552 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
22:08:26.0594 10552 ============================================================
22:08:26.0594 10552 Current date / time: 2012/06/29 22:08:26.0594
22:08:26.0594 10552 SystemInfo:
22:08:26.0594 10552
22:08:26.0594 10552 OS Version: 6.0.6002 ServicePack: 2.0
22:08:26.0594 10552 Product type: Workstation
22:08:26.0594 10552 ComputerName: PATRICKFONG-PC
22:08:26.0594 10552 UserName: Patrick Fong
22:08:26.0594 10552 Windows directory: C:\Windows
22:08:26.0594 10552 System windows directory: C:\Windows
22:08:26.0594 10552 Processor architecture: Intel x86
22:08:26.0594 10552 Number of processors: 2
22:08:26.0594 10552 Page size: 0x1000
22:08:26.0594 10552 Boot type: Normal boot
22:08:26.0594 10552 ============================================================
22:08:27.0062 10552 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:08:27.0094 10552 Drive \Device\Harddisk5\DR5 - Size: 0x3E300000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:08:27.0094 10552 ============================================================
22:08:27.0094 10552 \Device\Harddisk0\DR0:
22:08:27.0094 10552 MBR partitions:
22:08:27.0094 10552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x242D1A55
22:08:27.0094 10552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x242D1A94, BlocksNum 0x115BC2D
22:08:27.0094 10552 \Device\Harddisk5\DR5:
22:08:27.0094 10552 MBR partitions:
22:08:27.0094 10552 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F17DF
22:08:27.0094 10552 ============================================================
22:08:27.0125 10552 C: <-> \Device\Harddisk0\DR0\Partition0
22:08:27.0172 10552 D: <-> \Device\Harddisk0\DR0\Partition1
22:08:27.0172 10552 ============================================================
22:08:27.0172 10552 Initialize success
22:08:27.0172 10552 ============================================================
22:08:38.0965 10064 ============================================================
22:08:38.0965 10064 Scan started
22:08:38.0965 10064 Mode: Manual;
22:08:38.0965 10064 ============================================================
22:08:40.0120 10064 3xHybrid (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys
22:08:40.0198 10064 3xHybrid - ok
22:08:40.0260 10064 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:08:40.0276 10064 ACPI - ok
22:08:40.0338 10064 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:08:40.0354 10064 adp94xx - ok
22:08:40.0400 10064 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:08:40.0416 10064 adpahci - ok
22:08:40.0432 10064 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:08:40.0447 10064 adpu160m - ok
22:08:40.0478 10064 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:08:40.0478 10064 adpu320 - ok
22:08:40.0525 10064 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:08:40.0525 10064 AeLookupSvc - ok
22:08:40.0603 10064 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:08:40.0619 10064 AFD - ok
22:08:40.0666 10064 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:08:40.0666 10064 agp440 - ok
22:08:40.0712 10064 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:08:40.0728 10064 aic78xx - ok
22:08:40.0837 10064 AlertService (c86d177967d27c80e466d4ed95c26db9) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
22:08:40.0837 10064 AlertService - ok
22:08:40.0853 10064 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:08:40.0853 10064 ALG - ok
22:08:40.0868 10064 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:08:40.0868 10064 aliide - ok
22:08:40.0915 10064 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:08:40.0915 10064 amdagp - ok
22:08:40.0931 10064 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:08:40.0946 10064 amdide - ok
22:08:40.0978 10064 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:08:40.0978 10064 AmdK7 - ok
22:08:41.0009 10064 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:08:41.0009 10064 AmdK8 - ok
22:08:41.0165 10064 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:08:41.0165 10064 Amsp - ok
22:08:41.0212 10064 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) C:\Windows\system32\DRIVERS\anodlwf.sys
22:08:41.0212 10064 anodlwf - ok
22:08:41.0274 10064 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:08:41.0274 10064 Appinfo - ok
22:08:41.0383 10064 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:08:41.0383 10064 Apple Mobile Device - ok
22:08:41.0446 10064 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
22:08:41.0446 10064 AppMgmt - ok
22:08:41.0492 10064 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:08:41.0492 10064 arc - ok
22:08:41.0539 10064 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:08:41.0539 10064 arcsas - ok
22:08:41.0602 10064 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:08:41.0602 10064 AsyncMac - ok
22:08:41.0633 10064 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:08:41.0633 10064 atapi - ok
22:08:41.0742 10064 athur (f1fc2fd87ff77f63cd7f8bf95940b40c) C:\Windows\system32\DRIVERS\athur.sys
22:08:41.0758 10064 athur - ok
22:08:41.0898 10064 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:08:41.0898 10064 AudioEndpointBuilder - ok
22:08:41.0914 10064 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:08:41.0914 10064 Audiosrv - ok
22:08:42.0054 10064 BackupService (68b86dd9d455a6a8de6d13c84fb5ce31) C:\Users\Patrick Fong\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
22:08:42.0054 10064 BackupService - ok
22:08:42.0132 10064 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:08:42.0132 10064 Beep - ok
22:08:42.0210 10064 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:08:42.0226 10064 BFE - ok
22:08:42.0288 10064 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
22:08:42.0304 10064 BITS - ok
22:08:42.0304 10064 blbdrive - ok
22:08:42.0397 10064 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
22:08:42.0397 10064 Bonjour Service - ok
22:08:42.0428 10064 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:08:42.0428 10064 bowser - ok
22:08:42.0475 10064 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:08:42.0475 10064 BrFiltLo - ok
22:08:42.0491 10064 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:08:42.0506 10064 BrFiltUp - ok
22:08:42.0538 10064 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:08:42.0538 10064 Browser - ok
22:08:42.0584 10064 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:08:42.0584 10064 Brserid - ok
22:08:42.0647 10064 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
22:08:42.0647 10064 BrSerIf - ok
22:08:42.0662 10064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:08:42.0662 10064 BrSerWdm - ok
22:08:42.0678 10064 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:08:42.0678 10064 BrUsbMdm - ok
22:08:42.0694 10064 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
22:08:42.0694 10064 BrUsbSer - ok
22:08:42.0725 10064 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:08:42.0725 10064 BTHMODEM - ok
22:08:42.0803 10064 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
22:08:42.0803 10064 BVRPMPR5 - ok
22:08:42.0912 10064 catchme - ok
22:08:42.0974 10064 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:08:42.0974 10064 cdfs - ok
22:08:43.0021 10064 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:08:43.0021 10064 cdrom - ok
22:08:43.0084 10064 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:08:43.0084 10064 CertPropSvc - ok
22:08:43.0130 10064 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
22:08:43.0130 10064 circlass - ok
22:08:43.0177 10064 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:08:43.0193 10064 CLFS - ok
22:08:43.0240 10064 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:08:43.0240 10064 clr_optimization_v2.0.50727_32 - ok
22:08:43.0318 10064 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:08:43.0318 10064 clr_optimization_v4.0.30319_32 - ok
22:08:43.0349 10064 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:08:43.0349 10064 cmdide - ok
22:08:43.0364 10064 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:08:43.0364 10064 Compbatt - ok
22:08:43.0364 10064 COMSysApp - ok
22:08:43.0380 10064 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:08:43.0396 10064 crcdisk - ok
22:08:43.0396 10064 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:08:43.0396 10064 Crusoe - ok
22:08:43.0458 10064 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
22:08:43.0458 10064 CryptSvc - ok
22:08:43.0536 10064 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
22:08:43.0552 10064 CSC - ok
22:08:43.0630 10064 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
22:08:43.0630 10064 CscService - ok
22:08:43.0708 10064 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:08:43.0708 10064 DcomLaunch - ok
22:08:43.0754 10064 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:08:43.0754 10064 DfsC - ok
22:08:43.0864 10064 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:08:43.0942 10064 DFSR - ok
22:08:44.0082 10064 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:08:44.0098 10064 Dhcp - ok
22:08:44.0160 10064 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:08:44.0160 10064 disk - ok
22:08:44.0207 10064 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:08:44.0222 10064 Dnscache - ok
22:08:44.0269 10064 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:08:44.0285 10064 dot3svc - ok
22:08:44.0316 10064 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:08:44.0332 10064 DPS - ok
22:08:44.0378 10064 DQLWinService (a0b584c33f55545d56f9e71fb4e203ac) C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
22:08:44.0378 10064 DQLWinService - ok
22:08:44.0425 10064 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:08:44.0425 10064 drmkaud - ok
22:08:44.0472 10064 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:08:44.0488 10064 DXGKrnl - ok
22:08:44.0566 10064 D_Link_DWA-125 (f195fbc375342bd25c936982245a8fb0) C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
22:08:44.0566 10064 D_Link_DWA-125 - ok
22:08:44.0597 10064 D_Link_DWA-125_WPS (c062a2b158ed9c643d24f8e33a607c9f) C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
22:08:44.0597 10064 D_Link_DWA-125_WPS - ok
22:08:44.0659 10064 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
22:08:44.0675 10064 e1express - ok
22:08:44.0737 10064 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:08:44.0753 10064 E1G60 - ok
22:08:44.0768 10064 EagleNT - ok
22:08:44.0815 10064 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:08:44.0815 10064 EapHost - ok
22:08:44.0878 10064 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:08:44.0893 10064 Ecache - ok
22:08:44.0956 10064 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:08:44.0971 10064 ehRecvr - ok
22:08:44.0987 10064 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:08:45.0002 10064 ehSched - ok
22:08:45.0002 10064 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:08:45.0002 10064 ehstart - ok
22:08:45.0049 10064 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:08:45.0065 10064 elxstor - ok
22:08:45.0127 10064 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:08:45.0143 10064 EMDMgmt - ok
22:08:45.0205 10064 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:08:45.0205 10064 EventSystem - ok
22:08:45.0252 10064 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:08:45.0268 10064 exfat - ok
22:08:45.0299 10064 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:08:45.0299 10064 fastfat - ok
22:08:45.0346 10064 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
22:08:45.0361 10064 Fax - ok
22:08:45.0392 10064 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:08:45.0392 10064 fdc - ok
22:08:45.0408 10064 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:08:45.0408 10064 fdPHost - ok
22:08:45.0439 10064 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:08:45.0439 10064 FDResPub - ok
22:08:45.0470 10064 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:08:45.0470 10064 FileInfo - ok
22:08:45.0502 10064 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:08:45.0502 10064 Filetrace - ok
22:08:45.0533 10064 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:08:45.0533 10064 flpydisk - ok
22:08:45.0564 10064 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:08:45.0564 10064 FltMgr - ok
22:08:45.0658 10064 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:08:45.0689 10064 FontCache - ok
22:08:45.0736 10064 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:08:45.0751 10064 FontCache3.0.0.0 - ok
22:08:45.0767 10064 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:08:45.0767 10064 Fs_Rec - ok
22:08:45.0798 10064 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
22:08:45.0814 10064 fvevol - ok
22:08:45.0845 10064 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:08:45.0845 10064 gagp30kx - ok
22:08:45.0907 10064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:08:45.0907 10064 GEARAspiWDM - ok
22:08:45.0938 10064 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:08:45.0954 10064 gpsvc - ok
22:08:46.0032 10064 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:08:46.0048 10064 HdAudAddService - ok
22:08:46.0110 10064 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:08:46.0126 10064 HDAudBus - ok
22:08:46.0141 10064 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:08:46.0141 10064 HidBth - ok
22:08:46.0172 10064 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
22:08:46.0172 10064 HidIr - ok
22:08:46.0188 10064 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
22:08:46.0204 10064 hidserv - ok
22:08:46.0219 10064 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:08:46.0219 10064 HidUsb - ok
22:08:46.0250 10064 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:08:46.0250 10064 hkmsvc - ok
22:08:46.0282 10064 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:08:46.0282 10064 HpCISSs - ok
22:08:46.0313 10064 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:08:46.0344 10064 HTTP - ok
22:08:46.0360 10064 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:08:46.0375 10064 i2omp - ok
22:08:46.0438 10064 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:08:46.0438 10064 i8042prt - ok
22:08:46.0469 10064 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
22:08:46.0469 10064 iaStor - ok
22:08:46.0500 10064 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:08:46.0516 10064 iaStorV - ok
22:08:46.0609 10064 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:08:46.0609 10064 IDriverT - ok
22:08:46.0703 10064 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:08:46.0718 10064 idsvc - ok
22:08:46.0812 10064 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:08:46.0812 10064 iirsp - ok
22:08:46.0874 10064 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:08:46.0890 10064 IKEEXT - ok
22:08:47.0030 10064 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
22:08:47.0093 10064 IntcAzAudAddService - ok
22:08:47.0233 10064 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\DRIVERS\intelide.sys
22:08:47.0233 10064 intelide - ok
22:08:47.0280 10064 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:08:47.0280 10064 intelppm - ok
22:08:47.0311 10064 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:08:47.0311 10064 IPBusEnum - ok
22:08:47.0342 10064 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:08:47.0342 10064 IpFilterDriver - ok
22:08:47.0374 10064 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:08:47.0389 10064 iphlpsvc - ok
22:08:47.0389 10064 IpInIp - ok
22:08:47.0420 10064 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:08:47.0420 10064 IPMIDRV - ok
22:08:47.0452 10064 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:08:47.0452 10064 IPNAT - ok
22:08:47.0483 10064 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:08:47.0483 10064 IRENUM - ok
22:08:47.0498 10064 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:08:47.0498 10064 isapnp - ok
22:08:47.0530 10064 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:08:47.0545 10064 iScsiPrt - ok
22:08:47.0639 10064 ISSM (e29ba28f76c5a703e7f30f74cf36df22) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
22:08:47.0639 10064 ISSM - ok
22:08:47.0654 10064 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:08:47.0670 10064 iteatapi - ok
22:08:47.0717 10064 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:08:47.0717 10064 iteraid - ok
22:08:47.0795 10064 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
22:08:47.0810 10064 jswpsapi - ok
22:08:47.0857 10064 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:08:47.0857 10064 kbdclass - ok
22:08:47.0873 10064 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:08:47.0888 10064 kbdhid - ok
22:08:47.0904 10064 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:08:47.0904 10064 KeyIso - ok
22:08:47.0935 10064 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:08:47.0966 10064 KSecDD - ok
22:08:48.0029 10064 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:08:48.0044 10064 KtmRm - ok
22:08:48.0107 10064 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys
22:08:48.0107 10064 L8042Kbd - ok
22:08:48.0122 10064 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\Windows\system32\DRIVERS\L8042mou.Sys
22:08:48.0138 10064 L8042mou - ok
22:08:48.0154 10064 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
22:08:48.0154 10064 LanmanServer - ok
22:08:48.0216 10064 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:08:48.0232 10064 LanmanWorkstation - ok
22:08:48.0341 10064 LightScribeService (793ff718477345cd5d232c50bed1e452) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:08:48.0341 10064 LightScribeService - ok
22:08:48.0372 10064 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:08:48.0372 10064 lltdio - ok
22:08:48.0403 10064 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:08:48.0403 10064 lltdsvc - ok
22:08:48.0434 10064 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:08:48.0434 10064 lmhosts - ok
22:08:48.0466 10064 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\Windows\system32\DRIVERS\LMouKE.Sys
22:08:48.0481 10064 LMouKE - ok
22:08:48.0512 10064 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:08:48.0512 10064 LSI_FC - ok
22:08:48.0528 10064 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:08:48.0528 10064 LSI_SAS - ok
22:08:48.0559 10064 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:08:48.0559 10064 LSI_SCSI - ok
22:08:48.0590 10064 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:08:48.0606 10064 luafv - ok
22:08:48.0715 10064 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
22:08:48.0762 10064 LVcKap - ok
22:08:48.0856 10064 LVCOMSer (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
22:08:48.0856 10064 LVCOMSer - ok
22:08:49.0027 10064 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
22:08:49.0090 10064 LVMVDrv - ok
22:08:49.0168 10064 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
22:08:49.0183 10064 LVPr2Mon - ok
22:08:49.0199 10064 LVPrcSrv (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:08:49.0199 10064 LVPrcSrv - ok
22:08:49.0246 10064 LVSrvLauncher (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
22:08:49.0261 10064 LVSrvLauncher - ok
22:08:49.0308 10064 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
22:08:49.0308 10064 LVUSBSta - ok
22:08:49.0370 10064 M1 Server (7b073fd0133346d0e555353f164057d7) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
22:08:49.0370 10064 M1 Server - ok
22:08:49.0433 10064 mbamchameleon (5dc35c6ecff38c91db3511c63d0000d9) C:\Windows\system32\drivers\mbamchameleon.sys
22:08:49.0433 10064 mbamchameleon - ok
22:08:49.0464 10064 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:08:49.0464 10064 MBAMProtector - ok
22:08:49.0526 10064 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:08:49.0526 10064 MBAMService - ok
22:08:49.0573 10064 MBAMSwissArmy - ok
22:08:49.0604 10064 MCLServiceATL (7bba15ca5a2aa4e50c7cbfb78d11db25) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
22:08:49.0604 10064 MCLServiceATL - ok
22:08:49.0636 10064 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:08:49.0636 10064 Mcx2Svc - ok
22:08:49.0682 10064 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:08:49.0682 10064 megasas - ok
22:08:49.0698 10064 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:08:49.0698 10064 MMCSS - ok
22:08:49.0729 10064 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:08:49.0729 10064 Modem - ok
22:08:49.0776 10064 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:08:49.0776 10064 monitor - ok
22:08:49.0807 10064 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:08:49.0807 10064 mouclass - ok
22:08:49.0838 10064 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:08:49.0838 10064 mouhid - ok
22:08:49.0885 10064 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:08:49.0885 10064 MountMgr - ok
22:08:49.0948 10064 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:08:49.0948 10064 mpio - ok
22:08:49.0979 10064 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:08:49.0979 10064 mpsdrv - ok
22:08:50.0026 10064 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:08:50.0026 10064 MpsSvc - ok
22:08:50.0057 10064 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:08:50.0057 10064 Mraid35x - ok
22:08:50.0072 10064 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:08:50.0088 10064 MRxDAV - ok
22:08:50.0119 10064 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:08:50.0119 10064 mrxsmb - ok
22:08:50.0150 10064 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:08:50.0166 10064 mrxsmb10 - ok
22:08:50.0197 10064 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:08:50.0197 10064 mrxsmb20 - ok
22:08:50.0213 10064 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:08:50.0213 10064 msahci - ok
22:08:50.0244 10064 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:08:50.0244 10064 msdsm - ok
22:08:50.0291 10064 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:08:50.0291 10064 MSDTC - ok
22:08:50.0353 10064 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:08:50.0353 10064 Msfs - ok
22:08:50.0384 10064 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:08:50.0400 10064 msisadrv - ok
22:08:50.0416 10064 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:08:50.0431 10064 MSiSCSI - ok
22:08:50.0431 10064 msiserver - ok
22:08:50.0462 10064 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:08:50.0478 10064 MSKSSRV - ok
22:08:50.0494 10064 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:08:50.0494 10064 MSPCLOCK - ok
22:08:50.0509 10064 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:08:50.0509 10064 MSPQM - ok
22:08:50.0540 10064 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:08:50.0556 10064 MsRPC - ok
22:08:50.0587 10064 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:08:50.0587 10064 mssmbios - ok
22:08:50.0603 10064 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:08:50.0603 10064 MSTEE - ok
22:08:50.0618 10064 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:08:50.0634 10064 Mup - ok
22:08:50.0665 10064 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:08:50.0681 10064 napagent - ok
22:08:50.0743 10064 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:08:50.0759 10064 NativeWifiP - ok
22:08:50.0837 10064 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:08:50.0837 10064 NDIS - ok
22:08:50.0852 10064 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:08:50.0868 10064 NdisTapi - ok
22:08:50.0884 10064 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:08:50.0899 10064 Ndisuio - ok
22:08:50.0915 10064 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:08:50.0930 10064 NdisWan - ok
22:08:50.0962 10064 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:08:50.0962 10064 NDProxy - ok
22:08:50.0962 10064 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:08:50.0977 10064 NetBIOS - ok
22:08:50.0993 10064 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:08:51.0008 10064 netbt - ok
22:08:51.0040 10064 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:08:51.0040 10064 Netlogon - ok
22:08:51.0071 10064 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:08:51.0071 10064 Netman - ok
22:08:51.0118 10064 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:08:51.0118 10064 netprofm - ok
22:08:51.0180 10064 netr28u (575cc69d5aa74b8633f4022adcf58d96) C:\Windows\system32\DRIVERS\Dnetr28u.sys
22:08:51.0180 10064 netr28u - ok
22:08:51.0258 10064 netr73 (2f0bac1fab90244b644a7ae590257e1d) C:\Windows\system32\DRIVERS\netr73.sys
22:08:51.0258 10064 netr73 - ok
22:08:51.0305 10064 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:08:51.0320 10064 NetTcpPortSharing - ok
22:08:51.0336 10064 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:08:51.0336 10064 nfrd960 - ok
22:08:51.0367 10064 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:08:51.0367 10064 NlaSvc - ok
22:08:51.0398 10064 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:08:51.0398 10064 Npfs - ok
22:08:51.0414 10064 npggsvc - ok
22:08:51.0445 10064 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:08:51.0461 10064 nsi - ok
22:08:51.0476 10064 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:08:51.0476 10064 nsiproxy - ok
22:08:51.0539 10064 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:08:51.0554 10064 Ntfs - ok
22:08:51.0570 10064 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:08:51.0570 10064 ntrigdigi - ok
22:08:51.0601 10064 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:08:51.0601 10064 Null - ok
22:08:51.0648 10064 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
22:08:51.0664 10064 NVHDA - ok
22:08:52.0022 10064 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:08:52.0085 10064 nvlddmkm - ok
22:08:52.0210 10064 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:08:52.0210 10064 nvraid - ok
22:08:52.0241 10064 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:08:52.0241 10064 nvstor - ok
22:08:52.0288 10064 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
22:08:52.0288 10064 nvsvc - ok
22:08:52.0319 10064 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:08:52.0334 10064 nv_agp - ok
22:08:52.0334 10064 NwlnkFlt - ok
22:08:52.0350 10064 NwlnkFwd - ok
22:08:52.0428 10064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:08:52.0459 10064 odserv - ok
22:08:52.0506 10064 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:08:52.0506 10064 ohci1394 - ok
22:08:52.0537 10064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:08:52.0537 10064 ose - ok
22:08:52.0615 10064 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:08:52.0631 10064 p2pimsvc - ok
22:08:52.0631 10064 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:08:52.0646 10064 p2psvc - ok
22:08:52.0678 10064 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:08:52.0693 10064 Parport - ok
22:08:52.0724 10064 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
22:08:52.0724 10064 partmgr - ok
22:08:52.0740 10064 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:08:52.0740 10064 Parvdm - ok
22:08:52.0771 10064 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:08:52.0771 10064 PcaSvc - ok
22:08:52.0802 10064 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:08:52.0802 10064 pci - ok
22:08:52.0849 10064 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:08:52.0849 10064 pciide - ok
22:08:52.0880 10064 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:08:52.0896 10064 pcmcia - ok
22:08:52.0958 10064 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
22:08:52.0958 10064 pcouffin - ok
22:08:53.0021 10064 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:08:53.0068 10064 PEAUTH - ok
22:08:53.0099 10064 pepifilter (c5d5ea6a29523e0f6016741e9851c6db) C:\Windows\system32\DRIVERS\lv302af.sys
22:08:53.0099 10064 pepifilter - ok
22:08:53.0192 10064 PID_PEPI (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\Windows\system32\DRIVERS\LV302V32.SYS
22:08:53.0224 10064 PID_PEPI - ok
22:08:53.0380 10064 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:08:53.0411 10064 pla - ok
22:08:53.0473 10064 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:08:53.0489 10064 PlugPlay - ok
22:08:53.0536 10064 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:08:53.0536 10064 PNRPAutoReg - ok
22:08:53.0551 10064 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:08:53.0551 10064 PNRPsvc - ok
22:08:53.0582 10064 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:08:53.0598 10064 PolicyAgent - ok
22:08:53.0645 10064 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:08:53.0660 10064 PptpMiniport - ok
22:08:53.0676 10064 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:08:53.0676 10064 Processor - ok
22:08:53.0707 10064 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:08:53.0723 10064 ProfSvc - ok
22:08:53.0738 10064 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:08:53.0754 10064 ProtectedStorage - ok
22:08:53.0801 10064 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
22:08:53.0801 10064 Ps2 - ok
22:08:53.0832 10064 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:08:53.0832 10064 PSched - ok
22:08:53.0848 10064 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
22:08:53.0863 10064 PxHelp20 - ok
22:08:54.0097 10064 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:08:54.0097 10064 ql2300 - ok
22:08:54.0113 10064 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:08:54.0128 10064 ql40xx - ok
22:08:54.0160 10064 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:08:54.0175 10064 QWAVE - ok
22:08:54.0206 10064 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:08:54.0206 10064 QWAVEdrv - ok
22:08:54.0238 10064 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:08:54.0238 10064 RasAcd - ok
22:08:54.0300 10064 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:08:54.0300 10064 RasAuto - ok
22:08:54.0331 10064 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:08:54.0331 10064 Rasl2tp - ok
22:08:54.0378 10064 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:08:54.0378 10064 RasMan - ok
22:08:54.0409 10064 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:08:54.0409 10064 RasPppoe - ok
22:08:54.0456 10064 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:08:54.0456 10064 RasSstp - ok
22:08:54.0472 10064 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:08:54.0472 10064 rdbss - ok
22:08:54.0518 10064 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:08:54.0518 10064 RDPCDD - ok
22:08:54.0550 10064 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
22:08:54.0565 10064 rdpdr - ok
22:08:54.0565 10064 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:08:54.0565 10064 RDPENCDD - ok
22:08:54.0612 10064 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
22:08:54.0628 10064 RDPWD - ok
22:08:54.0768 10064 Remote UI Service (752402f6bd5fa012805813c329f88dd3) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
22:08:54.0799 10064 Remote UI Service - ok
22:08:54.0877 10064 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:08:54.0877 10064 RemoteAccess - ok
22:08:54.0955 10064 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:08:54.0955 10064 RemoteRegistry - ok
22:08:55.0033 10064 RoxMediaDB9 (062d1268cfcf569ba5fbcfd1bea88d2a) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:08:55.0064 10064 RoxMediaDB9 - ok
22:08:55.0096 10064 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:08:55.0096 10064 RpcLocator - ok
22:08:55.0142 10064 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
22:08:55.0142 10064 RpcSs - ok
22:08:55.0205 10064 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:08:55.0205 10064 rspndr - ok
22:08:55.0220 10064 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:08:55.0220 10064 SamSs - ok
22:08:55.0252 10064 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:08:55.0252 10064 sbp2port - ok
22:08:55.0298 10064 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:08:55.0298 10064 SCardSvr - ok
22:08:55.0361 10064 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:08:55.0376 10064 Schedule - ok
22:08:55.0392 10064 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:08:55.0392 10064 SCPolicySvc - ok
22:08:55.0408 10064 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:08:55.0408 10064 SDRSVC - ok
22:08:55.0439 10064 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:08:55.0439 10064 secdrv - ok
22:08:55.0470 10064 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:08:55.0470 10064 seclogon - ok
22:08:55.0486 10064 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
22:08:55.0501 10064 SENS - ok
22:08:55.0517 10064 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:08:55.0517 10064 Serenum - ok
22:08:55.0532 10064 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:08:55.0548 10064 Serial - ok
22:08:55.0564 10064 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:08:55.0564 10064 sermouse - ok
22:08:55.0595 10064 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:08:55.0595 10064 SessionEnv - ok
22:08:55.0610 10064 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:08:55.0610 10064 sffdisk - ok
22:08:55.0626 10064 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:08:55.0626 10064 sffp_mmc - ok
22:08:55.0642 10064 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:08:55.0642 10064 sffp_sd - ok
22:08:55.0642 10064 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:08:55.0657 10064 sfloppy - ok
22:08:55.0673 10064 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:08:55.0688 10064 SharedAccess - ok
22:08:55.0720 10064 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:08:55.0735 10064 ShellHWDetection - ok
22:08:55.0751 10064 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:08:55.0751 10064 sisagp - ok
22:08:55.0766 10064 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:08:55.0766 10064 SiSRaid2 - ok
22:08:55.0798 10064 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:08:55.0798 10064 SiSRaid4 - ok
22:08:55.0938 10064 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:08:56.0000 10064 slsvc - ok
22:08:56.0094 10064 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:08:56.0094 10064 SLUINotify - ok
22:08:56.0141 10064 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:08:56.0156 10064 Smb - ok
22:08:56.0188 10064 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:08:56.0188 10064 SNMPTRAP - ok
22:08:56.0203 10064 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:08:56.0219 10064 spldr - ok
22:08:56.0234 10064 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:08:56.0250 10064 Spooler - ok
22:08:56.0281 10064 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:08:56.0297 10064 srv - ok
22:08:56.0328 10064 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:08:56.0344 10064 srv2 - ok
22:08:56.0344 10064 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:08:56.0359 10064 srvnet - ok
22:08:56.0390 10064 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:08:56.0390 10064 SSDPSRV - ok
22:08:56.0437 10064 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:08:56.0453 10064 SstpSvc - ok
22:08:56.0578 10064 Stereo Service (29662881a46db66730c62a4f1bfa3dc2) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:08:56.0578 10064 Stereo Service - ok
22:08:56.0609 10064 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:08:56.0624 10064 stisvc - ok
22:08:56.0671 10064 stllssvr (4cfeb2bd9723489da072b300940ea287) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:08:56.0671 10064 stllssvr - ok
22:08:56.0718 10064 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:08:56.0718 10064 swenum - ok
22:08:56.0749 10064 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:08:56.0765 10064 swprv - ok
22:08:56.0780 10064 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:08:56.0780 10064 Symc8xx - ok
22:08:56.0796 10064 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:08:56.0796 10064 Sym_hi - ok
22:08:56.0812 10064 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:08:56.0812 10064 Sym_u3 - ok
22:08:56.0858 10064 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:08:56.0874 10064 SysMain - ok
22:08:56.0890 10064 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:08:56.0905 10064 TabletInputService - ok
22:08:56.0936 10064 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:08:56.0952 10064 TapiSrv - ok
22:08:56.0983 10064 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:08:56.0983 10064 TBS - ok
22:08:57.0030 10064 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
22:08:57.0061 10064 Tcpip - ok
22:08:57.0077 10064 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
22:08:57.0077 10064 Tcpip6 - ok
22:08:57.0108 10064 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:08:57.0108 10064 tcpipreg - ok
22:08:57.0124 10064 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:08:57.0139 10064 TDPIPE - ok
22:08:57.0155 10064 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:08:57.0155 10064 TDTCP - ok
22:08:57.0186 10064 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:08:57.0186 10064 tdx - ok
22:08:57.0202 10064 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:08:57.0217 10064 TermDD - ok
22:08:57.0248 10064 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:08:57.0264 10064 TermService - ok
22:08:57.0311 10064 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:08:57.0311 10064 Themes - ok
22:08:57.0326 10064 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:08:57.0326 10064 THREADORDER - ok
22:08:57.0373 10064 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\Windows\system32\DRIVERS\tmactmon.sys
22:08:57.0373 10064 tmactmon - ok
22:08:57.0404 10064 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\Windows\system32\DRIVERS\tmcomm.sys
22:08:57.0404 10064 tmcomm - ok
22:08:57.0451 10064 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
22:08:57.0451 10064 tmevtmgr - ok
22:08:57.0467 10064 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys
22:08:57.0482 10064 tmtdi - ok
22:08:57.0498 10064 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:08:57.0498 10064 TrkWks - ok
22:08:57.0545 10064 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:08:57.0545 10064 TrustedInstaller - ok
22:08:57.0592 10064 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:08:57.0592 10064 tssecsrv - ok
22:08:57.0607 10064 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:08:57.0623 10064 tunmp - ok
22:08:57.0638 10064 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:08:57.0638 10064 tunnel - ok
22:08:57.0670 10064 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:08:57.0670 10064 uagp35 - ok
22:08:57.0701 10064 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:08:57.0716 10064 udfs - ok
22:08:57.0748 10064 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:08:57.0748 10064 UI0Detect - ok
22:08:57.0763 10064 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:08:57.0763 10064 uliagpkx - ok
22:08:57.0779 10064 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:08:57.0794 10064 uliahci - ok
22:08:57.0826 10064 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:08:57.0826 10064 UlSata - ok
22:08:57.0841 10064 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:08:57.0857 10064 ulsata2 - ok
22:08:57.0872 10064 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:08:57.0872 10064 umbus - ok
22:08:57.0904 10064 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
22:08:57.0919 10064 UmRdpService - ok
22:08:57.0950 10064 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:08:57.0950 10064 upnphost - ok
22:08:57.0982 10064 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
22:08:57.0982 10064 USBAAPL - ok
22:08:58.0028 10064 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:08:58.0028 10064 usbaudio - ok
22:08:58.0075 10064 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:08:58.0091 10064 usbccgp - ok
22:08:58.0106 10064 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
22:08:58.0106 10064 usbcir - ok
22:08:58.0122 10064 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:08:58.0122 10064 usbehci - ok
22:08:58.0153 10064 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:08:58.0169 10064 usbhub - ok
22:08:58.0184 10064 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:08:58.0184 10064 usbohci - ok
22:08:58.0200 10064 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:08:58.0216 10064 usbprint - ok
22:08:58.0231 10064 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:08:58.0247 10064 usbscan - ok
22:08:58.0262 10064 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:08:58.0278 10064 USBSTOR - ok
22:08:58.0309 10064 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:08:58.0309 10064 usbuhci - ok
22:08:58.0356 10064 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:08:58.0356 10064 UxSms - ok
22:08:58.0403 10064 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:08:58.0418 10064 vds - ok
22:08:58.0465 10064 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:08:58.0465 10064 vga - ok
22:08:58.0481 10064 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:08:58.0481 10064 VgaSave - ok
22:08:58.0512 10064 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:08:58.0512 10064 viaagp - ok
22:08:58.0528 10064 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:08:58.0528 10064 ViaC7 - ok
22:08:58.0543 10064 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:08:58.0543 10064 viaide - ok
22:08:58.0574 10064 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:08:58.0574 10064 volmgr - ok
22:08:58.0606 10064 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:08:58.0621 10064 volmgrx - ok
22:08:58.0652 10064 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:08:58.0668 10064 volsnap - ok
22:08:58.0715 10064 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:08:58.0715 10064 vsmraid - ok
22:08:58.0777 10064 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:08:58.0824 10064 VSS - ok
22:08:58.0855 10064 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:08:58.0855 10064 W32Time - ok
22:08:58.0902 10064 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:08:58.0902 10064 WacomPen - ok
22:08:58.0949 10064 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:08:58.0949 10064 Wanarp - ok
22:08:58.0949 10064 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:08:58.0949 10064 Wanarpv6 - ok
22:08:58.0996 10064 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
22:08:59.0027 10064 wbengine - ok
22:08:59.0089 10064 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:08:59.0105 10064 wcncsvc - ok
22:08:59.0136 10064 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:08:59.0136 10064 WcsPlugInService - ok
22:08:59.0183 10064 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:08:59.0183 10064 Wd - ok
22:08:59.0245 10064 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:08:59.0308 10064 Wdf01000 - ok
22:08:59.0339 10064 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:08:59.0339 10064 WdiServiceHost - ok
22:08:59.0339 10064 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:08:59.0354 10064 WdiSystemHost - ok
22:08:59.0386 10064 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:08:59.0401 10064 WebClient - ok
22:08:59.0432 10064 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:08:59.0432 10064 Wecsvc - ok
22:08:59.0464 10064 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:08:59.0464 10064 wercplsupport - ok
22:08:59.0495 10064 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:08:59.0495 10064 WerSvc - ok
22:08:59.0588 10064 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:08:59.0588 10064 WinDefend - ok
22:08:59.0604 10064 WinHttpAutoProxySvc - ok
22:08:59.0666 10064 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:08:59.0666 10064 Winmgmt - ok
22:08:59.0729 10064 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:08:59.0760 10064 WinRM - ok
22:08:59.0807 10064 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:08:59.0822 10064 Wlansvc - ok
22:08:59.0869 10064 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:08:59.0869 10064 WmiAcpi - ok
22:08:59.0932 10064 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:08:59.0932 10064 wmiApSrv - ok
22:09:00.0041 10064 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:09:00.0056 10064 WMPNetworkSvc - ok
22:09:00.0088 10064 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:09:00.0088 10064 WPCSvc - ok
22:09:00.0119 10064 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:09:00.0119 10064 WPDBusEnum - ok
22:09:00.0197 10064 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:09:00.0197 10064 WpdUsb - ok
22:09:00.0322 10064 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:09:00.0337 10064 WPFFontCache_v0400 - ok
22:09:00.0368 10064 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:09:00.0368 10064 ws2ifsl - ok
22:09:00.0400 10064 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
22:09:00.0400 10064 wscsvc - ok
22:09:00.0400 10064 WSearch - ok
22:09:00.0509 10064 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:09:00.0571 10064 wuauserv - ok
22:09:00.0680 10064 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:09:00.0680 10064 WUDFRd - ok
22:09:00.0712 10064 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:09:00.0712 10064 wudfsvc - ok
22:09:00.0743 10064 XDva348 - ok
22:09:00.0743 10064 XDva359 - ok
22:09:00.0790 10064 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
22:09:00.0821 10064 \Device\Harddisk0\DR0 - ok
22:09:00.0821 10064 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk5\DR5
22:09:02.0755 10064 \Device\Harddisk5\DR5 - ok
22:09:02.0755 10064 Boot (0x1200) (18762cb94749c7c97f8702dff6cdd263) \Device\Harddisk0\DR0\Partition0
22:09:02.0771 10064 \Device\Harddisk0\DR0\Partition0 - ok
22:09:02.0771 10064 Boot (0x1200) (3d659c9e5cc9f1959c6d0ff3339866ea) \Device\Harddisk0\DR0\Partition1
22:09:02.0771 10064 \Device\Harddisk0\DR0\Partition1 - ok
22:09:02.0771 10064 Boot (0x1200) (e230c62268d1a82615f925992afc735d) \Device\Harddisk5\DR5\Partition0
22:09:02.0771 10064 \Device\Harddisk5\DR5\Partition0 - ok
22:09:02.0771 10064 ============================================================
22:09:02.0771 10064 Scan finished
22:09:02.0771 10064 ============================================================
22:09:02.0786 11616 Detected object count: 0
22:09:02.0786 11616 Actual detected object count: 0
22:19:40.0340 6268 Deinitialize success
-
Sorry about the font size, it automatically changed when I pasted the log here. I accidently submitted the RogueKiller log twice, it's the same log though.
I ran these tools in normal mode.
Thanks,
Pat
-
ComboFix 12-06-28.03 - Patrick Fong 29/06/2012 21:38:09.8.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.2047.962 [GMT 10:00]
Running from: c:\users\Patrick Fong\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Patrick Fong\AppData\Local\amfmkrxk.log
c:\users\Patrick Fong\AppData\Local\hsivcopd.log
c:\users\Patrick Fong\AppData\Local\jlypkcri.log
c:\users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe
c:\users\Patrick Fong\AppData\Local\narfqwth.log
c:\users\Patrick Fong\AppData\Local\vtofbvlp.log
c:\users\Patrick Fong\AppData\Local\wqexycde.log
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 11:45 . 2012-06-29 11:47 -------- d-----w- c:\users\Patrick Fong\AppData\Local\temp
2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 02:09 . 2012-06-28 13:41 0 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-25 10:07 . 2012-06-25 10:08 -------- d-----w- c:\program files\ERUNT
2012-06-22 11:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 11:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 11:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 11:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 11:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 11:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 03:16 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 03:16 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 00:15 . 2012-06-21 00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-21 00:15 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 13:13 . 2012-06-29 11:45 -------- d-----w- c:\users\Patrick Fong\AppData\Local\lvpnwwpd
2012-06-16 05:32 . 2012-06-16 05:32 -------- d-----w- c:\programdata\Tarma Installer
2012-06-16 05:31 . 2012-06-20 14:09 -------- d-----w- c:\program files\1ClickDownload
2012-06-13 11:39 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 11:39 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 11:39 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 11:39 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:39 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 12:45 . 2012-06-11 12:45 -------- d-----w- c:\users\Patrick Fong\AppData\Local\Trend Micro
2012-06-11 12:37 . 2012-06-11 12:08 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-06-11 12:25 . 2012-06-11 12:08 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-06-11 12:25 . 2012-06-11 12:08 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-11 12:25 . 2012-06-11 12:08 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-06-11 12:19 . 2012-06-11 12:19 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-06-11 12:14 . 2012-06-28 21:07 -------- d-----w- c:\programdata\Trend Micro
2012-06-11 12:05 . 2012-06-11 12:17 -------- d-----w- c:\program files\Trend Micro
2012-06-09 05:05 . 2012-06-09 05:05 -------- d--h--w- c:\programdata\Common Files
2012-06-08 13:08 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB267CAB-EDFB-4DFE-9356-7F650B410C37}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:16 . 2012-05-11 11:44 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 11:44 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"TchAhayq"="c:\users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-09-11 176128]
"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2010-05-21 1024000]
"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2010-04-20 122880]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\users\Patrick Fong\Desktop\Programs\Startup\
tchahayq.exe [2012-6-20 92216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5200 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC3LAK.EXE [2004-9-24 50848]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-16 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-3-4 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5200 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5200 Status Window.lnk
backup=c:\windows\pss\Canon LBP5200 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(11468)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\CNAC3RPK.EXE
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\Trend Micro\AMSP\AMSP_LogServer.exe
c:\users\Patrick Fong\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe
c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-06-29 21:55:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-29 11:55
ComboFix2.txt 2012-06-28 21:26
ComboFix3.txt 2012-06-25 11:06
ComboFix4.txt 2012-06-22 13:12
ComboFix5.txt 2012-06-29 11:36
.
Pre-Run: 80,460,693,504 bytes free
Post-Run: 80,390,008,832 bytes free
.
- - End Of File - - 11B3F412B984A8B5ADFEEBBBAB38FF82
-
RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Patrick Fong [Admin rights]
Mode: Scan -- Date: 06/29/2012 21:33:02
¤¤¤ Bad processes: 3 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
[sUSP PATH] lhfujcbahkhdwheq.exe -- C:\Users\PATRIC~1\AppData\Local\Temp\lhfujcbahkhdwheq.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND
[sUSP PATH] HKUS\S-1-5-21-517934540-472169772-531085458-1001[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x82A37140 -> HOOKED (Unknown @ 0x86F1F06C)
SSDT[67] : NtCreateMutant @ 0x82A68812 -> HOOKED (Unknown @ 0x86E9FB1C)
SSDT[72] : NtCreateProcess @ 0x82AD9DAB -> HOOKED (Unknown @ 0x86E17C2C)
SSDT[73] : NtCreateProcessEx @ 0x82AD9DF6 -> HOOKED (Unknown @ 0x86E17D5C)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x82A0835A -> HOOKED (Unknown @ 0x86EF25EC)
SSDT[78] : NtCreateThread @ 0x82AD9BE0 -> HOOKED (Unknown @ 0x86E0C814)
SSDT[123] : NtDeleteKey @ 0x829FA727 -> HOOKED (Unknown @ 0x86E9F2E4)
SSDT[126] : NtDeleteValueKey @ 0x829F5CC8 -> HOOKED (Unknown @ 0x86F84B8C)
SSDT[129] : NtDuplicateObject @ 0x82A40551 -> HOOKED (Unknown @ 0x86EF25B4)
SSDT[165] : NtLoadDriver @ 0x829B3DEE -> HOOKED (Unknown @ 0x86EF2C24)
SSDT[194] : NtOpenProcess @ 0x82A68FAE -> HOOKED (Unknown @ 0x86D932D4)
SSDT[197] : NtOpenSection @ 0x82A5966D -> HOOKED (Unknown @ 0x86F84B54)
SSDT[201] : NtOpenThread @ 0x82A644FF -> HOOKED (Unknown @ 0x86BC3BE4)
SSDT[267] : NtRenameKey @ 0x82A9C6AC -> HOOKED (Unknown @ 0x86E7B92C)
SSDT[280] : NtRestoreKey @ 0x82A9ADB2 -> HOOKED (Unknown @ 0x86E7B8F4)
SSDT[317] : NtSetSystemInformation @ 0x82A2EEEB -> HOOKED (Unknown @ 0x86E9FAE4)
SSDT[324] : NtSetValueKey @ 0x82A263C2 -> HOOKED (Unknown @ 0x86E9F5E4)
SSDT[334] : NtTerminateProcess @ 0x82A39143 -> HOOKED (Unknown @ 0x86E9FE0C)
SSDT[335] : NtTerminateThread @ 0x82A64534 -> HOOKED (Unknown @ 0x86E10814)
SSDT[358] : NtWriteVirtualMemory @ 0x82A5592D -> HOOKED (Unknown @ 0x86E0C84C)
SSDT[382] : NtCreateThreadEx @ 0x82A63FE9 -> HOOKED (Unknown @ 0x86EF2C5C)
SSDT[383] : NtCreateUserProcess @ 0x82A11C11 -> HOOKED (Unknown @ 0x86EF3154)
S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x84EFA6BC)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0xA35BFEEC)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 517d979d7e41c90176b4180f0e37411e
[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296355 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606935700 | Size: 8887 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
-
RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Patrick Fong [Admin rights]
Mode: Scan -- Date: 06/29/2012 21:33:02
¤¤¤ Bad processes: 3 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
[sUSP PATH] lhfujcbahkhdwheq.exe -- C:\Users\PATRIC~1\AppData\Local\Temp\lhfujcbahkhdwheq.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND
[sUSP PATH] HKUS\S-1-5-21-517934540-472169772-531085458-1001[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x82A37140 -> HOOKED (Unknown @ 0x86F1F06C)
SSDT[67] : NtCreateMutant @ 0x82A68812 -> HOOKED (Unknown @ 0x86E9FB1C)
SSDT[72] : NtCreateProcess @ 0x82AD9DAB -> HOOKED (Unknown @ 0x86E17C2C)
SSDT[73] : NtCreateProcessEx @ 0x82AD9DF6 -> HOOKED (Unknown @ 0x86E17D5C)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x82A0835A -> HOOKED (Unknown @ 0x86EF25EC)
SSDT[78] : NtCreateThread @ 0x82AD9BE0 -> HOOKED (Unknown @ 0x86E0C814)
SSDT[123] : NtDeleteKey @ 0x829FA727 -> HOOKED (Unknown @ 0x86E9F2E4)
SSDT[126] : NtDeleteValueKey @ 0x829F5CC8 -> HOOKED (Unknown @ 0x86F84B8C)
SSDT[129] : NtDuplicateObject @ 0x82A40551 -> HOOKED (Unknown @ 0x86EF25B4)
SSDT[165] : NtLoadDriver @ 0x829B3DEE -> HOOKED (Unknown @ 0x86EF2C24)
SSDT[194] : NtOpenProcess @ 0x82A68FAE -> HOOKED (Unknown @ 0x86D932D4)
SSDT[197] : NtOpenSection @ 0x82A5966D -> HOOKED (Unknown @ 0x86F84B54)
SSDT[201] : NtOpenThread @ 0x82A644FF -> HOOKED (Unknown @ 0x86BC3BE4)
SSDT[267] : NtRenameKey @ 0x82A9C6AC -> HOOKED (Unknown @ 0x86E7B92C)
SSDT[280] : NtRestoreKey @ 0x82A9ADB2 -> HOOKED (Unknown @ 0x86E7B8F4)
SSDT[317] : NtSetSystemInformation @ 0x82A2EEEB -> HOOKED (Unknown @ 0x86E9FAE4)
SSDT[324] : NtSetValueKey @ 0x82A263C2 -> HOOKED (Unknown @ 0x86E9F5E4)
SSDT[334] : NtTerminateProcess @ 0x82A39143 -> HOOKED (Unknown @ 0x86E9FE0C)
SSDT[335] : NtTerminateThread @ 0x82A64534 -> HOOKED (Unknown @ 0x86E10814)
SSDT[358] : NtWriteVirtualMemory @ 0x82A5592D -> HOOKED (Unknown @ 0x86E0C84C)
SSDT[382] : NtCreateThreadEx @ 0x82A63FE9 -> HOOKED (Unknown @ 0x86EF2C5C)
SSDT[383] : NtCreateUserProcess @ 0x82A11C11 -> HOOKED (Unknown @ 0x86EF3154)
S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x84EFA6BC)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0xA35BFEEC)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 517d979d7e41c90176b4180f0e37411e
[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296355 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606935700 | Size: 8887 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
-
Regarding your question in #19, yes I did uninstall Norton 360 using Programs and Features.
-
Just another update: When the PC restarted the Windows Command Processor popup came up again. It stopped after running TFC though.
-
ComboFix 12-06-28.03 - Patrick Fong 29/06/2012 7:09.7.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.2047.1259 [GMT 10:00]
Running from: c:\users\Patrick Fong\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Patrick Fong\AppData\Local\amfmkrxk.log
c:\users\Patrick Fong\AppData\Local\hsivcopd.log
c:\users\Patrick Fong\AppData\Local\jlypkcri.log
c:\users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe
c:\users\Patrick Fong\AppData\Local\narfqwth.log
c:\users\Patrick Fong\AppData\Local\vtofbvlp.log
c:\users\Patrick Fong\AppData\Local\wqexycde.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 21:17 . 2012-06-28 21:20 -------- d-----w- c:\users\Patrick Fong\AppData\Local\temp
2012-06-28 21:17 . 2012-06-28 21:17 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-06-28 21:17 . 2012-06-28 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 02:09 . 2012-06-28 13:41 0 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-25 10:07 . 2012-06-25 10:08 -------- d-----w- c:\program files\ERUNT
2012-06-22 11:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 11:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 11:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 11:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 11:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 11:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 03:16 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 03:16 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 00:15 . 2012-06-21 00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-21 00:15 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 13:13 . 2012-06-28 21:16 -------- d-----w- c:\users\Patrick Fong\AppData\Local\lvpnwwpd
2012-06-16 05:32 . 2012-06-16 05:32 -------- d-----w- c:\programdata\Tarma Installer
2012-06-16 05:31 . 2012-06-20 14:09 -------- d-----w- c:\program files\1ClickDownload
2012-06-13 11:39 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 11:39 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 11:39 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 11:39 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:39 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 12:45 . 2012-06-11 12:45 -------- d-----w- c:\users\Patrick Fong\AppData\Local\Trend Micro
2012-06-11 12:37 . 2012-06-11 12:08 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-06-11 12:25 . 2012-06-11 12:08 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-06-11 12:25 . 2012-06-11 12:08 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-11 12:25 . 2012-06-11 12:08 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-06-11 12:19 . 2012-06-11 12:19 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-06-11 12:14 . 2012-06-28 21:07 -------- d-----w- c:\programdata\Trend Micro
2012-06-11 12:05 . 2012-06-11 12:17 -------- d-----w- c:\program files\Trend Micro
2012-06-09 05:05 . 2012-06-09 05:05 -------- d--h--w- c:\programdata\Common Files
2012-06-08 13:08 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB267CAB-EDFB-4DFE-9356-7F650B410C37}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:16 . 2012-05-11 11:44 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 11:44 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"TchAhayq"="c:\users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-09-11 176128]
"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2010-05-21 1024000]
"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2010-04-20 122880]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\users\Patrick Fong\Desktop\Programs\Startup\
tchahayq.exe [2012-6-20 92216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5200 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC3LAK.EXE [2004-9-24 50848]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-16 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-3-4 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5200 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5200 Status Window.lnk
backup=c:\windows\pss\Canon LBP5200 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 07:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(10252)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\CNAC3RPK.EXE
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\Trend Micro\AMSP\AMSP_LogServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\Patrick Fong\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe
c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-06-29 07:26:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 21:26
ComboFix2.txt 2012-06-25 11:06
ComboFix3.txt 2012-06-22 13:12
ComboFix4.txt 2012-06-21 12:52
ComboFix5.txt 2012-06-28 21:08
.
Pre-Run: 80,945,614,848 bytes free
Post-Run: 80,471,130,112 bytes free
.
- - End Of File - - 76374AE8CCCF8BD79D09F1D97723E0E5
-
RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Patrick Fong [Admin rights]
Mode: Remove -- Date: 06/28/2012 23:53:11
¤¤¤ Bad processes: 2 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 9 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> DELETED
[sUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> REPLACED (C:\Windows\system32\userinit.exe,)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x829FB140 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D0026AC)
SSDT[65] : NtCreateKeyTransacted @ 0x829A0FB2 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D002708)
SSDT[189] : NtOpenKey @ 0x82A14696 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D002562)
SSDT[190] : NtOpenKeyTransacted @ 0x829A0F57 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D002604)
S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0xA901D1FC)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x9FF8838C)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 517d979d7e41c90176b4180f0e37411e
[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296355 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606935700 | Size: 8887 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
-
I haven't closed RougueKiller since the first time I used it, so there are some ticked items in the registry. When I try to close it, it gives me a warning saying that I still have some non-deleted selected items. Should I delete those and restart, or would you like me to just close it and rerun the scan?
-
Just a quick update; when I try to run MBAM (both by double-clicking the icon and by right-clicking/run as admin) I get a brief (2-3sec) loading wheel next to my cursor, but then nothing opens up. Also, MBAM doesn't show up in Windows Task Manager, neither as an application nor a process.
On the other hand, I'm now able to access the Malwarebytes/Microsoft websites on the infected computer (not sure if that's any progress).
I'll await more instructions from you before I do anything else. Thanks once again for your great guidance and patients.
-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_02
Run by Patrick Fong at 23:26:28 on 2012-06-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.2047.875 [GMT 10:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\CNAC3RPK.EXE
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Patrick Fong\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\ehome\ehRecvr.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Users\Patrick Fong\Desktop\RogueKiller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\users\patrick fong\appdata\local\lvpnwwpd\tchahayq.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [TchAhayq] c:\users\patrick fong\appdata\local\lvpnwwpd\tchahayq.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [D-Link D-Link DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe
mRun: [WZCSLDR2] c:\program files\d-link\dwa-125 reva\WZCSLDR2.exe
mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAC3LAK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{72545EE3-403B-4C48-9050-5A07AFB87826} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{73907729-99B0-4873-B55B-564556193DCD} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9DED64DF-2F82-4938-A509-17F82B9D095E} : DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
.
============= SERVICES / DRIVERS ===============
.
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2011-6-26 12800]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-6-11 68368]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-6-11 200632]
R2 BackupService;BackupService;c:\users\patrick fong\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2010-10-11 83512]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\d-link\dwa-125 reva\ANIWConnService.exe [2011-6-26 53248]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-4 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-6-22 2831232]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-3-4 1439744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-21 22344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-8-31 464384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-8-3 105576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\d-link\dwa-125 reva\ANIWZCSdS.exe [2011-6-26 126976]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-21 654408]
S2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-12 167936]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2012-3-4 960992]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-26 40776]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2011-6-26 849248]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-28 13:09:52 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-26 02:09:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-25 10:43:56 -------- dc----w- C:\$RECYCLE.BIN
2012-06-25 10:41:19 -------- d-----w- c:\users\patrick fong\appdata\local\temp
2012-06-25 10:31:46 -------- dc----w- C:\ComboFix
2012-06-22 11:55:10 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:54:22 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 03:16:52 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 03:16:52 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 02:06:32 98816 ----a-w- c:\windows\sed.exe
2012-06-21 02:06:32 518144 ----a-w- c:\windows\SWREG.exe
2012-06-21 02:06:32 256000 ----a-w- c:\windows\PEV.exe
2012-06-21 02:06:32 208896 ----a-w- c:\windows\MBR.exe
2012-06-21 00:15:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 00:15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 13:13:21 -------- d-----w- c:\users\patrick fong\appdata\local\lvpnwwpd
2012-06-16 05:32:38 -------- d-----w- c:\programdata\Tarma Installer
2012-06-16 05:31:51 -------- d-----w- c:\program files\1ClickDownload
2012-06-13 11:39:57 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 11:39:57 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 11:39:57 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 11:39:34 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:39:32 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 12:45:19 -------- d-----w- c:\users\patrick fong\appdata\local\Trend Micro
2012-06-11 12:37:15 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-06-11 12:25:52 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-06-11 12:25:52 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-11 12:25:51 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-06-11 12:19:14 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-06-11 12:14:57 -------- d-----w- c:\programdata\Trend Micro
2012-06-11 12:05:01 -------- d-----w- c:\program files\Trend Micro
2012-06-09 05:05:20 -------- d--h--w- c:\programdata\Common Files
2012-06-08 13:08:14 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb267cab-edfb-4dfe-9356-7f650b410c37}\mpengine.dll
.
==================== Find3M ====================
.
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 23:35:16.69 ===============
-
RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Patrick Fong [Admin rights]
Mode: Scan -- Date: 06/28/2012 23:11:56
¤¤¤ Bad processes: 2 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 10 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND
[sUSP PATH] HKUS\S-1-5-21-517934540-472169772-531085458-1001[...]\Run : TchAhayq (C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND
[sUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\Patrick Fong\AppData\Local\lvpnwwpd\tchahayq.exe) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x829FB140 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D0026AC)
SSDT[65] : NtCreateKeyTransacted @ 0x829A0FB2 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D002708)
SSDT[189] : NtOpenKey @ 0x82A14696 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D002562)
SSDT[190] : NtOpenKeyTransacted @ 0x829A0F57 -> HOOKED (\??\C:\Users\PATRIC~1\AppData\Local\Temp\bnihhwug.sys @ 0x9D002604)
S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0xA901D1FC)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x9FF8838C)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 517d979d7e41c90176b4180f0e37411e
[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296355 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606935700 | Size: 8887 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Hi again,
In step 3, I've copied and pasted the bolded lines into CMD, but only the first one was successful, and all the following ones said there was a syntax error. Is that meant to happen?
I'll proceed to S4 but just a heads up that S3 might have been incomplete. By the way as a side note did I have to Copy/Paste each line individually? I did the lot in one go (not sure if that'll make a difference)
-
Unfortunately, I'm at work at the moment but will start on the above steps as soon as I get home.
Meanwhile, here are the answers to your questions.
#1: Yes, I did recently install Trend Micro, but I don't remember if it was around June 11. I had a few issues installing in the beginning so I installed the software a couple of days before entering the product key. One of the issues was that it told me to uninstall MBAM before I could proceed. I installed Trend on 3 computers in total; 2 told me to uninstall MBAM first.
#2: Norton 360 was installed prior to Trend.
#3: For about 2-3 days the computer had no antivirus protection; that was the period between Norton 360 expiring and Trend being installed/activated.
#4: Nothing shows up when I try to start MBAM. I right-click on MBAM and run as administrator. A few times there's a popup asking for permission to run MBAM, but when I click yes, nothing runs. Now there's no popup either, and MBAM still won't run. I've checked Task Manager and MBAM doesn't appear in processes either.
PS. When I ran OTL (post #7), two DDS logs popped up during the process. I just closed them when they appeared and I did have to leave the scan overnight so I don't know what happened when I was asleep. Will this affect the new DDS run that I will be doing now?
PPS. I ran the previous tools (post #7) in Safe Mode with Networking. Should I be using Normal Mode or is Safe Mode ok? Also, I can't download the tools in Normal or Safe Mode, they always get stuck at ~97% so I had to transfer the files via USB. Is it safe to use this USB again to download tools or will this be infected too?
I have to say, thank you very much in advance, for your patience and your guidance. I have a feeling I'm giving you a massive headache!
-
Hi,
When I start up the computer now, the "Windows Command Processor" popup does not appear. However, I still cannot access antivirus websites (such as Norton, Malwarebytes) nor the Microsoft website. Does that mean that the virus is still present?
I also can't run MBAM. I can run Trend Micro but nothing shows up in the scans. I'll wait for further instructions, thanks.
Windows Command Processor (trojan)-Win32/Kryptik.AHES trojan
in Resolved Malware Removal Logs
Posted
If I transfer files to USBs/External harddrives, will I have a chance of transferring the virus to another PC? If there is a risk I'd prefer to lose the files than the other PC.
Also, in your personal opinion, which AV protection do you prefer? I'm not sure if we should stick with TrendMicro or change back to Norton